Bug 1185859 – VUL-0: CVE-2020-24586,CVE-2020-24587: kernel-source: mac80211: extend protection against mixed key and fragment cache attacks

Bug 1185859 - (CVE-2020-24586) VUL-0: CVE-2020-24586,CVE-2020-24587: kernel-source: mac80211: extend protection against mixed key and fragment cache attacks

(CVE-2020-24586)
Summary:	VUL-0: CVE-2020-24586,CVE-2020-24587: kernel-source: mac80211: extend protect...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/283858/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-24586:4.7:(AV:...
Keywords:

Depends on:
Blocks:	1185863
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-05-10 13:47 UTC by Marcus Meissner
Modified:	2022-07-21 19:51 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2021-05-10 13:47:51 UTC

Date: Sun, 25 Apr 2021 11:29:57 -0400                                                                                                                                                        
From: Wen Gong <wgong@codeaurora.org>                                                                                                                                                        
Subject: [PATCH 1/9] mac80211: extend protection against mixed key and fragment cache attacks                                                                                                

For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is
done by the hardware, and the Protected bit in the Frame Control field
is cleared in the lower level driver before the frame is passed to
mac80211. In such cases, the condition for ieee80211_has_protected() is
not met in ieee80211_rx_h_defragment() of mac80211 and the new security
validation steps are not executed.

Extend mac80211 to cover the case where the Protected bit has been
cleared, but the frame is indicated as having been decrypted by the
hardware. This extends protection against mixed key and fragment cache
attack for additional drivers/chips. This fixes CVE-2020-24586 and
CVE-2020-24587 for such cases.

Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1

Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

Comment 1 Marcus Meissner 2021-05-10 13:48:34 UTC

Created attachment 849209 [details]
wlan1-CVE-2020-24586-CVE-2020-24587.patch

wlan1-CVE-2020-24586-CVE-2020-24587.patch

Comment 2 Marcus Meissner 2021-05-10 13:49:07 UTC

CRD: 2021-05-11 18:00 UTC

Comment 3 Marcus Meissner 2021-05-12 07:27:58 UTC

is public now

Comment 4 Marcus Meissner 2021-05-12 11:07:08 UTC

can you classify the affected kernels?

I currently think its all of them?

Comment 5 Takashi Iwai 2021-05-12 11:22:57 UTC

I'm investigating now.

It seems that this fix depends on the other fixes (CVE-2020-24587, CVE-2020-24586), also likely CVE-2020-26147, too.  I'm going to use bsc#1185863 for tracking those for now.

Comment 6 Marcus Meissner 2021-05-12 11:24:34 UTC

ok... the amount of fixes was a bit tricky

Comment 7 Takashi Iwai 2021-05-12 12:44:25 UTC

Yeah, the changes are very intrusive, a nightmare for kABI...

Comment 8 Takashi Iwai 2021-05-14 07:58:09 UTC

The fixes have been backported to SLE15-SP2, SLE15-SP3 and cve/linux-4.12, so far.  Will take a look at older code.

Comment 10 Takashi Iwai 2021-05-16 07:16:27 UTC

Backported to SLE15-SP3-UPDATE, SLE15-SP2, cve/linux-4.12, cve/linux-4.4, cve/linux-3.0 and cve/linux-2.6.32 branches as well as stable branch for TW.

Reassigned back to security team.

Comment 15 OBSbugzilla Bot 2021-06-02 06:11:18 UTC

This is an autogenerated message for OBS integration:
This bug (1185859) was mentioned in
https://build.opensuse.org/request/show/896793 15.2 / kernel-source

Comment 25 Swamp Workflow Management 2021-06-08 16:19:31 UTC

SUSE-SU-2021:1891-1: An update that solves 12 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1176081,1180846,1183947,1184611,1184675,1185642,1185677,1185680,1185724,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186484,1186498
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.77.1, kgraft-patch-SLE12-SP4_Update_21-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2021-06-08 16:28:29 UTC

SUSE-SU-2021:1890-1: An update that solves 12 vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1087082,1133021,1152457,1152489,1155518,1156395,1164648,1177666,1178378,1178418,1178612,1179519,1179825,1179827,1179851,1182257,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1183976,1184081,1184082,1184259,1184611,1184855,1185428,1185495,1185497,1185589,1185606,1185642,1185645,1185677,1185680,1185703,1185725,1185758,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185982,1185987,1185988,1186060,1186061,1186062,1186111,1186285,1186320,1186390,1186416,1186439,1186441,1186451,1186460,1186479,1186484,1186498,1186501,1186573,1186681
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.67.3, kernel-default-base-5.3.18-24.67.3.9.30.2
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.67.3, kernel-preempt-5.3.18-24.67.4
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.67.3, kernel-livepatch-SLE15-SP2_Update_14-1-5.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.67.3
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.67.3, kernel-obs-build-5.3.18-24.67.2, kernel-preempt-5.3.18-24.67.4, kernel-source-5.3.18-24.67.2, kernel-syms-5.3.18-24.67.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.67.3, kernel-default-base-5.3.18-24.67.3.9.30.2, kernel-preempt-5.3.18-24.67.4, kernel-source-5.3.18-24.67.2
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.67.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-06-08 16:43:43 UTC

SUSE-SU-2021:1888-1: An update that solves 12 vulnerabilities and has 42 fixes is now available.

Category: security (important)
Bug References: 1087082,1133021,1152457,1155518,1156395,1164648,1177666,1178378,1178418,1178612,1179519,1179825,1179827,1179851,1182999,1183346,1183868,1183873,1183947,1184081,1184082,1184611,1185428,1185495,1185497,1185589,1185606,1185645,1185680,1185703,1185725,1185758,1185859,1185860,1185862,1185899,1185911,1185938,1185988,1186061,1186062,1186285,1186320,1186390,1186416,1186439,1186441,1186451,1186460,1186479,1186484,1186501,1186573,1186681
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.50.2, kernel-source-azure-5.3.18-18.50.2, kernel-syms-azure-5.3.18-18.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-06-08 17:00:18 UTC

SUSE-SU-2021:1887-1: An update that solves 12 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1064802,1066129,1087082,1101816,1103992,1104427,1104745,1109837,1112374,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183754,1183947,1184040,1184081,1184082,1184611,1184675,1184855,1185428,1185481,1185642,1185680,1185703,1185724,1185758,1185859,1185860,1185863,1185898,1185899,1185906,1185938,1186060,1186062,1186285,1186416,1186439,1186441,1186460,1186484
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.59.1, kernel-source-azure-4.12.14-16.59.1, kernel-syms-azure-4.12.14-16.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2021-06-08 17:08:42 UTC

SUSE-SU-2021:1889-1: An update that solves 12 vulnerabilities and has 42 fixes is now available.

Category: security (important)
Bug References: 1087082,1133021,1152457,1152489,1155518,1156395,1162702,1164648,1176564,1177666,1178418,1178612,1179827,1179851,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1184081,1184082,1184611,1184855,1185428,1185497,1185589,1185606,1185645,1185677,1185680,1185696,1185703,1185725,1185758,1185859,1185861,1185863,1185898,1185899,1185911,1185938,1185987,1185988,1186061,1186285,1186320,1186439,1186441,1186460,1186498,1186501,1186573
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-39.1, kernel-rt_debug-5.3.18-39.1, kernel-source-rt-5.3.18-39.1, kernel-syms-rt-5.3.18-39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-06-09 16:35:03 UTC

SUSE-SU-2021:1913-1: An update that solves 12 vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1064802,1066129,1087082,1101816,1103992,1104353,1104427,1104745,1109837,1112374,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183754,1183947,1184040,1184081,1184082,1184611,1184675,1184855,1185428,1185481,1185642,1185677,1185680,1185703,1185724,1185758,1185827,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185906,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186416,1186439,1186441,1186452,1186460,1186484,1186487,1186498,1186573
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.74.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.74.2, kernel-obs-build-4.12.14-122.74.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.74.1, kernel-source-4.12.14-122.74.1, kernel-syms-4.12.14-122.74.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.74.1, kgraft-patch-SLE12-SP5_Update_19-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2021-06-09 16:40:50 UTC

SUSE-SU-2021:1912-1: An update that solves 12 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1181161,1183405,1183738,1183947,1184611,1184675,1185642,1185680,1185725,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186484,1186498
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1, kernel-zfcpdump-4.12.14-197.92.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1, kernel-zfcpdump-4.12.14-197.92.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.92.1, kernel-livepatch-SLE15-SP1_Update_25-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.92.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2021-06-15 16:49:58 UTC

SUSE-SU-2021:1975-1: An update that solves 52 vulnerabilities and has 250 fixes is now available.

Category: security (important)
Bug References: 1043990,1047233,1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177411,1177437,1177666,1178089,1178134,1178163,1178181,1178330,1178378,1178418,1178612,1179243,1179454,1179458,1179519,1179825,1179827,1179851,1180100,1180197,1180814,1180846,1180980,1181104,1181161,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182378,1182552,1182574,1182591,1182613,1182712,1182713,1182715,1182716,1182717,1182999,1183022,1183048,1183069,1183077,1183095,1183120,1183203,1183249,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183325,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183815,1183843,1183859,1183868,1183871,1183873,1183932,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184176,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184259,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184769,1184811,1184855,1184893,1184934,1184942,1184943,1184952,1184953,1184955,1184957,1184969,1184984,1185010,1185041,1185110,1185113,1185233,1185269,1185365,1185428,1185454,1185472,1185491,1185495,1185497,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185589,1185606,1185640,1185641,1185642,1185645,1185670,1185677,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185954,1185980,1185982,1185987,1185988,1186009,1186060,1186061,1186062,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186390,1186401,1186408,1186416,1186439,1186441,1186451,1186460,1186467,1186479,1186484,1186498,1186501,1186512,1186573,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.3.1, kernel-source-azure-5.3.18-38.3.1, kernel-syms-azure-5.3.18-38.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Swamp Workflow Management 2021-06-30 13:56:19 UTC

SUSE-SU-2021:2208-1: An update that solves 12 vulnerabilities and has 42 fixes is now available.

Category: security (important)
Bug References: 1087082,1133021,1152457,1152489,1155518,1156395,1162702,1164648,1176564,1177666,1178418,1178612,1179827,1179851,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1184081,1184082,1184611,1184855,1185428,1185497,1185589,1185606,1185645,1185677,1185680,1185696,1185703,1185725,1185758,1185859,1185861,1185863,1185898,1185899,1185911,1185938,1185987,1185988,1186061,1186285,1186320,1186439,1186441,1186460,1186498,1186501,1186573
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-8.13.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-8.13.1, kernel-rt_debug-5.3.18-8.13.1, kernel-source-rt-5.3.18-8.13.1, kernel-syms-rt-5.3.18-8.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Swamp Workflow Management 2021-07-01 10:22:58 UTC

openSUSE-SU-2021:0947-1: An update that solves 12 vulnerabilities and has 42 fixes is now available.

Category: security (important)
Bug References: 1087082,1133021,1152457,1152489,1155518,1156395,1162702,1164648,1176564,1177666,1178418,1178612,1179827,1179851,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1184081,1184082,1184611,1184855,1185428,1185497,1185589,1185606,1185645,1185677,1185680,1185696,1185703,1185725,1185758,1185859,1185861,1185863,1185898,1185899,1185911,1185938,1185987,1185988,1186061,1186285,1186320,1186439,1186441,1186460,1186498,1186501,1186573
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.14.1, kernel-rt_debug-5.3.18-lp152.3.14.1, kernel-source-rt-5.3.18-lp152.3.14.1, kernel-syms-rt-5.3.18-lp152.3.14.1

Comment 37 Swamp Workflow Management 2021-07-11 16:52:33 UTC

openSUSE-SU-2021:1975-1: An update that solves 52 vulnerabilities and has 250 fixes is now available.

Category: security (important)
Bug References: 1043990,1047233,1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177411,1177437,1177666,1178089,1178134,1178163,1178181,1178330,1178378,1178418,1178612,1179243,1179454,1179458,1179519,1179825,1179827,1179851,1180100,1180197,1180814,1180846,1180980,1181104,1181161,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182378,1182552,1182574,1182591,1182613,1182712,1182713,1182715,1182716,1182717,1182999,1183022,1183048,1183069,1183077,1183095,1183120,1183203,1183249,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183325,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183815,1183843,1183859,1183868,1183871,1183873,1183932,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184176,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184259,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184769,1184811,1184855,1184893,1184934,1184942,1184943,1184952,1184953,1184955,1184957,1184969,1184984,1185010,1185041,1185110,1185113,1185233,1185269,1185365,1185428,1185454,1185472,1185491,1185495,1185497,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185589,1185606,1185640,1185641,1185642,1185645,1185670,1185677,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185954,1185980,1185982,1185987,1185988,1186009,1186060,1186061,1186062,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186390,1186401,1186408,1186416,1186439,1186441,1186451,1186460,1186467,1186479,1186484,1186498,1186501,1186512,1186573,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.3.1, kernel-source-azure-5.3.18-38.3.1, kernel-syms-azure-5.3.18-38.3.1

Comment 38 Swamp Workflow Management 2021-07-13 13:35:56 UTC

SUSE-SU-2021:14764-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1184081,1184391,1184611,1185859,1185861,1185862,1185863,1186062,1187038,1187452,1187595
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-36386,CVE-2021-0512,CVE-2021-29154,CVE-2021-32399,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.129.1, kernel-default-3.0.101-108.129.1, kernel-ec2-3.0.101-108.129.1, kernel-pae-3.0.101-108.129.1, kernel-ppc64-3.0.101-108.129.1, kernel-source-3.0.101-108.129.1, kernel-syms-3.0.101-108.129.1, kernel-trace-3.0.101-108.129.1, kernel-xen-3.0.101-108.129.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.129.1, kernel-pae-3.0.101-108.129.1, kernel-ppc64-3.0.101-108.129.1, kernel-trace-3.0.101-108.129.1, kernel-xen-3.0.101-108.129.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.129.1, kernel-default-3.0.101-108.129.1, kernel-ec2-3.0.101-108.129.1, kernel-pae-3.0.101-108.129.1, kernel-ppc64-3.0.101-108.129.1, kernel-trace-3.0.101-108.129.1, kernel-xen-3.0.101-108.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-07-20 16:36:52 UTC

SUSE-SU-2021:2406-1: An update that solves 20 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1179610,1180846,1184611,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186390,1186463,1187038,1187050,1187215,1187452,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.158.1, kernel-source-4.4.121-92.158.1, kernel-syms-4.4.121-92.158.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Swamp Workflow Management 2021-07-21 13:23:00 UTC

SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Swamp Workflow Management 2021-07-22 16:20:50 UTC

SUSE-SU-2021:2451-1: An update that solves 20 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1115026,1175462,1179610,1184611,1185724,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186235,1186390,1186463,1187038,1187050,1187193,1187215,1187388,1187452,1187595,1187601,1187934,1188062,1188063,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.147.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Carlos López 2022-06-09 08:51:25 UTC

Done, closing.