Bug 800280

Summary: VUL-0: XSA-39: CVE-2013-0216 CVE-2013-0217: xen: netback DoS via malicious guest ring
Product: [Novell Products] SUSE Security Incidents Reporter: Matthias Weckbecker <mweckbecker>
Component: IncidentsAssignee: Michal Hocko <mhocko>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: hhetter, jbeulich, jgross, krahmer, meissner, mhocko, mlatimer, ptesarik, roberto.angelino, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle10-sp4:51851 maint:released:sle10-sp4:51852 maint:released:sle11-sp1:52298 maint:released:sle11-sp2:52260 maint:released:sle11-sp2:52259 maint:released:sle11-sp2:52258 maint:released:sle11-sp2:52266 maint:released:sle11-sp2:52262 maint:released:sle11-sp2:52265 maint:released:sle11-sp2:52264 maint:released:sle11-sp2:52263 maint:released:sle11-sp2:52347 maint:released:sle11-sp1:56047 maint:released:sle11-sp1:56048 maint:released:sle11-sp1:56053 maint:released:sle11-sp1:56049 maint:released:sle11-sp1:56052 maint:released:sle10-sp3:61219 CVSSv2:NVD:CVE-2013-0216:5.2:(AV:A/AC:M/Au:S/C:N/I:N/A:C) CVSSv2:NVD:CVE-2013-0217:5.2:(AV:A/AC:M/Au:S/C:N/I:N/A:C) CVSSv2:RedHat:CVE-2013-0216:5.2:(AV:A/AC:M/Au:S/C:N/I:N/A:C)
Found By: Third Party Developer/Partner Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Matthias Weckbecker 2013-01-24 10:09:10 UTC
Xen Security Advisory CVE-2013-0216,CVE-2013-0217 / XSA-39

          Linux netback DoS via malicious guest ring.

    *** EMBARGOED UNTIL Tuesday 2013-02-05 12:00:00 UTC ***

ISSUE DESCRIPTION
=================

The Xen netback implementation contains a couple of flaws which can
allow a guest to cause a DoS in the backend domain, potentially
affecting other domains in the system.

CVE-2013-0216 is a failure to sanity check the ring producer/consumer
pointers which can allow a guest to cause netback to loop for an
extended period preventing other work from occurring.

CVE-2013-0217 is a memory leak on an error path which is guest
triggerable.

IMPACT
======

A malicious guest can mount a DoS affecting the entire system.

VULNERABLE SYSTEMS
==================

All systems running guests with access to PV network devices are
vulnerable.

CVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch
kernels.

CVE-2013-0217 affects only mainline ("pvops") kernels.

MITIGATION
==========

Running HVM guests with only emulated or passthrough NICs or PV guests
with only passthrough NICs will avoid this vulnerability.

RESOLUTION
==========

Applying the appropriate attached patches in sequence resolves this issue.

xsa39-pvops-*.patch            Apply to mainline Linux 3.8-rc2
xsa39-classic-*.patch          Apply to linux-2.6.18-xen tree.

All patches for the given branch should be applied in numerical order.

$ sha256sum xsa39*.patch
4b75961673b940f5eb31451080dd668b9119eb88db1df44db1a3ba4b0d037ce1  xsa39-classic-0001-xen-netback-garbage-ring.patch
096143750b99eb2d88970338c3f9debfbbfdaef766525a620281b28528ebe0ce  xsa39-classic-0002-xen-netback-wrap-around.patch
99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5  xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969  xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c  xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd  xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
$
Comment 2 Sebastian Krahmer 2013-01-28 13:40:35 UTC
*** Bug 800801 has been marked as a duplicate of this bug. ***
Comment 4 Jan Beulich 2013-02-05 14:47:01 UTC
Patches committed for SLE11 SP2, SLE10 SP4, and 12.2 (12.1 commit is having infrastructural issues).
Comment 5 Marcus Meissner 2013-02-05 16:21:34 UTC
is public now.
Comment 6 Jan Beulich 2013-02-06 09:22:39 UTC
12.1 now done too. Only LTSS branches may need updating then, but I'd need indication which ones.
Comment 10 Jan Beulich 2013-02-12 11:42:31 UTC
Sadly there is a regression in the main patch for this issue, when netback is run in tasklet mode (which is non-default in SLE11, but the only available mode in SLE10).
Comment 11 Jan Beulich 2013-02-22 10:31:24 UTC
Fixed patch plus another fix for a problem found in the same context are now in all branches except the LTSS ones.
Comment 12 Jan Beulich 2013-02-26 09:09:13 UTC
SP1-LTSS now also updated.
Comment 13 Jan Beulich 2013-02-26 09:11:38 UTC
Petr, please have someone from your team take care of TD and SLE10 branches as necessary. If no further branches need updating, we could close this bug.
Comment 14 Swamp Workflow Management 2013-03-05 16:04:56 UTC
openSUSE-SU-2013:0395-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 797175,799209,800280,801178,801782,802153,804738,805633
CVE References: CVE-2012-5374,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-1763
Sources used:
openSUSE 12.2 (src):    kernel-docs-3.4.33-2.24.2, kernel-source-3.4.33-2.24.1, kernel-syms-3.4.33-2.24.1
Comment 15 Swamp Workflow Management 2013-03-05 17:10:37 UTC
openSUSE-SU-2013:0396-1: An update that solves 10 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 714906,720226,733148,755546,762693,765524,768506,769784,769896,770695,773406,773831,774285,774523,774859,776144,778630,779432,781134,783515,784192,786013,787168,792500,793671,797175,799209,800280,801178,801782,802153,802642,804154,804652,804738
CVE References: CVE-2012-0957,CVE-2012-2745,CVE-2012-3412,CVE-2012-4530,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-0268,CVE-2013-0309,CVE-2013-0871
Sources used:
openSUSE 12.1 (src):    kernel-docs-3.1.10-1.19.2, kernel-source-3.1.10-1.19.1, kernel-syms-3.1.10-1.19.1
Comment 16 Petr Tesařík 2013-03-26 12:08:27 UTC
(In reply to comment #13)
> Petr, please have someone from your team take care of TD and SLE10 branches as
> necessary. If no further branches need updating, we could close this bug.

Holger, should we take this pro-actively into the TD branches?
Comment 18 Michal Hocko 2013-03-26 13:58:33 UTC
pushed to SLE11-SP1-TD.
Comment 21 Swamp Workflow Management 2013-04-12 18:26:15 UTC
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo
Products:
SLE-DEBUGINFO 10-SP4 (i386)
SLE-DESKTOP 10-SP4 (i386)
SLE-SDK 10-SP4 (i386)
SLE-SERVER 10-SP4 (i386)
Comment 22 Swamp Workflow Management 2013-04-12 18:40:09 UTC
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 10-SP4 (ia64)
SLE-SDK 10-SP4 (ia64)
SLE-SERVER 10-SP4 (ia64)
Comment 23 Swamp Workflow Management 2013-04-12 19:00:13 UTC
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo
Products:
SLE-DEBUGINFO 10-SP4 (x86_64)
SLE-DESKTOP 10-SP4 (x86_64)
SLE-SDK 10-SP4 (x86_64)
SLE-SERVER 10-SP4 (x86_64)
Comment 24 Swamp Workflow Management 2013-04-12 19:07:57 UTC
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms
Products:
SLE-DEBUGINFO 10-SP4 (s390x)
SLE-SERVER 10-SP4 (s390x)
Comment 25 Swamp Workflow Management 2013-04-12 19:20:04 UTC
Update released for: kernel-default, kernel-default-debuginfo, kernel-iseries64, kernel-iseries64-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-ppc64, kernel-ppc64-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 10-SP4 (ppc)
SLE-SDK 10-SP4 (ppc)
SLE-SERVER 10-SP4 (ppc)
Comment 26 Swamp Workflow Management 2013-04-26 18:37:54 UTC
The SWAMPID for this issue is 52297.
This issue was rated as important.
Please submit fixed packages until 2013-05-03.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/52297
Comment 27 Swamp Workflow Management 2013-05-02 14:04:41 UTC
Update released for: kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, xen-kmp-default, xen-kmp-trace
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 28 Marcus Meissner 2013-05-07 11:50:21 UTC
We have just released a kernel update for SUSE Linux Enterprise 11 SP2 that mentions/fixes this bug. The released kernel version is 3.0.74-0.6.6.2.
Comment 29 Swamp Workflow Management 2013-05-07 14:13:33 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-HAE 11-SP2 (s390x)
SLE-SERVER 11-SP2 (s390x)
Comment 30 Swamp Workflow Management 2013-05-07 14:34:52 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-DESKTOP 11-SP2 (i386)
SLE-HAE 11-SP2 (i386)
SLE-SERVER 11-SP2 (i386)
SLES4VMWARE 11-SP2 (i386)
Comment 31 Swamp Workflow Management 2013-05-07 14:50:11 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ppc64)
SLE-HAE 11-SP2 (ppc64)
SLE-SERVER 11-SP2 (ppc64)
Comment 32 Swamp Workflow Management 2013-05-07 15:25:05 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ia64)
SLE-HAE 11-SP2 (ia64)
SLE-SERVER 11-SP2 (ia64)
Comment 33 Swamp Workflow Management 2013-05-07 19:07:47 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 34 Swamp Workflow Management 2013-05-07 20:08:28 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 35 Swamp Workflow Management 2013-05-07 21:09:48 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 36 Swamp Workflow Management 2013-05-07 22:10:22 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-ppc64, ext4-writeable-kmp-trace, kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 37 Swamp Workflow Management 2013-05-07 23:11:28 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 38 Swamp Workflow Management 2013-05-14 12:08:33 UTC
Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-RT 11-SP2 (x86_64)
Comment 39 Alexander Bergmann 2013-05-27 09:52:26 UTC
Checked all releases. Closing as fixed.
Comment 40 Swamp Workflow Management 2013-06-10 09:36:36 UTC
openSUSE-SU-2013:0925-1: An update that solves 21 vulnerabilities and has 87 fixes is now available.

Category: security (important)
Bug References: 578046,651219,714604,722398,730117,736149,738210,744692,754583,754898,758243,761849,762424,763494,767612,768052,773577,776787,777616,777746,779577,780977,786150,786814,786900,787821,788826,789235,789311,789359,790867,792674,792793,793139,793671,794513,794529,794805,795269,795928,795957,795961,796412,796418,796823,797042,797175,798921,799197,799209,799270,799275,799578,799926,800280,800701,801038,801178,801713,801717,801720,801782,802153,802353,802445,802712,803056,803067,803394,803674,803712,804154,804220,804609,805823,806138,806395,806404,806431,806466,806469,806492,806631,806825,806847,806908,806976,806980,807431,807517,807560,807853,808166,808307,808829,808966,808991,809155,809166,809375,809493,809748,812281,812315,813963,816443,819789,89359
CVE References: CVE-2010-3873,CVE-2011-4131,CVE-2011-4604,CVE-2011-4622,CVE-2012-1601,CVE-2012-2119,CVE-2012-2137,CVE-2012-4461,CVE-2012-5517,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-0871,CVE-2013-0913,CVE-2013-1767,CVE-2013-1774,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1848,CVE-2013-2094
Sources used:
openSUSE 11.4 (src):    iscsitarget-1.4.19-18.2, kernel-docs-3.0.74-34.2, kernel-source-3.0.74-34.1, kernel-syms-3.0.74-34.1, ndiswrapper-1.57rc1-20.1, omnibook-20100406-13.1, open-vm-tools-2012.8.8.1-41.1, pcfclock-0.44-250.1, preload-1.2-6.29.1, systemtap-1.4-1.11.1, virtualbox-4.0.12-0.58.1, xen-4.0.3_05-57.1, xtables-addons-1.37-0.22.1
Comment 41 Swamp Workflow Management 2014-02-24 08:52:17 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-SERVER 11-SP1-LTSS (i386)
Comment 42 Swamp Workflow Management 2014-02-24 09:01:07 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-SERVER 11-SP1-LTSS (s390x)
Comment 43 Swamp Workflow Management 2014-02-24 09:53:01 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-SERVER 11-SP1-LTSS (x86_64)
Comment 44 Swamp Workflow Management 2014-02-24 14:17:48 UTC
SUSE-SU-2014:0287-1: An update that solves 84 vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 714906,715250,735347,744955,745640,748896,752544,754898,760596,761774,762099,762366,763463,763654,767610,767612,768668,769644,769896,770695,771706,771992,772849,773320,773383,773577,773640,773831,774523,775182,776024,776144,776885,777473,780004,780008,780572,782178,785016,786013,787573,787576,789648,789831,795354,797175,798050,800280,801178,802642,803320,804154,804653,805226,805227,805945,806138,806976,806977,806980,807320,808358,808827,809889,809891,809892,809893,809894,809898,809899,809900,809901,809902,809903,810045,810473,811354,812364,813276,813735,814363,814716,815352,815745,816668,817377,818337,818371,820338,822575,822579,823260,823267,823618,824159,824295,825227,826707,827416,827749,827750,828012,828119,833820,835094,835481,835839,840226,840858,845028,847652,847672,848321,849021,851095,851103,852558,852559,853050,853051,853052,856917,858869,858870,858872
CVE References: CVE-2011-1083,CVE-2011-3593,CVE-2012-1601,CVE-2012-2137,CVE-2012-2372,CVE-2012-2745,CVE-2012-3375,CVE-2012-3412,CVE-2012-3430,CVE-2012-3511,CVE-2012-4444,CVE-2012-4530,CVE-2012-4565,CVE-2012-6537,CVE-2012-6538,CVE-2012-6539,CVE-2012-6540,CVE-2012-6541,CVE-2012-6542,CVE-2012-6544,CVE-2012-6545,CVE-2012-6546,CVE-2012-6547,CVE-2012-6548,CVE-2012-6549,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-0268,CVE-2013-0310,CVE-2013-0343,CVE-2013-0349,CVE-2013-0871,CVE-2013-0914,CVE-2013-1767,CVE-2013-1773,CVE-2013-1774,CVE-2013-1792,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1827,CVE-2013-1928,CVE-2013-1943,CVE-2013-2015,CVE-2013-2141,CVE-2013-2147,CVE-2013-2164,CVE-2013-2232,CVE-2013-2234,CVE-2013-2237,CVE-2013-2634,CVE-2013-2851,CVE-2013-2852,CVE-2013-2888,CVE-2013-2889,CVE-2013-2892,CVE-2013-2893,CVE-2013-2897,CVE-2013-2929,CVE-2013-3222,CVE-2013-3223,CVE-2013-3224,CVE-2013-3225,CVE-2013-3228,CVE-2013-3229,CVE-2013-3231,CVE-2013-3232,CVE-2013-3234,CVE-2013-3235,CVE-2013-4345,CVE-2013-4470,CVE-2013-4483,CVE-2013-4511,CVE-2013-4587,CVE-2013-4588,CVE-2013-4591,CVE-2013-6367,CVE-2013-6368,CVE-2013-6378,CVE-2013-6383,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    btrfs-0-0.3.151, ext4dev-0-7.9.118, hyper-v-0-0.18.37, kernel-default-2.6.32.59-0.9.1, kernel-ec2-2.6.32.59-0.9.1, kernel-pae-2.6.32.59-0.9.1, kernel-source-2.6.32.59-0.9.1, kernel-syms-2.6.32.59-0.9.1, kernel-trace-2.6.32.59-0.9.1, kernel-xen-2.6.32.59-0.9.1
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.9.1, kernel-pae-2.6.32.59-0.9.1, kernel-xen-2.6.32.59-0.9.1
Comment 45 Swamp Workflow Management 2014-02-24 14:38:55 UTC
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 46 Swamp Workflow Management 2014-02-24 15:09:33 UTC
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 47 Swamp Workflow Management 2014-02-24 16:10:35 UTC
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 54 Jürgen Groß 2015-02-26 05:17:03 UTC
Jan, as you've already started to work on this, I'm switching the needinfo to you again as suggested by Mike.
Comment 60 Swamp Workflow Management 2015-03-19 08:15:33 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-03-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61218
Comment 69 Swamp Workflow Management 2019-05-21 06:10:26 UTC
SUSE-SU-2019:14051-1: An update that solves 11 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1082943,1094244,1103186,1106886,1110436,1111331,1112178,1117515,1119019,1127082,1127376,1127445,1127534,1127738,1128166,1128383,1129248,1129437,1129439,1129770,1130353,1130384,1131107,1131587,1132589,773383,774523,797175,800280,801178,816708
CVE References: CVE-2012-3412,CVE-2012-3430,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-1979,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.90.1, kernel-default-3.0.101-108.90.1, kernel-ec2-3.0.101-108.90.1, kernel-pae-3.0.101-108.90.1, kernel-ppc64-3.0.101-108.90.1, kernel-source-3.0.101-108.90.1, kernel-syms-3.0.101-108.90.1, kernel-trace-3.0.101-108.90.1, kernel-xen-3.0.101-108.90.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.90.1, kernel-pae-3.0.101-108.90.1, kernel-ppc64-3.0.101-108.90.1, kernel-trace-3.0.101-108.90.1, kernel-xen-3.0.101-108.90.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.90.1, kernel-default-3.0.101-108.90.1, kernel-ec2-3.0.101-108.90.1, kernel-pae-3.0.101-108.90.1, kernel-ppc64-3.0.101-108.90.1, kernel-trace-3.0.101-108.90.1, kernel-xen-3.0.101-108.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.