Bugzilla – Bug 1118152
VUL-0: CVE-2018-19824: kernel: alsa: UAF write in usb_audio_probe
Last modified: 2023-04-26 13:40:26 UTC
via security@kernel.org ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c From: Hui Peng <benquike@gmail.com> If a USB sound card reports 0 interfaces, an error condition is triggered and the function usb_audio_probe errors out. In the error path, there was a use-after-free vulnerability where the memory object of the card was first freed, followed by a decrement of the number of active chips. Moving the decrement above the atomic_dec fixes the UAF. Reported-by: Hui Peng <benquike@gmail.com> Reported-by: Mathias Payer <mathias.payer@nebelwelt.net> Signed-off-by: Hui Peng <benquike@gmail.com> Signed-off-by: Mathias Payer <mathias.payer@nebelwelt.net>
Created attachment 791623 [details] bug1.patch commit
The fix was already merged in my git tree: https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b
cve requested
Backported to stable, SLE15, SLE12-SP2-LTSS, SLE12-SP3, cve/linux-3.12 and cve/linux-3.0 branches. The older branches don't contain the bug. Reassigned back to security team.
SUSE-SU-2018:4072-1: An update that solves 7 vulnerabilities and has 184 fixes is now available. Category: security (important) Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316 CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824 Sources used: SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_1-1-7.1
This is an autogenerated message for OBS integration: This bug (1118152) was mentioned in https://build.opensuse.org/request/show/664959 15.0 / kernel-source
openSUSE-SU-2019:0065-1: An update that solves 11 vulnerabilities and has 131 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1109665,1110558,1111188,1111469,1111696,1111795,1113722,1114279,1114871,1116040,1116183,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118152,1118215,1118316,1118319,1118428,1118484,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1121017,1121058,1121263,1121273,1121477,1121483,1121621,1121714,1121715 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: openSUSE Leap 15.0 (src): kernel-debug-4.12.14-lp150.12.45.1, kernel-default-4.12.14-lp150.12.45.1, kernel-docs-4.12.14-lp150.12.45.1, kernel-kvmsmall-4.12.14-lp150.12.45.1, kernel-obs-build-4.12.14-lp150.12.45.1, kernel-obs-qa-4.12.14-lp150.12.45.1, kernel-source-4.12.14-lp150.12.45.1, kernel-syms-4.12.14-lp150.12.45.1, kernel-vanilla-4.12.14-lp150.12.45.1
This is an autogenerated message for OBS integration: This bug (1118152) was mentioned in https://build.opensuse.org/request/show/667052 42.3 / kernel-source
SUSE-SU-2019:0150-1: An update that solves 12 vulnerabilities and has 241 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1065600,1065729,1068273,1078248,1079935,1082387,1082555,1082653,1083647,1085535,1086282,1086283,1086423,1087082,1087978,1088386,1089350,1090888,1091405,1094244,1097593,1097755,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104824,1104967,1105168,1106105,1106110,1106237,1106240,1106615,1106913,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111062,1111174,1111183,1111188,1111469,1111696,1111795,1111809,1112963,1113295,1113412,1113501,1113677,1113722,1113769,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118320,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119947,1119962,1119968,1119974,1120036,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Module for Public Cloud 15 (src): kernel-azure-4.12.14-5.19.1, kernel-source-azure-4.12.14-5.19.1, kernel-syms-azure-4.12.14-5.19.1
SUSE-SU-2019:0148-1: An update that solves 10 vulnerabilities and has 94 fixes is now available. Category: security (important) Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1027260,1027457,1042286,1043083,1046264,1047487,1048916,1065600,1066223,1068032,1069702,1070805,1079935,1087082,1091405,1093158,1094244,1094973,1096242,1096281,1099523,1100105,1101557,1102439,1102660,1103156,1103257,1103624,1104098,1104731,1105412,1106105,1106237,1106240,1106929,1107385,1108145,1108240,1109272,1109330,1109806,1110286,1111062,1111809,1112246,1112963,1113412,1114190,1114417,1114475,1114648,1114763,1114839,1114871,1115431,1115433,1115440,1115587,1115709,1116027,1116183,1116285,1116336,1116345,1116497,1116841,1116924,1116950,1117162,1117165,1117186,1117562,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119714,1119877,1119946,1119967,1119970,1120046,1120743,1121239,1121240,1121241,1121242,1121275,1121621 CVE References: CVE-2017-16939,CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-3639,CVE-2018-9568 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): kernel-azure-4.4.170-4.22.1, kernel-source-azure-4.4.170-4.22.1, kernel-syms-azure-4.4.170-4.22.1
SUSE-SU-2019:13937-1: An update that solves 12 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1031240,1039803,1066674,1071021,1094186,1094825,1104070,1104366,1104367,1107189,1108498,1109200,1113201,1113751,1113769,1114920,1115007,1115038,1116412,1116841,1117515,1118152,1118319,1119255,1119714,1120743,905299,936875,968018,990682 CVE References: CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2018-18281,CVE-2018-18386,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-source-3.0.101-0.47.106.59.1, kernel-syms-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-ppc64-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-source-3.0.101-0.47.106.59.1, kernel-syms-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1
This is an autogenerated message for OBS integration: This bug (1118152) was mentioned in https://build.opensuse.org/request/show/670625 42.3 / kernel-source
SUSE-SU-2019:0222-1: An update that solves 13 vulnerabilities and has 258 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1065600,1065729,1068032,1068273,1074562,1074578,1074701,1075006,1075419,1075748,1078248,1079935,1080039,1082387,1082555,1082653,1083647,1085535,1086282,1086283,1086423,1087082,1087084,1087939,1087978,1088386,1089350,1090888,1091405,1094244,1097593,1097755,1102055,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104824,1104967,1105168,1106105,1106110,1106237,1106240,1106615,1106913,1107207,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111062,1111174,1111188,1111469,1111696,1111795,1111809,1112128,1112963,1113295,1113412,1113501,1113677,1113722,1113769,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114648,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118320,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119947,1119962,1119968,1119974,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973,1122019,1122292 CVE References: CVE-2017-5753,CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): kernel-azure-4.12.14-6.6.2, kernel-source-azure-4.12.14-6.6.2, kernel-syms-azure-4.12.14-6.6.2
SUSE-SU-2019:0224-1: An update that solves 13 vulnerabilities and has 253 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1061840,1065600,1065729,1068273,1078248,1079935,1082387,1082555,1082653,1083647,1085535,1086196,1086282,1086283,1086423,1087978,1088386,1089350,1090888,1091405,1091800,1094244,1097593,1097755,1100132,1102875,1102877,1102879,1102882,1102896,1103257,1103356,1103925,1104124,1104353,1104427,1104824,1104967,1105168,1105428,1106105,1106110,1106237,1106240,1106615,1106913,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111040,1111062,1111174,1111183,1111188,1111469,1111696,1111795,1111809,1111921,1112878,1112963,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): kernel-default-4.12.14-25.28.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): kernel-default-4.12.14-25.28.1, kernel-docs-4.12.14-25.28.1, kernel-obs-qa-4.12.14-25.28.1 SUSE Linux Enterprise Module for Legacy Software 15 (src): kernel-default-4.12.14-25.28.1 SUSE Linux Enterprise Module for Development Tools 15 (src): kernel-docs-4.12.14-25.28.1, kernel-obs-build-4.12.14-25.28.1, kernel-source-4.12.14-25.28.1, kernel-syms-4.12.14-25.28.1, kernel-vanilla-4.12.14-25.28.1 SUSE Linux Enterprise Module for Basesystem 15 (src): kernel-default-4.12.14-25.28.1, kernel-source-4.12.14-25.28.1, kernel-zfcpdump-4.12.14-25.28.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-25.28.1
SUSE-SU-2019:0224-1: An update that solves 13 vulnerabilities and has 253 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1061840,1065600,1065729,1068273,1078248,1079935,1082387,1082555,1082653,1083647,1085535,1086196,1086282,1086283,1086423,1087978,1088386,1089350,1090888,1091405,1091800,1094244,1097593,1097755,1100132,1102875,1102877,1102879,1102882,1102896,1103257,1103356,1103925,1104124,1104353,1104427,1104824,1104967,1105168,1105428,1106105,1106110,1106237,1106240,1106615,1106913,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111040,1111062,1111174,1111183,1111188,1111469,1111696,1111795,1111809,1111921,1112878,1112963,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): kernel-default-4.12.14-25.28.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): kernel-default-4.12.14-25.28.1, kernel-docs-4.12.14-25.28.1, kernel-obs-qa-4.12.14-25.28.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-25.28.1, kernel-livepatch-SLE15_Update_8-1-1.3.1 SUSE Linux Enterprise Module for Legacy Software 15 (src): kernel-default-4.12.14-25.28.1 SUSE Linux Enterprise Module for Development Tools 15 (src): kernel-docs-4.12.14-25.28.1, kernel-obs-build-4.12.14-25.28.1, kernel-source-4.12.14-25.28.1, kernel-syms-4.12.14-25.28.1, kernel-vanilla-4.12.14-25.28.1 SUSE Linux Enterprise Module for Basesystem 15 (src): kernel-default-4.12.14-25.28.1, kernel-source-4.12.14-25.28.1, kernel-zfcpdump-4.12.14-25.28.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-25.28.1
openSUSE-SU-2019:0140-1: An update that solves 10 vulnerabilities and has 86 fixes is now available. Category: security (important) Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1023175,1027260,1031492,1043083,1047487,1065600,1068032,1070805,1079935,1086423,1087082,1091405,1094244,1094823,1096242,1096281,1099523,1100105,1101557,1102660,1102875,1102877,1102879,1102882,1102896,1103156,1103257,1104098,1106105,1106929,1107866,1108240,1109272,1109665,1109695,1110286,1114417,1114648,1114763,1114871,1114893,1115431,1116027,1116183,1116336,1116345,1116653,1116841,1116962,1117162,1117165,1117186,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119680,1119714,1119877,1119946,1119967,1119970,1120046,1120722,1120743,1120758,1120902,1120950,1121239,1121240,1121241,1121242,1121275,1121621,1121726,1122650,1122651,1122885,1123321,1123323,1123357 CVE References: CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460 Sources used: openSUSE Leap 42.3 (src): kernel-debug-4.4.172-86.1, kernel-default-4.4.172-86.1, kernel-docs-4.4.172-86.1, kernel-obs-build-4.4.172-86.1, kernel-obs-qa-4.4.172-86.1, kernel-source-4.4.172-86.1, kernel-syms-4.4.172-86.1, kernel-vanilla-4.4.172-86.1
SUSE-SU-2019:0320-1: An update that solves 9 vulnerabilities and has 113 fixes is now available. Category: security (important) Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1023175,1027260,1027457,1031492,1042286,1043083,1046264,1047487,1048916,1065600,1066223,1068032,1069702,1070805,1079935,1086423,1087082,1091405,1092100,1093158,1093641,1093649,1093653,1093655,1093657,1093663,1094244,1094973,1096242,1096281,1099523,1100105,1101557,1102439,1102660,1103156,1103257,1103624,1104098,1104731,1106105,1106237,1106240,1106929,1107385,1108145,1108240,1109168,1109272,1109330,1109806,1110286,1111062,1111174,1111809,1112246,1112963,1113412,1113766,1114190,1114417,1114475,1114648,1114763,1114839,1114871,1115431,1115433,1115440,1115482,1115587,1115709,1116027,1116183,1116285,1116336,1116345,1116497,1116841,1116924,1116950,1116962,1117162,1117165,1117186,1117562,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119445,1119714,1119877,1119946,1119967,1119970,1120046,1120260,1120743,1120950,1121239,1121240,1121241,1121242,1121275,1121621,985031 CVE References: CVE-2017-16939,CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP3 (src): kernel-rt-4.4.170-3.32.2, kernel-rt_debug-4.4.170-3.32.2, kernel-source-rt-4.4.170-3.32.1, kernel-syms-rt-4.4.170-3.32.1
SUSE-SU-2019:0439-1: An update that solves 13 vulnerabilities and has 43 fixes is now available. Category: security (important) Bug References: 1012382,1023175,1042286,1065600,1065726,1070805,1084721,1086095,1086535,1091158,1091171,1091197,1094825,1095344,1098996,1099523,1099597,1100105,1101555,1103624,1104731,1105025,1105931,1106293,1107256,1107299,1107385,1107866,1108145,1108498,1109330,1110286,1110837,1111062,1113192,1113751,1113769,1114190,1114648,1114763,1115433,1115440,1116027,1116183,1116345,1117186,1117187,1118152,1118319,1119714,1119946,1119947,1120743,1120758,1121621,1123161 CVE References: CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460 Sources used: SUSE OpenStack Cloud 7 (src): kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1 SUSE Linux Enterprise High Availability 12-SP2 (src): kernel-default-4.4.121-92.101.1 SUSE Enterprise Storage 4 (src): kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1 OpenStack Cloud Magnum Orchestration 7 (src): kernel-default-4.4.121-92.101.1
SUSE-SU-2019:0541-1: An update that solves 14 vulnerabilities and has 148 fixes is now available. Category: security (important) Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020413,1020645,1023175,1027260,1027457,1031492,1042286,1043083,1046264,1047487,1048916,1050549,1065600,1066223,1068032,1070805,1078355,1079935,1086095,1086423,1086652,1091405,1093158,1094244,1094823,1094973,1096242,1096281,1099523,1099810,1100105,1101557,1102439,1102660,1102875,1102877,1102879,1102882,1102896,1103097,1103156,1103257,1103624,1104098,1104731,1105428,1106061,1106105,1106237,1106240,1106929,1107385,1107866,1108145,1108240,1109272,1109330,1109695,1109806,1110286,1111062,1111174,1111809,1112246,1112963,1113412,1113766,1114190,1114417,1114475,1114648,1114763,1114839,1114871,1114893,1115431,1115433,1115440,1115482,1115709,1116027,1116183,1116285,1116336,1116345,1116497,1116653,1116841,1116924,1116950,1116962,1117108,1117162,1117165,1117186,1117562,1117645,1117744,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119680,1119714,1119877,1119946,1119967,1119970,1120017,1120046,1120722,1120743,1120758,1120902,1120950,1121239,1121240,1121241,1121242,1121275,1121621,1121726,1122650,1122651,1122779,1122885,1123321,1123323,1123357,1123933,1124166,1124728,1124732,1124735,1124775,1124777,1124780,1124811,1125000,1125014,1125446,1125794,1125796,1125808,1125809,1125810,1125892,985031 CVE References: CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-5391,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): kernel-default-4.4.175-94.79.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-4.4.175-94.79.1, kernel-obs-build-4.4.175-94.79.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-default-4.4.175-94.79.1, kernel-source-4.4.175-94.79.1, kernel-syms-4.4.175-94.79.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.175-94.79.1 SUSE Linux Enterprise Desktop 12-SP3 (src): kernel-default-4.4.175-94.79.1, kernel-source-4.4.175-94.79.1, kernel-syms-4.4.175-94.79.1 SUSE CaaS Platform ALL (src): kernel-default-4.4.175-94.79.1 SUSE CaaS Platform 3.0 (src): kernel-default-4.4.175-94.79.1
SUSE-SU-2019:0541-1: An update that solves 14 vulnerabilities and has 148 fixes is now available. Category: security (important) Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020413,1020645,1023175,1027260,1027457,1031492,1042286,1043083,1046264,1047487,1048916,1050549,1065600,1066223,1068032,1070805,1078355,1079935,1086095,1086423,1086652,1091405,1093158,1094244,1094823,1094973,1096242,1096281,1099523,1099810,1100105,1101557,1102439,1102660,1102875,1102877,1102879,1102882,1102896,1103097,1103156,1103257,1103624,1104098,1104731,1105428,1106061,1106105,1106237,1106240,1106929,1107385,1107866,1108145,1108240,1109272,1109330,1109695,1109806,1110286,1111062,1111174,1111809,1112246,1112963,1113412,1113766,1114190,1114417,1114475,1114648,1114763,1114839,1114871,1114893,1115431,1115433,1115440,1115482,1115709,1116027,1116183,1116285,1116336,1116345,1116497,1116653,1116841,1116924,1116950,1116962,1117108,1117162,1117165,1117186,1117562,1117645,1117744,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119680,1119714,1119877,1119946,1119967,1119970,1120017,1120046,1120722,1120743,1120758,1120902,1120950,1121239,1121240,1121241,1121242,1121275,1121621,1121726,1122650,1122651,1122779,1122885,1123321,1123323,1123357,1123933,1124166,1124728,1124732,1124735,1124775,1124777,1124780,1124811,1125000,1125014,1125446,1125794,1125796,1125808,1125809,1125810,1125892,985031 CVE References: CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-5391,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): kernel-default-4.4.175-94.79.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-4.4.175-94.79.1, kernel-obs-build-4.4.175-94.79.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-default-4.4.175-94.79.1, kernel-source-4.4.175-94.79.1, kernel-syms-4.4.175-94.79.1 SUSE Linux Enterprise Live Patching 12-SP3 (src): kgraft-patch-SLE12-SP3_Update_23-1-4.7.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.175-94.79.1 SUSE Linux Enterprise Desktop 12-SP3 (src): kernel-default-4.4.175-94.79.1, kernel-source-4.4.175-94.79.1, kernel-syms-4.4.175-94.79.1 SUSE CaaS Platform ALL (src): kernel-default-4.4.175-94.79.1 SUSE CaaS Platform 3.0 (src): kernel-default-4.4.175-94.79.1
SUSE-SU-2019:13979-1: An update that solves 8 vulnerabilities and has 73 fixes is now available. Category: security (important) Bug References: 1012382,1031572,1068032,1086695,1087081,1094244,1098658,1104098,1104367,1104684,1104818,1105536,1106105,1106886,1107371,1109330,1109806,1110006,1112963,1113667,1114440,1114672,1114920,1115007,1115038,1115827,1115828,1115829,1115830,1115831,1115832,1115833,1115834,1115835,1115836,1115837,1115838,1115839,1115840,1115841,1115842,1115843,1115844,1116841,1117796,1117802,1117805,1117806,1117943,1118152,1118319,1118760,1119255,1119714,1120056,1120077,1120086,1120093,1120094,1120105,1120107,1120109,1120217,1120223,1120226,1120336,1120347,1120743,1120950,1121872,1121997,1122874,1123505,1123702,1123706,1124010,1124735,1125931,931850,969471,969473 CVE References: CVE-2016-10741,CVE-2017-18360,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568,CVE-2019-7222 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-108.87.1 SUSE Linux Enterprise Server 11-SP4 (src): kernel-bigmem-3.0.101-108.87.1, kernel-default-3.0.101-108.87.1, kernel-ec2-3.0.101-108.87.1, kernel-pae-3.0.101-108.87.1, kernel-ppc64-3.0.101-108.87.1, kernel-source-3.0.101-108.87.1, kernel-syms-3.0.101-108.87.1, kernel-trace-3.0.101-108.87.1, kernel-xen-3.0.101-108.87.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.87.1, kernel-pae-3.0.101-108.87.1, kernel-ppc64-3.0.101-108.87.1, kernel-trace-3.0.101-108.87.1, kernel-xen-3.0.101-108.87.1 SUSE Linux Enterprise Real Time Extension 11-SP4 (src): ocfs2-1.6-0.28.7.1 SUSE Linux Enterprise High Availability Extension 11-SP4 (src): ocfs2-1.6-0.28.7.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.87.1, kernel-default-3.0.101-108.87.1, kernel-ec2-3.0.101-108.87.1, kernel-pae-3.0.101-108.87.1, kernel-ppc64-3.0.101-108.87.1, kernel-trace-3.0.101-108.87.1, kernel-xen-3.0.101-108.87.1
released
SUSE-SU-2019:1289-1: An update that solves 33 vulnerabilities and has 13 fixes is now available. Category: security (important) Bug References: 1031240,1034862,1066674,1071021,1086535,1091171,1094825,1100001,1102517,1103097,1104475,1105025,1105296,1106913,1107829,1108498,1110768,1111331,1111516,1113751,1113769,1114648,1114920,1115007,1115038,1116345,1116841,1118152,1118319,1119714,1119946,1120743,1120758,1121621,1122015,1123161,1124010,1124728,1124732,1124735,1126890,1128166,1131416,1131427,1132828,1133188 CVE References: CVE-2016-10741,CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2017-7472,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-14633,CVE-2018-15572,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-5391,CVE-2018-9516,CVE-2018-9568,CVE-2019-11091,CVE-2019-11486,CVE-2019-3459,CVE-2019-3460,CVE-2019-3882,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-8564,CVE-2019-9213,CVE-2019-9503 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.74-60.64.110.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.