|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2015-5156: kernel: virt-io max-skb-frags heap overflow | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Johannes Segitz <jsegitz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | bpetkov, brogers, meissner, mhocko, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/119645/ | ||
| Whiteboard: | CVSSv2:SUSE:CVE-2015-5156:6.0:(AV:L/AC:H/Au:S/C:C/I:C/A:C) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 945048 | ||
|
Description
Johannes Segitz
2015-08-06 07:37:13 UTC
bugbot adjusting priority As Alex is unavailable for an extended time, I'll take this bug. Fix pushed to users/brogers/SLE12/for-next. SUSE-SU-2015:1727-1: An update that solves 7 vulnerabilities and has 44 fixes is now available. Category: security (important) Bug References: 856382,886785,898159,907973,908950,912183,914818,916543,920016,922071,924722,929092,929871,930813,932285,932350,934430,934942,934962,936556,936773,937609,937612,937613,937616,938550,938706,938891,938892,938893,939145,939266,939716,939834,939994,940398,940545,940679,940776,940912,940925,940965,941098,941305,941908,941951,942160,942204,942307,942367,948536 CVE References: CVE-2015-5156,CVE-2015-5157,CVE-2015-5283,CVE-2015-5697,CVE-2015-6252,CVE-2015-6937,CVE-2015-7613 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): kernel-default-3.12.48-52.27.1 SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.48-52.27.2, kernel-obs-build-3.12.48-52.27.1 SUSE Linux Enterprise Server 12 (src): kernel-default-3.12.48-52.27.1, kernel-source-3.12.48-52.27.1, kernel-syms-3.12.48-52.27.1, kernel-xen-3.12.48-52.27.2 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.48-52.27.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_8-1-2.6 SUSE Linux Enterprise Desktop 12 (src): kernel-default-3.12.48-52.27.1, kernel-source-3.12.48-52.27.1, kernel-syms-3.12.48-52.27.1, kernel-xen-3.12.48-52.27.2 (In reply to Bruce Rogers from comment #5) > Fix pushed to users/brogers/SLE12/for-next. I assume that older kernels are not affected. right? SUSE-SU-2015:2292-1: An update that solves 7 vulnerabilities and has 54 fixes is now available. Category: security (important) Bug References: 758040,814440,904348,921949,924493,926238,933514,936773,939826,939926,940776,941113,941202,943959,944296,947241,947478,949100,949192,949706,949744,949936,950013,950580,950750,950998,951110,951165,951440,951638,951864,952384,952666,953717,953826,953830,953971,953980,954635,954986,955136,955148,955224,955354,955422,955533,955644,956047,956053,956147,956284,956703,956711,956717,956801,956876,957395,957546,958504,958510,958647 CVE References: CVE-2015-0272,CVE-2015-2925,CVE-2015-5156,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8215 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): kernel-default-3.12.51-60.20.2 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): kernel-docs-3.12.51-60.20.2, kernel-obs-build-3.12.51-60.20.1 SUSE Linux Enterprise Server 12-SP1 (src): kernel-default-3.12.51-60.20.2, kernel-source-3.12.51-60.20.2, kernel-syms-3.12.51-60.20.2, kernel-xen-3.12.51-60.20.2 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.51-60.20.2 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP1_Update_1-1-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): kernel-default-3.12.51-60.20.2, kernel-source-3.12.51-60.20.2, kernel-syms-3.12.51-60.20.2, kernel-xen-3.12.51-60.20.2 (In reply to Michal Hocko from comment #7) > (In reply to Bruce Rogers from comment #5) > > Fix pushed to users/brogers/SLE12/for-next. > > I assume that older kernels are not affected. right? They are affected. As Alex is back, I'll return it to his queue. not yet fixed for sle11 still not fixed for sle11. Still unfixed for SLE 11. Kernel maintainers, please put this into the next SLE 11 kernel submit cve/linux-3.0: pushed cve/linux-2.6.32: pushed cve/linux-2.6.16: doesn't have virtio cve/linux-3.12: has it 12SP3: has it 12SP2: has it SLE15: has it master: has it stable: has it Bouncing back. SUSE-SU-2018:1080-1: An update that solves 18 vulnerabilities and has 29 fixes is now available. Category: security (important) Bug References: 1010470,1013018,1039348,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087260,1087762,1088147,1088260,1089608,909077,940776,943786 CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2017-5715,CVE-2018-10087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-108.38.1 SUSE Linux Enterprise Server 11-SP4 (src): kernel-bigmem-3.0.101-108.38.1, kernel-default-3.0.101-108.38.1, kernel-ec2-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-source-3.0.101-108.38.1, kernel-syms-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.38.1, kernel-default-3.0.101-108.38.1, kernel-ec2-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1 SUSE-SU-2018:1172-1: An update that solves 20 vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1010470,1039348,1052943,1062568,1062840,1063416,1067118,1072689,1072865,1078669,1078672,1078673,1078674,1080464,1080757,1082424,1083242,1083483,1083494,1084536,1085331,1086162,1087088,1087209,1087260,1087762,1088147,1088260,1089608,1089752,940776 CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822,CVE-2018-8897 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-source-3.0.101-0.47.106.22.1, kernel-syms-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-ppc64-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-source-3.0.101-0.47.106.22.1, kernel-syms-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1 SUSE-SU-2018:1309-1: An update that solves 18 vulnerabilities and has 36 fixes is now available. Category: security (important) Bug References: 1010470,1013018,1032084,1039348,1050431,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087209,1087260,1087762,1088147,1088260,1089608,1089665,1089668,1089752,909077,940776,943786,951638 CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2018-10087,CVE-2018-10124,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-69.24.1, kernel-rt_trace-3.0.101.rt130-69.24.1, kernel-source-rt-3.0.101.rt130-69.24.1, kernel-syms-rt-3.0.101.rt130-69.24.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-69.24.1, kernel-rt_debug-3.0.101.rt130-69.24.1, kernel-rt_trace-3.0.101.rt130-69.24.1 released |