Bug 1094825 (CVE-2018-18386) - VUL-0: CVE-2018-18386: kernel-source: hangs after a pseudoterminal is put in both ICANON and EXTPROC mode (LTP pty02)
Summary: VUL-0: CVE-2018-18386: kernel-source: hangs after a pseudoterminal is put in ...
Status: RESOLVED FIXED
Alias: CVE-2018-18386
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Other
: P2 - High : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/208752/
Whiteboard: CVSSv3:SUSE:CVE-2018-18386:6.2:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-28 08:13 UTC by Michael Moese
Modified: 2019-08-28 09:12 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Moese 2018-05-28 08:13:17 UTC
It looks like we need commit 966031f340185: n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) in the SLE 15 kernel.

LTP has a regression test (kernel/pty/pty02.c) for this issue, can be seen here: https://openqa.suse.de/tests/1728714#

The upstream commit is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185
Comment 2 Jiri Slaby 2018-06-02 13:21:20 UTC
Pushed to SLE15.
Comment 3 Richard Palethorpe 2018-06-05 14:42:43 UTC
Still present in GMC 662.1
Comment 8 Swamp Workflow Management 2018-07-18 06:16:24 UTC
This is an autogenerated message for OBS integration:
This bug (1094825) was mentioned in
https://build.opensuse.org/request/show/623532 15.0 / kernel-source
Comment 9 Swamp Workflow Management 2018-07-18 06:16:24 UTC
This is an autogenerated message for OBS integration:
This bug (1094825) was mentioned in
https://build.opensuse.org/request/show/623532 15.0 / kernel-source
Comment 10 Swamp Workflow Management 2018-07-27 19:21:50 UTC
SUSE-SU-2018:2092-1: An update that solves 22 vulnerabilities and has 246 fixes is now available.

Category: security (important)
Bug References: 1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1060463,1061024,1061840,1062897,1064802,1065600,1066110,1066129,1068032,1068054,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083900,1084001,1084570,1085308,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086652,1086739,1087078,1087082,1087084,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088354,1088690,1088704,1088722,1088796,1088804,1088821,1088866,1089115,1089268,1089467,1089608,1089663,1089664,1089667,1089669,1089752,1089753,1089878,1090150,1090457,1090605,1090643,1090646,1090658,1090734,1090888,1090953,1091158,1091171,1091424,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092472,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094912,1094978,1095042,1095094,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100394,1100416,1100418,1100491,1100602,1100633,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-3639,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.3.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.3.1, kernel-livepatch-SLE15_Update_1-1-1.3.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.3.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.3.1, kernel-obs-build-4.12.14-25.3.1, kernel-source-4.12.14-25.3.1, kernel-syms-4.12.14-25.3.1, kernel-vanilla-4.12.14-25.3.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.3.1, kernel-source-4.12.14-25.3.1, kernel-zfcpdump-4.12.14-25.3.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.3.1
Comment 11 Swamp Workflow Management 2018-07-28 13:49:15 UTC
openSUSE-SU-2018:2119-1: An update that solves 23 vulnerabilities and has 283 fixes is now available.

Category: security (important)
Bug References: 1022476,1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055117,1055186,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1059336,1060463,1061024,1061840,1062897,1064802,1065600,1065729,1066110,1066129,1068032,1068054,1068546,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1074984,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080157,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083684,1083900,1084001,1084570,1084721,1085308,1085341,1085400,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086224,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086467,1086652,1086739,1087084,1087088,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088273,1088354,1088374,1088690,1088704,1088713,1088722,1088796,1088804,1088821,1088866,1088872,1089074,1089086,1089115,1089141,1089198,1089268,1089271,1089467,1089608,1089644,1089663,1089664,1089667,1089669,1089752,1089753,1089762,1089878,1089889,1089977,1090098,1090150,1090457,1090522,1090534,1090535,1090605,1090643,1090646,1090658,1090717,1090734,1090818,1090888,1090953,1091101,1091158,1091171,1091264,1091424,1091532,1091543,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092289,1092472,1092566,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094978,1095042,1095094,1095104,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100734,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-10323,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1108,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.7.1, kernel-default-4.12.14-lp150.12.7.1, kernel-docs-4.12.14-lp150.12.7.1, kernel-kvmsmall-4.12.14-lp150.12.7.1, kernel-obs-build-4.12.14-lp150.12.7.1, kernel-obs-qa-4.12.14-lp150.12.7.1, kernel-source-4.12.14-lp150.12.7.1, kernel-syms-4.12.14-lp150.12.7.1, kernel-vanilla-4.12.14-lp150.12.7.1
Comment 12 Marcus Meissner 2018-10-16 14:59:58 UTC
as users can disable all terminal operations I will consider this a security issue.

CVE requested.

patches.kernel.org/4.4.109-063-n_tty-fix-EXTPROC-vs-ICANON-interaction-with-.patch

sle15 has: patches.suse/n_tty-fix-EXTPROC-vs-ICANON-interaction-with-TIOCINQ.patch
Comment 13 Jiri Slaby 2018-10-18 08:04:56 UTC
So I updated References in those 2.

Given the bug is introduced by commit 26df6d13406d in 2.6.36-rc1, I pushed the patch to:
  cve/linux-3.0
  cve/linux-3.12
  cve/linux-4.4
Comment 17 Swamp Workflow Management 2018-10-31 17:12:39 UTC
SUSE-SU-2018:3589-1: An update that solves four vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.25.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-25.25.1, kernel-docs-4.12.14-25.25.1, kernel-obs-qa-4.12.14-25.25.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.25.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.25.1, kernel-obs-build-4.12.14-25.25.1, kernel-source-4.12.14-25.25.1, kernel-syms-4.12.14-25.25.1, kernel-vanilla-4.12.14-25.25.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.25.1, kernel-source-4.12.14-25.25.1, kernel-zfcpdump-4.12.14-25.25.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.25.1
Comment 18 Swamp Workflow Management 2018-10-31 17:35:34 UTC
SUSE-SU-2018:3593-1: An update that solves four vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.25.1, kernel-livepatch-SLE15_Update_7-1-1.3.1
Comment 19 Swamp Workflow Management 2018-11-01 19:41:14 UTC
This is an autogenerated message for OBS integration:
This bug (1094825) was mentioned in
https://build.opensuse.org/request/show/645932 15.0 / kernel-source
Comment 23 Swamp Workflow Management 2018-11-06 15:42:27 UTC
This is an autogenerated message for OBS integration:
This bug (1094825) was mentioned in
https://build.opensuse.org/request/show/646686 42.3 / kernel-source
Comment 25 Swamp Workflow Management 2018-11-07 20:14:11 UTC
openSUSE-SU-2018:3658-1: An update that solves 5 vulnerabilities and has 86 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1065600,1066674,1067906,1076830,1079524,1083647,1084760,1084831,1091800,1094825,1095805,1100132,1103356,1103543,1104124,1104731,1105025,1105428,1105536,1106110,1106237,1106240,1108377,1109330,1109739,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1111040,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113972
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.25.1, kernel-default-4.12.14-lp150.12.25.1, kernel-docs-4.12.14-lp150.12.25.1, kernel-kvmsmall-4.12.14-lp150.12.25.1, kernel-obs-build-4.12.14-lp150.12.25.1, kernel-obs-qa-4.12.14-lp150.12.25.1, kernel-source-4.12.14-lp150.12.25.1, kernel-syms-4.12.14-lp150.12.25.1, kernel-vanilla-4.12.14-lp150.12.25.1
Comment 26 Swamp Workflow Management 2018-11-07 20:31:35 UTC
SUSE-SU-2018:3659-1: An update that solves 10 vulnerabilities and has 104 fixes is now available.

Category: security (important)
Bug References: 1012382,1042422,1044189,1050431,1050549,1053043,1063026,1065600,1065726,1066223,1067906,1079524,1082519,1082863,1082979,1084427,1084536,1084760,1088087,1089343,1090535,1091158,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107924,1108096,1108170,1108240,1108315,1108377,1108399,1108498,1108803,1108823,1109158,1109333,1109336,1109337,1109441,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18386,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.162-3.26.1, kernel-rt_debug-4.4.162-3.26.1, kernel-source-rt-4.4.162-3.26.1, kernel-syms-rt-4.4.162-3.26.1
Comment 31 Swamp Workflow Management 2018-11-09 20:30:32 UTC
SUSE-SU-2018:3688-1: An update that solves 6 vulnerabilities and has 100 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1050549,1053043,1054239,1057199,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1082519,1083215,1083527,1084760,1089343,1091158,1093118,1094244,1094825,1095805,1096052,1098050,1098996,1099597,1101555,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106105,1106110,1106240,1106293,1106359,1106434,1106594,1106913,1106929,1107060,1107299,1107318,1107535,1107829,1107870,1108315,1108377,1108498,1109158,1109333,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,981083,997172
CVE References: CVE-2018-14633,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_21-1-4.5.2
Comment 32 Swamp Workflow Management 2018-11-09 20:52:32 UTC
SUSE-SU-2018:3689-1: An update that solves 6 vulnerabilities and has 100 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1050549,1053043,1054239,1057199,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1082519,1083215,1083527,1084760,1089343,1091158,1093118,1094244,1094825,1095805,1096052,1098050,1098996,1099597,1101555,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106105,1106110,1106240,1106293,1106359,1106434,1106594,1106913,1106929,1107060,1107299,1107318,1107535,1107829,1107870,1108315,1108377,1108498,1109158,1109333,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,981083,997172
CVE References: CVE-2018-14633,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.162-94.69.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.162-94.69.2, kernel-obs-build-4.4.162-94.69.2
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.162-94.69.2, kernel-source-4.4.162-94.69.2, kernel-syms-4.4.162-94.69.2, lttng-modules-2.7.1-8.6.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.162-94.69.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.162-94.69.2, kernel-source-4.4.162-94.69.2, kernel-syms-4.4.162-94.69.2
SUSE CaaS Platform ALL (src):    kernel-default-4.4.162-94.69.2
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.162-94.69.2
Comment 33 Swamp Workflow Management 2018-11-12 22:02:43 UTC
This is an autogenerated message for OBS integration:
This bug (1094825) was mentioned in
https://build.opensuse.org/request/show/648620 42.3 / kernel-source
Comment 35 Swamp Workflow Management 2018-11-20 20:13:41 UTC
openSUSE-SU-2018:3817-1: An update that solves 5 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1053043,1054239,1057199,1062303,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1083215,1083527,1084760,1091158,1093118,1094825,1095805,1098050,1098996,1101555,1104124,1105025,1105931,1106110,1106359,1106594,1106913,1106929,1107060,1107299,1107535,1107870,1108377,1108498,1109158,1109772,1109784,1109818,1109907,1109919,1109923,1110006,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,1115587,981083,997172
CVE References: CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.162-78.1, kernel-default-4.4.162-78.1, kernel-docs-4.4.162-78.1, kernel-obs-build-4.4.162-78.1, kernel-obs-qa-4.4.162-78.1, kernel-source-4.4.162-78.1, kernel-syms-4.4.162-78.1, kernel-vanilla-4.4.162-78.1
Comment 38 Swamp Workflow Management 2018-11-22 20:19:11 UTC
SUSE-SU-2018:3869-1: An update that solves 8 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1031240,1047027,1049128,1050431,1064861,1065600,1066674,1071021,1081680,1094244,1094825,1103145,1105799,1106139,1106240,1107371,1107829,1107849,1108314,1108498,1109806,1109818,1110006,1110247,1113337,1113751,1113769,1114460,923775
CVE References: CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2018-14633,CVE-2018-18281,CVE-2018-18386,CVE-2018-18710,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.39.1, kernel-rt_trace-3.0.101.rt130-69.39.1, kernel-source-rt-3.0.101.rt130-69.39.1, kernel-syms-rt-3.0.101.rt130-69.39.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.39.1, kernel-rt_debug-3.0.101.rt130-69.39.1, kernel-rt_trace-3.0.101.rt130-69.39.1
Comment 39 Swamp Workflow Management 2018-11-28 14:14:44 UTC
SUSE-SU-2018:3934-1: An update that solves 5 vulnerabilities and has 101 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1066674,1067906,1076830,1079524,1083647,1084760,1084831,1086196,1091800,1094825,1095805,1100132,1101138,1103356,1103543,1103925,1104124,1104731,1105025,1105428,1105536,1106110,1106237,1106240,1106287,1106359,1106838,1108377,1108468,1108870,1109330,1109739,1109772,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1111040,1111076,1111506,1111806,1111811,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.3.1, kernel-source-azure-4.12.14-6.3.1, kernel-syms-azure-4.12.14-6.3.1
Comment 40 Swamp Workflow Management 2018-11-30 20:20:30 UTC
SUSE-SU-2018:3961-1: An update that solves 22 vulnerabilities and has 286 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.16.1, kernel-source-azure-4.12.14-5.16.1, kernel-syms-azure-4.12.14-5.16.1
Comment 42 Swamp Workflow Management 2018-12-11 14:13:53 UTC
SUSE-SU-2018:4069-1: An update that solves 7 vulnerabilities and has 184 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.3.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.3.1, kernel-obs-build-4.12.14-95.3.2
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.3.1, kernel-source-4.12.14-95.3.1, kernel-syms-4.12.14-95.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.3.1, kernel-source-4.12.14-95.3.1, kernel-syms-4.12.14-95.3.1
Comment 43 Swamp Workflow Management 2018-12-12 08:17:19 UTC
SUSE-SU-2018:4072-1: An update that solves 7 vulnerabilities and has 184 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_1-1-7.1
Comment 46 Swamp Workflow Management 2019-01-16 07:12:14 UTC
SUSE-SU-2019:0095-1: An update that solves 13 vulnerabilities and has 140 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1044189,1048129,1050431,1050549,1053043,1054239,1057199,1062303,1063026,1065600,1065726,1066223,1067906,1073579,1076393,1078788,1079524,1082519,1082863,1082979,1083215,1083527,1084427,1084536,1084760,1087209,1088087,1089343,1090535,1091158,1093118,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1098050,1098996,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107870,1107924,1108096,1108170,1108240,1108281,1108315,1108377,1108399,1108498,1108803,1108823,1109038,1109158,1109333,1109336,1109337,1109441,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113766,1113769,1114178,1114229,1114648,1115593,981083,997172
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.162-4.19.2, kernel-source-azure-4.4.162-4.19.1, kernel-syms-azure-4.4.162-4.19.1
Comment 49 Swamp Workflow Management 2019-01-29 17:40:35 UTC
SUSE-SU-2019:13937-1: An update that solves 12 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1031240,1039803,1066674,1071021,1094186,1094825,1104070,1104366,1104367,1107189,1108498,1109200,1113201,1113751,1113769,1114920,1115007,1115038,1116412,1116841,1117515,1118152,1118319,1119255,1119714,1120743,905299,936875,968018,990682
CVE References: CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2018-18281,CVE-2018-18386,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-source-3.0.101-0.47.106.59.1, kernel-syms-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-ppc64-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-source-3.0.101-0.47.106.59.1, kernel-syms-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1
Comment 51 Swamp Workflow Management 2019-02-19 20:13:26 UTC
SUSE-SU-2019:0439-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1012382,1023175,1042286,1065600,1065726,1070805,1084721,1086095,1086535,1091158,1091171,1091197,1094825,1095344,1098996,1099523,1099597,1100105,1101555,1103624,1104731,1105025,1105931,1106293,1107256,1107299,1107385,1107866,1108145,1108498,1109330,1110286,1110837,1111062,1113192,1113751,1113769,1114190,1114648,1114763,1115433,1115440,1116027,1116183,1116345,1117186,1117187,1118152,1118319,1119714,1119946,1119947,1120743,1120758,1121621,1123161
CVE References: CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.101.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.101.1
Comment 54 Swamp Workflow Management 2019-05-17 19:18:03 UTC
SUSE-SU-2019:1289-1: An update that solves 33 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1031240,1034862,1066674,1071021,1086535,1091171,1094825,1100001,1102517,1103097,1104475,1105025,1105296,1106913,1107829,1108498,1110768,1111331,1111516,1113751,1113769,1114648,1114920,1115007,1115038,1116345,1116841,1118152,1118319,1119714,1119946,1120743,1120758,1121621,1122015,1123161,1124010,1124728,1124732,1124735,1126890,1128166,1131416,1131427,1132828,1133188
CVE References: CVE-2016-10741,CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2017-7472,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-14633,CVE-2018-15572,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-5391,CVE-2018-9516,CVE-2018-9568,CVE-2019-11091,CVE-2019-11486,CVE-2019-3459,CVE-2019-3460,CVE-2019-3882,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-8564,CVE-2019-9213,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.110.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Marcus Meissner 2019-07-11 05:50:36 UTC
done