Bug 917839 (CVE-2015-1593)

Summary: VUL-0: CVE-2015-1593: kernel: reduced entropy in stack randomisation
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Alexander Graf <agraf>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger, bpetkov, bwiedemann, duwe, dvaleev, hannsj_uhl, jsegitz, meissner, mhocko, mmeisters, xinrong.fu, xuanke.han
Version: unspecified   
Target Milestone: ---   
Hardware: PowerPC   
OS: Other   
URL: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
Whiteboard: maint:running:61844:important maint:released:sle11-sp3:61845 maint:released:sle11-sp3:61847 maint:released:sle11-sp3:61849 maint:released:sle11-sp3:61853 maint:released:sle11-sp3:61852 maint:released:sle11-sp3:61909 maint:released:sle10-sp3:62341 CVSSv2:RedHat:CVE-2015-1805:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv2:RedHat:CVE-2015-1593:1.9:(AV:L/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2016-0774:5.4:(AV:L/AC:M/Au:N/C:P/I:N/A:C) CVSSv2:NVD:CVE-2015-1805:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2015-1593:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2015-1805:5.4:(AV:L/AC:M/Au:N/C:P/I:N/A:C) CVSSv2:NVD:CVE-2015-4167:4.7:(AV:L/AC:M/Au:N/C:N/I:N/A:C) CVSSv2:RedHat:CVE-2015-4167:4.7:(AV:L/AC:M/Au:N/C:N/I:N/A:C)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: No
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 959156    
Attachments: patch from security researchers
updated patch https://lkml.org/lkml/2015/2/14/61

Description Andreas Stieger 2015-02-13 14:52:32 UTC
An integer overflow in the stack randomisation function slightly reduces the entropy of the stack randomisation on x86_64 to one fourth of the expected entropy, making ASLR 

http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
https://lkml.org/lkml/2015/1/7/656
Comment 1 Andreas Stieger 2015-02-13 14:56:46 UTC
To reproduce:

$ for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done
7fff612ab000-7fff612cc000 rw-p 00000000 00:00 0                          [stack]
7fff7df8d000-7fff7dfae000 rw-p 00000000 00:00 0                          [stack]
7fff9b738000-7fff9b759000 rw-p 00000000 00:00 0                          [stack]
7fff915db000-7fff915fc000 rw-p 00000000 00:00 0                          [stack]
7fffa4111000-7fffa4132000 rw-p 00000000 00:00 0                          [stack]
7fff1f272000-7fff1f293000 rw-p 00000000 00:00 0                          [stack]
7fffa5831000-7fffa5852000 rw-p 00000000 00:00 0                          [stack]
7fff10ac5000-7fff10ae6000 rw-p 00000000 00:00 0                          [stack]
7fffeb039000-7fffeb05a000 rw-p 00000000 00:00 0                          [stack]
7fff807b6000-7fff807d7000 rw-p 00000000 00:00 0                          [stack]

^^^^
always shows 7FFF. When fixed, covers range from 7FFC to 7FFD.
Comment 2 Andreas Stieger 2015-02-13 14:58:51 UTC
Created attachment 623243 [details]
patch from security researchers
Comment 3 Johannes Segitz 2015-02-13 15:06:04 UTC
No CVE right now. CVE request: http://www.openwall.com/lists/oss-security/2015/02/13/4
Comment 4 Swamp Workflow Management 2015-02-13 23:01:02 UTC
bugbot adjusting priority
Comment 5 Johannes Segitz 2015-02-14 15:15:35 UTC
CVE-2015-1593 was assigned
Comment 6 Johannes Segitz 2015-02-15 13:17:06 UTC
Fix: https://lkml.org/lkml/2015/2/14/61
Comment 7 Marcus Meissner 2015-02-16 06:54:53 UTC
Boris, one that you could check out :)
Comment 8 Andreas Stieger 2015-02-16 08:48:07 UTC
Created attachment 623377 [details]
updated patch https://lkml.org/lkml/2015/2/14/61
Comment 9 Borislav Petkov 2015-02-16 09:42:21 UTC
Ok, pinged Viro to pick it up.
Comment 10 Borislav Petkov 2015-02-18 09:18:38 UTC
Ok, I picked it up and it is going to tip next week, if no one objects in the meantime. It is CCed to stable so it'll reach SLE12 automatically, the rest of the susies will get it backported next week too.
Comment 11 Borislav Petkov 2015-02-23 16:05:46 UTC
Ok, patch works (this is on 11SP3):

before:
for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done
7fffc852a000-7fffc854b000 rw-p 00000000 00:00 0                          [stack]
7fff7bfcf000-7fff7bff0000 rw-p 00000000 00:00 0                          [stack]
7fff50c64000-7fff50c85000 rw-p 00000000 00:00 0                          [stack]
7fff7deaa000-7fff7decb000 rw-p 00000000 00:00 0                          [stack]
7fff96468000-7fff96489000 rw-p 00000000 00:00 0                          [stack]
7fff865dc000-7fff865fd000 rw-p 00000000 00:00 0                          [stack]
7fff9e9cb000-7fff9e9ec000 rw-p 00000000 00:00 0                          [stack]
7fff314c8000-7fff314e9000 rw-p 00000000 00:00 0                          [stack]
7fff905ca000-7fff905eb000 rw-p 00000000 00:00 0                          [stack]
7fff73d13000-7fff73d34000 rw-p 00000000 00:00 0                          [stack]

after:
 for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done
7ffea23ee000-7ffea240f000 rw-p 00000000 00:00 0                          [stack]
7ffe5bc18000-7ffe5bc39000 rw-p 00000000 00:00 0                          [stack]
7ffc616a6000-7ffc616c7000 rw-p 00000000 00:00 0                          [stack]
7ffde02ed000-7ffde030e000 rw-p 00000000 00:00 0                          [stack]
7ffc4e7e5000-7ffc4e806000 rw-p 00000000 00:00 0                          [stack]
7fff36db2000-7fff36dd3000 rw-p 00000000 00:00 0                          [stack]
7ffe94a62000-7ffe94a83000 rw-p 00000000 00:00 0                          [stack]
7ffd090f1000-7ffd09112000 rw-p 00000000 00:00 0                          [stack]
7fff405f1000-7fff40612000 rw-p 00000000 00:00 0                          [stack]
7ffc99ff9000-7ffc9a01a000 rw-p 00000000 00:00 0                          [stack]
Comment 12 Borislav Petkov 2015-02-23 17:17:51 UTC
Applied to 11-SP3, SP4 will get it automatically. mhocko, you might want to pick it up for TD.
Comment 13 Borislav Petkov 2015-02-23 18:26:08 UTC
Applied to oS13.{1,2}.
Comment 14 Michal Hocko 2015-02-24 07:57:38 UTC
Boris, do I understand it correctly and the issue has been caused by 80938332d8cf (x86: Increase MIN_GAP to include randomized stack)?
Comment 15 Michal Hocko 2015-02-24 08:04:05 UTC
pushed to SLE11-SP1-TD branch.
Comment 18 Swamp Workflow Management 2015-02-26 10:10:18 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-03-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60808
Comment 19 Andreas Stieger 2015-03-04 13:35:17 UTC
Second issue looking very similar, no CVE assigned yet:
http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

Reproducer 2: 
(
$ for i in `seq 1 10`; do cat /proc/self/maps | grep vdso ; done
7fa4b50000-7fa4b51000 r-xp 00000000 00:00 0                              [vdso]
7f927ba000-7f927bb000 r-xp 00000000 00:00 0                              [vdso]
7f8d3b6000-7f8d3b7000 r-xp 00000000 00:00 0                              [vdso]
7fb4d12000-7fb4d13000 r-xp 00000000 00:00 0                              [vdso]
7fb4bd2000-7fb4bd3000 r-xp 00000000 00:00 0                              [vdso]
7fb5f9c000-7fb5f9d000 r-xp 00000000 00:00 0                              [vdso]
7f7b668000-7f7b669000 r-xp 00000000 00:00 0                              [vdso]
7fa8a40000-7fa8a41000 r-xp 00000000 00:00 0                              [vdso]
7f7cb2e000-7f7cb2f000 r-xp 00000000 00:00 0                              [vdso]
7f9068a000-7f9068b000 r-xp 00000000 00:00 0                              [vdso]
                 ^
uneven 113579bdf ^
)

It lists 6 commits between 2009 and 2014 with different times for when this affected different architectures.
Comment 20 Borislav Petkov 2015-03-04 14:12:16 UTC
Adding Dinar for PPC. Who does ARM?
Comment 21 Borislav Petkov 2015-03-22 20:04:24 UTC
Ok, so the x86 aspect is solved, assigning to Dinar for PPC.

@Dinar: if you're not the right guy for this, please reassign to whoever
is supposed to deal with this for PPC.

Reportedly, bug in comment #19 talks about ARM64 being affected too so
this bugzilla should be looked at by an ARM person too, so assign to an
ARM person after you've done please.

Thanks.
Comment 22 Swamp Workflow Management 2015-03-24 06:22:41 UTC
SUSE-SU-2015:0581-1: An update that solves 21 vulnerabilities and has 67 fixes is now available.

Category: security (important)
Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250
CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-ec2-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.7, gfs2-2-0.17.1.7, ocfs2-1.6-0.21.1.7
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1
Comment 24 Swamp Workflow Management 2015-03-25 14:42:44 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-04-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61308
Comment 25 Dinar Valeev 2015-03-27 11:42:41 UTC
Submitted to SLE11-SP3

PowerPC only affected on kernels prior 3.2
Comment 26 Dinar Valeev 2015-03-27 11:43:32 UTC
Passing to ARM. 

Alex are you the right person?
Comment 27 Xuanke Han 2015-04-07 07:48:40 UTC
hi,all

does this bug effect on sles10 SPx? some customer asked this question, and I'm not sure about it.

Thanks
Comment 31 Swamp Workflow Management 2015-04-13 12:15:37 UTC
openSUSE-SU-2015:0713-1: An update that solves 13 vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 867199,893428,895797,900811,901925,903589,903640,904899,905681,907039,907818,907988,908582,908588,908589,908592,908593,908594,908596,908598,908603,908604,908605,908606,908608,908610,908612,909077,909078,909477,909634,910150,910322,910440,911311,911325,911326,911356,911438,911578,911835,912061,912202,912429,912705,913059,913466,913695,914175,915425,915454,915456,915577,915858,916608,917830,917839,918954,918970,919463,920581,920604,921313,922542,922944
CVE References: CVE-2014-8134,CVE-2014-8160,CVE-2014-8559,CVE-2014-9419,CVE-2014-9420,CVE-2014-9428,CVE-2014-9529,CVE-2014-9584,CVE-2014-9585,CVE-2015-0777,CVE-2015-1421,CVE-2015-1593,CVE-2015-2150
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.6.6, cloop-2.639-14.6.6, crash-7.0.8-6.6, hdjmod-1.28-18.7.6, ipset-6.23-6.6, kernel-docs-3.16.7-13.2, kernel-obs-build-3.16.7-13.7, kernel-obs-qa-3.16.7-13.1, kernel-obs-qa-xen-3.16.7-13.1, kernel-source-3.16.7-13.1, kernel-syms-3.16.7-13.1, pcfclock-0.44-260.6.2, vhba-kmp-20140629-2.6.2, virtualbox-4.3.20-10.2, xen-4.4.1_08-12.2, xtables-addons-2.6-6.2
Comment 32 Swamp Workflow Management 2015-04-13 12:20:11 UTC
openSUSE-SU-2015:0714-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 903640,904899,907988,909078,910150,911325,911326,912202,912654,912705,913059,913695,914175,915322,917839,920901
CVE References: CVE-2014-7822,CVE-2014-8134,CVE-2014-8160,CVE-2014-8173,CVE-2014-8559,CVE-2014-9419,CVE-2014-9420,CVE-2014-9529,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.19.1, crash-7.0.2-2.19.1, hdjmod-1.28-16.19.1, ipset-6.21.1-2.23.1, iscsitarget-1.4.20.3-13.19.1, kernel-docs-3.11.10-29.2, kernel-source-3.11.10-29.1, kernel-syms-3.11.10-29.1, ndiswrapper-1.58-19.1, pcfclock-0.44-258.19.1, vhba-kmp-20130607-2.20.1, virtualbox-4.2.28-2.28.1, xen-4.3.3_04-37.1, xtables-addons-2.3-2.19.1
Comment 36 Swamp Workflow Management 2015-04-20 19:23:13 UTC
SUSE-SU-2015:0736-1: An update that solves 21 vulnerabilities and has 69 fixes is now available.

Category: security (important)
Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910251,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250,924282
CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.14, drbd-kmp-8.4.4-0.23.1.14, iscsitarget-1.4.20-0.39.1.14, kernel-rt-3.0.101.rt130-0.33.36.1, kernel-rt_trace-3.0.101.rt130-0.33.36.1, kernel-source-rt-3.0.101.rt130-0.33.36.1, kernel-syms-rt-3.0.101.rt130-0.33.36.1, lttng-modules-2.1.1-0.12.1.13, ocfs2-1.6-0.21.1.14, ofed-1.5.4.1-0.14.1.14
Comment 37 Swamp Workflow Management 2015-05-29 09:48:28 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-06-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61844
Comment 38 Swamp Workflow Management 2015-06-08 12:11:34 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-06-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61904
Comment 39 Swamp Workflow Management 2015-07-02 15:16:34 UTC
SUSE-SU-2015:1174-1: An update that solves 15 vulnerabilities and has 71 fixes is now available.

Category: security (moderate)
Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-ec2-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.21, gfs2-2-0.17.1.21, ocfs2-1.6-0.21.1.21
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1
Comment 40 Swamp Workflow Management 2015-08-12 17:19:30 UTC
SUSE-SU-2015:1376-1: An update that solves 15 vulnerabilities and has 71 fixes is now available.

Category: security (important)
Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.22, drbd-kmp-8.4.4-0.23.1.22, iscsitarget-1.4.20-0.39.1.22, kernel-rt-3.0.101.rt130-0.33.38.1, kernel-rt_trace-3.0.101.rt130-0.33.38.1, kernel-source-rt-3.0.101.rt130-0.33.38.1, kernel-syms-rt-3.0.101.rt130-0.33.38.1, lttng-modules-2.1.1-0.12.1.20, ocfs2-1.6-0.21.1.22, ofed-1.5.4.1-0.14.1.22
Comment 44 Swamp Workflow Management 2015-11-17 11:56:28 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-11-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62340
Comment 45 XinRong Fu 2015-12-10 17:23:09 UTC
Could you please release PTF for sles10sp3 ltss?
Should i new a SR for it?
Comment 47 Michal Hocko 2015-12-11 08:15:09 UTC
(In reply to fu xinrong from comment #45)
> Could you please release PTF for sles10sp3 ltss?
> Should i new a SR for it?

Open an L3 request and L3 people will build a PTF for you.
Comment 48 Marcus Meissner 2016-01-08 22:27:44 UTC
For SLE12 it is in patches.kernel.org/patch-3.12.38-39
Comment 49 Marcus Meissner 2016-08-01 11:52:00 UTC
done i think