Bug 629905 (CVE-2010-2939)

Summary:	VUL-0: CVE-2010-2939: openssl-1.0 double free
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Ludwig Nussel <lnussel>
Component:	General	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	andrej.semen, meissner, moussa.sagna, rmilasan, security-team
Version:	unspecified	Keywords:	DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	maint:released:sle11:36077 maint:released:sle11-sp1:36079 maint:released:11.2:36084 maint:released:11.3:36084 maint:released:sle10-sp3:36082 maint:running:51146:moderate wasL3:41617 CVSSv2:NVD:CVE-2009-0590:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2009-0590:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P)
Found By:	Other	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	654710
Attachments:	patch from openssl-devel list

Description Ludwig Nussel 2010-08-10 12:21:05 UTC

The issue is public.

A malicious server could trigger a double free bug in the client implementation of openssl 1.0

------------------------------------------------------------------------------
Date: Sat, 7 Aug 2010 14:21:09 +0300
From: Georgi Guninski <guninski@guninski.com>
Subject: openssl-1.0.0a and glibc detected sthg ;)

openssl-1.0.0a on ubuntu, debian and arch.
attached a private key and a cert.

~/local/bin/openssl s_server -www -accept 8888 -cert /tmp/CA.cert  -key /tmp/CA.key

~/local/bin/openssl s_client -connect localhost:8888

depth=0 CN = CA
verify return:1
*** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x0000000000979300 ***

 ~/local/bin/openssl rsa -check -in /tmp/CA.key |more
writing RSA key
RSA key error: q not prime # definitely

Comment 3 Ludwig Nussel 2010-08-10 12:24:47 UTC

Created attachment 381904 [details]
patch from openssl-devel list

Comment 5 Swamp Workflow Management 2010-08-11 15:11:40 UTC

The SWAMPID for this issue is 35094.
This issue was rated as low.
Please submit fixed packages until 2010-09-08.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 6 Thomas Biege 2010-08-13 06:52:51 UTC

CVE-2010-2939

Comment 7 Thomas Biege 2010-08-19 02:00:54 UTC

CVE-2010-2939: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2010-2939: Other (CWE-Other)

Comment 8 Ludwig Nussel 2010-08-30 09:03:29 UTC

actually openssl 0.9.8a as used on sles10 does include ECDH algorithms by default. They were only hidden starting from openssl 0.9.8c. So that patch should be applied to sles10 as well. I can't reproduce as I fail to make openssl connect to an ECDH server though.

Comment 9 Ludwig Nussel 2010-08-30 11:20:38 UTC

works with the 'ECCdraft' alias against the same old openssl version. so while ECC algorithms appear in the output of "openssl ciphers" they are not actually used by default for ssl connections on sles10 either.

Comment 10 Guan Jun He 2010-09-25 06:47:46 UTC

the patch is still not in upstream,why?

Comment 11 Guan Jun He 2010-09-25 09:04:30 UTC

just reviewed the code,the patch is needed.

Comment 12 Guan Jun He 2010-09-25 09:25:41 UTC

patch submitted to Base:System/openSuSE11.3/openSuSE11.2/openSuSE11.1.

Comment 13 Guan Jun He 2010-09-26 05:52:13 UTC

patch submitted to sle-11-sp1/sle-11/sle-10-sp4/sle-10-sp3.

Comment 14 Guan Jun He 2010-09-26 06:03:59 UTC

fixed.

Comment 15 Ludwig Nussel 2010-09-27 06:43:10 UTC

please assign security bugs back to security-team when done, see
https://wiki.innerweb.novell.com/index.php/Maintenance/Fix_for_Security

Comment 16 Thomas Biege 2010-10-15 08:23:49 UTC

P5 -> P3 mass change

Comment 17 Andrej Semen 2010-11-11 15:39:19 UTC

could not reproduce "double free or corruption" error from comment #1


/usr/bin/openssl s_server -www -accept 8888 -cert /tmp/CA.cert -key /tmp/CA.key

frisch:~ # /usr/bin/openssl s_server -www -accept 8888 -cert /tmp/CA.cert -key /tmp/CA.key
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT


frisch:~ # /usr/bin/openssl s_client -connect localhost:8888
CONNECTED(00000003)
depth=0 /CN=CA
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=CA
verify error:num=7:certificate signature failure
verify return:1
depth=0 /CN=CA
verify return:1
11267:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
11267:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:699:
11267:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1436:

-> no 

"double free or corruption" error

could you help on test case?

Comment 18 Andrej Semen 2010-11-11 16:06:09 UTC

could it be that on SLE-11-SP1 the patch from comment #6 was not included to update?


 getpac -r sle11-sp1 openssl
WARNING: sle11-sp1 not found, using sle11-sp1-i586
WARNING: openssl present in /work/src/done/SLE11/openssl
WARNING: openssl present in /work/src/done/SLE11-SP1/openssl
WARNING: openssl present in /work/src/done/11.1/openssl
  Your target dist          : sle11-sp1
  New Package submitted for : sle11-sp1
Do you want to base your work on the submitted package in /work/src/done/SLE11-SP1/openssl (y/N)? y
INFO:    using /work/src/done/SLE11-SP1/openssl as sourcedir
INFO:    cp -aL /work/src/done/SLE11-SP1/openssl .
INFO:    creating openssl/.setup
asemen@odo:/home/asemen/pack/getpac> cd openssl/
asemen@odo:/home/asemen/pack/getpac/openssl> ll -tr
insgesamt 2916
-rw-r--r-- 1 asemen qa     370 24. Jul 2008  README.SuSE
-rw-r--r-- 1 asemen qa     500 24. Jul 2008  openssl-hppa-config.diff
-rw-r--r-- 1 asemen qa     627 24. Jul 2008  openssl-0.9.8-sparc.dif
-rw-r--r-- 1 asemen qa 2734835 24. Jul 2008  openssl-0.9.8h.tar.bz2
-rw-r--r-- 1 asemen qa     417 24. Jul 2008  openssl-0.9.8-flags-priority.dif
-rw-r--r-- 1 asemen qa     265 24. Jul 2008  openssl-0.9.8a.ca-app-segfault.bug128655.dif
-rw-r--r-- 1 asemen qa     386 24. Jul 2008  openssl-0.9.7f-ppc64.diff
-rw-r--r-- 1 asemen qa     421 24. Jul 2008  openssl-0.9.6g-alpha.diff
-rw-r--r-- 1 asemen qa     493 24. Jul 2008  bswap.diff
-rw-r--r-- 1 asemen qa      64 24. Jul 2008  baselibs.conf
-rw-r--r-- 1 asemen qa      63 24. Jul 2008  openssl.test
-rw-r--r-- 1 asemen qa     412 17. Nov 2008  func-parm-err.patch
-rw-r--r-- 1 asemen qa    5616  9. Jan 2009  openssl-CVE-2008-5077.patch
-rw-r--r-- 1 asemen qa    2745 15. Apr 2009  openssl-CVE-2009-0590.patch
-rw-r--r-- 1 asemen qa     470 15. Apr 2009  openssl-CVE-2009-0789.patch
-rw-r--r-- 1 asemen qa     508 15. Apr 2009  openssl-CVE-2009-0591.patch
-rw-r--r-- 1 asemen qa     674 22. Mai 2009  openssl-CVE-2009-1379.patch
-rw-r--r-- 1 asemen qa     866 22. Mai 2009  openssl-CVE-2009-1378.patch
-rw-r--r-- 1 asemen qa    1350 22. Mai 2009  openssl-CVE-2009-1377.patch
-rw-r--r-- 1 asemen qa    1270  9. Jun 2009  openssl-CVE-2009-1387.patch
-rw-r--r-- 1 asemen qa    1723  9. Jun 2009  openssl-CVE-2009-1386.patch
-rw-r--r-- 1 asemen qa    1329 15. Jan 2010  openssl-CVE-2009-4355.patch
-rw-r--r-- 1 asemen qa     560 20. Jan 2010  bug467437.patch
-rw-r--r-- 1 asemen qa     829 18. Feb 2010  bswap-s390x-fix.diff
-rw-r--r-- 1 asemen qa    3037 12. Mär 2010  openssl-CVE-2009-3245.patch
-rw-r--r-- 1 asemen qa     639 25. Mär 2010  openssl-CVE-2010-0740.patch
-rw-r--r-- 1 asemen qa   71015 31. Mär 2010  enable-security-renegotiation.patch
-rw-r--r-- 1 asemen qa     206 27. Sep 14:16 non-exec-stack.diff
-rw-r--r-- 1 asemen qa    1466  8. Nov 04:31 CVE-2010-3864.patch
-rw-r--r-- 1 asemen qa   43283  8. Nov 04:32 openssl.changes
-rw-r--r-- 1 asemen qa   14361  8. Nov 04:32 openssl.spec

missing CVE-2010-2939.patch ! patch
(was added on SLE-11 GA)

after update to testing version of openssl:
frisch:~ # rpm -q libopenssl-devel libopenssl0_9_8 libopenssl0_9_8-32bit libopenssl0_9_8-x86 openssl openssl-debuginfo openssl-debugsource openssl-doc --changelog | head
* Mon Sep 27 2010 gjhe@novell.com
- fix bug [bnc#608666]

* Sun Sep 26 2010 gjhe@novell.com
- fix bug [bnc#629905]
  CVE-2010-2939

* Wed Mar 31 2010 meissner@suse.de
- fixed enable-renegoation feature patch, disabled
  old patch for CVE-2009-3555. [bnc#584292]

Comment 19 Marcus Meissner 2010-11-11 16:22:39 UTC

this is the not checked in version.

"n" as answer would be required.



This also shows that the current SLE11 - SP1 submission of the next update is not incremental.

Comment 20 Andrej Semen 2010-11-11 16:42:50 UTC

it is fine

I have to us press "n" on getpac:

getpac -r sle11-sp1 openssl
WARNING: sle11-sp1 not found, using sle11-sp1-i586
WARNING: openssl present in /work/src/done/SLE11/openssl
WARNING: openssl present in /work/src/done/SLE11-SP1/openssl
WARNING: openssl present in /work/src/done/11.1/openssl
  Your target dist          : sle11-sp1
  New Package submitted for : sle11-sp1
Do you want to base your work on the submitted package in /work/src/done/SLE11-SP1/openssl (y/N)? n
WARNING: Please check the diff via "getpac -r sle11-sp1 -d" before you submit your package
INFO:    cp -aL /work/SRC/old-versions/sle11/SP1-UPDATES/all/openssl .
INFO:    creating openssl/.setup

cd openssl
asemen@odo:/home/asemen/pack/getpac/openssl> ll
insgesamt 2920
-rw-r--r-- 1 asemen qa      64 24. Jul 2008  baselibs.conf
-rw-r--r-- 1 asemen qa     493 24. Jul 2008  bswap.diff
-rw-r--r-- 1 asemen qa     829 18. Feb 2010  bswap-s390x-fix.diff
-rw-r--r-- 1 asemen qa     560 20. Jan 2010  bug467437.patch
-rw-r--r-- 1 asemen qa    1568 27. Sep 11:13 bug608666.patch
-rw-r--r-- 1 asemen qa     392 26. Sep 06:05 CVE-2010-2939.patch
-rw-r--r-- 1 asemen qa   71015 31. Mär 2010  enable-security-renegotiation.patch
-rw-r--r-- 1 asemen qa     412 17. Nov 2008  func-parm-err.patch
-rw-r--r-- 1 asemen qa     392 27. Sep 11:13 non-exec-stack.diff
-rw-r--r-- 1 asemen qa     421 24. Jul 2008  openssl-0.9.6g-alpha.diff
-rw-r--r-- 1 asemen qa     386 24. Jul 2008  openssl-0.9.7f-ppc64.diff
-rw-r--r-- 1 asemen qa     265 24. Jul 2008  openssl-0.9.8a.ca-app-segfault.bug128655.dif
-rw-r--r-- 1 asemen qa     417 24. Jul 2008  openssl-0.9.8-flags-priority.dif
-rw-r--r-- 1 asemen qa 2734835 23. Jun 2008  openssl-0.9.8h.tar.bz2
-rw-r--r-- 1 asemen qa     627 24. Jul 2008  openssl-0.9.8-sparc.dif
-rw-r--r-- 1 asemen qa   43423 27. Sep 11:13 openssl.changes
-rw-r--r-- 1 asemen qa    5616  9. Jan 2009  openssl-CVE-2008-5077.patch
-rw-r--r-- 1 asemen qa    2745 15. Apr 2009  openssl-CVE-2009-0590.patch
-rw-r--r-- 1 asemen qa     508 15. Apr 2009  openssl-CVE-2009-0591.patch
-rw-r--r-- 1 asemen qa     470 15. Apr 2009  openssl-CVE-2009-0789.patch
-rw-r--r-- 1 asemen qa    1350 22. Mai 2009  openssl-CVE-2009-1377.patch
-rw-r--r-- 1 asemen qa     866 22. Mai 2009  openssl-CVE-2009-1378.patch
-rw-r--r-- 1 asemen qa     674 22. Mai 2009  openssl-CVE-2009-1379.patch
-rw-r--r-- 1 asemen qa    1723  9. Jun 2009  openssl-CVE-2009-1386.patch
-rw-r--r-- 1 asemen qa    1270  9. Jun 2009  openssl-CVE-2009-1387.patch
-rw-r--r-- 1 asemen qa    3037 12. Mär 2010  openssl-CVE-2009-3245.patch
-rw-r--r-- 1 asemen qa    1329 15. Jan 2010  openssl-CVE-2009-4355.patch
-rw-r--r-- 1 asemen qa     639 25. Mär 2010  openssl-CVE-2010-0740.patch
-rw-r--r-- 1 asemen qa     500 24. Jul 2008  openssl-hppa-config.diff
-rw-r--r-- 1 asemen qa   14411 27. Sep 12:25 openssl.spec
-rw-r--r-- 1 asemen qa      63 24. Jul 2008  openssl.test
-rw-r--r-- 1 asemen qa     370 24. Jul 2008  README.SuSE

patch CVE-2010-2939.patch is there.

Comment 21 Swamp Workflow Management 2010-11-15 12:08:08 UTC

Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-x86, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11 (i386, x86_64)
SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)

Comment 22 Swamp Workflow Management 2010-11-15 12:38:01 UTC

Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-x86, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 23 Swamp Workflow Management 2010-11-15 15:01:16 UTC

Update released for: libopenssl-devel, libopenssl0_9_8, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
openSUSE 11.1 (debug, i586, ppc, ppc64, x86_64)

Comment 24 Swamp Workflow Management 2010-11-15 15:01:19 UTC

Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-debuginfo, libopenssl1_0_0, libopenssl1_0_0-debuginfo, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)

Comment 25 Thomas Biege 2010-11-15 15:03:26 UTC

done

Comment 26 Swamp Workflow Management 2010-11-15 18:14:17 UTC

Update released for: openssl, openssl-32bit, openssl-64bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-devel-64bit, openssl-doc, openssl-x86
Products:
SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP3 (i386, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)

Comment 34 Robert Milasan 2014-10-02 06:12:46 UTC

Marcus, I'm waiting for feedback from customer.

Comment 35 Robert Milasan 2014-10-07 08:04:12 UTC

Moussa, can we close this incident?

Comment 36 Moussa Sagna 2014-10-07 08:59:33 UTC

I have just asked again. If there is no answer from them by tomorrow, we can go ahead and close the bug.

Comment 37 Moussa Sagna 2014-10-07 14:19:21 UTC

I have the feedback. We can now close the bug now. Thanks.

Comment 38 Robert Milasan 2014-10-08 06:45:58 UTC

L3 closed, setting bug to RESOLVED/FIXED.

Comment 39 Bernhard Wiedemann 2016-04-15 12:57:17 UTC

This is an autogenerated message for OBS integration:
This bug (629905) was mentioned in
https://build.opensuse.org/request/show/49077 11.3:Test / openssl
https://build.opensuse.org/request/show/49079 11.2:Test / openssl

Comment 40 Swamp Workflow Management 2022-02-16 21:10:23 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.