|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2016-4565: kernel: infiniband: Using write() instead of bi-directional ioctl() allows writing into user specified kernel memory | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P3 - Medium | CC: | abergmann, bpetkov, bpoirier, brad.bendily, jeffm, meissner, mhocko, smash_bz, zhi.gang.gao |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/168718/ | ||
| Whiteboard: | CVSSv2:SUSE:CVE-2016-4565:6.6:(AV:L/AC:M/Au:S/C:C/I:C/A:C) maint:released:oes11-sp2:62925 maint:released:sle10-sp3:62902 maint:running:62924:important | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | 980883 | ||
| Bug Blocks: | |||
| Attachments: | reproducer.c | ||
|
Description
Marcus Meissner
2016-05-11 16:13:59 UTC
Created attachment 676586 [details] reproducer.c > And here is an example that shows that this indeed works, tested > on a Debian distro kernel: > > First, as root (warning: this will make the currently running system > exploitable): > root@debian:~# modprobe rdma_ucm > > Now, as attacker: > user@debian:~$ cat /proc/sys/vm/swappiness > 60 > user@debian:~$ ls -l /dev/infiniband/rdma_cm > crw-rw-rw- 1 root root 10, 59 Jan 9 23:07 /dev/infiniband/rdma_cm > user@debian:~$ gdb -q -ex 'print &vm_swappiness' -ex quit > /usr/lib/debug/boot/vmlinux-$(uname -r) > Reading symbols from /usr/lib/debug/boot/vmlinux-3.16.0-4- > amd64...done. > $1 = (int *) 0xffffffff81861760 <vm_swappiness> > user@debian:~$ gcc -Wall -std=gnu99 -o infiniwrite infiniwrite.c > user@debian:~$ ./infiniwrite 0xffffffff81861760 > that probably worked? clobber_kaddr(0xffffffff81861760)=32 > user@debian:~$ cat /proc/sys/vm/swappiness > 0 > > As you can see, the vm_swappiness variable in kernelspace was > overwritten by an unprivileged userspace process. might also affect the ofed-kmps bugbot adjusting priority sle10, sle11, sle12 seems have the affected code and module. if the module is loaded, it is a local root exploit...? Fixed in e6bd18f IB/security: Restrict use of the write() interface (v4.6-rc6) drivers/infiniband/core/ucm.c | 4 ++++ introduced in a5b7454 [PATCH] IB: Add kernel portion of user CM implementation (v2.6.13-rc4) drivers/infiniband/core/ucma.c | 3 +++ introduced in 7521663 RDMA/cma: Export rdma cm interface to userspace (v2.6.20-rc1) drivers/infiniband/core/uverbs_main.c | 5 +++++ introduced in bc38a6a [PATCH] IB uverbs: core implementation (v2.6.13-rc3) drivers/infiniband/hw/qib/qib_file_ops.c | 5 +++++ introduced in f931551 IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters (v2.6.35-rc1) drivers/staging/rdma/hfi1/TODO | 2 +- drivers/staging/rdma/hfi1/file_ops.c | 6 ++++++ introduced in 7724105 IB/hfi1: add driver files (v4.3-rc2) SLE12 : 3.12.59 applied to ucm, ucma, uverbs, qib patches.fixes/IB-security-Restrict-use-of-the-write-interface.patch pushed to 47463e8 SLE12-SP1 : 3.12.59 should be auto merged from SLE12 cve/linux-3.0 : 3.0.101 applied to ucm, ucma, uverbs, qib explicitely added include/rdma/ib.h pushed to dfb36d0 cve/linux-2.6.32 : 2.6.32.54 applied to ucm, ucma, uverbs explicitely added include/rdma/ib.h pushed to 776ba24 cve/linux-2.6.16 : 2.6.16.60 applied to ucm, uverbs explicitely added include/rdma/ib.h replaced usage of f_cred with fsuid/gid in ib_safe_file_access() pushed to a3cdfdd master : 4.6.0 fix already present stable : 4.6.0 fix already present openSUSE-13.2 : 3.16.7 applied to ucm, ucma, uverbs, qib pushed to 84b9ebd openSUSE-42.1 : 4.1.24 applied to ucm, ucma, uverbs, qib pushed to cb4ff30 This is an autogenerated message for OBS integration: This bug (979548) was mentioned in https://build.opensuse.org/request/show/396719 42.1 / kernel-source *** Bug 980363 has been marked as a duplicate of this bug. *** Hi Huawei is requesting solution for CVE-2016-4565 on suse10sp1/sp2, suse11sp1/sp3 (In reply to Zhigang Gao from comment #14) > Hi > Huawei is requesting solution for CVE-2016-4565 on suse10sp1/sp2, > suse11sp1/sp3 Have you opened an L3 for this? openSUSE-SU-2016:1641-1: An update that solves 19 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 945345,955654,963762,966245,966849,970506,971126,971799,973570,974308,975945,977198,978073,978401,978821,978822,979018,979213,979278,979548,979728,979867,979879,979913,980348,980371,980657,981058,981267,981344,982238,982239,982712,983143,983213,984460 CVE References: CVE-2013-7446,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3134,CVE-2016-3672,CVE-2016-3955,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4951,CVE-2016-5244 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.26-21.1, kernel-default-4.1.26-21.1, kernel-docs-4.1.26-21.2, kernel-ec2-4.1.26-21.1, kernel-obs-build-4.1.26-21.1, kernel-obs-qa-4.1.26-21.1, kernel-obs-qa-xen-4.1.26-21.1, kernel-pae-4.1.26-21.1, kernel-pv-4.1.26-21.1, kernel-source-4.1.26-21.1, kernel-syms-4.1.26-21.1, kernel-vanilla-4.1.26-21.1, kernel-xen-4.1.26-21.1 SUSE-SU-2016:1672-1: An update that solves 29 vulnerabilities and has 61 fixes is now available. Category: security (important) Bug References: 676471,866130,898592,936530,940413,944309,946122,949752,953369,956491,956852,957986,957988,957990,959381,960458,960857,961512,961518,963762,963998,965319,965860,965923,966245,967863,967914,968010,968018,968141,968500,968566,968670,968687,969149,969391,969571,970114,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,971433,971446,971729,971944,971947,971989,972363,973237,973378,973556,973570,974646,974787,975358,975772,975945,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,980371,980725,980788,980931,981231,981267,982532,982691,983143,983213,984107 CVE References: CVE-2015-7566,CVE-2015-8816,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-5244 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-77.2 SUSE Linux Enterprise Server 11-SP4 (src): kernel-default-3.0.101-77.1, kernel-ec2-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-source-3.0.101-77.1, kernel-syms-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-default-3.0.101-77.1, kernel-ec2-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1 SUSE-SU-2016:1690-1: An update that solves 29 vulnerabilities and has 89 fixes is now available. Category: security (important) Bug References: 676471,880007,889207,899908,903279,928547,931448,940413,943989,944309,945345,947337,953233,954847,956491,956852,957805,957986,960857,962336,962846,962872,963193,963572,963762,964461,964727,965319,966054,966245,966573,966831,967251,967292,967299,967903,968010,968141,968448,968512,968667,968670,968687,968812,968813,969439,969571,969655,969690,969735,969992,969993,970062,970114,970504,970506,970604,970892,970909,970911,970948,970955,970956,970958,970970,971049,971124,971125,971126,971159,971170,971360,971600,971628,971947,972003,972174,972844,972891,972933,972951,973378,973556,973570,973855,974165,974308,974406,974418,974646,975371,975488,975533,975945,976739,976868,977582,977685,978401,978822,979169,979213,979419,979485,979548,979867,979879,980348,980371,981143,981344,982354,982698,983213,983318,983394,983904,984456 CVE References: CVE-2014-9717,CVE-2015-8816,CVE-2015-8845,CVE-2016-0758,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-5244 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): kernel-default-3.12.60-52.49.1 SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.60-52.49.3, kernel-obs-build-3.12.60-52.49.1 SUSE Linux Enterprise Server 12 (src): kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.60-52.49.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_14-1-2.1 SUSE Linux Enterprise Desktop 12 (src): kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1 Patch is already in cve/linux-3.0 and will land eventually in LTSS kernel update if this has not happened already: commit dfb36d0c01bc3dbd2c89adbe9b95872cbbf11a13 Author: Benjamin Poirier <bpoirier@suse.com> Date: Fri May 13 17:54:24 2016 -0700 IB/security: Restrict use of the write() interface (bsc#979548 CVE-2016-4565). Marcus? for ltss we usually do updates every 6th months, next would be in around 2 - 3 months but as ther are some issues we can pull an update up a bit earlier this time. An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2016-07-25. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62901 SUSE-SU-2016:1937-1: An update that solves 24 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 662458,676471,897662,928547,944309,945345,947337,950998,951844,953048,953233,954847,956491,957805,957986,957990,958390,958463,960857,962742,962846,963762,964727,965087,966245,967640,968667,969016,970114,970506,970604,970609,970948,971049,971770,971947,972124,972933,973378,973499,973570,974165,974308,974620,974646,974692,975533,975772,975788,976739,976821,976868,977417,977582,977685,978401,978469,978527,978822,979169,979213,979347,979419,979485,979489,979521,979548,979867,979879,979922,980246,980348,980371,980706,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983394,983721,983904,983977,984148,984456,984755,985232,985978,986362,986569,986572,986811,988215,988498,988552 CVE References: CVE-2014-9717,CVE-2014-9904,CVE-2015-7833,CVE-2015-8539,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2847,CVE-2016-3672,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP1 (src): kernel-compute-3.12.61-60.18.1, kernel-compute_debug-3.12.61-60.18.1, kernel-rt-3.12.61-60.18.1, kernel-rt_debug-3.12.61-60.18.1, kernel-source-rt-3.12.61-60.18.1, kernel-syms-rt-3.12.61-60.18.1 SUSE-SU-2016:1985-1: An update that solves 20 vulnerabilities and has 43 fixes is now available. Category: security (important) Bug References: 676471,866130,909589,936530,944309,950998,953369,954847,956491,957986,960857,961518,963762,966245,967914,968500,969149,969391,970114,971030,971126,971360,971446,971944,971947,971989,973378,974620,974646,974787,975358,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,979915,980246,980371,980725,980788,980931,981231,981267,982532,982544,982691,983143,983213,983721,984107,984755,986362,986572,988498 CVE References: CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1, kernel-source-rt-3.0.101.rt130-57.1, kernel-syms-rt-3.0.101.rt130-57.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-57.1, kernel-rt_debug-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1 SUSE-SU-2016:2105-1: An update that solves 21 vulnerabilities and has 55 fixes is now available. Category: security (important) Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979074,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,980856,980883,981038,981143,981344,981597,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,984764,985232,985978,986362,986365,986569,986572,986573,986811,988215,988498,988552,990058 CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): kernel-default-3.12.62-60.62.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): kernel-docs-3.12.62-60.62.3, kernel-obs-build-3.12.62-60.62.1 SUSE Linux Enterprise Server 12-SP1 (src): kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.62-60.62.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP1_Update_7-1-4.2 SUSE Linux Enterprise Desktop 12-SP1 (src): kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1 openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available. Category: security (important) Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811 CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829 Sources used: openSUSE 13.2 (src): bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3 openSUSE-SU-2016:2184-1: An update that solves 21 vulnerabilities and has 49 fixes is now available. Category: security (important) Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,985232,985978,986362,986365,986569,986572,986811,988215,988498,988552,990058 CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829 Sources used: openSUSE 13.1 (src): cloop-2.639-11.32.2, crash-7.0.2-2.32.7, hdjmod-1.28-16.32.2, ipset-6.21.1-2.36.2, iscsitarget-1.4.20.3-13.32.2, kernel-debug-3.12.62-52.1, kernel-default-3.12.62-52.1, kernel-desktop-3.12.62-52.1, kernel-docs-3.12.62-52.2, kernel-ec2-3.12.62-52.1, kernel-pae-3.12.62-52.1, kernel-source-3.12.62-52.1, kernel-syms-3.12.62-52.1, kernel-trace-3.12.62-52.1, kernel-vanilla-3.12.62-52.1, kernel-xen-3.12.62-52.1, ndiswrapper-1.58-33.2, openvswitch-1.11.0-0.39.3, pcfclock-0.44-258.33.2, vhba-kmp-20130607-2.32.2, virtualbox-4.2.36-2.64.4, xen-4.3.4_10-65.3, xtables-addons-2.3-2.31.2 SUSE-SU-2016:2245-1: An update that solves 25 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 839104,866130,919351,944309,950998,960689,962404,963655,963762,966460,969149,970114,971126,971360,971446,971729,971944,974428,975945,978401,978821,978822,979213,979274,979548,979681,979867,979879,980371,980725,980788,980931,981267,983143,983213,983535,984107,984755,986362,986365,986445,986572,987709,988065,989152,989401,991608 CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3955,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5696,CVE-2016-5829,CVE-2016-6480 Sources used: SUSE OpenStack Cloud 5 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Manager Proxy 2.1 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Manager 2.1 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-ppc64-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE-SU-2017:0333-1: An update that solves 46 vulnerabilities and has 31 fixes is now available. Category: security (important) Bug References: 1003077,1003925,1004517,1007944,1008645,1008831,1008833,1009443,1010150,1010467,1010501,1010507,1010711,1010716,1011482,1011685,1012422,1012832,1013038,1013531,1013542,1014746,1017710,1021258,835175,839104,863873,874145,896484,908069,914939,922947,927287,940966,950998,954984,956514,958000,960689,963053,967716,968500,969340,971360,971944,978401,978821,979213,979274,979548,979595,979879,979915,980363,980371,980725,981267,983143,983213,984755,986362,986365,986445,986572,989261,991608,991665,992566,993890,993891,994296,994436,994618,994759,995968,997059,999932 CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2013-4312,CVE-2015-1350,CVE-2015-7513,CVE-2015-7833,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2016-0823,CVE-2016-10088,CVE-2016-1583,CVE-2016-2187,CVE-2016-2189,CVE-2016-3841,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5829,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): kernel-default-3.0.101-0.7.53.1, kernel-ec2-3.0.101-0.7.53.1, kernel-pae-3.0.101-0.7.53.1, kernel-source-3.0.101-0.7.53.1, kernel-syms-3.0.101-0.7.53.1, kernel-trace-3.0.101-0.7.53.1, kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): kernel-default-3.0.101-0.7.53.1, kernel-ec2-3.0.101-0.7.53.1, kernel-pae-3.0.101-0.7.53.1, kernel-trace-3.0.101-0.7.53.1, kernel-xen-3.0.101-0.7.53.1 released |