Bug 957990 - (CVE-2015-8551) VUL-0: CVE-2015-8551,CVE-2015-8552,CVE-2015-8553: kernel: xen: Linux pciback missing sanity checks leading to crash (XSA-157)
(CVE-2015-8551)
VUL-0: CVE-2015-8551,CVE-2015-8552,CVE-2015-8553: kernel: xen: Linux pciback ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2015-8551:5.2:(AV:A/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-04 15:35 UTC by Marcus Meissner
Modified: 2020-06-18 15:28 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Swamp Workflow Management 2015-12-04 23:00:46 UTC
bugbot adjusting priority
Comment 3 Marcus Meissner 2015-12-07 13:50:39 UTC
its actually in the kernel afaik? and/or in the xen kmps?
Comment 4 Charles Arnold 2015-12-11 19:25:50 UTC
(In reply to Marcus Meissner from comment #3)
> its actually in the kernel afaik? and/or in the xen kmps?

This is patching the backend specifically drivers/xen/xen-pciback/pciback_ops.c
so it needs to be handled on the kernel side.
Comment 5 Marcus Meissner 2015-12-15 10:26:08 UTC
can you specify which of our XEN are affected?
Comment 6 Jan Beulich 2015-12-15 11:54:40 UTC
You mean which of our Xen kernels is affected? SLE11 and onwards. SLE10's hypervisor didn't support MSI yet iirc, and hence the respective kernel code is dead (and should thus be unaffected).
Comment 7 Marcus Meissner 2015-12-15 11:56:36 UTC
yes, sorry. so sle11 sp1 and onwards need fixes.
Comment 9 Marcus Meissner 2015-12-17 12:47:06 UTC
public now:

        Xen Security Advisory CVE-2015-8551,CVE-2015-8552 / XSA-157
                                 version 3

         Linux pciback missing sanity checks leading to crash

UPDATES IN VERSION 3
====================

Removed CVE-2015-8553 from the title of this advisory.  We will issue
an update to XSA-120 which documents the assignment of CVE-2015-8553
to the XSA-120 v5+ addendum patch.

Public release.

ISSUE DESCRIPTION
=================

Xen PCI backend driver does not perform proper sanity checks on the
device's state.

Which in turn allows the generic MSI code (called by Xen PCI backend) to be
called incorrectly leading to hitting BUG conditions or causing NULL pointer
exceptions in the MSI code.  (CVE-2015-8551)

To exploit this the guest can craft specific sequence of XEN_PCI_OP_*
operations which will trigger this.

Furthermore the frontend can also craft an continous stream of
XEN_PCI_OP_enable_msi which will trigger an continous
stream of WARN() messages triggered by the MSI code leading to the logging
in the initial domain to exhaust disk space.  (CVE-2015-8552)

Lastly there is also missing check to verify whether the device has
memory decoding enabled set at the start of the day leading the initial
domain "accesses to the respective MMIO or I/O port ranges would - - on PCI
Express devices - [which can] lead to Unsupported Request responses.
The treatment of such errors is platform specific." (from XSA-120).
Note that if XSA-120 'addendum' patch (re CVE-2015-8553) has been
applied this particular sub-issue is not exploitable.

IMPACT
======

Malicious guest administrators can cause denial of service.  If driver
domains are not in use, the impact is a host crash.

Only x86 systems are vulnerable.  ARM systems are not vulnerable.

VULNERABLE SYSTEMS
==================

This bug affects systems using Linux as the driver domain, including
non-disaggregated systems using Linux as dom0.

Linux versions v3.1 and onwards are vulnerable due to supporting PCI
pass-through backend driver.

PV and HVM guests which have been granted access to physical PCI devices
(`PCI passthrough') can take advantage of this vulnerability.

Furthermore, the vulnerability is only applicable when the
passed-through PCI devices are MSI-capable or MSI-X. (Most modern devices
are).

MITIGATION
==========

Not using PCI passthrough for PV and HVM guests. Note that for HVM guests
QEMU is used for PCI passthrough - however  the toolstack sets up also
the 'PV' PCI which the guest can utilize if it chooses to do so.

CREDITS
=======

This issue was discovered by Konrad Rzeszutek Wilk of Oracle.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

Linux 4.3:
xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch
xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch
xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch

$ sha256sum xsa157*
0cb2d1729f17e640e33f11945f2e12eba85071238fab2dcc42f81b5d942c159b  xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch
9bcb240a49a5cd48428cc9c01ee480297999b93f6977fdddd79ec715648aa244  xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch
7c39b33d0e2d751970bbe56f463661c50aa5e4addc8eee35b80e9e1378e97b02  xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
1acfd6f4ea13db6a146d547640f50d0ad40480b914b021760a518ac82e8e4c71  xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
b864620709e4b55a908dd6955a090ca03a9a07cfb31b66e2e5211ab8f0c77e68  xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch
$
Comment 10 Jan Beulich 2015-12-18 11:26:34 UTC
Patches committed to SLE12 SP1, SLE12 GA, SLE11 SP4, SLE11 SP3, 42.1, and 13.2 branches. Handing over.
Comment 13 Swamp Workflow Management 2016-01-19 13:18:42 UTC
SUSE-SU-2016:0168-1: An update that solves 8 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 758040,902606,924919,935087,937261,943959,945649,949440,951155,951199,951392,951615,951638,952579,952976,956708,956801,956876,957395,957546,957988,957990,958463,958504,958510,958647,958886,958951,959190,959364,959399,959436,959705,960300
CVE References: CVE-2015-7550,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.51-52.34.3, kernel-obs-build-3.12.51-52.34.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.51-52.34.1, kernel-source-3.12.51-52.34.1, kernel-syms-3.12.51-52.34.1, kernel-xen-3.12.51-52.34.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.51-52.34.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_10-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.51-52.34.1, kernel-source-3.12.51-52.34.1, kernel-syms-3.12.51-52.34.1, kernel-xen-3.12.51-52.34.1
Comment 14 Swamp Workflow Management 2016-01-29 13:15:04 UTC
openSUSE-SU-2016:0280-1: An update that solves 10 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 865096,865259,913996,950178,950998,952621,954324,954532,954647,955422,956708,957152,957988,957990,958439,958463,958504,958510,958886,958951,959190,959399,960021,960710,961263,961509,962075,962597
CVE References: CVE-2015-7550,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.15-8.1, kernel-default-4.1.15-8.1, kernel-docs-4.1.15-8.3, kernel-ec2-4.1.15-8.1, kernel-obs-build-4.1.15-8.2, kernel-obs-qa-4.1.15-8.1, kernel-obs-qa-xen-4.1.15-8.1, kernel-pae-4.1.15-8.1, kernel-pv-4.1.15-8.1, kernel-source-4.1.15-8.1, kernel-syms-4.1.15-8.1, kernel-vanilla-4.1.15-8.1, kernel-xen-4.1.15-8.1
Comment 15 Swamp Workflow Management 2016-02-01 15:27:33 UTC
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1
Comment 16 Swamp Workflow Management 2016-02-03 14:17:55 UTC
openSUSE-SU-2016:0318-1: An update that solves 19 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 814440,906545,912202,921949,937969,937970,938706,944296,945825,949936,950998,951627,951638,952384,952579,952976,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-8989,CVE-2014-9529,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.15.1, cloop-2.639-14.15.1, crash-7.0.8-15.1, hdjmod-1.28-18.16.1, ipset-6.23-15.1, kernel-debug-3.16.7-32.1, kernel-default-3.16.7-32.1, kernel-desktop-3.16.7-32.1, kernel-docs-3.16.7-32.2, kernel-ec2-3.16.7-32.1, kernel-obs-build-3.16.7-32.2, kernel-obs-qa-3.16.7-32.1, kernel-obs-qa-xen-3.16.7-32.1, kernel-pae-3.16.7-32.1, kernel-source-3.16.7-32.1, kernel-syms-3.16.7-32.1, kernel-vanilla-3.16.7-32.1, kernel-xen-3.16.7-32.1, pcfclock-0.44-260.15.1, vhba-kmp-20140629-2.15.1, virtualbox-4.3.34-37.1, xen-4.4.3_08-38.1, xtables-addons-2.6-15.1
Comment 17 Swamp Workflow Management 2016-02-25 20:19:24 UTC
SUSE-SU-2016:0585-1: An update that solves 17 vulnerabilities and has 54 fixes is now available.

Category: security (important)
Bug References: 812259,855062,867583,899908,902606,924919,935087,937261,937444,938577,940338,940946,941363,942476,943989,944749,945649,947953,949440,949936,950292,951199,951392,951615,952579,952976,954992,955118,955354,955654,956514,956708,957525,957988,957990,958463,958886,958951,959090,959146,959190,959257,959364,959399,959436,959463,959629,960221,960227,960281,960300,961202,961257,961500,961509,961516,961588,961971,962336,962356,962788,962965,963449,963572,963765,963767,963825,964230,964821,965344,965840
CVE References: CVE-2013-7446,CVE-2015-0272,CVE-2015-5707,CVE-2015-7550,CVE-2015-7799,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8569,CVE-2015-8575,CVE-2015-8660,CVE-2015-8767,CVE-2015-8785,CVE-2016-0723,CVE-2016-2069
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.53-60.30.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.53-60.30.2, kernel-obs-build-3.12.53-60.30.2
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.53-60.30.1, kernel-source-3.12.53-60.30.1, kernel-syms-3.12.53-60.30.1, kernel-xen-3.12.53-60.30.1, lttng-modules-2.7.0-3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.53-60.30.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_3-1-2.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.53-60.30.1, kernel-source-3.12.53-60.30.1, kernel-syms-3.12.53-60.30.1, kernel-xen-3.12.53-60.30.1
Comment 18 Swamp Workflow Management 2016-04-01 09:30:50 UTC
SUSE-SU-2016:0911-1: An update that solves 23 vulnerabilities and has 42 fixes is now available.

Category: security (important)
Bug References: 758040,904035,912738,915183,924919,933782,937444,940017,940946,942082,947128,948330,949298,951392,951815,952976,953369,954992,955308,955654,955837,955925,956084,956375,956514,956708,956949,957986,957988,957990,958000,958463,958886,958906,958912,958951,959190,959312,959399,959649,959705,961500,961509,961516,961658,962965,963276,963561,963765,963767,964201,964818,966094,966137,966437,966693,967042,967972,967973,967974,967975,968011,968012,968013,969307
CVE References: CVE-2013-7446,CVE-2015-7515,CVE-2015-7550,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-71.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-71.1, kernel-ec2-3.0.101-71.1, kernel-pae-3.0.101-71.1, kernel-ppc64-3.0.101-71.1, kernel-source-3.0.101-71.1, kernel-syms-3.0.101-71.1, kernel-trace-3.0.101-71.1, kernel-xen-3.0.101-71.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-71.1, kernel-pae-3.0.101-71.1, kernel-ppc64-3.0.101-71.1, kernel-trace-3.0.101-71.1, kernel-xen-3.0.101-71.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-71.1, kernel-pae-3.0.101-71.1, kernel-source-3.0.101-71.1, kernel-syms-3.0.101-71.1, kernel-trace-3.0.101-71.1, kernel-xen-3.0.101-71.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-71.1, kernel-ec2-3.0.101-71.1, kernel-pae-3.0.101-71.1, kernel-ppc64-3.0.101-71.1, kernel-trace-3.0.101-71.1, kernel-xen-3.0.101-71.1

Product List: SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Desktop 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
Comment 19 Swamp Workflow Management 2016-04-19 17:14:11 UTC
SUSE-SU-2016:1102-1: An update that solves 23 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 758040,904035,912738,915183,924919,933782,937444,940017,940946,942082,947128,948330,949298,951392,951815,952976,953369,954992,955308,955654,955837,955925,956084,956375,956514,956708,956949,957986,957988,957990,958000,958463,958886,958906,958912,958951,959190,959312,959399,959649,959705,961500,961509,961516,961658,962965,963276,963561,963765,963767,964201,964818,966094,966137,966437,966693,967042,967972,967973,967974,967975,968011,968012,968013,969307,969571
CVE References: CVE-2013-7446,CVE-2015-7515,CVE-2015-7550,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-51.1, kernel-rt_trace-3.0.101.rt130-51.1, kernel-source-rt-3.0.101.rt130-51.1, kernel-syms-rt-3.0.101.rt130-51.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-51.1, kernel-rt_debug-3.0.101.rt130-51.1, kernel-rt_trace-3.0.101.rt130-51.1
Comment 20 Swamp Workflow Management 2016-05-03 17:15:55 UTC
SUSE-SU-2016:1203-1: An update that solves 41 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 758040,781018,879378,879381,904035,924919,934787,935123,937444,939955,940017,940413,940913,940946,941514,942082,946122,947128,948330,949298,949752,949936,950750,950998,951392,952976,954628,955308,955354,955654,955673,956375,956514,956707,956708,956709,956852,956949,957988,957990,958463,958886,958906,958912,958951,959190,959312,959399,959705,960857,961500,961509,961512,961516,961518,963276,963765,963767,963998,964201,965319,965923,966437,966693,967863,967972,967973,967974,967975,968010,968011,968012,968013,968141,968670,969307,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971360,973570,974646,975945
CVE References: CVE-2013-7446,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3955
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.79.1, kernel-default-3.0.101-0.47.79.1, kernel-ec2-3.0.101-0.47.79.1, kernel-source-3.0.101-0.47.79.1, kernel-syms-3.0.101-0.47.79.1, kernel-trace-3.0.101-0.47.79.1, kernel-xen-3.0.101-0.47.79.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.79.1, kernel-default-3.0.101-0.47.79.1, kernel-ec2-3.0.101-0.47.79.1, kernel-source-3.0.101-0.47.79.1, kernel-syms-3.0.101-0.47.79.1, kernel-trace-3.0.101-0.47.79.1, kernel-xen-3.0.101-0.47.79.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.79.1, kernel-default-3.0.101-0.47.79.1, kernel-ec2-3.0.101-0.47.79.1, kernel-source-3.0.101-0.47.79.1, kernel-syms-3.0.101-0.47.79.1, kernel-trace-3.0.101-0.47.79.1, kernel-xen-3.0.101-0.47.79.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.79.1, kernel-default-3.0.101-0.47.79.1, kernel-ec2-3.0.101-0.47.79.1, kernel-pae-3.0.101-0.47.79.1, kernel-source-3.0.101-0.47.79.1, kernel-syms-3.0.101-0.47.79.1, kernel-trace-3.0.101-0.47.79.1, kernel-xen-3.0.101-0.47.79.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.79.1, kernel-default-3.0.101-0.47.79.1, kernel-pae-3.0.101-0.47.79.1, kernel-ppc64-3.0.101-0.47.79.1, kernel-trace-3.0.101-0.47.79.1, kernel-xen-3.0.101-0.47.79.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.79.1, kernel-default-3.0.101-0.47.79.1, kernel-ec2-3.0.101-0.47.79.1, kernel-pae-3.0.101-0.47.79.1, kernel-trace-3.0.101-0.47.79.1, kernel-xen-3.0.101-0.47.79.1
Comment 21 Swamp Workflow Management 2016-06-24 14:14:14 UTC
SUSE-SU-2016:1672-1: An update that solves 29 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 676471,866130,898592,936530,940413,944309,946122,949752,953369,956491,956852,957986,957988,957990,959381,960458,960857,961512,961518,963762,963998,965319,965860,965923,966245,967863,967914,968010,968018,968141,968500,968566,968670,968687,969149,969391,969571,970114,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,971433,971446,971729,971944,971947,971989,972363,973237,973378,973556,973570,974646,974787,975358,975772,975945,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,980371,980725,980788,980931,981231,981267,982532,982691,983143,983213,984107
CVE References: CVE-2015-7566,CVE-2015-8816,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-5244
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-77.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-77.1, kernel-ec2-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-source-3.0.101-77.1, kernel-syms-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-77.1, kernel-ec2-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1
Comment 22 Swamp Workflow Management 2016-06-30 18:09:28 UTC
SUSE-SU-2016:1707-1: An update that solves 17 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 898592,940413,946122,949752,956852,957988,957990,959381,960458,961512,963998,965319,965860,965923,967863,968010,968018,968141,968566,968670,968687,969356,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971360,971433,971729,972363,973237,973378,973556,973570,975772,975945
CVE References: CVE-2015-1339,CVE-2015-7566,CVE-2015-8551,CVE-2015-8552,CVE-2015-8816,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-54.1, kernel-rt_trace-3.0.101.rt130-54.1, kernel-source-rt-3.0.101.rt130-54.1, kernel-syms-rt-3.0.101.rt130-54.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-54.1, kernel-rt_debug-3.0.101.rt130-54.1, kernel-rt_trace-3.0.101.rt130-54.1
Comment 23 Swamp Workflow Management 2016-07-08 15:12:00 UTC
SUSE-SU-2016:1764-1: An update that solves 26 vulnerabilities and has 95 fixes is now available.

Category: security (important)
Bug References: 880007,889207,899908,903279,908151,931448,937086,940413,942262,943645,943989,945219,956084,956852,957986,957988,957990,959146,959514,959709,960174,960561,960629,961500,961512,961658,962336,962872,963193,963572,963746,963765,963827,963960,964201,964461,965087,965153,965199,965319,965830,965924,966054,966094,966437,966471,966573,966693,966831,966864,966910,967047,967251,967292,967299,967650,967651,967802,967903,968010,968018,968074,968141,968206,968230,968234,968253,968448,968497,968512,968643,968670,968687,968812,968813,969112,969439,969571,969655,969690,969735,969992,969993,970062,970160,970504,970604,970609,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971159,971170,971360,971600,971628,972003,972068,972174,972780,972844,972891,972951,973378,973556,973855,974406,974418,975371,975488,975772,975945,980246
CVE References: CVE-2015-7566,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2782,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3689,CVE-2016-3707,CVE-2016-3951
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.58-14.1, kernel-compute_debug-3.12.58-14.1, kernel-rt-3.12.58-14.1, kernel-rt_debug-3.12.58-14.1, kernel-source-rt-3.12.58-14.1, kernel-syms-rt-3.12.58-14.1
Comment 24 Marcus Meissner 2016-08-01 12:50:24 UTC
released
Comment 25 Swamp Workflow Management 2016-08-02 14:14:00 UTC
SUSE-SU-2016:1937-1: An update that solves 24 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 662458,676471,897662,928547,944309,945345,947337,950998,951844,953048,953233,954847,956491,957805,957986,957990,958390,958463,960857,962742,962846,963762,964727,965087,966245,967640,968667,969016,970114,970506,970604,970609,970948,971049,971770,971947,972124,972933,973378,973499,973570,974165,974308,974620,974646,974692,975533,975772,975788,976739,976821,976868,977417,977582,977685,978401,978469,978527,978822,979169,979213,979347,979419,979485,979489,979521,979548,979867,979879,979922,980246,980348,980371,980706,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983394,983721,983904,983977,984148,984456,984755,985232,985978,986362,986569,986572,986811,988215,988498,988552
CVE References: CVE-2014-9717,CVE-2014-9904,CVE-2015-7833,CVE-2015-8539,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2847,CVE-2016-3672,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.61-60.18.1, kernel-compute_debug-3.12.61-60.18.1, kernel-rt-3.12.61-60.18.1, kernel-rt_debug-3.12.61-60.18.1, kernel-source-rt-3.12.61-60.18.1, kernel-syms-rt-3.12.61-60.18.1
Comment 26 Swamp Workflow Management 2016-08-19 12:11:43 UTC
SUSE-SU-2016:2105-1: An update that solves 21 vulnerabilities and has 55 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979074,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,980856,980883,981038,981143,981344,981597,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,984764,985232,985978,986362,986365,986569,986572,986573,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.62-60.62.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.62-60.62.3, kernel-obs-build-3.12.62-60.62.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.62-60.62.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_7-1-4.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
Comment 27 Swamp Workflow Management 2016-08-29 18:10:40 UTC
openSUSE-SU-2016:2184-1: An update that solves 21 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,985232,985978,986362,986365,986569,986572,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.32.2, crash-7.0.2-2.32.7, hdjmod-1.28-16.32.2, ipset-6.21.1-2.36.2, iscsitarget-1.4.20.3-13.32.2, kernel-debug-3.12.62-52.1, kernel-default-3.12.62-52.1, kernel-desktop-3.12.62-52.1, kernel-docs-3.12.62-52.2, kernel-ec2-3.12.62-52.1, kernel-pae-3.12.62-52.1, kernel-source-3.12.62-52.1, kernel-syms-3.12.62-52.1, kernel-trace-3.12.62-52.1, kernel-vanilla-3.12.62-52.1, kernel-xen-3.12.62-52.1, ndiswrapper-1.58-33.2, openvswitch-1.11.0-0.39.3, pcfclock-0.44-258.33.2, vhba-kmp-20130607-2.32.2, virtualbox-4.2.36-2.64.4, xen-4.3.4_10-65.3, xtables-addons-2.3-2.31.2
Comment 28 Swamp Workflow Management 2017-09-19 13:22:26 UTC
SUSE-SU-2017:2525-1: An update that solves 40 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1006919,1012422,1013862,1017143,1020229,1021256,1023051,1024938,1025013,1025235,1026024,1026722,1026914,1027066,1027101,1027178,1027179,1027406,1028415,1028880,1029212,1029850,1030213,1030573,1030575,1030593,1031003,1031052,1031440,1031481,1031579,1031660,1033287,1033336,1034670,1034838,1035576,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039349,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1041431,1042364,1042863,1042892,1044125,1045416,1045487,1046107,1048232,1048275,1049483,1049603,1049882,1050677,1052311,1053148,1053152,1053760,1056588,870618,948562,957988,957990,963655,972891,979681,983212,986924,989896,999245
CVE References: CVE-2016-10200,CVE-2016-5243,CVE-2017-1000112,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-11473,CVE-2017-12762,CVE-2017-14051,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-source-3.0.101-0.47.106.5.1, kernel-syms-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-source-3.0.101-0.47.106.5.1, kernel-syms-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1