Bug 806980 - VUL-0: kvm:CVE-2013-1796, CVE-2013-1797,CVE-2013-1798: multiple buffer overflows
VUL-0: kvm:CVE-2013-1796, CVE-2013-1797,CVE-2013-1798: multiple buffer overflows
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Bruce Rogers
Security Team bot
maint:released:sle11-sp1:52298 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-01 13:13 UTC by Matthias Weckbecker
Modified: 2019-05-01 16:02 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
V2-0001-kvm-fix-for-buffer-overflow-in-handling-of-MSR-KVM-SYSTEM-TIME.patch (1.17 KB, patch)
2013-03-20 10:38 UTC, Marcus Meissner
Details | Diff
V2-0002-KVM-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hva_ca.patch (5.00 KB, patch)
2013-03-20 10:39 UTC, Marcus Meissner
Details | Diff
patches for SLE11-SP1-TD to address this bug (37.48 KB, patch)
2013-03-22 21:20 UTC, Bruce Rogers
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2013-03-01 13:13:07 UTC
It's embargoed until

  2013-03-18, 12:00:00 UTC

Please do not leak any information outside of SUSE.

----------------------------------------------------------------------------
Hello, vendors.

We have been informed about three security issues affecting KVM
hypervisor as included in the Linux kernel. Please see attachment for
issues descriptions and upstream acked patches.

The CVE -> issues mapping is below.

CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME
  (0001-KVM-Fix-for-buffer-ove~handling-of-MSR_KVM_S.patch)

CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME
  (0002-KVM-Convert-MSR_KVM_SY~-to-use-gfn_to_hva_ca.patch)

CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads
  (0003-KVM-Fix-bounds-checkin~ic-indirect-register-.patch)

The issues were discovered and reported by Andrew Honig of Google.

The proposed CRD is 2013-03-18, 12:00:00 UTC.
----------------------------------------------------------------------------
Comment 2 Jeff Mahoney 2013-03-01 14:12:29 UTC
0001-KVM-Fix-for-buffer-overflow-in-handling-of-MSR_KVM_S.patch -- introduced in 2.6.26
0002-KVM-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hva_ca.patch -- introduced in 2.6.26
0003-KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch -- introduced in 2.6.24

Affected releases:
SLE11 SP2
SLE11 SP3
openSUSE 12.1
openSUSE 12.2
openSUSE 12.3

And now begins the fun with _EMBARGO branches ;)
Comment 3 Marcus Meissner 2013-03-01 14:20:06 UTC
Question is how much impact does this issue have?

Is a guest->host escape possible?

If not, we can wait with application until the embargo ends and do not need to run an embargoed update.
Comment 4 Jeff Mahoney 2013-03-01 14:22:29 UTC
I don't know if a guest->host _escape_ is possible but a guest can corrupt the host's kernel memory.
Comment 5 Jeff Mahoney 2013-03-01 14:24:50 UTC
Hrm. These require more involved merging. Punting to Alex.
Comment 6 Marcus Meissner 2013-03-08 18:23:14 UTC
I would consider guest -> host memory corruption severe.

as the embargo ends soonish, i would say to get the patches ready and we can run kernel updates afterwards.
Comment 7 Bruce Rogers 2013-03-14 20:03:19 UTC
I've pushed a SLE11-SP2_EMBARGO branch with these fixes.
Comment 8 Bruce Rogers 2013-03-18 16:45:37 UTC
SP2 embargoed branch is now merged. Fixes for the other releases will now follow.
Comment 9 Bruce Rogers 2013-03-19 00:24:02 UTC
Fixes submitted for:
SLE11 SP3
openSUSE 12.1
openSUSE 12.2
openSUSE 12.3
Comment 10 Michal Hocko 2013-03-19 09:13:47 UTC
I would like to push the fixes to SLE11-SP1-TD but patches.arch/kvm-convert-msr_kvm_system_time-to-use-gfn_to_hva_cache_init.patch is failing because there is a lot of code missing. Jeff has mentioned that the bug has been introduced in 2.6.26. Other three patches apply more or less cleanly. Could you help me out with that Bruce?
Comment 11 Michal Hocko 2013-03-19 09:15:34 UTC
(In reply to comment #10)
> Other three patches apply more or less cleanly.

Bahh, I meant first two...
patches.arch/kvm-introduce-kvm_read_guest_cached.patch
patches.arch/kvm-fix-for-buffer-overflow-in-handling-of-msr_kvm_system_time.patch

apply.
Comment 12 Michal Hocko 2013-03-19 09:38:01 UTC
(In reply to comment #11)
> (In reply to comment #10)
> > Other three patches apply more or less cleanly.
> 
> Bahh, I meant first two...
> patches.arch/kvm-introduce-kvm_read_guest_cached.patch
> patches.arch/kvm-fix-for-buffer-overflow-in-handling-of-msr_kvm_system_time.patch

OK, so even patches.arch/kvm-fix-bounds-checking-in-ioapic-indirect-register-read.patch applies so the only one missing is patches.arch/kvm-convert-msr_kvm_system_time-to-use-gfn_to_hva_cache_init.patch
Comment 13 Bruce Rogers 2013-03-19 21:33:04 UTC
I'll see what I can do.
Comment 15 Marcus Meissner 2013-03-20 10:38:28 UTC
Created attachment 530630 [details]
V2-0001-kvm-fix-for-buffer-overflow-in-handling-of-MSR-KVM-SYSTEM-TIME.patch

From: Marcelo Tosatti <mtosatti@redhat.com>

It was discovered that RHEL5 guests crash on boot with these patches.
Please find updated patches attached. The third patch,
0003-KVM-Fix-bounds-checkin~ic-indirect-register-.patch, remains
unchanged, so its not being resubmitted.
Comment 16 Marcus Meissner 2013-03-20 10:39:08 UTC
Created attachment 530631 [details]
V2-0002-KVM-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hva_ca.patch

secodn patch from Marcelo
Comment 17 Marcus Meissner 2013-03-20 12:05:28 UTC
is public, via oss-sec

From: Petr Matousek <pmatouse@redhat.com>
Subject: [oss-security] linux kernel: kvm: CVE-2013-179[6..8]



* CVE-2013-1796
Description of the problem:
If the guest sets the GPA of the time_page so that the request to update
the time straddles a page then KVM will write onto an incorrect page.
Thewrite is done byusing kmap atomic to get a pointer to the page for
the time structure and then performing a memcpy to that page starting at
an offset that the guest controls.  Well behaved guests always provide a
32-byte aligned address, however a malicious guest could use this to
corrupt host kernel memory.

Upstream commit:
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=c300aa64ddf57d9c5d9c898a64b36877345dd4a9

References:
https://bugzilla.redhat.com/show_bug.cgi?id=917012

* CVE-2013-1797
Description of the problem:
There is a potential use after free issue with the handling of
MSR_KVM_SYSTEM_TIME.  If the guest specifies a GPA in a movable or
removable memory such as frame buffers then KVM might continue to write
to that address even after it's removed via KVM_SET_USER_MEMORY_REGION.
KVM pins the page in memory so it's unlikely to cause an issue, but if
the user space component re-purposes the memory previously used for the
guest, then the guest will be able to corrupt that memory.

Upstream commit:
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=0b79459b482e85cb7426aa7da683a9f2c97aeae1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=917013

* CVE-2013-1798
Description of the problem:
If the guest specifies a IOAPIC_REG_SELECT with an invalid value and
follows that with a read of the IOAPIC_REG_WINDOW KVM does not properly
validate that request.  ioapic_read_indirect contains an
ASSERT(redir_index < IOAPIC_NUM_PINS), but the ASSERT has no effect in
non-debug builds.  In recent kernels this allows a guest to cause a
kernel oops by reading invalid memory.  In older kernels (pre-3.3) this
allows a guest to read from large ranges of host memory.

Upstream commit:
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a2c118bfab8bc6b8bb213abfc35201e441693d55

References:
https://bugzilla.redhat.com/show_bug.cgi?id=917017

All three issues were found and reported by Andrew Honig of Google.

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
Comment 18 Bruce Rogers 2013-03-20 15:26:50 UTC
OK, I will adjust the patches to what was accepted upstream then.
Comment 19 Bruce Rogers 2013-03-20 17:12:04 UTC
Adjusted patches checked in for all (except SLE11-SP1-TD).
Comment 20 Bruce Rogers 2013-03-22 21:20:30 UTC
Created attachment 531278 [details]
patches for SLE11-SP1-TD to address this bug

I've tested the kernel built from this change on an SP1 installation. All seems to work right. I hope I got the backport done right. Feel free to help validate that. I don't have rights to check this in so please do it for me.
Comment 21 Michal Hocko 2013-03-25 09:33:20 UTC
Thanks a lot Bruce! I am not familiar with the area so I won't help you much unfortunately.

I have pushed all the patches from comment 20 into the tree.

Thanks again!
Comment 22 Swamp Workflow Management 2013-04-26 18:39:32 UTC
The SWAMPID for this issue is 52297.
This issue was rated as important.
Please submit fixed packages until 2013-05-03.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/52297
Comment 23 Swamp Workflow Management 2013-05-02 14:04:55 UTC
Update released for: kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, xen-kmp-default, xen-kmp-trace
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 24 Marcus Meissner 2013-05-07 11:44:31 UTC
We have just released a kernel update for SUSE Linux Enterprise 11 SP2 that mentions/fixes this bug. The released kernel version is 3.0.74-0.6.6.2.
Comment 25 Swamp Workflow Management 2013-05-07 14:14:42 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-HAE 11-SP2 (s390x)
SLE-SERVER 11-SP2 (s390x)
Comment 26 Swamp Workflow Management 2013-05-07 14:37:55 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-DESKTOP 11-SP2 (i386)
SLE-HAE 11-SP2 (i386)
SLE-SERVER 11-SP2 (i386)
SLES4VMWARE 11-SP2 (i386)
Comment 27 Swamp Workflow Management 2013-05-07 14:43:54 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ppc64)
SLE-HAE 11-SP2 (ppc64)
SLE-SERVER 11-SP2 (ppc64)
Comment 28 Swamp Workflow Management 2013-05-07 15:27:10 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ia64)
SLE-HAE 11-SP2 (ia64)
SLE-SERVER 11-SP2 (ia64)
Comment 29 Swamp Workflow Management 2013-05-07 19:09:27 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 30 Swamp Workflow Management 2013-05-07 20:10:03 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 31 Swamp Workflow Management 2013-05-07 21:11:20 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 32 Swamp Workflow Management 2013-05-07 22:12:00 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-ppc64, ext4-writeable-kmp-trace, kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 33 Swamp Workflow Management 2013-05-07 23:13:09 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 34 Swamp Workflow Management 2013-05-14 12:10:15 UTC
Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-RT 11-SP2 (x86_64)
Comment 35 Swamp Workflow Management 2013-05-24 15:05:40 UTC
openSUSE-SU-2013:0824-1: An update that solves 8 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 792500,802153,805633,806138,806976,806980,808829,809155,809330,809748,813963
CVE References: CVE-2013-0913,CVE-2013-1763,CVE-2013-1767,CVE-2013-1774,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1848
Sources used:
openSUSE 12.2 (src):    kernel-docs-3.4.42-2.28.2, kernel-source-3.4.42-2.28.1, kernel-syms-3.4.42-2.28.1
Comment 36 Swamp Workflow Management 2013-05-31 14:04:47 UTC
openSUSE-SU-2013:0847-1: An update that solves 7 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 806138,806976,806980,808829,809748,813735,815745,819519,819789
CVE References: CVE-2013-0913,CVE-2013-1767,CVE-2013-1774,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-2094
Sources used:
openSUSE 12.1 (src):    kernel-docs-3.1.10-1.23.2.g8645a72, kernel-source-3.1.10-1.23.1.g8645a72, kernel-syms-3.1.10-1.23.1.g8645a72
Comment 37 Swamp Workflow Management 2013-06-10 09:21:17 UTC
openSUSE-SU-2013:0923-1: An update that solves 5 vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 800686,802812,806966,806980,806990,807850,808829,809155,809330,809748,811417,812113
CVE References: CVE-2013-0913,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1848
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.4.3, kernel-source-3.7.10-1.4.1, kernel-syms-3.7.10-1.4.1
Comment 38 Swamp Workflow Management 2013-06-10 09:44:14 UTC
openSUSE-SU-2013:0925-1: An update that solves 21 vulnerabilities and has 87 fixes is now available.

Category: security (important)
Bug References: 578046,651219,714604,722398,730117,736149,738210,744692,754583,754898,758243,761849,762424,763494,767612,768052,773577,776787,777616,777746,779577,780977,786150,786814,786900,787821,788826,789235,789311,789359,790867,792674,792793,793139,793671,794513,794529,794805,795269,795928,795957,795961,796412,796418,796823,797042,797175,798921,799197,799209,799270,799275,799578,799926,800280,800701,801038,801178,801713,801717,801720,801782,802153,802353,802445,802712,803056,803067,803394,803674,803712,804154,804220,804609,805823,806138,806395,806404,806431,806466,806469,806492,806631,806825,806847,806908,806976,806980,807431,807517,807560,807853,808166,808307,808829,808966,808991,809155,809166,809375,809493,809748,812281,812315,813963,816443,819789,89359
CVE References: CVE-2010-3873,CVE-2011-4131,CVE-2011-4604,CVE-2011-4622,CVE-2012-1601,CVE-2012-2119,CVE-2012-2137,CVE-2012-4461,CVE-2012-5517,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-0871,CVE-2013-0913,CVE-2013-1767,CVE-2013-1774,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1848,CVE-2013-2094
Sources used:
openSUSE 11.4 (src):    iscsitarget-1.4.19-18.2, kernel-docs-3.0.74-34.2, kernel-source-3.0.74-34.1, kernel-syms-3.0.74-34.1, ndiswrapper-1.57rc1-20.1, omnibook-20100406-13.1, open-vm-tools-2012.8.8.1-41.1, pcfclock-0.44-250.1, preload-1.2-6.29.1, systemtap-1.4-1.11.1, virtualbox-4.0.12-0.58.1, xen-4.0.3_05-57.1, xtables-addons-1.37-0.22.1
Comment 39 Marcus Meissner 2013-06-17 05:38:11 UTC
We have just released a kernel update for SUSE Linux Enterprise 11 SP2 that mentions/fixes this problem. Released kernel version is 3.0.80-0.5.1.

(respin via stable)

sle10 not affected due to no kvm
Comment 40 Swamp Workflow Management 2013-06-17 07:07:09 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 41 Swamp Workflow Management 2013-06-17 08:05:56 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 42 Swamp Workflow Management 2013-06-17 09:08:31 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-ppc64, ext4-writeable-kmp-trace, kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 43 Swamp Workflow Management 2013-06-17 10:13:40 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 44 Swamp Workflow Management 2013-06-17 10:57:20 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (x86_64)
SLE-DESKTOP 11-SP2 (x86_64)
SLE-HAE 11-SP2 (x86_64)
SLE-SERVER 11-SP2 (x86_64)
SLES4VMWARE 11-SP2 (x86_64)
Comment 45 Swamp Workflow Management 2013-06-17 11:03:25 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ppc64)
SLE-HAE 11-SP2 (ppc64)
SLE-SERVER 11-SP2 (ppc64)
Comment 46 Swamp Workflow Management 2013-06-17 11:07:50 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 47 Swamp Workflow Management 2013-06-17 11:20:16 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-DESKTOP 11-SP2 (i386)
SLE-HAE 11-SP2 (i386)
SLE-SERVER 11-SP2 (i386)
SLES4VMWARE 11-SP2 (i386)
Comment 48 Swamp Workflow Management 2013-06-17 11:27:55 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (ia64)
SLE-HAE 11-SP2 (ia64)
SLE-SERVER 11-SP2 (ia64)
Comment 49 Swamp Workflow Management 2013-06-17 11:41:28 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-HAE 11-SP2 (s390x)
SLE-SERVER 11-SP2 (s390x)
Comment 50 Swamp Workflow Management 2013-06-18 07:05:52 UTC
Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-RT 11-SP2 (x86_64)
Comment 51 Swamp Workflow Management 2013-07-12 07:09:55 UTC
openSUSE-SU-2013:1187-1: An update that solves 13 vulnerabilities and has 35 fixes is now available.

Category: security (important)
Bug References: 763968,769685,788590,789359,792584,797175,800907,802642,804609,804656,805804,805945,806238,806980,808358,808647,808827,809122,809895,809902,809903,810473,810580,810624,810722,812281,814719,815356,815444,815745,816443,816451,816586,817010,817339,818053,818327,818371,818514,818516,818798,819295,819519,819655,820434,821930,822431,822722
CVE References: CVE-2012-6548,CVE-2012-6549,CVE-2013-0160,CVE-2013-0268,CVE-2013-0311,CVE-2013-0914,CVE-2013-1772,CVE-2013-1792,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-2634,CVE-2013-2635
Sources used:
openSUSE 11.4 (src):    kernel-docs-3.0.80-52.2, kernel-source-3.0.80-52.1, kernel-syms-3.0.80-52.1, preload-1.2-6.35.1
Comment 52 Swamp Workflow Management 2014-02-24 08:53:16 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-SERVER 11-SP1-LTSS (i386)
Comment 53 Swamp Workflow Management 2014-02-24 09:07:55 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-SERVER 11-SP1-LTSS (s390x)
Comment 54 Swamp Workflow Management 2014-02-24 09:54:21 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-SERVER 11-SP1-LTSS (x86_64)
Comment 55 Swamp Workflow Management 2014-02-24 14:20:37 UTC
SUSE-SU-2014:0287-1: An update that solves 84 vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 714906,715250,735347,744955,745640,748896,752544,754898,760596,761774,762099,762366,763463,763654,767610,767612,768668,769644,769896,770695,771706,771992,772849,773320,773383,773577,773640,773831,774523,775182,776024,776144,776885,777473,780004,780008,780572,782178,785016,786013,787573,787576,789648,789831,795354,797175,798050,800280,801178,802642,803320,804154,804653,805226,805227,805945,806138,806976,806977,806980,807320,808358,808827,809889,809891,809892,809893,809894,809898,809899,809900,809901,809902,809903,810045,810473,811354,812364,813276,813735,814363,814716,815352,815745,816668,817377,818337,818371,820338,822575,822579,823260,823267,823618,824159,824295,825227,826707,827416,827749,827750,828012,828119,833820,835094,835481,835839,840226,840858,845028,847652,847672,848321,849021,851095,851103,852558,852559,853050,853051,853052,856917,858869,858870,858872
CVE References: CVE-2011-1083,CVE-2011-3593,CVE-2012-1601,CVE-2012-2137,CVE-2012-2372,CVE-2012-2745,CVE-2012-3375,CVE-2012-3412,CVE-2012-3430,CVE-2012-3511,CVE-2012-4444,CVE-2012-4530,CVE-2012-4565,CVE-2012-6537,CVE-2012-6538,CVE-2012-6539,CVE-2012-6540,CVE-2012-6541,CVE-2012-6542,CVE-2012-6544,CVE-2012-6545,CVE-2012-6546,CVE-2012-6547,CVE-2012-6548,CVE-2012-6549,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-0268,CVE-2013-0310,CVE-2013-0343,CVE-2013-0349,CVE-2013-0871,CVE-2013-0914,CVE-2013-1767,CVE-2013-1773,CVE-2013-1774,CVE-2013-1792,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1827,CVE-2013-1928,CVE-2013-1943,CVE-2013-2015,CVE-2013-2141,CVE-2013-2147,CVE-2013-2164,CVE-2013-2232,CVE-2013-2234,CVE-2013-2237,CVE-2013-2634,CVE-2013-2851,CVE-2013-2852,CVE-2013-2888,CVE-2013-2889,CVE-2013-2892,CVE-2013-2893,CVE-2013-2897,CVE-2013-2929,CVE-2013-3222,CVE-2013-3223,CVE-2013-3224,CVE-2013-3225,CVE-2013-3228,CVE-2013-3229,CVE-2013-3231,CVE-2013-3232,CVE-2013-3234,CVE-2013-3235,CVE-2013-4345,CVE-2013-4470,CVE-2013-4483,CVE-2013-4511,CVE-2013-4587,CVE-2013-4588,CVE-2013-4591,CVE-2013-6367,CVE-2013-6368,CVE-2013-6378,CVE-2013-6383,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    btrfs-0-0.3.151, ext4dev-0-7.9.118, hyper-v-0-0.18.37, kernel-default-2.6.32.59-0.9.1, kernel-ec2-2.6.32.59-0.9.1, kernel-pae-2.6.32.59-0.9.1, kernel-source-2.6.32.59-0.9.1, kernel-syms-2.6.32.59-0.9.1, kernel-trace-2.6.32.59-0.9.1, kernel-xen-2.6.32.59-0.9.1
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.9.1, kernel-pae-2.6.32.59-0.9.1, kernel-xen-2.6.32.59-0.9.1
Comment 56 Swamp Workflow Management 2014-02-24 14:40:02 UTC
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 57 Swamp Workflow Management 2014-02-24 15:10:44 UTC
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 58 Swamp Workflow Management 2014-02-24 16:11:44 UTC
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)