Bug 1137865 (CVE-2019-9506)

https://knobattack.com/


About the KNOB Attack

Bluetooth is a wireless communication protocol commonly used between nearby devices to transfer data, for example between a wireless headset and a phone, or between two phones when transferring files between them. This communication can contain private and sensitive data, and the Bluetooth standard provides security features to protect against eavesdropping and manipulation. We found an attack that allows an attacker to break this security mechanism for any standard-compliant Bluetooth device. As a result, an attacker is able to the listen in on, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.

We call our attack the Key Negotiation of Bluetooth (KNOB) Attack. Because this attack affects basically all devices that "speak Bluetooth", we decided to coordinate public disclosure with industry to try to make sure that workarounds could be put in place. In November 2018 we shared details of the attack with the Bluetooth Special Interest Group (Bluetooth SIG)—the standards organisation that oversees the development of Bluetooth standards—as well as the CERT Coordination Center and the International Consortium for Advancement of Cybersecurity on the Internet (ICASI)—an industry led coordination body founded by Intel, Microsoft, Cisco, Juniper and IBM.

For more information on affected systems see CVE-2019-9506 . The technical details of the attack is available in our research paper. TL;DR: The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced.
Are my Devices Vulnerable?

The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.

After we disclosed our attack to industry in late 2018, some vendors might have implemented workarounds for the vulnerability on their devices. So the short answer is: if your device was not updated after late 2018, it is likely vulnerable. Devices updated afterwards might be fixed.

https://github.com/francozappa/knob

Al, is there any news from the linux bluetooth people on this?

(In reply to Marcus Meissner from comment #3)
> https://github.com/francozappa/knob
> 
> Al, is there any news from the linux bluetooth people on this?

This is Hardware issue, but mitigation in Linux kernel can be applied:
d5bb334a8e17 Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (v5.2-rc1)
693cd8ce3f88 Bluetooth: Fix regression with minimum encryption key size alignment (v5.2-rc6)
eca94432934f Bluetooth: Fix faulty expression for minimum encryption key size check (v5.2)

(In reply to Al Cho from comment #4)
> (In reply to Marcus Meissner from comment #3)
> > https://github.com/francozappa/knob
> > 
> > Al, is there any news from the linux bluetooth people on this?
> 
> This is Hardware issue, but mitigation in Linux kernel can be applied:
> d5bb334a8e17 Bluetooth: Align minimum encryption key size for LE and BR/EDR
> connections (v5.2-rc1)
> 693cd8ce3f88 Bluetooth: Fix regression with minimum encryption key size
> alignment (v5.2-rc6)
> eca94432934f Bluetooth: Fix faulty expression for minimum encryption key
> size check (v5.2)

SLE15 already backporting.
1b46ddeb012e Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). 
e8cd5876fc25 Replace the bluetooth fix with the upstream commit (bsc#1135556)
aa5dec4bfa13 Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).

This is an autogenerated message for OBS integration:
This bug (1137865) was mentioned in
https://build.opensuse.org/request/show/736317 15.0 / kernel-source
https://build.opensuse.org/request/show/736319 15.1 / kernel-source

openSUSE-SU-2019:2308-1: An update that solves four vulnerabilities and has 59 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1111666,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1137982,1140155,1141013,1142076,1142635,1146042,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150305,1150381,1150423,1150846,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.20.1, kernel-default-4.12.14-lp151.28.20.1, kernel-docs-4.12.14-lp151.28.20.1, kernel-kvmsmall-4.12.14-lp151.28.20.1, kernel-obs-build-4.12.14-lp151.28.20.1, kernel-obs-qa-4.12.14-lp151.28.20.1, kernel-source-4.12.14-lp151.28.20.1, kernel-syms-4.12.14-lp151.28.20.1, kernel-vanilla-4.12.14-lp151.28.20.1

openSUSE-SU-2019:2307-1: An update that solves four vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.76.1, kernel-default-4.12.14-lp150.12.76.1, kernel-docs-4.12.14-lp150.12.76.1, kernel-kvmsmall-4.12.14-lp150.12.76.1, kernel-obs-build-4.12.14-lp150.12.76.1, kernel-obs-qa-4.12.14-lp150.12.76.1, kernel-source-4.12.14-lp150.12.76.1, kernel-syms-4.12.14-lp150.12.76.1, kernel-vanilla-4.12.14-lp150.12.76.1

SUSE-SU-2019:2651-1: An update that solves 42 vulnerabilities and has 210 fixes is now available.

Category: security (important)
Bug References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1085030,1085536,1085539,1087092,1090734,1091171,1093205,1102097,1104902,1104967,1106061,1106284,1106434,1108382,1109158,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1114279,1114542,1118689,1119086,1120876,1120902,1120937,1123034,1123105,1124370,1127988,1129424,1129519,1129664,1131107,1131304,1131565,1134291,1134881,1134882,1135219,1135642,1135897,1136261,1137069,1137865,1137884,1137959,1138539,1139020,1139021,1139101,1139500,1140012,1140155,1140426,1140487,1141013,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1143300,1143466,1143765,1143841,1143843,1144123,1144333,1144474,1144518,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145051,1145059,1145134,1145189,1145235,1145300,1145302,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1146042,1146074,1146084,1146163,1146285,1146346,1146351,1146352,1146361,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148303,1148363,1148379,1148394,1148527,1148574,1148616,1148617,1148619,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150381,1150423,1150562,1150727,1150860,1150861,1150933,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.41.1, kernel-source-azure-4.12.14-5.41.1, kernel-syms-azure-4.12.14-5.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2658-1: An update that solves 45 vulnerabilities and has 270 fixes is now available.

Category: security (important)
Bug References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1082635,1085030,1085536,1085539,1086103,1087092,1090734,1091171,1093205,1102097,1103990,1104353,1104427,1104745,1104902,1104967,1106061,1106284,1106434,1108382,1109158,1109837,1111666,1112178,1112374,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1113994,1114279,1114542,1118689,1119086,1119113,1120046,1120876,1120902,1123034,1123105,1123959,1124370,1127988,1129424,1129519,1129664,1131107,1131281,1131304,1131489,1131565,1132686,1133021,1134291,1134476,1134881,1134882,1135219,1135642,1135897,1135990,1136039,1136261,1136346,1136349,1136352,1136496,1136498,1136502,1136682,1137069,1137322,1137323,1137586,1137865,1137884,1137959,1137982,1138099,1138100,1138539,1139020,1139021,1139101,1139500,1140012,1140155,1140426,1140487,1141013,1141340,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1142857,1143300,1143331,1143466,1143706,1143738,1143765,1143841,1143843,1143962,1144123,1144333,1144375,1144474,1144518,1144582,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145018,1145051,1145059,1145134,1145189,1145235,1145256,1145300,1145302,1145357,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145446,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1145946,1146042,1146074,1146084,1146141,1146163,1146215,1146285,1146346,1146351,1146352,1146361,1146368,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148219,1148297,1148303,1148308,1148363,1148379,1148394,1148527,1148570,1148574,1148616,1148617,1148619,1148698,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150562,1150727,1150846,1150860,1150861,1150933,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-11477,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15099,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.16.1, kernel-source-azure-4.12.14-8.16.1, kernel-syms-azure-4.12.14-8.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2706-1: An update that solves four vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.38.1, kernel-docs-4.12.14-150.38.1, kernel-obs-qa-4.12.14-150.38.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.38.1, kernel-obs-build-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-syms-4.12.14-150.38.1, kernel-vanilla-4.12.14-150.38.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-zfcpdump-4.12.14-150.38.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2706-1: An update that solves four vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.38.1, kernel-docs-4.12.14-150.38.1, kernel-obs-qa-4.12.14-150.38.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.38.1, kernel-livepatch-SLE15_Update_15-1-1.3.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.38.1, kernel-obs-build-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-syms-4.12.14-150.38.1, kernel-vanilla-4.12.14-150.38.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-zfcpdump-4.12.14-150.38.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2710-1: An update that solves four vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1111666,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1137982,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150305,1150381,1150423,1150846,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.21.1, kernel-debug-4.12.14-197.21.1, kernel-default-4.12.14-197.21.1, kernel-docs-4.12.14-197.21.1, kernel-kvmsmall-4.12.14-197.21.1, kernel-obs-qa-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-vanilla-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.21.1, kernel-obs-build-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-syms-4.12.14-197.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2710-1: An update that solves four vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1111666,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1137982,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150305,1150381,1150423,1150846,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.21.1, kernel-debug-4.12.14-197.21.1, kernel-default-4.12.14-197.21.1, kernel-docs-4.12.14-197.21.1, kernel-kvmsmall-4.12.14-197.21.1, kernel-obs-qa-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-vanilla-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.21.1, kernel-livepatch-SLE15-SP1_Update_6-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.21.1, kernel-obs-build-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-syms-4.12.14-197.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2756-1: An update that solves 44 vulnerabilities and has 368 fixes is now available.

Category: security (important)
Bug References: 1012382,1047238,1050911,1051510,1053043,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1083647,1083710,1085030,1085536,1085539,1086103,1087092,1088047,1090734,1091171,1093205,1094555,1098633,1102097,1102247,1104902,1104967,1106061,1106284,1106383,1106434,1106751,1108382,1109137,1109158,1111666,1112178,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1114279,1114542,1115688,1117158,1118139,1118689,1119086,1119222,1119532,1120423,1120566,1120876,1120902,1120937,1123034,1123080,1123105,1123959,1124167,1124370,1124503,1127034,1127155,1127315,1127988,1128432,1128902,1128910,1129424,1129519,1129664,1129770,1130972,1131107,1131281,1131304,1131565,1132154,1132390,1132686,1133021,1133401,1134097,1134291,1134303,1134390,1134671,1134881,1134882,1135219,1135296,1135335,1135556,1135642,1135661,1135897,1136157,1136261,1136811,1136896,1136935,1136990,1137069,1137162,1137221,1137366,1137372,1137429,1137444,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137739,1137752,1137811,1137827,1137865,1137884,1137959,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138374,1138375,1138539,1138589,1138719,1139020,1139021,1139101,1139500,1139771,1139782,1139865,1140012,1140133,1140139,1140155,1140322,1140328,1140405,1140424,1140426,1140428,1140487,1140637,1140652,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141013,1141401,1141402,1141450,1141452,1141453,1141454,1141478,1141543,1141554,1142019,1142076,1142109,1142112,1142117,1142118,1142119,1142129,1142220,1142221,1142350,1142351,1142354,1142359,1142450,1142496,1142541,1142635,1142685,1142701,1142857,1142868,1143003,1143105,1143185,1143300,1143466,1143507,1143765,1143841,1143843,1144123,1144333,1144474,1144518,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145024,1145051,1145059,1145189,1145235,1145300,1145302,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1146042,1146074,1146084,1146163,1146285,1146346,1146351,1146352,1146361,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148303,1148363,1148379,1148394,1148527,1148574,1148616,1148617,1148619,1148698,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150381,1150423,1150562,1150727,1150860,1150861,1150933,1151350,1151610,1151667,1151671,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-11479,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.6.1, kernel-rt_debug-4.12.14-8.6.1, kernel-source-rt-4.12.14-8.6.1, kernel-syms-rt-4.12.14-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2879-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1086323,1087092,1089644,1093205,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1113722,1114279,1117665,1119086,1122363,1123034,1123080,1127155,1127988,1131304,1133140,1134303,1135642,1135854,1135873,1137799,1137861,1137865,1137959,1140155,1140729,1140845,1140883,1141600,1142076,1142635,1142667,1144375,1144449,1145099,1146042,1146519,1146540,1146664,1148133,1148410,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1150452,1150465,1150875,1151350,1151508,1151610,1151667,1151671,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152788,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153646,1153713,1153717,1153718,1153719,1153811,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154747
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-16232,CVE-2019-16234,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.37.1, kernel-obs-build-4.12.14-95.37.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2879-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1086323,1087092,1089644,1093205,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1113722,1114279,1117665,1119086,1122363,1123034,1123080,1127155,1127988,1131304,1133140,1134303,1135642,1135854,1135873,1137799,1137861,1137865,1137959,1140155,1140729,1140845,1140883,1141600,1142076,1142635,1142667,1144375,1144449,1145099,1146042,1146519,1146540,1146664,1148133,1148410,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1150452,1150465,1150875,1151350,1151508,1151610,1151667,1151671,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152788,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153646,1153713,1153717,1153718,1153719,1153811,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154747
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-16232,CVE-2019-16234,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.37.1, kernel-obs-build-4.12.14-95.37.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_9-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2949-1: An update that solves 49 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1051510,1084878,1117665,1131107,1133140,1135966,1135967,1136261,1137865,1139073,1140671,1141013,1141054,1142458,1143187,1144123,1144903,1145477,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146550,1146584,1146589,1147022,1147122,1148394,1148938,1149083,1149376,1149522,1149527,1149555,1149612,1150025,1150112,1150452,1150457,1150465,1150727,1150942,1151347,1151350,1152685,1152782,1152788,1153158,1153263,1154103,1154372,1155131,1155671
CVE References: CVE-2016-10906,CVE-2017-18379,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.107.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.107.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2950-1: An update that solves 40 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1117665,1123959,1137586,1137865,1137944,1139073,1139751,1142857,1144903,1145477,1145922,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146584,1146612,1147122,1148938,1149376,1149522,1149527,1149555,1150025,1150112,1150452,1150457,1150465,1151347,1151350,1152782,1152788,1153119,1155671,999278
CVE References: CVE-2016-10906,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-10207,CVE-2019-10220,CVE-2019-11135,CVE-2019-11477,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15118,CVE-2019-15212,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15807,CVE-2019-15902,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-17055,CVE-2019-17056,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.124.1, kernel-source-3.12.74-60.64.124.1, kernel-syms-3.12.74-60.64.124.1, kernel-xen-3.12.74-60.64.124.1, kgraft-patch-SLE12-SP1_Update_37-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.124.1, kernel-source-3.12.74-60.64.124.1, kernel-syms-3.12.74-60.64.124.1, kernel-xen-3.12.74-60.64.124.1, kgraft-patch-SLE12-SP1_Update_37-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:2984-1: An update that solves 49 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1068032,1084878,1092497,1106913,1117665,1135966,1135967,1137865,1139550,1140671,1141054,1144338,1144903,1145477,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146584,1147122,1148394,1148938,1149376,1149522,1149527,1149555,1149612,1149849,1150025,1150112,1150223,1150452,1150457,1150465,1150466,1151347,1151350,1152685,1152782,1152788,1153158,1154372,1155671,1155898,1156187
CVE References: CVE-2016-10906,CVE-2017-18509,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18680,CVE-2019-18805,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.125.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.7.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.7.1, kernel-obs-build-4.12.14-122.7.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kernel-source-4.12.14-122.7.1, kernel-syms-4.12.14-122.7.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2019:3295-1: An update that solves 20 vulnerabilities and has 186 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1111666,1112178,1113722,1113994,1114279,1117665,1119086,1119461,1119465,1123034,1123080,1127988,1131107,1131304,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137069,1137799,1137861,1137865,1137959,1137982,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141600,1142076,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146042,1146519,1146540,1146612,1146664,1148133,1148410,1148712,1148868,1149119,1149313,1149446,1149448,1149555,1149651,1149853,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150846,1150875,1151067,1151192,1151350,1151508,1151610,1151661,1151662,1151667,1151680,1151807,1151891,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154124,1154189,1154242,1154268,1154354,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155692,1155812,1155817,1155836,1155945,1155982,1156187,1156429,1156466,1156494,1156609,1156700,1156729,1156882
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-15291,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.14.3, kernel-rt_debug-4.12.14-14.14.3, kernel-source-rt-4.12.14-14.14.2, kernel-syms-rt-4.12.14-14.14.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.14.3, kernel-rt_debug-4.12.14-14.14.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2020:0093-1: An update that solves 80 vulnerabilities and has 310 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1078248,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1090888,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103989,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1115026,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120853,1120902,1122363,1123034,1123080,1123105,1126206,1126390,1127155,1127354,1127371,1127611,1127988,1129770,1131107,1131304,1131489,1133140,1134476,1134973,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1140948,1141013,1141340,1141543,1142076,1142095,1142635,1142667,1142924,1143706,1143959,1144333,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146519,1146544,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151910,1151955,1152024,1152025,1152026,1152033,1152107,1152161,1152187,1152325,1152446,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152631,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154244,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154768,1154848,1154858,1154905,1154916,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155331,1155334,1155671,1155689,1155692,1155812,1155817,1155836,1155897,1155921,1155945,1156187,1156258,1156259,1156286,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157895,1157908,1158021,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096,1159297,1159483,1159484,1159500,1159569,1159841,1159908,1159909,1159910,972655
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-14901,CVE-2019-15030,CVE-2019-15031,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16746,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.7.1, kernel-source-azure-4.12.14-16.7.1, kernel-syms-azure-4.12.14-16.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Done