Bugzilla – Bug 986362
VUL-0: CVE-2016-4997: kernel: Linux local privilege escalation in compat_setsockopt
Last modified: 2018-07-03 21:26:23 UTC
SLES 12 SP1: CONFIG_USER_NS=y CONFIG_NET_NS=y -> affected SLES 12 GA: same SLES 11 SP4: same SLES 11 SP3: same SLES 11 SP2: same
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968
Commits > 6e94e0cfb088 netfilter: x_tables: make sure e->next_offset covers remaining blob size > bdf533de6968 netfilter: x_tables: validate e->target_offset early are already in all maintained branches except cve/linux-2.6.16 (as fixes for bsc#971126 / CVE-2016-3134). I'll take a look at ce683e5f9d04 netfilter: x_tables: check for bogus target offset
6e94e0cfb088 and bdf533de6968 are in patches.kernel.org/patch-3.12.58-59, which is contained in the fast-path update. ce683e5f9d04 is missing, indeed.
Commit ce683e5f9d04 is only one piece of a much longer series: > d7591f0c41ce netfilter: x_tables: introduce and use xt_copy_counters_from_user > aded9f3e9fa8 netfilter: x_tables: remove obsolete check > 95609155d7fa netfilter: x_tables: remove obsolete overflow check for compat case too > 09d9686047db netfilter: x_tables: do compat validation via translate_table > 0188346f21e6 netfilter: x_tables: xt_compat_match_from_user doesn't need a retval > 8dddd32756f6 netfilter: arp_tables: simplify translate_compat_table args > 329a0807124f netfilter: ip6_tables: simplify translate_compat_table args > 7d3f843eed29 netfilter: ip_tables: simplify translate_compat_table args > > 13631bfc6041 netfilter: x_tables: validate all offsets and sizes in a rule > ce683e5f9d04 netfilter: x_tables: check for bogus target offset > 7ed2abddd20c netfilter: x_tables: check standard target size too > fc1221b3a163 netfilter: x_tables: add compat version of xt_check_entry_offsets > a08e4e190b86 netfilter: x_tables: assert minimum target size > aa412ba225dd netfilter: x_tables: kill check_entry helper > 7d35812c3214 netfilter: x_tables: add and use xt_check_entry_offsets > 364723410175 netfilter: x_tables: validate targets of jumps > f24e230d257a netfilter: x_tables: don't move to non-existent next rule So far it seems at least 7d35812c3214 and fc1221b3a163 will be also needed as ce683e5f9d04 is rather a follow-up to these two.
Thanks for checking. To record our email conversation here, regarding SLE12 and SLE12-SP1, Marcus is confident that QAM will finish the running updates today or on Monday. We are talking about these commits: SLE12-SP1: f2e4245f0eb1 ("KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770).") SLE12: 427261ffec5d ("Merge branch 'users/duwe/SLE12/for-next' into SLE12") $ git merge-base f2e4245f0eb1 427261ffec5d 754f7d2e4ad53233beac042837b7d5ac39ca67d0 You can use e.g. this commit to base your branch on.
(In reply to Michal Marek from comment #11) > $ git merge-base f2e4245f0eb1 427261ffec5d > 754f7d2e4ad53233beac042837b7d5ac39ca67d0 > > You can use e.g. this commit to base your branch on. I don't think so: while both f2e4245f0eb1 and 427261ffec5d contain the bsc#971126 fixes, 754f7d2e4ad5 does not.
You are right, merge-base failed me again. bf3c5c7200f3 ("- Linux 3.12.59 ...") should work, right?
(In reply to Michal Marek from comment #13) > bf3c5c7200f3 ("- Linux 3.12.59 ...") > > should work, right? Yes, this looks like the best option.
I want to test the backport up to 13631bfc6041 (i.e. lower half of the list in comment 10); I'm still considering also 09d9686047db (which would require also some of the 4 commits preceding it). However, I'm unable to reproduce the issue on current SLE12(-SP1) without the fixes. I did - compile all three utilities - install uns with 4755 permissions - added a netfilter rule to load necessary modules - ran "/usr/local/bin/uns -n -U -M '0 1000 1' -G '0 100 1' ./repro-compatReleaseEntry" as UID 1000 (GID 100) but the setsockopt() call fails with "Operation not permitted" and nothing crashes. I guess I'm missing something obvious, trying to find out where does the EPERM come from.
OK, the obvious part I missed was that the message write /proc/1702/gid_map: Operation not permitted which went away after setting SUID on uns was actually caused by using the original "0 1000 1" gid map rather than "0 100 1" I needed. I can reproduce the issue on unpatched SLE12-SP1 kernel now.
you need to replace 1000 with your own gid as reported by "id". uns does not need to be 4755, 755 seems sufficient.
OK, so now I can reproduce the issue on unpatched SLE12-SP1 and with the patches up to 13631bfc6041, there is no crash and setsockopt() fails with EINVAL as expected. However, I would still feel safer with commit 09d9686047db (with its prerequisities) so I'm going to check that as well. Adding Jiří Slabý to Cc as this is going to be interesting for stable-3.12.y
SLE12 branch was successfully tested so that it can be used for fast path updates of SLE12 and SLE12-SP1. As for SLE11-SP4, the reproducer cannot be used the same way as in newer kernels (if you try, clone() call fails with EPERM). IMHO this is because SLE11-SP4 kernel lacks > df008c91f835 net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm > 5eaf563e5329 userns: Allow unprivileged users to create user namespaces. and other related commits that weren't added until 3.8. I believe this means while the SLE11-SP4 code is still affected by various bugs of the "data supplied by userspace not checked" type, this cannot be exploited without root privileges or at least root's help. I'm tempted to say while the bug should still be fixed, there is no need for an emergency fast path update of products based on pre-3.8 kernels (i.e. SLE10 and SLE11). Anyway, I checked that unpatched 3.0.101-77 kernel crashes when repro-compatReleaseEntry is run as root (and not in a user namespace) while patched kernel does not (setsockopt() fails with EINVAL as in 3.12 kernels).
No longer embargoed. via oss-sec From: Jesse Hertz <Jesse.Hertz@nccgroup.trust> Subject: [oss-security] Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access) Date: Fri, 24 Jun 2016 18:53:53 +0000 Hi All, As part of a kernel fuzzing project by myself and my colleague Tim Newsham, we are disclosing two vulnerabilities which have been assigned CVEs. Full details of the fuzzing project (with analysis of the vulnerabilities) will be released next week. These issues are fixed in the following commits http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04 <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088 <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968 <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968> And have now been integrated into stable kernel releases: 3.14.73, 4.4.14, and 4.6.3. Theses issues occurs in the same codepaths as, but are distinct from, a similar vulnerability: CVE-2016-3134 (https://bugs.chromium.org/p/project-zero/issues/detail?id=758 <https://bugs.chromium.org/p/project-zero/issues/detail?id=758>). ######### CVE-2016-4997: Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt Risk: High Impact: Kernel memory corruption, leading to elevation of privileges or kernel code execution. This occurs in a compat_setsockopt() call that is normally restricted to root, however, Linux 3/4 kernels that support user and network namespaces can allow an unprivileged user to trigger this functionality. This is exploitable from inside a container. [...]
Michal, thanks for the fixes and testing! I'm working on submissions.
... for SLE12 and SLE12-SP1.
SLE12: MR#117083, HEAD == e55cce6a235f ("Merge branch 'users/mkubecek/SLE12/EMBARGO-986362' into SLE12-fast-path")
I had to resubmit SLE12 via MR#117085, because there was an error in the kgraft-patch package. SLE12-SP1 is now submitted via MR#117086, HEAD == 396c69d47013 ("Merge branch 'users/mkubecek/SLE12/EMBARGO-986362' into SLE12-SP1-fast-path").
I also merged the fixes to the publicly visible SLE12 and SLE12-SP1 branches.
I just found that one of the backported commits needs a follow-up fix 7b7eba0f3515 netfilter: x_tables: don't reject valid target size on some architectures Luckily, this issue only affects 32-bit architectures except i586 and we do not provide SLE12 on any of those so that there is no need to resubmit the SLE12* fast path updates. I'll add the patch to all branches where the series has been already submitted.
The series (including commit 7b7eba0f3515) is now present in or submitted to SLE12-SP2 SLE12 cve/linux-3.0 master (via 4.7-rc1 / 4.7-rc3) stable (via 4.6.3) openSUSE-42.1 openSUSE-13.2 That leaves only cve/linux-2.6.32 and cve/linux-2.6.16 unhandled. As anything before 3.8 requires root privileges to invoke affected code, I suggest to decrease priority and take care of pre-3.0 branches after hackweek.
can someone cross check comment #c23 ? (basically that affectedness starts only with Linux Kernel 3.8 ?)
(In reply to Michal Kubeček from comment #23) > SLE12 branch was successfully tested so that it can be used for fast path > updates of SLE12 and SLE12-SP1. > > As for SLE11-SP4, the reproducer cannot be used the same way as in newer > kernels (if you try, clone() call fails with EPERM). IMHO this is because > SLE11-SP4 kernel lacks > > > df008c91f835 net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm > > 5eaf563e5329 userns: Allow unprivileged users to create user namespaces. > > and other related commits that weren't added until 3.8. I believe this > means while the SLE11-SP4 code is still affected by various bugs of the > "data supplied by userspace not checked" type, this cannot be exploited > without root privileges or at least root's help. Minor correction: commit df008c91f835 allows netfilter rule management via netlink interface (by userns root). Using IPT_SO_SET_REPLACE was enabled by commit 52e804c6dfaa net: Allow userns root to control ipv4 But this also came in the same batch in v3.8-rc1 (and wasn't backported to our pre-3.8 kernels either).
SUSE-SU-2016:1709-1: An update that solves one vulnerability and has four fixes is now available. Category: security (important) Bug References: 971770,972124,981143,983394,986362 CVE References: CVE-2016-4998 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): kernel-default-3.12.59-60.45.2 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): kernel-docs-3.12.59-60.45.4, kernel-obs-build-3.12.59-60.45.3 SUSE Linux Enterprise Server 12-SP1 (src): kernel-default-3.12.59-60.45.2, kernel-source-3.12.59-60.45.1, kernel-syms-3.12.59-60.45.1, kernel-xen-3.12.59-60.45.2 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.59-60.45.2 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP1_Update_6-1-2.3 SUSE Linux Enterprise Desktop 12-SP1 (src): kernel-default-3.12.59-60.45.2, kernel-source-3.12.59-60.45.1, kernel-syms-3.12.59-60.45.1, kernel-xen-3.12.59-60.45.2
SUSE-SU-2016:1710-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 986362 CVE References: CVE-2016-4998 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): kernel-default-3.12.60-52.54.2 SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.60-52.54.3, kernel-obs-build-3.12.60-52.54.3 SUSE Linux Enterprise Server 12 (src): kernel-default-3.12.60-52.54.2, kernel-source-3.12.60-52.54.1, kernel-syms-3.12.60-52.54.1, kernel-xen-3.12.60-52.54.2 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.60-52.54.2 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_15-1-2.3 SUSE Linux Enterprise Desktop 12 (src): kernel-default-3.12.60-52.54.2, kernel-source-3.12.60-52.54.1, kernel-syms-3.12.60-52.54.1, kernel-xen-3.12.60-52.54.2
can someone submit 13.2 and 42.1 too?
(In reply to Marcus Meissner from comment #39) > can someone submit 13.2 and 42.1 too? Submitted to openSUSE:Leap:42.1:Update via SRID#405786.
This is an autogenerated message for OBS integration: This bug (986362) was mentioned in https://build.opensuse.org/request/show/405786 42.1 / kernel-source
I have updated the TID to reflect the released patches.
openSUSE-SU-2016:1798-1: An update that solves four vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 970114,970275,978469,980265,983977,984755,986362,986530,986572 CVE References: CVE-2016-4470,CVE-2016-4794,CVE-2016-4997,CVE-2016-5829 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.27-24.1, kernel-default-4.1.27-24.1, kernel-docs-4.1.27-24.2, kernel-ec2-4.1.27-24.1, kernel-obs-build-4.1.27-24.2, kernel-obs-qa-4.1.27-24.1, kernel-obs-qa-xen-4.1.27-24.1, kernel-pae-4.1.27-24.1, kernel-pv-4.1.27-24.1, kernel-source-4.1.27-24.1, kernel-syms-4.1.27-24.1, kernel-vanilla-4.1.27-24.1, kernel-xen-4.1.27-24.1
One of the patches hits performance badly for certain rule sets: http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/64099 Let's wait for review but I'm afraid we will need this as well.
I checked the code and I'm afraid I have bad news... there is at least one lock that is held through (almost) all translate_compat_table() and while the lock is per family (inet/inet6/arp/bridge), it is shared by all network namespaces. Unless I overlooked something important, this means a malicious user running iptables-restore on a suitable dump could block any similar operation in any other netns (including init_net) on that system for quite long (according to Florian's tests, tens of minutes at least). And I'm afraid the note about "DoS angle" in http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/64086/focus=64098 indicates my interpretation is correct.
Full series, including the latest follow-up fix (jump validation speed up) is now either present in or submitted to SLE12-SP2 cve/linux-3.12 cve/linux-3.0 master (-> stable) openSUSE-42.1 openSUSE-13.2 I tried to backport the series also to cve/linux-2.6.32 but there was quite i lot of small changes between 2.6.32 and 3.0 so that the series required quite a lot of non-trivial tweaking. Given its size and the fact that the security aspect only applies to kernel 3.8 and later (you must pass invalid data as root (real root) on older kernels), I believe the benefit wouldn't be worth the risk of introducing regressions with such backport. The same applies to 2.6.16, of course. Closing and reassigning to security team.
SUSE-SU-2016:1937-1: An update that solves 24 vulnerabilities and has 76 fixes is now available. Category: security (important) Bug References: 662458,676471,897662,928547,944309,945345,947337,950998,951844,953048,953233,954847,956491,957805,957986,957990,958390,958463,960857,962742,962846,963762,964727,965087,966245,967640,968667,969016,970114,970506,970604,970609,970948,971049,971770,971947,972124,972933,973378,973499,973570,974165,974308,974620,974646,974692,975533,975772,975788,976739,976821,976868,977417,977582,977685,978401,978469,978527,978822,979169,979213,979347,979419,979485,979489,979521,979548,979867,979879,979922,980246,980348,980371,980706,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983394,983721,983904,983977,984148,984456,984755,985232,985978,986362,986569,986572,986811,988215,988498,988552 CVE References: CVE-2014-9717,CVE-2014-9904,CVE-2015-7833,CVE-2015-8539,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2847,CVE-2016-3672,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP1 (src): kernel-compute-3.12.61-60.18.1, kernel-compute_debug-3.12.61-60.18.1, kernel-rt-3.12.61-60.18.1, kernel-rt_debug-3.12.61-60.18.1, kernel-source-rt-3.12.61-60.18.1, kernel-syms-rt-3.12.61-60.18.1
*** Bug 986365 has been marked as a duplicate of this bug. ***
SUSE-SU-2016:1985-1: An update that solves 20 vulnerabilities and has 43 fixes is now available. Category: security (important) Bug References: 676471,866130,909589,936530,944309,950998,953369,954847,956491,957986,960857,961518,963762,966245,967914,968500,969149,969391,970114,971030,971126,971360,971446,971944,971947,971989,973378,974620,974646,974787,975358,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,979915,980246,980371,980725,980788,980931,981231,981267,982532,982544,982691,983143,983213,983721,984107,984755,986362,986572,988498 CVE References: CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1, kernel-source-rt-3.0.101.rt130-57.1, kernel-syms-rt-3.0.101.rt130-57.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-57.1, kernel-rt_debug-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1
SUSE-SU-2016:2018-1: An update that solves three vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 909589,954847,971030,974620,979915,982544,983721,984755,986362,986572,988498 CVE References: CVE-2016-4470,CVE-2016-4997,CVE-2016-5829 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-80.2 SUSE Linux Enterprise Server 11-SP4 (src): kernel-default-3.0.101-80.1, kernel-ec2-3.0.101-80.1, kernel-pae-3.0.101-80.1, kernel-ppc64-3.0.101-80.1, kernel-source-3.0.101-80.1, kernel-syms-3.0.101-80.1, kernel-trace-3.0.101-80.1, kernel-xen-3.0.101-80.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-80.1, kernel-pae-3.0.101-80.1, kernel-ppc64-3.0.101-80.1, kernel-trace-3.0.101-80.1, kernel-xen-3.0.101-80.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-default-3.0.101-80.1, kernel-ec2-3.0.101-80.1, kernel-pae-3.0.101-80.1, kernel-ppc64-3.0.101-80.1, kernel-trace-3.0.101-80.1, kernel-xen-3.0.101-80.1
SUSE-SU-2016:2105-1: An update that solves 21 vulnerabilities and has 55 fixes is now available. Category: security (important) Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979074,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,980856,980883,981038,981143,981344,981597,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,984764,985232,985978,986362,986365,986569,986572,986573,986811,988215,988498,988552,990058 CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): kernel-default-3.12.62-60.62.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): kernel-docs-3.12.62-60.62.3, kernel-obs-build-3.12.62-60.62.1 SUSE Linux Enterprise Server 12-SP1 (src): kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.62-60.62.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP1_Update_7-1-4.2 SUSE Linux Enterprise Desktop 12-SP1 (src): kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available. Category: security (important) Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811 CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829 Sources used: openSUSE 13.2 (src): bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3
openSUSE-SU-2016:2184-1: An update that solves 21 vulnerabilities and has 49 fixes is now available. Category: security (important) Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,985232,985978,986362,986365,986569,986572,986811,988215,988498,988552,990058 CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829 Sources used: openSUSE 13.1 (src): cloop-2.639-11.32.2, crash-7.0.2-2.32.7, hdjmod-1.28-16.32.2, ipset-6.21.1-2.36.2, iscsitarget-1.4.20.3-13.32.2, kernel-debug-3.12.62-52.1, kernel-default-3.12.62-52.1, kernel-desktop-3.12.62-52.1, kernel-docs-3.12.62-52.2, kernel-ec2-3.12.62-52.1, kernel-pae-3.12.62-52.1, kernel-source-3.12.62-52.1, kernel-syms-3.12.62-52.1, kernel-trace-3.12.62-52.1, kernel-vanilla-3.12.62-52.1, kernel-xen-3.12.62-52.1, ndiswrapper-1.58-33.2, openvswitch-1.11.0-0.39.3, pcfclock-0.44-258.33.2, vhba-kmp-20130607-2.32.2, virtualbox-4.2.36-2.64.4, xen-4.3.4_10-65.3, xtables-addons-2.3-2.31.2
SUSE-SU-2016:2245-1: An update that solves 25 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 839104,866130,919351,944309,950998,960689,962404,963655,963762,966460,969149,970114,971126,971360,971446,971729,971944,974428,975945,978401,978821,978822,979213,979274,979548,979681,979867,979879,980371,980725,980788,980931,981267,983143,983213,983535,984107,984755,986362,986365,986445,986572,987709,988065,989152,989401,991608 CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3955,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5696,CVE-2016-5829,CVE-2016-6480 Sources used: SUSE OpenStack Cloud 5 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Manager Proxy 2.1 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Manager 2.1 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-ppc64-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
openSUSE-SU-2016:2290-1: An update that solves 17 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 963931,970948,971126,971360,974266,978821,978822,979018,979213,979879,980371,981058,981267,986362,986365,986570,987886,989084,989152,989176,990058,991110,991608,991665,994296,994520 CVE References: CVE-2015-8787,CVE-2016-1237,CVE-2016-2847,CVE-2016-3134,CVE-2016-3156,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4951,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828 Sources used: openSUSE Leap 42.1 (src): drbd-8.4.6-8.1, hdjmod-1.28-24.1, ipset-6.25.1-5.1, kernel-debug-4.1.31-30.2, kernel-default-4.1.31-30.2, kernel-docs-4.1.31-30.3, kernel-ec2-4.1.31-30.2, kernel-obs-build-4.1.31-30.3, kernel-obs-qa-4.1.31-30.1, kernel-obs-qa-xen-4.1.31-30.1, kernel-pae-4.1.31-30.2, kernel-pv-4.1.31-30.2, kernel-source-4.1.31-30.1, kernel-syms-4.1.31-30.1, kernel-vanilla-4.1.31-30.2, kernel-xen-4.1.31-30.2, lttng-modules-2.7.0-2.1, pcfclock-0.44-266.1, vhba-kmp-20140928-5.1
SUSE-SU-2016:2632-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1004418,986362 CVE References: CVE-2016-4997,CVE-2016-5195 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): kgraft-patch-SLE12_Update_10-6-2.1 SUSE Linux Enterprise Server 12-LTSS (src): kgraft-patch-SLE12_Update_10-6-2.1
SUSE-SU-2016:2976-1: An update that solves 13 vulnerabilities and has 87 fixes is now available. Category: security (important) Bug References: 1000189,1001419,1002165,1003077,1003344,1003568,1003677,1003866,1003925,1004517,1004520,1005857,1005896,1005903,1006917,1006919,1007944,763198,771065,799133,803320,839104,843236,860441,863873,865783,871728,907611,908458,908684,909077,909350,909484,909618,909994,911687,915183,920016,922634,922947,928138,929141,934760,951392,956514,960689,963655,967716,968010,968014,971975,971989,973203,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986337,986362,986365,986445,987565,988440,989152,989261,989764,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,995968,996329,996664,997708,998399,998689,999584,999600,999907,999932 CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-3841,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-88.3 SUSE Linux Enterprise Server 11-SP4 (src): kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-source-3.0.101-88.1, kernel-syms-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE-SU-2016:3069-1: An update that solves 11 vulnerabilities and has 49 fixes is now available. Category: security (important) Bug References: 1000189,1001419,1002165,1004418,732582,839104,843236,909994,911687,915183,920016,934760,951392,956514,960689,963655,971975,971989,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986362,986365,986445,987565,988440,989152,989261,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,996329,996664,997708,998399,999584,999600,999932 CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2016-0823,CVE-2016-3841,CVE-2016-4997,CVE-2016-4998,CVE-2016-5195,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7425 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-65.1, kernel-rt_trace-3.0.101.rt130-65.1, kernel-source-rt-3.0.101.rt130-65.1, kernel-syms-rt-3.0.101.rt130-65.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-65.1, kernel-rt_debug-3.0.101.rt130-65.1, kernel-rt_trace-3.0.101.rt130-65.1
SUSE-SU-2016:3304-1: An update that solves 13 vulnerabilities and has 118 fixes is now available. Category: security (important) Bug References: 1000189,1000287,1000304,1000776,1001419,1001486,1002165,1003079,1003153,1003400,1003568,1003925,1004252,1004418,1004462,1004517,1004520,1005666,1006691,1007615,1007886,744692,789311,857397,860441,865545,866130,868923,874131,875631,876145,876463,898675,904489,909994,911687,915183,921338,921784,922064,922634,924381,924384,930399,934067,937086,937888,941420,946309,955446,956514,959463,961257,962846,963655,963767,966864,967640,970943,971975,971989,974406,974620,975596,975772,976195,977687,978094,979451,979681,979928,980371,981597,982783,983619,984194,984419,984779,984992,985562,986362,986365,986445,987192,987333,987542,987565,987621,987805,988440,988617,988715,989152,989953,990058,990245,991247,991608,991665,991667,992244,992555,992568,992591,992593,992712,993392,993841,993890,993891,994167,994296,994438,994520,994758,995153,995968,996664,997059,997299,997708,997896,998689,998795,998825,999577,999584,999600,999779,999907,999932 CVE References: CVE-2015-8956,CVE-2016-2069,CVE-2016-4998,CVE-2016-5195,CVE-2016-5696,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-8658 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP1 (src): kernel-compute-3.12.67-60.27.1, kernel-compute_debug-3.12.67-60.27.1, kernel-rt-3.12.67-60.27.1, kernel-rt_debug-3.12.67-60.27.1, kernel-source-rt-3.12.67-60.27.1, kernel-syms-rt-3.12.67-60.27.1
SUSE-SU-2017:0333-1: An update that solves 46 vulnerabilities and has 31 fixes is now available. Category: security (important) Bug References: 1003077,1003925,1004517,1007944,1008645,1008831,1008833,1009443,1010150,1010467,1010501,1010507,1010711,1010716,1011482,1011685,1012422,1012832,1013038,1013531,1013542,1014746,1017710,1021258,835175,839104,863873,874145,896484,908069,914939,922947,927287,940966,950998,954984,956514,958000,960689,963053,967716,968500,969340,971360,971944,978401,978821,979213,979274,979548,979595,979879,979915,980363,980371,980725,981267,983143,983213,984755,986362,986365,986445,986572,989261,991608,991665,992566,993890,993891,994296,994436,994618,994759,995968,997059,999932 CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2013-4312,CVE-2015-1350,CVE-2015-7513,CVE-2015-7833,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2016-0823,CVE-2016-10088,CVE-2016-1583,CVE-2016-2187,CVE-2016-2189,CVE-2016-3841,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5829,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): kernel-default-3.0.101-0.7.53.1, kernel-ec2-3.0.101-0.7.53.1, kernel-pae-3.0.101-0.7.53.1, kernel-source-3.0.101-0.7.53.1, kernel-syms-3.0.101-0.7.53.1, kernel-trace-3.0.101-0.7.53.1, kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): kernel-default-3.0.101-0.7.53.1, kernel-ec2-3.0.101-0.7.53.1, kernel-pae-3.0.101-0.7.53.1, kernel-trace-3.0.101-0.7.53.1, kernel-xen-3.0.101-0.7.53.1
SUSE-SU-2017:0471-1: An update that solves 34 vulnerabilities and has 48 fixes is now available. Category: security (important) Bug References: 1003153,1003925,1004462,1004517,1005666,1007197,1008833,1008979,1009969,1010040,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011820,1012422,1013038,1013531,1013540,1013542,1014746,1016482,1017410,1017589,1017710,1019300,1019851,1020602,1021258,881008,915183,958606,961257,970083,971989,976195,978094,980371,980560,981038,981597,981709,982282,982544,983619,983721,983977,984148,984419,984755,985978,986362,986365,986445,986569,986572,986811,986941,987542,987565,987576,989152,990384,991608,991665,993392,993890,993891,994296,994748,994881,995968,997708,998795,999584,999600,999932,999943 CVE References: CVE-2014-9904,CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-4470,CVE-2016-4998,CVE-2016-5696,CVE-2016-5828,CVE-2016-5829,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-8658,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1 SUSE Linux Enterprise Server 12-LTSS (src): kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.61-52.66.1
Added the follow-up commit 17a49cd549d9 netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel to all branches with a backport of mainline commit 09d9686047db
openSUSE-SU-2017:1140-1: An update that solves 10 vulnerabilities and has 49 fixes is now available. Category: security (important) Bug References: 1010032,1012452,1012829,1013887,1014136,1017461,1019614,1021424,1021762,1022340,1023287,1027153,1027512,1027616,1027974,1028027,1028217,1028415,1028883,1029514,1029634,1030070,1030118,1030213,1031003,1031052,1031147,1031200,1031206,1031208,1031440,1031512,1031555,1031579,1031662,1031717,1031831,1032006,1032141,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033336,1033340,1033885,1034048,1034419,1034671,1034902,970083,986362,986365,988065,993832 CVE References: CVE-2016-4997,CVE-2016-4998,CVE-2017-2671,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7374,CVE-2017-7616,CVE-2017-7618 Sources used: openSUSE Leap 42.2 (src): kernel-debug-4.4.62-18.6.1, kernel-default-4.4.62-18.6.1, kernel-docs-4.4.62-18.6.2, kernel-obs-build-4.4.62-18.6.1, kernel-obs-qa-4.4.62-18.6.1, kernel-source-4.4.62-18.6.1, kernel-syms-4.4.62-18.6.1, kernel-vanilla-4.4.62-18.6.1
SUSE-SU-2017:1990-1: An update that solves 43 vulnerabilities and has 282 fixes is now available. Category: security (important) Bug References: 1000092,1003077,1003581,1004003,1007729,1007959,1007962,1008842,1009674,1009718,1010032,1010612,1010690,1011044,1011176,1011913,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013001,1013561,1013792,1013887,1013994,1014120,1014136,1015342,1015367,1015452,1015609,1016403,1017164,1017170,1017410,1017461,1017641,1018100,1018263,1018358,1018385,1018419,1018446,1018813,1018885,1018913,1019061,1019148,1019163,1019168,1019260,1019351,1019594,1019614,1019618,1019630,1019631,1019784,1019851,1020048,1020214,1020412,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021424,1021455,1021474,1021762,1022181,1022266,1022304,1022340,1022429,1022476,1022547,1022559,1022595,1022785,1022971,1023101,1023175,1023287,1023762,1023866,1023884,1023888,1024015,1024081,1024234,1024508,1024938,1025039,1025235,1025461,1025683,1026024,1026405,1026462,1026505,1026509,1026570,1026692,1026722,1027054,1027066,1027101,1027153,1027179,1027189,1027190,1027195,1027273,1027512,1027565,1027616,1027974,1028017,1028027,1028041,1028158,1028217,1028310,1028325,1028340,1028372,1028415,1028819,1028883,1028895,1029220,1029514,1029607,1029634,1029986,1030057,1030070,1030118,1030213,1030573,1031003,1031040,1031052,1031142,1031147,1031200,1031206,1031208,1031440,1031470,1031500,1031512,1031555,1031579,1031662,1031717,1031796,1031831,1032006,1032141,1032339,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033287,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042200,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045340,1045467,1045568,1046105,1046434,1046589,799133,863764,870618,922871,951844,966170,966172,966191,966321,966339,968697,969479,969755,970083,971975,982783,985561,986362,986365,987192,987576,988065,989056,989311,990058,990682,991273,993832,995542,995968,998106 CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-4997,CVE-2016-4998,CVE-2016-7117,CVE-2016-9191,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-2671,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7346,CVE-2017-7374,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP2 (src): kernel-rt-4.4.74-7.10.1, kernel-rt_debug-4.4.74-7.10.1, kernel-source-rt-4.4.74-7.10.1, kernel-syms-rt-4.4.74-7.10.1
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available. Category: security (important) Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245 CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1