Bug 978822 - (CVE-2016-4486) VUL-0: CVE-2016-4486: kernel: Information leak in rtnetlink
(CVE-2016-4486)
VUL-0: CVE-2016-4486: kernel: Information leak in rtnetlink
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/168618/
CVSSv2:NVD:CVE-2016-4486:2.1:(AV:L/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-06 10:18 UTC by Alexander Bergmann
Modified: 2018-07-03 21:18 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-05-06 10:18:07 UTC
rh#1333316 / CVE-2016-4486

An information leak vulnerability in rtnetlink was found in net/core/rtnetlink.c. The stack object “map” has a total size of 32 bytes. Its last 4 bytes are padding generated by compiler. These padding bytes are not initialized and sent out via “nla_put”.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6

CVE request:

http://seclists.org/oss-sec/2016/q2/234

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1333316
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4486
http://seclists.org/oss-sec/2016/q2/237
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4486.html
Comment 1 Swamp Workflow Management 2016-05-06 22:01:51 UTC
bugbot adjusting priority
Comment 2 Michal Kubeček 2016-05-10 07:10:57 UTC
Good news is the security impact seems rather theoretical.

Bad news is that while function rtnl_fill_link_ifmap() has been introduced
in v4.4-rc1, the incomplete initialization in question was only moved out of
rtnl_fill_ifinfo() at that time andthe issue actually predates kernel git
so that all maintained branches are affected.
Comment 4 Michal Kubeček 2016-05-23 09:52:19 UTC
The fix is now in

  stable (via 4.6.0)
  SLE12-SP2 (via 4.4.11)
  openSUSE-42.1
  openSUSE-13.2 (not merged yet)
  SLE12
  cve/linux-3.0
  cve/linux-2.6.32
  cve/linux-2.6.16

Closing and reassigning to security team.
Comment 6 Swamp Workflow Management 2016-06-21 12:11:15 UTC
openSUSE-SU-2016:1641-1: An update that solves 19 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 945345,955654,963762,966245,966849,970506,971126,971799,973570,974308,975945,977198,978073,978401,978821,978822,979018,979213,979278,979548,979728,979867,979879,979913,980348,980371,980657,981058,981267,981344,982238,982239,982712,983143,983213,984460
CVE References: CVE-2013-7446,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3134,CVE-2016-3672,CVE-2016-3955,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4951,CVE-2016-5244
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.26-21.1, kernel-default-4.1.26-21.1, kernel-docs-4.1.26-21.2, kernel-ec2-4.1.26-21.1, kernel-obs-build-4.1.26-21.1, kernel-obs-qa-4.1.26-21.1, kernel-obs-qa-xen-4.1.26-21.1, kernel-pae-4.1.26-21.1, kernel-pv-4.1.26-21.1, kernel-source-4.1.26-21.1, kernel-syms-4.1.26-21.1, kernel-vanilla-4.1.26-21.1, kernel-xen-4.1.26-21.1
Comment 7 Swamp Workflow Management 2016-06-24 14:25:46 UTC
SUSE-SU-2016:1672-1: An update that solves 29 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 676471,866130,898592,936530,940413,944309,946122,949752,953369,956491,956852,957986,957988,957990,959381,960458,960857,961512,961518,963762,963998,965319,965860,965923,966245,967863,967914,968010,968018,968141,968500,968566,968670,968687,969149,969391,969571,970114,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,971433,971446,971729,971944,971947,971989,972363,973237,973378,973556,973570,974646,974787,975358,975772,975945,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,980371,980725,980788,980931,981231,981267,982532,982691,983143,983213,984107
CVE References: CVE-2015-7566,CVE-2015-8816,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-5244
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-77.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-77.1, kernel-ec2-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-source-3.0.101-77.1, kernel-syms-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-77.1, kernel-ec2-3.0.101-77.1, kernel-pae-3.0.101-77.1, kernel-ppc64-3.0.101-77.1, kernel-trace-3.0.101-77.1, kernel-xen-3.0.101-77.1
Comment 8 Swamp Workflow Management 2016-06-27 17:25:47 UTC
SUSE-SU-2016:1690-1: An update that solves 29 vulnerabilities and has 89 fixes is now available.

Category: security (important)
Bug References: 676471,880007,889207,899908,903279,928547,931448,940413,943989,944309,945345,947337,953233,954847,956491,956852,957805,957986,960857,962336,962846,962872,963193,963572,963762,964461,964727,965319,966054,966245,966573,966831,967251,967292,967299,967903,968010,968141,968448,968512,968667,968670,968687,968812,968813,969439,969571,969655,969690,969735,969992,969993,970062,970114,970504,970506,970604,970892,970909,970911,970948,970955,970956,970958,970970,971049,971124,971125,971126,971159,971170,971360,971600,971628,971947,972003,972174,972844,972891,972933,972951,973378,973556,973570,973855,974165,974308,974406,974418,974646,975371,975488,975533,975945,976739,976868,977582,977685,978401,978822,979169,979213,979419,979485,979548,979867,979879,980348,980371,981143,981344,982354,982698,983213,983318,983394,983904,984456
CVE References: CVE-2014-9717,CVE-2015-8816,CVE-2015-8845,CVE-2016-0758,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-5244
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.60-52.49.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.60-52.49.3, kernel-obs-build-3.12.60-52.49.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.60-52.49.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_14-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1
Comment 9 Swamp Workflow Management 2016-06-28 14:25:47 UTC
SUSE-SU-2016:1696-1: An update that solves 16 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 662458,676471,889207,897662,899908,903279,908151,928547,931448,937086,940413,942262,943989,944309,945345,951844,953233,957805,958390,959514,960857,962336,962846,962872,963572,964461,964727,965319,966054,966573,967640,968497,968687,968812,968813,969016,970604,970609,970892,970911,970948,970955,970956,970958,970970,971049,971124,971126,971159,971170,971600,971628,971793,971947,972003,972068,972174,972780,972844,972891,972951,973378,973556,973855,974418,974646,974692,975371,975488,975772,975945,976739,976821,976868,977582,977685,978401,978527,978822,979213,979347,983143
CVE References: CVE-2014-9717,CVE-2016-1583,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3140,CVE-2016-3689,CVE-2016-3951,CVE-2016-4482,CVE-2016-4486,CVE-2016-4569
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.59-60.41.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.59-60.41.8, kernel-obs-build-3.12.59-60.41.2
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.59-60.41.2, kernel-source-3.12.59-60.41.2, kernel-syms-3.12.59-60.41.1, kernel-xen-3.12.59-60.41.2
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.59-60.41.2
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_5-1-2.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.59-60.41.2, kernel-source-3.12.59-60.41.2, kernel-syms-3.12.59-60.41.1, kernel-xen-3.12.59-60.41.2
Comment 11 Swamp Workflow Management 2016-07-18 14:17:28 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-07-25.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62901
Comment 12 Swamp Workflow Management 2016-08-02 14:23:48 UTC
SUSE-SU-2016:1937-1: An update that solves 24 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 662458,676471,897662,928547,944309,945345,947337,950998,951844,953048,953233,954847,956491,957805,957986,957990,958390,958463,960857,962742,962846,963762,964727,965087,966245,967640,968667,969016,970114,970506,970604,970609,970948,971049,971770,971947,972124,972933,973378,973499,973570,974165,974308,974620,974646,974692,975533,975772,975788,976739,976821,976868,977417,977582,977685,978401,978469,978527,978822,979169,979213,979347,979419,979485,979489,979521,979548,979867,979879,979922,980246,980348,980371,980706,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983394,983721,983904,983977,984148,984456,984755,985232,985978,986362,986569,986572,986811,988215,988498,988552
CVE References: CVE-2014-9717,CVE-2014-9904,CVE-2015-7833,CVE-2015-8539,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2847,CVE-2016-3672,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.61-60.18.1, kernel-compute_debug-3.12.61-60.18.1, kernel-rt-3.12.61-60.18.1, kernel-rt_debug-3.12.61-60.18.1, kernel-source-rt-3.12.61-60.18.1, kernel-syms-rt-3.12.61-60.18.1
Comment 13 Swamp Workflow Management 2016-08-08 18:17:02 UTC
SUSE-SU-2016:1985-1: An update that solves 20 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 676471,866130,909589,936530,944309,950998,953369,954847,956491,957986,960857,961518,963762,966245,967914,968500,969149,969391,970114,971030,971126,971360,971446,971944,971947,971989,973378,974620,974646,974787,975358,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,979915,980246,980371,980725,980788,980931,981231,981267,982532,982544,982691,983143,983213,983721,984107,984755,986362,986572,988498
CVE References: CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1, kernel-source-rt-3.0.101.rt130-57.1, kernel-syms-rt-3.0.101.rt130-57.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-57.1, kernel-rt_debug-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1
Comment 14 Swamp Workflow Management 2016-08-15 14:20:19 UTC
SUSE-SU-2016:2074-1: An update that solves 48 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 816446,861093,928130,935757,939826,942367,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822
CVE References: CVE-2013-2015,CVE-2013-7446,CVE-2015-0272,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-source-3.0.101-0.7.40.1, kernel-syms-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
Comment 15 Swamp Workflow Management 2016-08-19 12:16:15 UTC
SUSE-SU-2016:2105-1: An update that solves 21 vulnerabilities and has 55 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979074,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,980856,980883,981038,981143,981344,981597,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,984764,985232,985978,986362,986365,986569,986572,986573,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.62-60.62.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.62-60.62.3, kernel-obs-build-3.12.62-60.62.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.62-60.62.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_7-1-4.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
Comment 16 Swamp Workflow Management 2016-08-24 13:18:19 UTC
openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811
CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3
Comment 17 Swamp Workflow Management 2016-08-29 18:16:01 UTC
openSUSE-SU-2016:2184-1: An update that solves 21 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,985232,985978,986362,986365,986569,986572,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.32.2, crash-7.0.2-2.32.7, hdjmod-1.28-16.32.2, ipset-6.21.1-2.36.2, iscsitarget-1.4.20.3-13.32.2, kernel-debug-3.12.62-52.1, kernel-default-3.12.62-52.1, kernel-desktop-3.12.62-52.1, kernel-docs-3.12.62-52.2, kernel-ec2-3.12.62-52.1, kernel-pae-3.12.62-52.1, kernel-source-3.12.62-52.1, kernel-syms-3.12.62-52.1, kernel-trace-3.12.62-52.1, kernel-vanilla-3.12.62-52.1, kernel-xen-3.12.62-52.1, ndiswrapper-1.58-33.2, openvswitch-1.11.0-0.39.3, pcfclock-0.44-258.33.2, vhba-kmp-20130607-2.32.2, virtualbox-4.2.36-2.64.4, xen-4.3.4_10-65.3, xtables-addons-2.3-2.31.2
Comment 18 Swamp Workflow Management 2016-09-06 13:14:32 UTC
SUSE-SU-2016:2245-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 839104,866130,919351,944309,950998,960689,962404,963655,963762,966460,969149,970114,971126,971360,971446,971729,971944,974428,975945,978401,978821,978822,979213,979274,979548,979681,979867,979879,980371,980725,980788,980931,981267,983143,983213,983535,984107,984755,986362,986365,986445,986572,987709,988065,989152,989401,991608
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3955,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5696,CVE-2016-5829,CVE-2016-6480
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-ppc64-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
Comment 19 Swamp Workflow Management 2016-09-12 12:12:46 UTC
openSUSE-SU-2016:2290-1: An update that solves 17 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 963931,970948,971126,971360,974266,978821,978822,979018,979213,979879,980371,981058,981267,986362,986365,986570,987886,989084,989152,989176,990058,991110,991608,991665,994296,994520
CVE References: CVE-2015-8787,CVE-2016-1237,CVE-2016-2847,CVE-2016-3134,CVE-2016-3156,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4951,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828
Sources used:
openSUSE Leap 42.1 (src):    drbd-8.4.6-8.1, hdjmod-1.28-24.1, ipset-6.25.1-5.1, kernel-debug-4.1.31-30.2, kernel-default-4.1.31-30.2, kernel-docs-4.1.31-30.3, kernel-ec2-4.1.31-30.2, kernel-obs-build-4.1.31-30.3, kernel-obs-qa-4.1.31-30.1, kernel-obs-qa-xen-4.1.31-30.1, kernel-pae-4.1.31-30.2, kernel-pv-4.1.31-30.2, kernel-source-4.1.31-30.1, kernel-syms-4.1.31-30.1, kernel-vanilla-4.1.31-30.2, kernel-xen-4.1.31-30.2, lttng-modules-2.7.0-2.1, pcfclock-0.44-266.1, vhba-kmp-20140928-5.1
Comment 20 Swamp Workflow Management 2016-10-26 16:23:33 UTC
openSUSE-SU-2016:2649-1: An update that solves 49 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1004418,758540,816446,861093,917648,928130,935757,939826,942367,944296,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,969356,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822
CVE References: CVE-2013-7446,CVE-2015-0272,CVE-2015-1339,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486,CVE-2016-5195
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-debug-3.0.101-105.1, kernel-default-3.0.101-105.1, kernel-desktop-3.0.101-105.1, kernel-docs-3.0.101-105.2, kernel-ec2-3.0.101-105.1, kernel-pae-3.0.101-105.1, kernel-source-3.0.101-105.1, kernel-syms-3.0.101-105.1, kernel-trace-3.0.101-105.1, kernel-vanilla-3.0.101-105.1, kernel-vmi-3.0.101-105.1, kernel-xen-3.0.101-105.1, preload-1.2-6.83.1