Bug 864025 – VUL-0: CVE-2014-0069: kernel: cifs: memory corruption resulting in local DoS

Bug 864025 - (CVE-2014-0069) VUL-0: CVE-2014-0069: kernel: cifs: memory corruption resulting in local DoS

(CVE-2014-0069)
Summary:	VUL-0: CVE-2014-0069: kernel: cifs: memory corruption resulting in local DoS

Status:	VERIFIED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:56696 maint:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-02-14 13:06 UTC by Alexander Bergmann
Modified:	2018-07-03 20:47 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Backported patch to SLE11-SP3 (3.62 KB, patch) 2014-02-17 17:10 UTC, Miklos Szeredi	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2014-02-14 13:06:47 UTC

Via linux-distros.

Date: Wed, 12 Feb 2014 17:56:43 +0100 
From: Petr Matousek
Subject: [vs-plain] CVE-2014-0069

we've been informed about cifs affecting issue. Please see attachment
for further info and patches that will be sent upstream on Friday,
2014-02-14 unless anyone sees a reason to keep it private for a little
bit longer (fixing this is holding up some important work in other
areas).

It is basically an information leak flaw (uninitialized pages get send
over the wire) plus there's a memory corruption involved (use-after-free
and double free of MID) resulting in local DoS.

Because of the memory corruption privilege escalation cannot be ruled
out.

Comment 5 Alexander Bergmann 2014-02-14 13:13:15 UTC

Patches where published:
http://article.gmane.org/gmane.linux.kernel.cifs/9401
http://article.gmane.org/gmane.linux.kernel.cifs/9402

Comment 7 Swamp Workflow Management 2014-02-14 23:00:34 UTC

bugbot adjusting priority

Comment 8 Miklos Szeredi 2014-02-17 17:10:41 UTC

Created attachment 578844 [details]
Backported patch to SLE11-SP3

This is the backported patch to SLE11-SP3

Not sure what to do with this, since there doesn't appear to be an EMBARGO branch for this release.

Comment 10 Alexander Bergmann 2014-02-18 07:30:02 UTC

went public.

Comment 11 Alexander Bergmann 2014-02-18 07:31:52 UTC

Red Hat reference:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0069

Comment 12 Miklos Szeredi 2014-02-18 10:21:47 UTC

Fix pushed to:

master
SLE11-SP3
SLE12
openSUSE-12.3
openSUSE-13.1

Over to security-team.

Comment 15 Swamp Workflow Management 2014-03-27 19:01:53 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)

Comment 16 Swamp Workflow Management 2014-03-27 19:10:23 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)

Comment 17 Swamp Workflow Management 2014-03-27 19:10:33 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)

Comment 18 Swamp Workflow Management 2014-03-27 19:28:19 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)

Comment 19 Swamp Workflow Management 2014-03-27 21:49:57 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)

Comment 20 Swamp Workflow Management 2014-03-28 01:10:00 UTC

SUSE-SU-2014:0459-1: An update that solves 6 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 599263,827670,833968,844513,846790,847672,852488,852967,853162,853166,853455,854025,854445,855825,855885,856848,857358,857643,858604,859225,859342,861093,862796,862957,863178,863526,864025,864058,864833,864880,865342,865783,866253,866428
CVE References: CVE-2013-4470,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2014-0069
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.18.1, kernel-pae-3.0.101-0.18.1, kernel-source-3.0.101-0.18.1, kernel-syms-3.0.101-0.18.1, kernel-trace-3.0.101-0.18.1, kernel-xen-3.0.101-0.18.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.18.1, kernel-ec2-3.0.101-0.18.1, kernel-pae-3.0.101-0.18.1, kernel-ppc64-3.0.101-0.18.1, kernel-source-3.0.101-0.18.1, kernel-syms-3.0.101-0.18.1, kernel-trace-3.0.101-0.18.1, kernel-xen-3.0.101-0.18.1, xen-4.2.4_02-0.7.5
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.49, gfs2-2-0.16.55, ocfs2-1.6-0.20.49
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.18.1, kernel-pae-3.0.101-0.18.1, kernel-source-3.0.101-0.18.1, kernel-syms-3.0.101-0.18.1, kernel-trace-3.0.101-0.18.1, kernel-xen-3.0.101-0.18.1, xen-4.2.4_02-0.7.5
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.18.1, kernel-pae-3.0.101-0.18.1, kernel-ppc64-3.0.101-0.18.1, kernel-xen-3.0.101-0.18.1

Comment 21 Swamp Workflow Management 2014-03-28 01:13:37 UTC

Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)

Comment 22 Swamp Workflow Management 2014-03-28 01:16:54 UTC

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 23 Swamp Workflow Management 2014-03-28 01:17:56 UTC

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 24 Swamp Workflow Management 2014-03-28 01:21:56 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)

Comment 25 Swamp Workflow Management 2014-03-28 01:24:41 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 26 Swamp Workflow Management 2014-04-15 15:54:35 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)

Comment 27 Swamp Workflow Management 2014-04-15 17:49:58 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)

Comment 28 Swamp Workflow Management 2014-04-15 19:00:30 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)

Comment 29 Swamp Workflow Management 2014-04-15 19:09:53 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)

Comment 30 Swamp Workflow Management 2014-04-15 19:59:03 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)

Comment 31 Swamp Workflow Management 2014-04-15 23:11:40 UTC

SUSE-SU-2014:0531-1: An update that solves 6 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 599263,827670,833968,844513,846790,847672,852488,852967,853162,853166,853455,854025,854445,855825,856848,857358,857643,858604,859225,859342,861093,862796,862957,863178,863526,864025,864058,864833,864880,865342,865783,866253,866428,870801
CVE References: CVE-2013-4470,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2014-0069
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.21.1, kernel-pae-3.0.101-0.21.1, kernel-source-3.0.101-0.21.1, kernel-syms-3.0.101-0.21.1, kernel-trace-3.0.101-0.21.1, kernel-xen-3.0.101-0.21.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.21.1, kernel-ec2-3.0.101-0.21.1, kernel-pae-3.0.101-0.21.1, kernel-ppc64-3.0.101-0.21.1, kernel-source-3.0.101-0.21.1, kernel-syms-3.0.101-0.21.1, kernel-trace-3.0.101-0.21.1, kernel-xen-3.0.101-0.21.1, xen-4.2.4_02-0.7.12
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.54, gfs2-2-0.16.60, ocfs2-1.6-0.20.54
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.21.1, kernel-pae-3.0.101-0.21.1, kernel-source-3.0.101-0.21.1, kernel-syms-3.0.101-0.21.1, kernel-trace-3.0.101-0.21.1, kernel-xen-3.0.101-0.21.1, xen-4.2.4_02-0.7.12
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.21.1, kernel-pae-3.0.101-0.21.1, kernel-ppc64-3.0.101-0.21.1, kernel-xen-3.0.101-0.21.1

Comment 32 Swamp Workflow Management 2014-04-15 23:16:12 UTC

Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)

Comment 33 Swamp Workflow Management 2014-04-15 23:19:00 UTC

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 34 Swamp Workflow Management 2014-04-15 23:22:33 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 35 Swamp Workflow Management 2014-04-15 23:26:29 UTC

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 36 Swamp Workflow Management 2014-04-15 23:27:00 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)

Comment 37 Swamp Workflow Management 2014-04-16 19:52:08 UTC

Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-RT 11-SP3 (x86_64)

Comment 38 Swamp Workflow Management 2014-04-17 00:22:18 UTC

SUSE-SU-2014:0537-1: An update that solves 7 vulnerabilities and has 50 fixes is now available.

Category: security (important)
Bug References: 599263,769035,769644,793727,798050,805114,805740,820434,823618,827670,833968,844513,845378,845621,846654,846790,846984,847672,848055,849364,849855,851603,852153,852488,852967,853052,853162,853166,853455,854025,854445,854516,855825,855885,856848,857358,857643,857919,858534,858604,858831,859225,859342,861093,862796,862957,863178,863526,864025,864058,864833,864880,865342,865783,866253,866428,870801
CVE References: CVE-2013-4470,CVE-2013-6368,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2014-0069
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.55, drbd-kmp-8.4.4-0.22.21, iscsitarget-1.4.20-0.38.40, kernel-rt-3.0.101.rt130-0.14.1, kernel-rt_trace-3.0.101.rt130-0.14.1, kernel-source-rt-3.0.101.rt130-0.14.1, kernel-syms-rt-3.0.101.rt130-0.14.1, lttng-modules-2.1.1-0.11.36, ocfs2-1.6-0.20.55, ofed-1.5.4.1-0.13.46

Comment 39 Swamp Workflow Management 2014-05-19 12:08:17 UTC

openSUSE-SU-2014:0677-1: An update that solves 16 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 733022,811746,833968,837111,851426,852652,852967,858233,858638,858869,858870,858872,860835,862145,863335,864025,866102,868653,869414,869898,871148,871252,871325,873717,875690,875798
CVE References: CVE-2013-4254,CVE-2013-4579,CVE-2013-6885,CVE-2014-0101,CVE-2014-0196,CVE-2014-0691,CVE-2014-1438,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.32.2, kernel-source-3.7.10-1.32.1, kernel-syms-3.7.10-1.32.1

Comment 40 Swamp Workflow Management 2014-05-19 12:17:19 UTC

openSUSE-SU-2014:0678-1: An update that solves 17 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 639379,812592,81660,821619,833968,842553,849334,851244,851426,852656,852967,853350,856760,857643,858638,858872,859342,860502,860835,861750,862746,863235,863335,864025,864867,865075,866075,866102,867718,868653,869414,871148,871160,871252,871325,875440,875690,875798,876531,876699
CVE References: CVE-2013-4579,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7281,CVE-2014-0069,CVE-2014-0101,CVE-2014-0196,CVE-2014-1438,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.7.1, crash-7.0.2-2.7.1, hdjmod-1.28-16.7.1, ipset-6.19-2.7.1, iscsitarget-1.4.20.3-13.7.1, kernel-docs-3.11.10-11.3, kernel-source-3.11.10-11.1, kernel-syms-3.11.10-11.1, ndiswrapper-1.58-7.1, openvswitch-1.11.0-0.25.1, pcfclock-0.44-258.7.1, virtualbox-4.2.18-2.12.1, xen-4.3.2_01-15.1, xtables-addons-2.3-2.7.1

Comment 41 Swamp Workflow Management 2014-05-21 18:51:30 UTC

Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-SERVER 11-SP2-LTSS (i386)

Comment 42 Swamp Workflow Management 2014-05-21 19:04:03 UTC

Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-SERVER 11-SP2-LTSS (s390x)

Comment 43 Swamp Workflow Management 2014-05-21 19:51:56 UTC

Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP2 (x86_64)
SLE-SERVER 11-SP2-LTSS (x86_64)

Comment 44 Swamp Workflow Management 2014-05-22 00:12:43 UTC

SUSE-SU-2014:0696-1: An update that solves 21 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 708296,736697,746500,814788,819351,831029,836347,843185,844513,847672,849364,851426,852488,852553,852967,853455,854025,855347,855885,856083,857499,857643,858280,858534,858604,858869,858870,858872,862429,863300,863335,864025,864833,865307,865310,865330,865342,865783,866102,867953,868528,868653,869033,869563,870801,871325,871561,871861,873061,874108,875690,875798,876102
CVE References: CVE-2013-4470,CVE-2013-4579,CVE-2013-6382,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7339,CVE-2014-0069,CVE-2014-0101,CVE-2014-0196,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2039,CVE-2014-2523,CVE-2014-2678,CVE-2014-3122
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.19.1, kernel-ec2-3.0.101-0.7.19.1, kernel-pae-3.0.101-0.7.19.1, kernel-source-3.0.101-0.7.19.1, kernel-syms-3.0.101-0.7.19.1, kernel-trace-3.0.101-0.7.19.1, kernel-xen-3.0.101-0.7.19.1
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.7.19.1, kernel-pae-3.0.101-0.7.19.1, kernel-xen-3.0.101-0.7.19.1

Comment 45 Swamp Workflow Management 2014-05-22 00:21:08 UTC

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 46 Swamp Workflow Management 2014-05-22 01:08:12 UTC

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 47 Swamp Workflow Management 2014-05-22 02:08:31 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 48 Swamp Workflow Management 2014-06-06 10:16:58 UTC

openSUSE-SU-2014:0766-1: An update that solves 30 vulnerabilities and has 37 fixes is now available.

Category: security (moderate)
Bug References: 708296,736697,746500,758813,813733,814788,817377,819351,823260,831029,836347,840226,841402,843185,844513,847672,849021,849364,850263,851426,852488,852553,852558,852967,853455,854025,855347,855885,856083,857499,857643,858280,858534,858604,858869,858870,858872,862023,862429,863300,863335,864025,864833,865307,865310,865330,865342,865783,866102,867139,867255,867953,868049,868528,868653,869033,869563,870801,871252,871325,871561,871861,873061,874108,875690,875798,876102
CVE References: CVE-2012-2313,CVE-2013-0343,CVE-2013-1929,CVE-2013-2015,CVE-2013-2147,CVE-2013-4345,CVE-2013-4470,CVE-2013-4511,CVE-2013-4579,CVE-2013-6382,CVE-2013-6383,CVE-2013-6763,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7339,CVE-2014-00691,CVE-2014-0101,CVE-2014-0196,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2039,CVE-2014-2523,CVE-2014-2678,CVE-2014-3122
Sources used:
openSUSE 11.4 (src):    kernel-docs-3.0.101-83.3, kernel-source-3.0.101-83.1, kernel-syms-3.0.101-83.1, preload-1.2-6.61.1

Comment 49 Johannes Segitz 2014-06-23 11:06:45 UTC

all packages fixed