Bug 880484 – VUL-0: CVE-2014-3917: kernel: audit syscall missing boundary checking

Bug 880484 - (CVE-2014-3917) VUL-0: CVE-2014-3917: kernel: audit syscall missing boundary checking

(CVE-2014-3917)
Summary:	VUL-0: CVE-2014-3917: kernel: audit syscall missing boundary checking

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Tony Jones
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp1:58142 maint:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-05-29 07:17 UTC by Marcus Meissner
Modified:	2015-04-30 19:12 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-05-29 07:17:15 UTC

public, via oss-sec

CVE-2014-3917

http://article.gmane.org/gmane.linux.kernel/1713179

From: Andy Lutomirski <luto@amacapital.net>
Date: Wed, 28 May 2014 14:45:59 -0700
Subject: [oss-security] CVE request: Linux kernel DoS with syscall auditing

Issuing a system call with a random large number will OOPS, depending
on configuration.  A configuration that will enable this bug is:

# auditctl -a exit,always -S open

No privilege whatsoever is required to trigger the OOPS.

It's possible that this can be extended to more than just a DoS --
with some care and willingness to exploit timing attacks, this is a
read of arbitrary single bits in kernel memory.

--Andy

Comment 1 Marcus Meissner 2014-05-29 07:19:14 UTC

thread here:

http://thread.gmane.org/gmane.linux.kernel/1713178/focus=1713179

Comment 2 Marcus Meissner 2014-05-29 07:22:20 UTC

From: Andy Lutomirski <luto@amacapital.net>
Date: Wed, 28 May 2014 18:31:56 -0700

On Wed, May 28, 2014 at 6:06 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> On Wednesday, May 28, 2014 02:45:59 PM Andy Lutomirski wrote:
>> Issuing a system call with a random large number will OOPS, depending
>> on configuration.  A configuration that will enable this bug is:
>>
>> # auditctl -a exit,always -S open
>>
>> No privilege whatsoever is required to trigger the OOPS.
>
> Do you have more information about this? I don't get an oops and I run with
> the audit system on all the time.

It's on lkml -- see:

http://thread.gmane.org/gmane.linux.kernel/1713178/focus=1713179

http://thread.gmane.org/gmane.linux.kernel/1712799/focus=1713161

You need to pass a fairly large bogus syscall number.  The auditsc
code is completely missing any bounds checking on the syscall numbers.

>
>
>
>> It's possible that this can be extended to more than just a DoS --
>> with some care and willingness to exploit timing attacks, this is a
>> read of arbitrary single bits in kernel memory.
>
> What platform? Where do the arbitrary bits go? What syscall are we talking
> about?

The audit system decides whether to log a syscall depending on a bit
in the audit_krule mask.  Since the mask read isn't bounds-checked,
the caller can force it to read any bit, relative to the audit_krule.
Anything that can tell the attacker the outcome of the filter decision
will reveal the value of that bit.

>
> There is a linux-audit mail list which seems to not have any emails about this
> problem. That is really the best place to discuss any issues with this
> subsystem and get it fixed.

There's already a patch on lkml.

I'll cc linux-audit for the v2 patches.

--Andy

Comment 3 Johannes Segitz 2014-05-30 15:41:04 UTC

From: P J P <ppandit@redhat.com>
Date: Thu, 29 May 2014 18:34:16 +0530 (IST)

+-- On Wed, 28 May 2014, Andy Lutomirski wrote --+
| # auditctl -a exit,always -S open
| No privilege whatsoever is required to trigger the OOPS.

  I don't mean to nitpick but privileges would be required to add system call
audit rules using auditctl(8). Mentioning it here as that's a precondition to
trigger the said OOPS.

Comment 4 SMASH SMASH 2014-06-02 08:40:11 UTC

Affected packages:

SLE-11-SP1-TERADATA: kernel-source
SLE-10-SP3-TERADATA: kernel-source
SLE-11-SP3: kernel-source

Comment 5 Tony Jones 2014-06-11 22:51:55 UTC

Patches are:

[PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking
https://lkml.org/lkml/2014/5/28/808
in mainline as a3c54931199565930d6d84f4c3456f6440aefd41

https://lkml.org/lkml/2014/5/28/806
[PATCH 2/2] audit: do not select HAVE_ARCH_AUDITSYSCALL on x32
not in mainline (yet)

We'll take #1.  It impacts numerous openSUSE releases as well as SLE12.   I'll get it checked in.

#2 is problematic, disabling 32bit syscall auditing for released product isn't acceptable.   I doubt it's what we would want to do for SLE12 either.   I'll check to see what Eric's plans are in terms of actually fixing.

Comment 8 Tony Jones 2014-06-13 07:50:48 UTC

Fix checked into SLE12 and SLE11-SP3 branches.

Comment 9 Marcus Meissner 2014-06-23 09:09:55 UTC

openSUSE 12.3, 13.1 and SLE11 SP1, SP2, SLE10 SP3, SP4 needed still I think.

Comment 12 Tony Jones 2014-06-25 22:48:36 UTC

Changes tested against and checked into following: openSUSE-12.3, openSUSE-13.1, SLE11-SP1-LTSS and SLE11-SP2-LTSS 

I'll look at SLE10 tomorrow

Comment 15 Swamp Workflow Management 2014-07-01 09:11:24 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-07-08.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58141

Comment 16 Swamp Workflow Management 2014-07-03 10:04:46 UTC

Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)

Comment 17 Tony Jones 2014-07-10 03:16:15 UTC

Tested and checked into SLE10 SP2, SP3, SP4 LTSS branches.    That should be everything.   

Ok to close?

Comment 18 Marcus Meissner 2014-07-10 06:47:17 UTC

that should be it.

thanks!

Comment 19 Swamp Workflow Management 2014-07-16 18:03:10 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)

Comment 20 Swamp Workflow Management 2014-07-16 19:05:41 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)

Comment 21 Swamp Workflow Management 2014-07-16 19:06:12 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)

Comment 22 Swamp Workflow Management 2014-07-16 19:41:39 UTC

Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-RT 11-SP3 (x86_64)

Comment 23 Swamp Workflow Management 2014-07-16 20:56:36 UTC

Update released for: cluster-network-kmp-bigsmp, drbd-kmp-bigsmp, gfs2-kmp-bigsmp, iscsitarget-kmp-bigsmp, kernel-bigsmp, kernel-bigsmp-base, kernel-bigsmp-debuginfo, kernel-bigsmp-debugsource, kernel-bigsmp-devel, kernel-bigsmp-devel-debuginfo, kernel-bigsmp-extra, kernel-bigsmp-hmac, ocfs2-kmp-bigsmp, ofed-kmp-bigsmp, oracleasm-kmp-bigsmp
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)

Comment 24 Swamp Workflow Management 2014-07-16 21:11:30 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)

Comment 25 Swamp Workflow Management 2014-07-16 21:22:46 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)

Comment 26 Swamp Workflow Management 2014-07-17 02:30:59 UTC

SUSE-OU-2014:0907-1: An update that solves 28 vulnerabilities and has 76 fixes is now available.

Category: optional (important)
Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795
CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.35.1
SUSE Linux Enterprise Server 11 SP3 (src):    iscsitarget-1.4.20-0.38.63, kernel-bigsmp-3.0.101-0.35.1, ofed-1.5.4.1-0.13.69, oracleasm-2.0.5-7.39.71
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.78, drbd-kmp-8.4.4-0.22.44, gfs2-2-0.16.84, ocfs2-1.6-0.20.78
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.35.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.35.1

Comment 27 Swamp Workflow Management 2014-07-17 03:41:40 UTC

SUSE-SU-2014:0908-1: An update that solves 30 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883724,883795,885725
CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.79, drbd-kmp-8.4.4-0.22.45, iscsitarget-1.4.20-0.38.64, kernel-rt-3.0.101.rt130-0.24.1, kernel-rt_trace-3.0.101.rt130-0.24.1, kernel-source-rt-3.0.101.rt130-0.24.1, kernel-syms-rt-3.0.101.rt130-0.24.1, lttng-modules-2.1.1-0.11.57, ocfs2-1.6-0.20.79, ofed-1.5.4.1-0.13.70

Comment 28 Swamp Workflow Management 2014-07-17 04:22:24 UTC

SUSE-SU-2014:0909-1: An update that solves 30 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883724,883795,885725
CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.79, drbd-kmp-8.4.4-0.22.45, iscsitarget-1.4.20-0.38.64, kernel-rt-3.0.101.rt130-0.24.1, kernel-rt_trace-3.0.101.rt130-0.24.1, kernel-source-rt-3.0.101.rt130-0.24.1, kernel-syms-rt-3.0.101.rt130-0.24.1, lttng-modules-2.1.1-0.11.57, ocfs2-1.6-0.20.79, ofed-1.5.4.1-0.13.70

Comment 29 Swamp Workflow Management 2014-07-17 04:28:23 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)

Comment 30 Swamp Workflow Management 2014-07-17 04:54:58 UTC

SUSE-SU-2014:0910-1: An update that solves 29 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795,885725
CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.35.1, kernel-ec2-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.78, gfs2-2-0.16.84, ocfs2-1.6-0.20.78
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1

Comment 31 Swamp Workflow Management 2014-07-17 05:27:50 UTC

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 32 Swamp Workflow Management 2014-07-17 05:45:43 UTC

SUSE-SU-2014:0911-1: An update that solves 29 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795,885725
CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.35.1, kernel-ec2-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.78, gfs2-2-0.16.84, ocfs2-1.6-0.20.78
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1

Comment 33 Swamp Workflow Management 2014-07-17 06:16:04 UTC

Update released for: kernel-bigsmp-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 34 Swamp Workflow Management 2014-07-17 06:33:44 UTC

SUSE-SU-2014:0912-1: An update that solves 29 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795,885725
CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.35.1, kernel-ec2-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.78, gfs2-2-0.16.84, ocfs2-1.6-0.20.78
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1

Comment 35 Swamp Workflow Management 2014-07-17 06:57:29 UTC

Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)

Comment 36 Swamp Workflow Management 2014-07-17 07:25:58 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 37 Swamp Workflow Management 2014-07-17 08:36:45 UTC

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 38 Swamp Workflow Management 2014-08-01 13:05:29 UTC

openSUSE-SU-2014:0957-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 788080,867531,867723,877257,880484,882189,883518,883724,883795,885422,885725
CVE References: CVE-2014-0131,CVE-2014-2309,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4014,CVE-2014-4171,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.40.2, kernel-source-3.7.10-1.40.1, kernel-syms-3.7.10-1.40.1

Comment 39 Swamp Workflow Management 2014-08-11 10:07:26 UTC

openSUSE-SU-2014:0985-1: An update that solves 14 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 768714,851686,855657,866101,867531,867723,879071,880484,882189,883518,883724,883795,884840,885422,885725,886629
CVE References: CVE-2014-0100,CVE-2014-0131,CVE-2014-2309,CVE-2014-3917,CVE-2014-4014,CVE-2014-4171,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.13.1, crash-7.0.2-2.13.1, hdjmod-1.28-16.13.1, ipset-6.21.1-2.17.1, iscsitarget-1.4.20.3-13.13.1, kernel-docs-3.11.10-21.3, kernel-source-3.11.10-21.1, kernel-syms-3.11.10-21.1, ndiswrapper-1.58-13.1, pcfclock-0.44-258.13.1, vhba-kmp-20130607-2.14.1, virtualbox-4.2.18-2.18.1, xen-4.3.2_01-21.1, xtables-addons-2.3-2.13.1

Comment 40 Swamp Workflow Management 2014-08-27 10:29:24 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-09-03.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58726

Comment 45 Swamp Workflow Management 2014-09-09 23:12:26 UTC

SUSE-SU-2014:1105-1: An update that solves 18 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 846404,864464,866911,870173,870576,871676,871797,871854,872634,873374,876590,877257,877775,878115,878509,879921,880484,881051,882804,883724,883795,885422,885725,886474,889173,889324
CVE References: CVE-2013-4299,CVE-2014-0055,CVE-2014-0077,CVE-2014-1739,CVE-2014-2706,CVE-2014-2851,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-5077
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.23.1, kernel-ec2-3.0.101-0.7.23.1, kernel-pae-3.0.101-0.7.23.1, kernel-source-3.0.101-0.7.23.1, kernel-syms-3.0.101-0.7.23.1, kernel-trace-3.0.101-0.7.23.1, kernel-xen-3.0.101-0.7.23.1, xen-4.1.6_06-0.5.30
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.7.23.1, kernel-pae-3.0.101-0.7.23.1, kernel-xen-3.0.101-0.7.23.1

Comment 46 Swamp Workflow Management 2014-09-16 17:07:31 UTC

SUSE-SU-2014:1138-1: An update that fixes 22 vulnerabilities is now available.

Category: security (important)
Bug References: 794824,806431,831058,854722,856756,871797,877257,879921,880484,881051,882809,883526,883724,883795,884530,885422,885725,887082,889173,892490
CVE References: CVE-2013-1860,CVE-2013-4162,CVE-2013-7266,CVE-2013-7267,CVE-2013-7268,CVE-2013-7269,CVE-2013-7270,CVE-2013-7271,CVE-2014-0203,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-4943,CVE-2014-5077
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    kernel-default-2.6.32.59-0.15.2, kernel-ec2-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-source-2.6.32.59-0.15.2, kernel-syms-2.6.32.59-0.15.2, kernel-trace-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2, xen-4.0.3_21548_16-0.5.26
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2

Comment 47 Swamp Workflow Management 2014-09-28 16:09:45 UTC

openSUSE-SU-2014:1246-1: An update that solves 18 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 846404,854722,864464,866911,870173,870576,871676,871797,871854,872634,873374,876590,877257,878115,878509,879921,880484,881051,882804,883724,883795,885422,885725,886474,889173,889324
CVE References: CVE-2013-6463,CVE-2014-0055,CVE-2014-0077,CVE-2014-1739,CVE-2014-2706,CVE-2014-2851,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-5077
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-docs-3.0.101-91.2, kernel-source-3.0.101-91.1, kernel-syms-3.0.101-91.1, preload-1.2-6.69.2

Comment 48 Michal Hocko 2015-02-23 14:01:10 UTC

Pushed to SLES10-SP3-TD as well. I somehow missed this branch. Sorry about that.

Comment 50 Swamp Workflow Management 2015-03-19 08:14:36 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-03-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61218

Comment 54 Swamp Workflow Management 2015-04-30 19:12:26 UTC

SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available.

Category: security (important)
Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325
CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1