Bugzilla – Bug 883795
VUL-0: CVE-2014-4652: kernel: A few ALSA core control API vulnerabilities
Last modified: 2015-04-30 19:13:03 UTC
A couple of use-after-free and out-of-bounds memory access vulnerabilities have been found in Linux kernel sound subsystem, ALSA core control API. The fixes have been already merged in Linux 3.16-rc2 in the commits 07f4d9d74a04aa7c72c5dae0ef97565f28f17b92 ALSA: control: Protect user controls against concurrent access 82262a46627bebb0febcc26664746c25cef08563 ALSA: control: Fix replacing user controls fd9f26e4eca5d08a27d12c0933fceef76ed9663d ALSA: control: Don't access controls outside of protected regions ac902c112d90a89e59916f751c2745f4dbdbb4bd ALSA: control: Handle numid overflow 883a1d49f0d77d30012f114b2e19fc141beb3e8e ALSA: control: Make sure that id->index does not overflow Below is the original post: Subject: [PATCH 0/5] Use-after-free and out-of-bounds acccess vulnerabilities in the ALSA control code From: Lars-Peter Clausen <lars@metafoo.de> Hi, A couple of use-after-free and out-of-bounds memory accesses which can be triggered by race conditions have been discovered in the ALSA control handling code. These vulnerabilities allow users that have access to a ALSA control character device (/dev/snd/controlCX) to disclose memory and potentially allow for arbitrary code execution. On a typical Linux system these are the users that are in the audio group. This patch series fixes the issues and the patches are ordered by severity of the issue. The first issue is a race conditions in the user-control put/get and tlv handlers, which can cause the write callback to race against the read callback. For put/get this is pretty harmless as the only effect is that the reader will see a inconsistent state. The tlv callback is pretty bad though as it allows disclosure of kernel memory that is adjacent to the memory region where the tlv data is stored. The issue is essentially a race between ue->tlv_data = new_data; ue->tlv_data_size = size; and copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size) If tlv_data has already been updated to the new data, but size has not and the new data is smaller than the older data, copy_to_user() will read beyond the boundaries of the buffer. This allows to dump almost 128k bytes per race. The race seems to be fairly easy to trigger, the more cores the system has the easier. The data that has been dumped this way can contain all kind of sensitive data. Inital tests show that it is possible to disclose multiple hundreds of MB of memory within a few minutes. There are a couple of places where a kcontrol is de-referenced after controls_rwsem has been released. This can cause a use-after-free access as a control can be freed at any time. To avoid this the patch makes a on-stack copy of the relevant data before releasing the lock and then works with the copy. This race condition is very hard to hit though, since the data is only accessed for a very short amount of time after the lock has been released and to exploit the issue the control needs to be freed in that time and the memory needs to be re-allocated and assigned some other unrelated data. But it is possible to make it much easier to exploit by subscribing to the control events, but never read a event. This will create a rather long list which takes snd_ctl_notify() a while to process before it access the already freed data. This vulnerability allows to disclose a few bytes of kernel memory per triggered race condition The next issue is that SNDRV_CTL_IOCTL_ELEM_REPLACE does no permission checking on the control that is to be replaced. This allows a application to remove controls that were created by the kernel driver and also controls that are locked by other applications. The first can cause use-after-free access if the kernel driver keeps a pointer to the control and does not expect it to be freed (e.g. the ctrljack code). The later is just a bit of an inconvenience. SNDRV_CTL_IOCTL_ELEM_REPLACE also gets the user_ctl_count handling wrong. The MAX_USER_CONTROLS limit is not enforced when replacing a control, but user_ctl_count is still increment even though the number of controls stays the same. This means calling SNDRV_CTL_IOCTL_ELEM_REPLACE often enough will eventually overflow user_ctl_count, effectively bypassing the MAX_USER_CONTROLS limit. The last two issues are overflows of id.index and id.numid. The control code assumes that kctl->id.index + kctl->count and kctl->id.numid + kctl->count never overflow. If it happens this creates a controls that becomes inaccessible since snd_ctl_find_id() will not be able to find them. It will still show up in SNDRV_CTL_IOCTL_ELEM_LIST though. The index overflow is easy to create since the index can be freely chosen by the creator of the control. The numid overflow is a bit harder to trigger since the numid is automatically assigned. But by creating and removing enough controls it is also possible to overflow numid. I've created small prove of concept applications that show the issues. [1] * alsa-memory-dump.c will exploit the memory disclosure issue and write all data it is able to access to stdout. It is best to redirect stdout to a file to test this. For successful triggering of the race you may have to adjust the number of reader threads that are created to the number of CPUs you have in your system. * alsa-owner-bypass.c will create a control for one fd and try to delete it from another fd. It does not show how to delete kernel driver controls as that might crash the system, but the method for doing so is the same * alsa-index-overflow.c tries to create controls that overflow the index field * alsa-numid-overflow.c will create controls until numid overflows. If you want to test this and not want to wait forever it is best to patch the kernel to the initial value for last_numid to something like UINT_MAX - 10000. There is no example for the second issue as it is, as I said, very hard to trigger and only discloses a few bytes of memory per triggered race condition. The TLV issue was added in commit 8aa9b586e420("[ALSA] Control API - more robust TLV implementation") for which the first affected release is v2.6.18. Everything else seems to predate the git history, so v2.6.12 or earlier. - Lars [1] http://metafoo.de/alsa-vuln-poc.tar.bz2 Lars-Peter Clausen (5): ALSA: control: Protect user controls against concurrent access ALSA: control: Fix replacing user controls ALSA: control: Don't access controls outside of protected regions ALSA: control: Handle numid overflow ALSA: control: Make sure that id->index does not overflow include/sound/core.h | 2 ++ sound/core/control.c | 78 ++++++++++++++++++++++++++++++++++------------------ sound/core/init.c | 1 + 3 files changed, 54 insertions(+), 27 deletions(-)
bugbot adjusting priority
From: cve-assign () mitre org Date: Thu, 26 Jun 2014 01:52:26 -0400 (EDT) > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=07f4d9d74a04aa7c72c5dae0ef97565f28f17b92 > ALSA: control: Protect user controls against concurrent access > The user-control put and get handlers as well as the tlv do not > protect against concurrent access from multiple threads. Since the > state of the control is not updated atomically it is possible that > either two write operations or a write and a read operation race > against each other. Both can lead to arbitrary memory disclosure. > (aka "The first issue is a race conditions in the user-control put/get > and tlv handlers" ... "first affected release is v2.6.18") Use CVE-2014-4652.
From: cve-assign () mitre org Date: Thu, 26 Jun 2014 01:52:26 -0400 (EDT) > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=fd9f26e4eca5d08a27d12c0933fceef76ed9663d > ALSA: control: Don't access controls outside of protected regions > A control that is visible on the card->controls list can be freed at > any time. This means we must not access any of its memory while not > holding the controls_rw_lock. Otherwise we risk a use after free > access. > (aka "There are a couple of places where a kcontrol is de-referenced > after controls_rwsem has been released" ... "first affected release > predates the git history") Use CVE-2014-4653.
From: cve-assign () mitre org Date: Thu, 26 Jun 2014 01:52:26 -0400 (EDT) > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=82262a46627bebb0febcc26664746c25cef08563 > ALSA: control: Fix replacing user controls > The first is that the code does not check if the control is actually a > user control and neither does it check if the control is owned by the > process that tries to remove it. That allows userspace applications to > remove arbitrary controls, which can cause a user after free > (aka "The next issue is that SNDRV_CTL_IOCTL_ELEM_REPLACE does no > permission checking on the control that is to be replaced. This allows > a application to remove controls that were created by the kernel > driver and also controls that are locked by other applications." ... > "first affected release predates the git history") Use CVE-2014-4654.
From: cve-assign () mitre org Date: Thu, 26 Jun 2014 01:52:26 -0400 (EDT) > The second issue is that on one hand when a control is replaced the > user_ctl_count limit is not checked and on the other hand the > user_ctl_count is increased (even though the number of user controls > does not change). This allows userspace, once the user_ctl_count limit > as been reached, to repeatedly replace a control until user_ctl_count > overflows. > (aka "SNDRV_CTL_IOCTL_ELEM_REPLACE also gets the user_ctl_count > handling wrong" ... "first affected release predates the git history") Use CVE-2014-4655. [ in other words, two different CVE IDs for the 82262a46627bebb0febcc26664746c25cef08563 commit ]
From: cve-assign () mitre org Date: Thu, 26 Jun 2014 01:52:26 -0400 (EDT) > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=883a1d49f0d77d30012f114b2e19fc141beb3e8e > ALSA: control: Make sure that id->index does not overflow > if (id.index > UINT_MAX - kcontrol->count) > goto error; > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=ac902c112d90a89e59916f751c2745f4dbdbb4bd > ALSA: control: Handle numid overflow > if (card->last_numid >= UINT_MAX - count) > card->last_numid = 0; > (aka "The last two issues are overflows of id.index and id.numid" ... > "first affected release predates the git history") Use CVE-2014-4656. [ in other words, a single CVE ID for both the 883a1d49f0d77d30012f114b2e19fc141beb3e8e and ac902c112d90a89e59916f751c2745f4dbdbb4bd commits ]
Affected packages: SLE-11-SP3: kernel-source
Backported to most of released kernels: SLES9-SP4-LTSS, SLES10-SP4-LTSS, SLE11-SP1-LTSS, SLE11-SP2-LTSS, SLE11-SP3, SLE12, openSUSE-12.3 and openSUSE-13.1. Michal, would you need the fixes for SLEs10-SP3-TD and SLE11-SP1-TD branches?
No worries, I have cherry-picked them from respective LTSS branches. So SLES10-SP3-TD and SLE11-SP1-TD are covered. Thanks a lot Takashi!
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58208
Backported to all branches, AFAIK. Reassigned to security team.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-17. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58234
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-dummy, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP3 (ppc64) SLE-HAE 11-SP3 (ppc64) SLE-SERVER 11-SP3 (ppc64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP3 (s390x) SLE-HAE 11-SP3 (s390x) SLE-SERVER 11-SP3 (s390x)
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace Products: SLE-DEBUGINFO 11-SP3 (i386) SLE-DESKTOP 11-SP3 (i386) SLE-HAE 11-SP3 (i386) SLE-SERVER 11-SP3 (i386) SLES4VMWARE 11-SP3 (i386)
Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace Products: SLE-DEBUGINFO 11-SP3 (x86_64) SLE-RT 11-SP3 (x86_64)
Update released for: cluster-network-kmp-bigsmp, drbd-kmp-bigsmp, gfs2-kmp-bigsmp, iscsitarget-kmp-bigsmp, kernel-bigsmp, kernel-bigsmp-base, kernel-bigsmp-debuginfo, kernel-bigsmp-debugsource, kernel-bigsmp-devel, kernel-bigsmp-devel-debuginfo, kernel-bigsmp-extra, kernel-bigsmp-hmac, ocfs2-kmp-bigsmp, ofed-kmp-bigsmp, oracleasm-kmp-bigsmp Products: SLE-DEBUGINFO 11-SP3 (x86_64) SLE-DESKTOP 11-SP3 (x86_64) SLE-HAE 11-SP3 (x86_64) SLE-SERVER 11-SP3 (x86_64) SLES4VMWARE 11-SP3 (x86_64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace Products: SLE-DEBUGINFO 11-SP3 (x86_64) SLE-DESKTOP 11-SP3 (x86_64) SLE-HAE 11-SP3 (x86_64) SLE-SERVER 11-SP3 (x86_64) SLES4VMWARE 11-SP3 (x86_64)
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP3 (ia64) SLE-HAE 11-SP3 (ia64) SLE-SERVER 11-SP3 (ia64)
SUSE-OU-2014:0907-1: An update that solves 28 vulnerabilities and has 76 fixes is now available. Category: optional (important) Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795 CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-bigsmp-3.0.101-0.35.1 SUSE Linux Enterprise Server 11 SP3 (src): iscsitarget-1.4.20-0.38.63, kernel-bigsmp-3.0.101-0.35.1, ofed-1.5.4.1-0.13.69, oracleasm-2.0.5-7.39.71 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.27.78, drbd-kmp-8.4.4-0.22.44, gfs2-2-0.16.84, ocfs2-1.6-0.20.78 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-bigsmp-3.0.101-0.35.1 SLE 11 SERVER Unsupported Extras (src): kernel-bigsmp-3.0.101-0.35.1
SUSE-SU-2014:0908-1: An update that solves 30 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883724,883795,885725 CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.27.79, drbd-kmp-8.4.4-0.22.45, iscsitarget-1.4.20-0.38.64, kernel-rt-3.0.101.rt130-0.24.1, kernel-rt_trace-3.0.101.rt130-0.24.1, kernel-source-rt-3.0.101.rt130-0.24.1, kernel-syms-rt-3.0.101.rt130-0.24.1, lttng-modules-2.1.1-0.11.57, ocfs2-1.6-0.20.79, ofed-1.5.4.1-0.13.70
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (ia64)
SUSE-SU-2014:0909-1: An update that solves 30 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883724,883795,885725 CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.27.79, drbd-kmp-8.4.4-0.22.45, iscsitarget-1.4.20-0.38.64, kernel-rt-3.0.101.rt130-0.24.1, kernel-rt_trace-3.0.101.rt130-0.24.1, kernel-source-rt-3.0.101.rt130-0.24.1, kernel-syms-rt-3.0.101.rt130-0.24.1, lttng-modules-2.1.1-0.11.57, ocfs2-1.6-0.20.79, ofed-1.5.4.1-0.13.70
SUSE-SU-2014:0910-1: An update that solves 29 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795,885725 CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-default-3.0.101-0.35.1, kernel-ec2-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.27.78, gfs2-2-0.16.84, ocfs2-1.6-0.20.78 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45 SLE 11 SERVER Unsupported Extras (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (i386)
SUSE-SU-2014:0911-1: An update that solves 29 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795,885725 CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-default-3.0.101-0.35.1, kernel-ec2-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.27.78, gfs2-2-0.16.84, ocfs2-1.6-0.20.78 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45 SLE 11 SERVER Unsupported Extras (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1
Update released for: kernel-bigsmp-extra Products: SLE-SERVER 11-EXTRA (x86_64)
SUSE-SU-2014:0912-1: An update that solves 29 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 767610,786450,792271,821619,832710,837563,840524,846404,846690,847652,850915,851426,851603,852553,855126,857926,858869,858870,858872,859840,861636,861980,862429,862934,863300,863335,863410,863873,864404,864464,865310,865330,865882,866081,866102,866615,866800,866864,867362,867517,867531,867723,867953,868488,868528,868653,868748,869033,869414,869563,869934,870173,870335,870450,870496,870498,870576,870591,870618,870877,870958,871561,871634,871676,871728,871854,871861,871899,872188,872540,872634,873061,873374,873463,874108,874145,874440,874577,875386,876102,876114,876176,876463,877013,877257,877497,877775,878115,878123,878274,878407,878509,879921,879957,880007,880357,880437,880484,881571,881761,881939,882324,883380,883795,885725 CVE References: CVE-2012-2372,CVE-2013-2929,CVE-2013-4299,CVE-2013-4579,CVE-2013-6382,CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-0101,CVE-2014-0131,CVE-2014-0155,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1874,CVE-2014-2309,CVE-2014-2523,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4699 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-default-3.0.101-0.35.1, kernel-ec2-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.27.78, gfs2-2-0.16.84, ocfs2-1.6-0.20.78 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-source-3.0.101-0.35.1, kernel-syms-3.0.101-0.35.1, kernel-trace-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1, xen-4.2.4_02-0.7.45 SLE 11 SERVER Unsupported Extras (src): kernel-default-3.0.101-0.35.1, kernel-pae-3.0.101-0.35.1, kernel-ppc64-3.0.101-0.35.1, kernel-xen-3.0.101-0.35.1
Update released for: kernel-default-extra, kernel-ppc64-extra Products: SLE-SERVER 11-EXTRA (ppc64)
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (s390x)
Update released for: kernel-default-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (x86_64)
openSUSE-SU-2014:0957-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 788080,867531,867723,877257,880484,882189,883518,883724,883795,885422,885725 CVE References: CVE-2014-0131,CVE-2014-2309,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4014,CVE-2014-4171,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699 Sources used: openSUSE 12.3 (src): kernel-docs-3.7.10-1.40.2, kernel-source-3.7.10-1.40.1, kernel-syms-3.7.10-1.40.1
openSUSE-SU-2014:0985-1: An update that solves 14 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 768714,851686,855657,866101,867531,867723,879071,880484,882189,883518,883724,883795,884840,885422,885725,886629 CVE References: CVE-2014-0100,CVE-2014-0131,CVE-2014-2309,CVE-2014-3917,CVE-2014-4014,CVE-2014-4171,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699 Sources used: openSUSE 13.1 (src): cloop-2.639-11.13.1, crash-7.0.2-2.13.1, hdjmod-1.28-16.13.1, ipset-6.21.1-2.17.1, iscsitarget-1.4.20.3-13.13.1, kernel-docs-3.11.10-21.3, kernel-source-3.11.10-21.1, kernel-syms-3.11.10-21.1, ndiswrapper-1.58-13.1, pcfclock-0.44-258.13.1, vhba-kmp-20130607-2.14.1, virtualbox-4.2.18-2.18.1, xen-4.3.2_01-21.1, xtables-addons-2.3-2.13.1
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-09-03. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58726
SUSE-SU-2014:1105-1: An update that solves 18 vulnerabilities and has 8 fixes is now available. Category: security (moderate) Bug References: 846404,864464,866911,870173,870576,871676,871797,871854,872634,873374,876590,877257,877775,878115,878509,879921,880484,881051,882804,883724,883795,885422,885725,886474,889173,889324 CVE References: CVE-2013-4299,CVE-2014-0055,CVE-2014-0077,CVE-2014-1739,CVE-2014-2706,CVE-2014-2851,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-5077 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): kernel-default-3.0.101-0.7.23.1, kernel-ec2-3.0.101-0.7.23.1, kernel-pae-3.0.101-0.7.23.1, kernel-source-3.0.101-0.7.23.1, kernel-syms-3.0.101-0.7.23.1, kernel-trace-3.0.101-0.7.23.1, kernel-xen-3.0.101-0.7.23.1, xen-4.1.6_06-0.5.30 SLE 11 SERVER Unsupported Extras (src): kernel-default-3.0.101-0.7.23.1, kernel-pae-3.0.101-0.7.23.1, kernel-xen-3.0.101-0.7.23.1
SUSE-SU-2014:1138-1: An update that fixes 22 vulnerabilities is now available. Category: security (important) Bug References: 794824,806431,831058,854722,856756,871797,877257,879921,880484,881051,882809,883526,883724,883795,884530,885422,885725,887082,889173,892490 CVE References: CVE-2013-1860,CVE-2013-4162,CVE-2013-7266,CVE-2013-7267,CVE-2013-7268,CVE-2013-7269,CVE-2013-7270,CVE-2013-7271,CVE-2014-0203,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-4943,CVE-2014-5077 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): kernel-default-2.6.32.59-0.15.2, kernel-ec2-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-source-2.6.32.59-0.15.2, kernel-syms-2.6.32.59-0.15.2, kernel-trace-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2, xen-4.0.3_21548_16-0.5.26 SLE 11 SERVER Unsupported Extras (src): kernel-default-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2
openSUSE-SU-2014:1246-1: An update that solves 18 vulnerabilities and has 8 fixes is now available. Category: security (moderate) Bug References: 846404,854722,864464,866911,870173,870576,871676,871797,871854,872634,873374,876590,877257,878115,878509,879921,880484,881051,882804,883724,883795,885422,885725,886474,889173,889324 CVE References: CVE-2013-6463,CVE-2014-0055,CVE-2014-0077,CVE-2014-1739,CVE-2014-2706,CVE-2014-2851,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-5077 Sources used: openSUSE Evergreen 11.4 (src): kernel-docs-3.0.101-91.2, kernel-source-3.0.101-91.1, kernel-syms-3.0.101-91.1, preload-1.2-6.69.2
we probably fixed all of them now.
SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available. Category: security (important) Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325 CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1