Bug 880892 - (CVE-2014-3153) VUL-0: CVE-2014-3153: kernel: Exploitable futex vulnerability
(CVE-2014-3153)
VUL-0: CVE-2014-3153: kernel: Exploitable futex vulnerability
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Jiri Kosina
Security Team bot
maint:running:57692:critical maint:re...
: DSLA_REQUIRED
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-02 07:49 UTC by Johannes Segitz
Modified: 2018-10-19 18:23 UTC (History)
13 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Updated patch for 593117: futex: Always cleanup owner tid in unlock_pi (4.71 KB, patch)
2014-06-06 08:31 UTC, Johannes Segitz
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-02 07:49:10 UTC
Created attachment 592933 [details]
Currently proposed patch

Via distros (From: Kees Cook <kees@outflux.net>). Embargoed, but no CRD currently available. Probably end of calendar week 23.

This vulnerability allows ring0 access via the futex syscall. The currently
proposed patch is attached. A reproducer will be attached later as we receive it.

>Original report:
> >----
> >The issue exists when after blocking in futex_wait_requeue_pi, q.rt_waiter
> >is NULL but &rt_waiter (on the stack) has been added to various waiter
> >lists by rt_mutex_start_proxy_lock.
> >
> >This is not supposed to be possible, because setting rt_waiter to NULL
> >indicates atomic acquisition. This is done by requeue_pi_wake_futex, which
> >is called by futex_requeue (FUTEX_CMP_REQUEUE_PI) in two cases where the
> >lock could be acquired immediately on behalf of some waiter rather than
> >blocking. Meanwhile, rt_mutex_start_proxy_lock is only called from the
> >bottom of futex_requeue, and only enqueues rt_waiter if the lock could not
> >be acquired immediately. Since any particular FUTEX_WAIT_REQUEUE_PI is only
> >supposed to be requeued once, those two possibilities should be mutually
> >exclusive.
> >
> >The requeue-once rule is enforced by only allowing requeueing to the futex
> >previously passed to futex_wait_requeue_pi as uaddr2, so it's not possible
> >to requeue from A to B, then from B to C - but it is possible to requeue
> >from B to B.
> >
> >When this happens, if (!q.rt_waiter) passes, so rt_mutex_finish_proxy_lock
> >is never called. (Also, AFAIK, free_pi_state is never called, which is true
> >even without this weird requeue; in the case where futex_requeue calls
> >requeue_pi_wake_futex directly, pi_state will sit around until it gets
> >cleaned up in exit_pi_state_list when the thread exits. This is not a
> >vulnerability.) futex_wait_requeue_pi exits, and various pointers to
> >rt_waiter become dangling.
> >---end-report---
Comment 12 Johannes Segitz 2014-06-03 12:57:27 UTC
Created attachment 593115 [details]
futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)
Comment 13 Johannes Segitz 2014-06-03 12:58:05 UTC
Created attachment 593116 [details]
futex: Validate atomic acquisition in futex_lock_pi_atomic()
Comment 14 Johannes Segitz 2014-06-03 12:58:36 UTC
Created attachment 593117 [details]
futex: Always cleanup owner tid in unlock_pi
Comment 15 Johannes Segitz 2014-06-03 12:59:07 UTC
Created attachment 593118 [details]
futex: Make lookup_pi_state more robust
Comment 16 Sebastian Krahmer 2014-06-04 06:06:41 UTC
Via distros:

Just for further clarification.

The first 2 patches address the CVE itself, but the poc code from kees
inspired me to write up two more interesting constructs, which make
use of the missing state checks in lookup_pi_state. After I
reimplemented the state checks in lookup_pi_state I found out, that
the stupid owner died handling in futex_unlock_pi caused existing user
space to fail, so I had to fix that up as well.

Thanks,

        Thomas
Comment 20 Swamp Workflow Management 2014-06-04 11:27:32 UTC
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57668
Comment 24 Swamp Workflow Management 2014-06-04 12:59:08 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57685
Comment 25 SMASH SMASH 2014-06-04 13:35:15 UTC
Affected packages:

SLE-11-SP3: kernel-source
SLE-11-SP1-TERADATA: kernel-source
Comment 26 Swamp Workflow Management 2014-06-04 13:57:31 UTC
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57692
Comment 27 Johannes Segitz 2014-06-04 18:30:42 UTC
issue is public 
http://article.gmane.org/gmane.linux.kernel.stable/92357
Comment 28 Marcus Meissner 2014-06-05 16:32:01 UTC
can be applied to all relevant branches now.
Comment 29 Jiri Kosina 2014-06-05 19:32:19 UTC
SLE11-SP3_EMBARGO merged into SLE11-SP3 and pushed out.
Comment 30 Jiri Kosina 2014-06-05 22:31:20 UTC
The two referenced patches should be enough to mitigate CVE PoC, but I am not 100% convinced that 866293ee from wouldn't be neede as well to achieve 100% correctness.

Adding Jiri Slaby so that this is handled via -stable and regular maintainance udpate properly.
Vlastimil pointed this thread out: http://seclists.org/oss-sec/2014/q2/468
Comment 31 Johannes Segitz 2014-06-06 08:31:25 UTC
Created attachment 593637 [details]
Updated patch for  593117: futex: Always cleanup owner tid in unlock_pi
Comment 34 Swamp Workflow Management 2014-06-10 19:49:30 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)
Comment 35 Swamp Workflow Management 2014-06-10 20:02:53 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)
Comment 36 Swamp Workflow Management 2014-06-10 21:04:24 UTC
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 37 Swamp Workflow Management 2014-06-10 22:47:43 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)
Comment 38 Swamp Workflow Management 2014-06-10 22:49:15 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)
Comment 39 Swamp Workflow Management 2014-06-10 23:50:23 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)
Comment 40 Swamp Workflow Management 2014-06-11 03:04:44 UTC
SUSE-SU-2014:0775-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-source-3.0.101-0.31.1, kernel-syms-3.0.101-0.31.1, kernel-trace-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.31.1, kernel-ec2-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-ppc64-3.0.101-0.31.1, kernel-source-3.0.101-0.31.1, kernel-syms-3.0.101-0.31.1, kernel-trace-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1, xen-4.2.4_02-0.7.33
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.69, gfs2-2-0.16.75, ocfs2-1.6-0.20.69
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-source-3.0.101-0.31.1, kernel-syms-3.0.101-0.31.1, kernel-trace-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1, xen-4.2.4_02-0.7.33
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-ppc64-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1
Comment 41 Swamp Workflow Management 2014-06-11 03:05:43 UTC
Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 42 Swamp Workflow Management 2014-06-11 03:06:28 UTC
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 43 Swamp Workflow Management 2014-06-11 03:06:48 UTC
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 44 Swamp Workflow Management 2014-06-11 03:07:09 UTC
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 45 Swamp Workflow Management 2014-06-11 03:07:51 UTC
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 52 Jiri Kosina 2014-06-12 11:57:19 UTC
Patches 1 and 2 pushed to opensuse 12.3 and 13.1 as well.
Comment 53 Bernhard Wiedemann 2014-06-13 09:01:28 UTC
This is an autogenerated message for OBS integration:
This bug (880892) was mentioned in
https://build.opensuse.org/request/show/237091 13.1 / kernel-source
https://build.opensuse.org/request/show/237147 12.3 / kernel-source
Comment 54 Swamp Workflow Management 2014-06-13 20:46:00 UTC
Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-RT 11-SP3 (x86_64)
Comment 55 Swamp Workflow Management 2014-06-14 00:04:31 UTC
SUSE-SU-2014:0796-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.69, drbd-kmp-8.4.4-0.22.35, iscsitarget-1.4.20-0.38.54, kernel-rt-3.0.101.rt130-0.18.1, kernel-rt_trace-3.0.101.rt130-0.18.1, kernel-source-rt-3.0.101.rt130-0.18.1, kernel-syms-rt-3.0.101.rt130-0.18.1, lttng-modules-2.1.1-0.11.47, ocfs2-1.6-0.20.69, ofed-1.5.4.1-0.13.60
Comment 56 Swamp Workflow Management 2014-06-17 11:19:01 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57888
Comment 57 Swamp Workflow Management 2014-06-17 18:50:27 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-SERVER 11-SP1-LTSS (i386)
Comment 58 Swamp Workflow Management 2014-06-17 18:57:03 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-SERVER 11-SP1-LTSS (s390x)
Comment 59 Swamp Workflow Management 2014-06-17 19:52:20 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-SERVER 11-SP1-LTSS (x86_64)
Comment 60 Swamp Workflow Management 2014-06-17 23:10:57 UTC
SUSE-SU-2014:0807-1: An update that solves 17 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 630970,661605,663516,761774,792407,852553,852967,854634,854743,856756,857643,863335,865310,866102,868049,868488,868653,869563,871561,873070,874108,875690,875798,876102,878289,880892
CVE References: CVE-2012-6647,CVE-2013-6382,CVE-2013-6885,CVE-2013-7027,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7339,CVE-2014-0101,CVE-2014-0196,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2678,CVE-2014-3122,CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    btrfs-0-0.3.163, ext4dev-0-7.9.130, hyper-v-0-0.18.39, kernel-default-2.6.32.59-0.13.1, kernel-ec2-2.6.32.59-0.13.1, kernel-pae-2.6.32.59-0.13.1, kernel-source-2.6.32.59-0.13.1, kernel-syms-2.6.32.59-0.13.1, kernel-trace-2.6.32.59-0.13.1, kernel-xen-2.6.32.59-0.13.1
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.13.1, kernel-pae-2.6.32.59-0.13.1, kernel-xen-2.6.32.59-0.13.1
Comment 61 Swamp Workflow Management 2014-06-17 23:13:07 UTC
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 62 Swamp Workflow Management 2014-06-17 23:14:18 UTC
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 63 Swamp Workflow Management 2014-06-17 23:17:04 UTC
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 64 Swamp Workflow Management 2014-06-24 14:48:28 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (x86_64)
SLE-SERVER 11-SP2-LTSS (x86_64)
Comment 65 Swamp Workflow Management 2014-06-24 18:04:24 UTC
SUSE-SU-2014:0837-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.21.1, kernel-ec2-3.0.101-0.7.21.1, kernel-source-3.0.101-0.7.21.1, kernel-syms-3.0.101-0.7.21.1, kernel-trace-3.0.101-0.7.21.1, kernel-xen-3.0.101-0.7.21.1, xen-4.1.6_06-0.5.16
SLE 11 SERVER Unsupported Extras (src):    ext4-writeable-0-0.14.103, kernel-default-3.0.101-0.7.21.1, kernel-pae-3.0.101-0.7.21.1, kernel-xen-3.0.101-0.7.21.1
Comment 66 Swamp Workflow Management 2014-06-24 18:05:02 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 67 Swamp Workflow Management 2014-06-24 18:05:23 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 68 Swamp Workflow Management 2014-06-24 18:05:43 UTC
Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 69 Swamp Workflow Management 2014-06-24 18:52:45 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-SERVER 11-SP2-LTSS (s390x)
Comment 70 Swamp Workflow Management 2014-06-24 18:57:15 UTC
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-SERVER 11-SP2-LTSS (i386)
Comment 71 Swamp Workflow Management 2014-06-24 22:05:03 UTC
SUSE-SU-2014:0837-2: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.21.1, kernel-ec2-3.0.101-0.7.21.1, kernel-pae-3.0.101-0.7.21.1, kernel-source-3.0.101-0.7.21.1, kernel-syms-3.0.101-0.7.21.1, kernel-trace-3.0.101-0.7.21.1, kernel-xen-3.0.101-0.7.21.1, xen-4.1.6_06-0.5.16
Comment 72 Swamp Workflow Management 2014-06-25 07:10:14 UTC
openSUSE-SU-2014:0840-1: An update that solves 9 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 851338,858067,868315,869563,870173,870576,871561,872715,873374,876102,876981,877257,877713,877721,878115,878274,879258,879792,880599,880613,880892,881697,881727,882648
CVE References: CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3153
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.10.1, crash-7.0.2-2.10.9, hdjmod-1.28-16.10.1, ipset-6.21.1-2.14.1, iscsitarget-1.4.20.3-13.10.1, kernel-docs-3.11.10-17.6, kernel-source-3.11.10-17.2, kernel-syms-3.11.10-17.1, ndiswrapper-1.58-10.1, pcfclock-0.44-258.10.1, vhba-kmp-20130607-2.11.1, virtualbox-4.2.18-2.15.2, xen-4.3.2_01-18.2, xtables-addons-2.3-2.10.1
Comment 73 Bernhard Wiedemann 2014-06-25 20:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (880892) was mentioned in
https://build.opensuse.org/request/show/238697 Evergreen:11.4 / kernel-trace+kernel-pae+kernel-desktop+kernel-syms+kernel-docs+kernel-source+kernel-debug+kernel-xen+kernel-default+kernel-ec2+kernel-vanilla+preload+kernel-vmi
Comment 74 Swamp Workflow Management 2014-07-01 10:06:03 UTC
openSUSE-SU-2014:0856-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 869563,870173,870576,871561,873374,876102,878274,880892
CVE References: CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3153
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.36.2, kernel-source-3.7.10-1.36.1, kernel-syms-3.7.10-1.36.1
Comment 75 Swamp Workflow Management 2014-07-08 18:04:45 UTC
openSUSE-SU-2014:0878-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 877775,880892
CVE References: CVE-2014-3153
Sources used:
openSUSE 11.4 (src):    kernel-docs-3.0.101-87.2, kernel-source-3.0.101-87.1, kernel-syms-3.0.101-87.1, preload-1.2-6.65.1
Comment 76 Marcus Meissner 2014-07-17 08:35:08 UTC
I think we released everything.
Comment 77 Michal Hocko 2014-09-15 12:27:04 UTC
It seems that the original fix introduced a new issue fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13c42c2f43b19aab3195f2d357db00d1e885eaa8.
Comment 79 Michal Hocko 2014-09-15 13:06:33 UTC
pushed to SLE11-SP1-TD branch.
Comment 80 Davidlohr Bueso 2014-09-18 14:16:37 UTC
pushed fix to SLE11-SP3
pushed fix to SLE12
Comment 82 Swamp Workflow Management 2014-10-22 23:14:59 UTC
SUSE-SU-2014:1319-1: An update that solves 13 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 774818,806990,816708,826486,832309,833820,849123,855657,859840,860441,860593,863586,866130,866615,866864,866911,869055,869934,870161,871134,871797,876017,876055,876114,876590,879304,879921,880344,880370,880892,881051,881759,882317,882639,882804,882900,883096,883376,883518,883724,884333,884582,884725,884767,885262,885382,885422,885509,886840,887082,887418,887503,887608,887645,887680,888058,888105,888591,888607,888847,888849,888968,889061,889173,889451,889614,889727,890297,890426,890513,890526,891087,891259,891281,891619,891746,892200,892490,892723,893064,893496,893596,894200,895221,895608,895680,895983,896689
CVE References: CVE-2013-1979,CVE-2014-1739,CVE-2014-2706,CVE-2014-3153,CVE-2014-4027,CVE-2014-4171,CVE-2014-4508,CVE-2014-4667,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.40.1, kernel-ec2-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-ppc64-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1, xen-4.2.4_04-0.7.3
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.99, drbd-kmp-8.4.4-0.22.65, iscsitarget-1.4.20-0.38.84, kernel-rt-3.0.101.rt130-0.28.1, kernel-rt_trace-3.0.101.rt130-0.28.1, kernel-source-rt-3.0.101.rt130-0.28.1, kernel-syms-rt-3.0.101.rt130-0.28.1, lttng-modules-2.1.1-0.11.75, ocfs2-1.6-0.20.99, ofed-1.5.4.1-0.13.90
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.98, gfs2-2-0.16.104, ocfs2-1.6-0.20.98
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1, xen-4.2.4_04-0.7.3
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-ppc64-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1
Comment 83 Swamp Workflow Management 2015-01-16 13:07:40 UTC
SUSE-SU-2015:0068-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 851603,853040,860441,862957,863526,870498,873228,874025,877622,879255,880767,880892,881085,883139,887046,887382,887418,889295,889297,891259,891619,892254,892612,892650,892860,893454,894057,894863,895221,895387,895468,895680,895983,896391,897101,897736,897770,897912,898234,898297,899192,899489,899551,899785,899787,899908,900126,901090,901774,901809,901925,902010,902016,902346,902893,902898,903279,903307,904013,904077,904115,904354,904871,905087,905100,905296,905758,905772,907818,908184,909077,910251,910697
CVE References: CVE-2013-6405,CVE-2014-3185,CVE-2014-3610,CVE-2014-3611,CVE-2014-3647,CVE-2014-3673,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.32-33.3, kernel-obs-build-3.12.32-33.1
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
Comment 84 Marcus Meissner 2015-01-16 13:23:00 UTC
reclose
Comment 85 Swamp Workflow Management 2015-03-11 19:08:46 UTC
SUSE-SU-2015:0481-1: An update that solves 34 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 771619,779488,833588,835839,847652,857643,864049,865442,867531,867723,870161,875051,876633,880892,883096,883948,887082,892490,892782,895680,896382,896390,896391,896392,897995,898693,899192,901885,902232,902346,902349,902351,902675,903640,904013,904700,905100,905312,905799,906586,907189,907338,907396,909078,912654,912705,915335
CVE References: CVE-2012-4398,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-2929,CVE-2013-7263,CVE-2014-0131,CVE-2014-0181,CVE-2014-2309,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-4943,CVE-2014-5471,CVE-2014-5472,CVE-2014-7826,CVE-2014-7841,CVE-2014-7842,CVE-2014-8134,CVE-2014-8369,CVE-2014-8559,CVE-2014-8709,CVE-2014-9584,CVE-2014-9585
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.29.1, kernel-ec2-3.0.101-0.7.29.1, kernel-pae-3.0.101-0.7.29.1, kernel-source-3.0.101-0.7.29.1, kernel-syms-3.0.101-0.7.29.1, kernel-trace-3.0.101-0.7.29.1, kernel-xen-3.0.101-0.7.29.1, xen-4.1.6_08-0.5.19
SLE 11 SERVER Unsupported Extras (src):    ext4-writeable-0-0.14.142, kernel-default-3.0.101-0.7.29.1, kernel-pae-3.0.101-0.7.29.1, kernel-xen-3.0.101-0.7.29.1
Comment 86 Swamp Workflow Management 2015-03-21 14:08:10 UTC
openSUSE-SU-2015:0566-1: An update that solves 38 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 771619,778463,833588,835839,847652,853040,864049,865442,867531,867723,870161,875051,876633,880892,883096,883724,883948,887082,892490,892782,895680,896382,896390,896391,896392,897995,898693,899192,901885,902232,902346,902349,902351,902675,903640,904013,904700,905100,905312,905799,906586,907189,907338,907396,907818,909077,909078,910251,912654,912705,915335
CVE References: CVE-2012-4398,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-2929,CVE-2013-7263,CVE-2014-0131,CVE-2014-0181,CVE-2014-2309,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5471,CVE-2014-5472,CVE-2014-7826,CVE-2014-7841,CVE-2014-7842,CVE-2014-8133,CVE-2014-8134,CVE-2014-8369,CVE-2014-8559,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322,CVE-2014-9584,CVE-2014-9585
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-docs-3.0.101-99.2, kernel-source-3.0.101-99.1, kernel-syms-3.0.101-99.1, preload-1.2-6.77.1