1179610 – (CVE-2020-26558) VUL-0: CVE-2020-26558: kernel-source: Multiple Bluetooth Core Specification Vulnerabilities

Bug 1179610 (CVE-2020-26558) - VUL-0: CVE-2020-26558: kernel-source: Multiple Bluetooth Core Specification Vulnerabilities

Summary: VUL-0: CVE-2020-26558: kernel-source: Multiple Bluetooth Core Specification V...

Status:	NEW

Alias:	CVE-2020-26558

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Joey Lee
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/272739/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-26555:5.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-12-04 13:53 UTC by Robert Frohl
Modified:	2024-07-17 15:12 UTC (History)
CC List:	10 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2020-26555 details (102.99 KB, application/pdf) 2020-12-04 13:58 UTC, Robert Frohl	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 13 Robert Frohl 2021-05-25 09:48:04 UTC

public:
Overview

Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.
Description

The Bluetooth Core Specification and Mesh Profile Specification are two specifications used to define the technical and policy requirements for devices that want to operate over Bluetooth connections. Researchers at the Agence nationale de la sécurité des systèmes d'information (ANSSI) have identified a number of vulnerabilities in each specification that allow impersonation attacks and AuthValue disclosures.

Devices supporting the Bluetooth Core Specification are affected by the following vulnerabilities:
Impersonation in the Passkey Entry Protocol

The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC), and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack that enables an active attacker to impersonate the initiating device without any previous knowledge (CVE-2020-26558). An attacker acting as a man-in-the-middle (MITM) in the Passkey authentication procedure could use a crafted series of responses to determine each bit of the randomly generated Passkey selected by the pairing initiator in each round of the pairing procedure, and once identified, the attacker can use these Passkey bits during the same pairing session to successfully complete the authenticated pairing procedure with the responder. Devices supporting BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2, BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 and LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2 are affected by this vulnerability.
Impersonation in the Pin Pairing Protocol

The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555). An attacker could connect to a victim device by spoofing the Bluetooth Device Address (BD_ADDR) of the device, reflect the the encrypted nonce, and complete BR/EDR pin-code pairing with them without knowledge of the pin code. A successful attack requires the attacking device to be within wireless range of a vulnerable device supporting BR/EDR Legacy Pairing that is Connectable and Bondable. Devices supporting the Bluetooth Core Specification versions 1.0B through 5.2 are affected by this vulnerability.

Devices supporting Bluetooth Mesh Profile Specification, versions 1.0 and 1.0.1, are affected by the following vulnerabilities:
Impersonation in Bluetooth Mesh Provisioning

The Mesh Provisioning procedure could allow an attacker without knowledge of the AuthValue, spoofing a device being provisioned, to use crafted responses to appear to possess the AuthValue and to be issued a valid NetKey and potentially an AppKey (CVE-2020-26560). For this attack to be successful, an attacking device needs to be within wireless range of a Mesh Provisioner and either spoof the identity of a device being provisioned over the air or be directly provisioned onto a subnet controlled by the provisioner.
Predictable AuthValue in Bluetooth Mesh Provisioning Leads to MITM

The Mesh Provisioning procedure could allow an attacker observing or taking part in the provisioning to brute force the AuthValue if it has a fixed value, or is selected predictably or with low entropy (CVE-2020-26557). Identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search, for a randomly selected AuthValue, must complete before the provisioning procedure times out, which can require significant resources. If the AuthValue is not selected randomly with each new provisioning attempt, then the brute-force search can occur offline and if successful, would permit an attacker to identify the AuthValue and authenticate to both the Provisioner and provisioned devices, permitting a MITM attack on a future provisioning attempts with the same AuthValue.
Malleable Commitment

The authentication protocol is vulnerable if the AuthValue can be identified during the provisioning procedure, even if the AuthValue is selected randomly (CVE-2020-26556). If an attacker can identify the AuthValue used before the provisioning procedure times out, it is possible to complete the provisioning operation and obtain a NetKey. Similar to CVE-2020-26557, identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search for a randomly selected AuthValue, which can require significant resources, must complete before the provisioning procedure times out.
AuthValue Leak

The Mesh Provisioning procedure could allow an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly without brute-forcing its value (CVE-2020-26559). Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the Provisioner’s public key, provisioning confirmation value, and provisioning random value, and providing its public key for use in the provisioning procedure, will be able to compute the AuthValue directly.

https://kb.cert.org/vuls/id/799380

Comment 14 Swamp Workflow Management 2021-06-28 19:24:58 UTC

openSUSE-SU-2021:2184-1: An update that solves four vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1087082,1152489,1154353,1174978,1176447,1176771,1177666,1178134,1178378,1178612,1179610,1182999,1183712,1184259,1184436,1184631,1185195,1185428,1185497,1185570,1185589,1185675,1185701,1186155,1186286,1186460,1186463,1186472,1186501,1186672,1186677,1186681,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-64kb-5.3.18-59.10.1, kernel-debug-5.3.18-59.10.1, kernel-default-5.3.18-59.10.1, kernel-default-base-5.3.18-59.10.1.18.4.2, kernel-docs-5.3.18-59.10.1, kernel-kvmsmall-5.3.18-59.10.1, kernel-obs-build-5.3.18-59.10.1, kernel-obs-qa-5.3.18-59.10.1, kernel-preempt-5.3.18-59.10.1, kernel-source-5.3.18-59.10.1, kernel-syms-5.3.18-59.10.1, kernel-zfcpdump-5.3.18-59.10.1

Comment 15 Swamp Workflow Management 2021-06-28 19:57:29 UTC

SUSE-SU-2021:2184-1: An update that solves four vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1087082,1152489,1154353,1174978,1176447,1176771,1177666,1178134,1178378,1178612,1179610,1182999,1183712,1184259,1184436,1184631,1185195,1185428,1185497,1185570,1185589,1185675,1185701,1186155,1186286,1186460,1186463,1186472,1186501,1186672,1186677,1186681,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.10.1, kernel-preempt-5.3.18-59.10.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.10.1, kernel-livepatch-SLE15-SP3_Update_2-1-7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.10.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.10.1, kernel-obs-build-5.3.18-59.10.1, kernel-preempt-5.3.18-59.10.1, kernel-source-5.3.18-59.10.1, kernel-syms-5.3.18-59.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.10.1, kernel-default-5.3.18-59.10.1, kernel-default-base-5.3.18-59.10.1.18.4.2, kernel-preempt-5.3.18-59.10.1, kernel-source-5.3.18-59.10.1, kernel-zfcpdump-5.3.18-59.10.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2021-06-30 13:30:24 UTC

SUSE-SU-2021:2202-1: An update that solves four vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1152489,1154353,1174978,1176447,1176771,1178134,1178612,1179610,1183712,1184259,1184436,1184631,1185195,1185570,1185589,1185675,1185701,1186155,1186286,1186463,1186472,1186672,1186677,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.8.1, kernel-source-azure-5.3.18-38.8.1, kernel-syms-azure-5.3.18-38.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2021-06-30 14:01:54 UTC

openSUSE-SU-2021:2202-1: An update that solves four vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1152489,1154353,1174978,1176447,1176771,1178134,1178612,1179610,1183712,1184259,1184436,1184631,1185195,1185570,1185589,1185675,1185701,1186155,1186286,1186463,1186472,1186672,1186677,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.8.1, kernel-source-azure-5.3.18-38.8.1, kernel-syms-azure-5.3.18-38.8.1

Comment 18 Swamp Workflow Management 2021-07-08 13:22:33 UTC

openSUSE-SU-2021:0985-1: An update that solves 10 vulnerabilities and has 103 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184436,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1185861,1185863,1186206,1186286,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.81.1, kernel-default-5.3.18-lp152.81.1, kernel-default-base-5.3.18-lp152.81.1.lp152.8.36.1, kernel-docs-5.3.18-lp152.81.1, kernel-kvmsmall-5.3.18-lp152.81.1, kernel-obs-build-5.3.18-lp152.81.1, kernel-obs-qa-5.3.18-lp152.81.1, kernel-preempt-5.3.18-lp152.81.1, kernel-source-5.3.18-lp152.81.1, kernel-syms-5.3.18-lp152.81.1

Comment 19 Swamp Workflow Management 2021-07-13 13:17:30 UTC

SUSE-SU-2021:2303-1: An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.53.1, kernel-source-azure-5.3.18-18.53.1, kernel-syms-azure-5.3.18-18.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Swamp Workflow Management 2021-07-14 19:18:07 UTC

SUSE-SU-2021:2325-1: An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.70.1, kernel-default-base-5.3.18-24.70.1.9.32.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-preempt-5.3.18-24.70.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-livepatch-SLE15-SP2_Update_16-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.70.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.70.1, kernel-obs-build-5.3.18-24.70.1, kernel-preempt-5.3.18-24.70.1, kernel-source-5.3.18-24.70.1, kernel-syms-5.3.18-24.70.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-default-base-5.3.18-24.70.1.9.32.1, kernel-preempt-5.3.18-24.70.1, kernel-source-5.3.18-24.70.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.70.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2021-07-14 19:31:21 UTC

SUSE-SU-2021:2321-1: An update that solves 9 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.62.1, kernel-source-azure-4.12.14-16.62.1, kernel-syms-azure-4.12.14-16.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2021-07-14 19:41:39 UTC

SUSE-SU-2021:2349-1: An update that solves 9 vulnerabilities and has 79 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1184040,1185428,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972,1188010
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-4.12.14-10.49.1
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.49.1, kernel-rt_debug-4.12.14-10.49.1, kernel-source-rt-4.12.14-10.49.1, kernel-syms-rt-4.12.14-10.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2021-07-14 20:19:47 UTC

SUSE-SU-2021:2324-1: An update that solves 9 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972,1188010
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.77.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.77.1, kernel-obs-build-4.12.14-122.77.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.77.1, kernel-source-4.12.14-122.77.1, kernel-syms-4.12.14-122.77.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.77.1, kgraft-patch-SLE12-SP5_Update_20-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-07-20 16:36:30 UTC

SUSE-SU-2021:2406-1: An update that solves 20 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1179610,1180846,1184611,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186390,1186463,1187038,1187050,1187215,1187452,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.158.1, kernel-source-4.4.121-92.158.1, kernel-syms-4.4.121-92.158.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2021-07-21 13:22:19 UTC

SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2021-07-21 13:30:02 UTC

openSUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.99.1, kernel-default-4.12.14-197.99.1, kernel-kvmsmall-4.12.14-197.99.1, kernel-vanilla-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1

Comment 27 Swamp Workflow Management 2021-07-21 13:38:31 UTC

SUSE-SU-2021:2426-1: An update that solves 9 vulnerabilities, contains 8 features and has 101 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187834,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-42.2, kernel-rt_debug-5.3.18-42.2, kernel-source-rt-5.3.18-42.1, kernel-syms-rt-5.3.18-42.1, lttng-modules-2.10.10-1.5.1, oracleasm-2.0.8-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-07-21 13:53:15 UTC

SUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-livepatch-SLE15-SP1_Update_26-1-3.3.3
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.99.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2021-07-21 13:57:46 UTC

SUSE-SU-2021:2422-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1104967,1174978,1179610,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kgraft-patch-SLE12-SP4_Update_22-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-07-22 16:20:29 UTC

SUSE-SU-2021:2451-1: An update that solves 20 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1115026,1175462,1179610,1184611,1185724,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186235,1186390,1186463,1187038,1187050,1187193,1187215,1187388,1187452,1187595,1187601,1187934,1188062,1188063,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.147.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Joey Lee 2022-06-23 10:33:42 UTC

I have no idea why our kernel update claimed that has fixing against CVE-2020-26555.

Welcome for any information about kernel patches for this CVE.

Comment 65 Maintenance Automation 2024-01-16 16:30:04 UTC

SUSE-SU-2024:0129-1: An update that solves 10 vulnerabilities, contains three features and has 31 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1193285, 1211162, 1211226, 1212584, 1214747, 1214823, 1215237, 1215696, 1215885, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218139, 1218184, 1218234, 1218253, 1218258, 1218335, 1218357, 1218447, 1218515, 1218559, 1218569, 1218659
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7322
Sources used:
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.65.1, kernel-source-rt-5.14.21-150400.15.65.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_17-1-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 66 Maintenance Automation 2024-01-16 16:30:13 UTC

SUSE-SU-2024:0120-1: An update that solves eight vulnerabilities, contains one feature and has one security fix can now be installed.

Category: security (important)
Bug References: 1179610, 1202095, 1215237, 1217250, 1217946, 1217947, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_47-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 67 Maintenance Automation 2024-01-16 16:30:16 UTC

SUSE-SU-2024:0117-1: An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1109837, 1179610, 1202095, 1211226, 1211439, 1214158, 1214479, 1215237, 1217036, 1217250, 1217801, 1217936, 1217946, 1217947, 1218057, 1218184, 1218253, 1218258, 1218362, 1218559, 1218622
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021, PED-5023
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_52-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.189.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.189.1, kernel-syms-4.12.14-122.189.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.189.1, kernel-syms-4.12.14-122.189.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.189.1, kernel-syms-4.12.14-122.189.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 68 Maintenance Automation 2024-01-16 16:30:21 UTC

SUSE-SU-2024:0115-1: An update that solves 10 vulnerabilities, contains three features and has 40 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1211162, 1211226, 1212139, 1212584, 1214117, 1214747, 1214823, 1215237, 1215696, 1215885, 1215952, 1216032, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217822, 1217927, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218092, 1218139, 1218184, 1218229, 1218234, 1218253, 1218258, 1218335, 1218357, 1218397, 1218447, 1218461, 1218515, 1218559, 1218569, 1218643
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7167
Sources used:
openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.30.1, kernel-livepatch-SLE15-SP5-RT_Update_9-1-150500.11.3.1, kernel-syms-rt-5.14.21-150500.13.30.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_9-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.30.1, kernel-syms-rt-5.14.21-150500.13.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 69 Maintenance Automation 2024-01-17 12:36:25 UTC

SUSE-SU-2024:0118-1: An update that solves eight vulnerabilities, contains two features and has 12 security fixes can now be installed.

Category: security (important)
Bug References: 1109837, 1179610, 1202095, 1211226, 1211439, 1214479, 1215237, 1217036, 1217250, 1217801, 1217936, 1217946, 1217947, 1218057, 1218184, 1218253, 1218258, 1218362, 1218559, 1218622
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021, PED-5023
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.157.1, kernel-syms-rt-4.12.14-10.157.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 70 Maintenance Automation 2024-01-17 12:36:36 UTC

SUSE-SU-2024:0113-1: An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1109837, 1179610, 1202095, 1211226, 1211439, 1214479, 1215237, 1217036, 1217250, 1217801, 1217936, 1217946, 1217947, 1218057, 1218184, 1218253, 1218258, 1218362, 1218559, 1218622
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021, PED-5023
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.163.1, kernel-syms-azure-4.12.14-16.163.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.163.1, kernel-syms-azure-4.12.14-16.163.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.163.1, kernel-syms-azure-4.12.14-16.163.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 71 Maintenance Automation 2024-01-17 12:36:42 UTC

SUSE-SU-2024:0112-1: An update that solves 13 vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1179610, 1205762, 1210778, 1212051, 1212703, 1215237, 1215858, 1215860, 1216046, 1216058, 1216976, 1217947, 1218253, 1218559
CVE References: CVE-2020-26555, CVE-2022-45887, CVE-2023-1206, CVE-2023-31085, CVE-2023-3111, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39197, CVE-2023-45863, CVE-2023-51779, CVE-2023-6606, CVE-2023-6932
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): kernel-source-3.0.101-108.150.1, kernel-syms-3.0.101-108.150.1
SUSE Linux Enterprise Server 11 SP4 (src): kernel-source-3.0.101-108.150.1, kernel-syms-3.0.101-108.150.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 72 Maintenance Automation 2024-01-17 12:36:49 UTC

SUSE-SU-2024:0110-1: An update that solves seven vulnerabilities, contains one feature and has six security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1211226, 1215237, 1215375, 1217250, 1217709, 1217946, 1217947, 1218105, 1218184, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 73 Maintenance Automation 2024-01-18 12:30:14 UTC

SUSE-SU-2024:0141-1: An update that solves 10 vulnerabilities, contains three features and has 41 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1179610, 1183045, 1211162, 1211226, 1212139, 1212584, 1214117, 1214747, 1214823, 1215237, 1215696, 1215885, 1215952, 1216032, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217822, 1217927, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218092, 1218139, 1218184, 1218229, 1218234, 1218253, 1218258, 1218335, 1218357, 1218397, 1218447, 1218461, 1218515, 1218559, 1218569, 1218643
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7167
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.29.1, kernel-source-azure-5.14.21-150500.33.29.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.29.1, kernel-source-azure-5.14.21-150500.33.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 74 Maintenance Automation 2024-01-18 16:30:03 UTC

SUSE-SU-2024:0154-1: An update that solves seven vulnerabilities, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1215237, 1217250, 1217709, 1217946, 1217947, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_44-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.175.1, kernel-default-base-5.3.18-150200.24.175.1.150200.9.89.1, kernel-syms-5.3.18-150200.24.175.1, kernel-source-5.3.18-150200.24.175.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.175.1, kernel-default-base-5.3.18-150200.24.175.1.150200.9.89.1, kernel-syms-5.3.18-150200.24.175.1, kernel-source-5.3.18-150200.24.175.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.175.1, kernel-default-base-5.3.18-150200.24.175.1.150200.9.89.1, kernel-syms-5.3.18-150200.24.175.1, kernel-source-5.3.18-150200.24.175.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 75 Maintenance Automation 2024-01-18 16:30:07 UTC

SUSE-SU-2024:0153-1: An update that solves seven vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1215237, 1215375, 1217250, 1217709, 1217946, 1217947, 1218105, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:
openSUSE Leap 15.3 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-obs-qa-5.3.18-150300.59.147.1, kernel-livepatch-SLE15-SP3_Update_40-1-150300.7.3.2, kernel-syms-5.3.18-150300.59.147.1, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_40-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 76 Maintenance Automation 2024-01-18 20:30:03 UTC

SUSE-SU-2024:0160-1: An update that solves 10 vulnerabilities, contains three features and has 42 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1211162, 1211226, 1212139, 1212584, 1214117, 1214158, 1214747, 1214823, 1215237, 1215696, 1215885, 1215952, 1216032, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217822, 1217927, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218092, 1218139, 1218184, 1218229, 1218234, 1218253, 1218258, 1218335, 1218357, 1218397, 1218447, 1218461, 1218515, 1218559, 1218569, 1218643, 1218738
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7167
Sources used:
openSUSE Leap 15.5 (src): kernel-obs-build-5.14.21-150500.55.44.1, kernel-livepatch-SLE15-SP5_Update_9-1-150500.11.5.1, kernel-syms-5.14.21-150500.55.44.1, kernel-source-5.14.21-150500.55.44.1, kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2, kernel-obs-qa-5.14.21-150500.55.44.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2
Basesystem Module 15-SP5 (src): kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2, kernel-source-5.14.21-150500.55.44.1
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.44.1, kernel-obs-build-5.14.21-150500.55.44.1, kernel-syms-5.14.21-150500.55.44.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_9-1-150500.11.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 77 Maintenance Automation 2024-01-18 20:30:23 UTC

SUSE-SU-2024:0156-1: An update that solves 10 vulnerabilities, contains three features and has 31 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1193285, 1211162, 1211226, 1212584, 1214747, 1214823, 1215237, 1215696, 1215885, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218139, 1218184, 1218234, 1218253, 1218258, 1218335, 1218357, 1218447, 1218515, 1218559, 1218569, 1218659
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7322
Sources used:
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Real Time 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Manager Proxy 4.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1
SUSE Manager Retail Branch Server 4.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1
SUSE Manager Server 4.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1
openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.103.1, kernel-source-5.14.21-150400.24.103.1, kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-livepatch-SLE15-SP4_Update_22-1-150400.9.3.1, kernel-syms-5.14.21-150400.24.103.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_22-1-150400.9.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.