Bug 986362 - (CVE-2016-4997) VUL-0: CVE-2016-4997: kernel: Linux local privilege escalation in compat_setsockopt
(CVE-2016-4997)
VUL-0: CVE-2016-4997: kernel: Linux local privilege escalation in compat_sets...
Status: RESOLVED FIXED
: CVE-2016-4998 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Critical
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-4997:6.9:(AV:L/A...
:
Depends on:
Blocks: 986377
  Show dependency treegraph
 
Reported: 2016-06-24 06:50 UTC by Marcus Meissner
Modified: 2018-07-03 21:26 UTC (History)
13 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
uns.c (7.89 KB, text/plain)
2016-06-24 06:51 UTC, Marcus Meissner
Details
repro-compatReleaseEntry.c (2.90 KB, text/plain)
2016-06-24 06:52 UTC, Marcus Meissner
Details
repro-compatReleaseEntryMod.c (7.42 KB, text/plain)
2016-06-24 06:52 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 4 Marcus Meissner 2016-06-24 06:56:28 UTC
SLES 12 SP1: CONFIG_USER_NS=y CONFIG_NET_NS=y  -> affected
SLES 12 GA: same
SLES 11 SP4: same
SLES 11 SP3: same
SLES 11 SP2: same
Comment 7 Michal Kubeček 2016-06-24 08:01:42 UTC
Commits

> 6e94e0cfb088  netfilter: x_tables: make sure e->next_offset covers remaining blob size
> bdf533de6968  netfilter: x_tables: validate e->target_offset early

are already in all maintained branches except cve/linux-2.6.16 (as fixes for
bsc#971126 / CVE-2016-3134). I'll take a look at

  ce683e5f9d04  netfilter: x_tables: check for bogus target offset
Comment 9 Michal Marek 2016-06-24 08:54:11 UTC
6e94e0cfb088 and bdf533de6968 are in patches.kernel.org/patch-3.12.58-59, which is contained in the fast-path update. ce683e5f9d04 is missing, indeed.
Comment 10 Michal Kubeček 2016-06-24 09:22:42 UTC
Commit ce683e5f9d04 is only one piece of a much longer series:

> d7591f0c41ce  netfilter: x_tables: introduce and use xt_copy_counters_from_user
> aded9f3e9fa8  netfilter: x_tables: remove obsolete check
> 95609155d7fa  netfilter: x_tables: remove obsolete overflow check for compat case too
> 09d9686047db  netfilter: x_tables: do compat validation via translate_table
> 0188346f21e6  netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
> 8dddd32756f6  netfilter: arp_tables: simplify translate_compat_table args
> 329a0807124f  netfilter: ip6_tables: simplify translate_compat_table args
> 7d3f843eed29  netfilter: ip_tables: simplify translate_compat_table args
> 
> 13631bfc6041  netfilter: x_tables: validate all offsets and sizes in a rule
> ce683e5f9d04  netfilter: x_tables: check for bogus target offset
> 7ed2abddd20c  netfilter: x_tables: check standard target size too
> fc1221b3a163  netfilter: x_tables: add compat version of xt_check_entry_offsets
> a08e4e190b86  netfilter: x_tables: assert minimum target size
> aa412ba225dd  netfilter: x_tables: kill check_entry helper
> 7d35812c3214  netfilter: x_tables: add and use xt_check_entry_offsets
> 364723410175  netfilter: x_tables: validate targets of jumps
> f24e230d257a  netfilter: x_tables: don't move to non-existent next rule

So far it seems at least 7d35812c3214 and fc1221b3a163 will be also needed
as ce683e5f9d04 is rather a follow-up to these two.
Comment 11 Michal Marek 2016-06-24 09:31:28 UTC
Thanks for checking. To record our email conversation here, regarding SLE12 and SLE12-SP1, Marcus is confident that QAM will finish the running updates today or on Monday. We are talking about these commits:

SLE12-SP1: f2e4245f0eb1 ("KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770).")
SLE12: 427261ffec5d ("Merge branch 'users/duwe/SLE12/for-next' into SLE12")

$ git merge-base f2e4245f0eb1 427261ffec5d
754f7d2e4ad53233beac042837b7d5ac39ca67d0

You can use e.g. this commit to base your branch on.
Comment 12 Michal Kubeček 2016-06-24 09:37:14 UTC
(In reply to Michal Marek from comment #11)
> $ git merge-base f2e4245f0eb1 427261ffec5d
> 754f7d2e4ad53233beac042837b7d5ac39ca67d0
> 
> You can use e.g. this commit to base your branch on.

I don't think so: while both f2e4245f0eb1 and 427261ffec5d contain the
bsc#971126 fixes, 754f7d2e4ad5 does not.
Comment 13 Michal Marek 2016-06-24 09:49:21 UTC
You are right, merge-base failed me again.

bf3c5c7200f3 ("- Linux 3.12.59 ...")

should work, right?
Comment 14 Michal Kubeček 2016-06-24 09:52:07 UTC
(In reply to Michal Marek from comment #13)
> bf3c5c7200f3 ("- Linux 3.12.59 ...")
> 
> should work, right?

Yes, this looks like the best option.
Comment 15 Michal Kubeček 2016-06-24 13:00:11 UTC
I want to test the backport up to 13631bfc6041 (i.e. lower half of the list
in comment 10); I'm still considering also 09d9686047db (which would require
also some of the 4 commits preceding it).

However, I'm unable to reproduce the issue on current SLE12(-SP1) without the
fixes. I did

  - compile all three utilities
  - install uns with 4755 permissions
  - added a netfilter rule to load necessary modules
  - ran "/usr/local/bin/uns -n -U -M '0 1000 1' -G '0 100 1' ./repro-compatReleaseEntry" as UID 1000 (GID 100)

but the setsockopt() call fails with "Operation not permitted" and nothing
crashes.

I guess I'm missing something obvious, trying to find out where does the
EPERM come from.
Comment 16 Michal Kubeček 2016-06-24 13:09:48 UTC
OK, the obvious part I missed was that the message

  write /proc/1702/gid_map: Operation not permitted

which went away after setting SUID on uns was actually caused by using the
original "0 1000 1" gid map rather than "0 100 1" I needed.

I can reproduce the issue on unpatched SLE12-SP1 kernel now.
Comment 17 Marcus Meissner 2016-06-24 13:11:12 UTC
you need to replace 1000 with your own gid as reported by "id".

uns does not need to be 4755, 755 seems sufficient.
Comment 18 Michal Kubeček 2016-06-24 13:21:38 UTC
OK, so now I can reproduce the issue on unpatched SLE12-SP1 and with the
patches up to 13631bfc6041, there is no crash and setsockopt() fails with
EINVAL as expected.

However, I would still feel safer with commit 09d9686047db (with its
prerequisities) so I'm going to check that as well.

Adding Jiří Slabý to Cc as this is going to be interesting for stable-3.12.y
Comment 23 Michal Kubeček 2016-06-24 22:56:59 UTC
SLE12 branch was successfully tested so that it can be used for fast path
updates of SLE12 and SLE12-SP1.

As for SLE11-SP4, the reproducer cannot be used the same way as in newer
kernels (if you try, clone() call fails with EPERM). IMHO this is because
SLE11-SP4 kernel lacks

> df008c91f835  net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm
> 5eaf563e5329  userns: Allow unprivileged users to create user namespaces.

and other related commits that weren't added until 3.8. I believe this
means while the SLE11-SP4 code is still affected by various bugs of the
"data supplied by userspace not checked" type, this cannot be exploited
without root privileges or at least root's help.

I'm tempted to say while the bug should still be fixed, there is no need
for an emergency fast path update of products based on pre-3.8 kernels
(i.e. SLE10 and SLE11).

Anyway, I checked that unpatched 3.0.101-77 kernel crashes when
repro-compatReleaseEntry is run as root (and not in a user namespace)
while patched kernel does not (setsockopt() fails with EINVAL as in
3.12 kernels).
Comment 24 Marcus Meissner 2016-06-24 23:25:19 UTC
No longer embargoed.

via oss-sec

From: Jesse Hertz <Jesse.Hertz@nccgroup.trust>
Subject: [oss-security] Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)
Date: Fri, 24 Jun 2016 18:53:53 +0000

Hi All,

As part of a kernel fuzzing project by myself and my colleague Tim Newsham, we are disclosing two vulnerabilities which have been assigned CVEs. Full details of the fuzzing project (with analysis of the vulnerabilities) will be released next week.

These issues are fixed in the following commits

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04 <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04>
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088 <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088>
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968 <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968>

And have now been integrated into stable kernel releases: 3.14.73, 4.4.14, and 4.6.3.

Theses issues occurs in the same codepaths as, but are distinct from, a similar vulnerability: CVE-2016-3134 (https://bugs.chromium.org/p/project-zero/issues/detail?id=758 <https://bugs.chromium.org/p/project-zero/issues/detail?id=758>).

#########

CVE-2016-4997: Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt

Risk: High

Impact: Kernel memory corruption, leading to elevation of privileges or kernel code execution. This occurs in a compat_setsockopt() call that is normally restricted to root, however, Linux 3/4 kernels that support user and network namespaces can allow an unprivileged user to trigger this functionality. This is exploitable from inside a container.
[...]
Comment 25 Michal Marek 2016-06-25 06:23:19 UTC
Michal, thanks for the fixes and testing! I'm working on submissions.
Comment 26 Michal Marek 2016-06-25 06:23:39 UTC
... for SLE12 and SLE12-SP1.
Comment 27 Michal Marek 2016-06-25 09:46:46 UTC
SLE12: MR#117083, HEAD == e55cce6a235f ("Merge branch 'users/mkubecek/SLE12/EMBARGO-986362' into SLE12-fast-path")
Comment 29 Michal Marek 2016-06-25 10:11:22 UTC
I had to resubmit SLE12 via MR#117085, because there was an error in the kgraft-patch package.

SLE12-SP1 is now submitted via MR#117086, HEAD == 396c69d47013 ("Merge branch 'users/mkubecek/SLE12/EMBARGO-986362' into SLE12-SP1-fast-path").
Comment 30 Michal Marek 2016-06-25 10:22:44 UTC
I also merged the fixes to the publicly visible SLE12 and SLE12-SP1 branches.
Comment 32 Michal Kubeček 2016-06-27 08:49:46 UTC
I just found that one of the backported commits needs a follow-up fix

   7b7eba0f3515  netfilter: x_tables: don't reject valid target size on some architectures

Luckily, this issue only affects 32-bit architectures except i586 and we do not
provide SLE12 on any of those so that there is no need to resubmit the SLE12*
fast path updates.

I'll add the patch to all branches where the series has been already submitted.
Comment 33 Michal Kubeček 2016-06-27 11:19:40 UTC
The series (including commit 7b7eba0f3515) is now present in or submitted to

  SLE12-SP2
  SLE12
  cve/linux-3.0
  master (via 4.7-rc1 / 4.7-rc3)
  stable (via 4.6.3)
  openSUSE-42.1
  openSUSE-13.2

That leaves only cve/linux-2.6.32 and cve/linux-2.6.16 unhandled. As anything
before 3.8 requires root privileges to invoke affected code, I suggest to
decrease priority and take care of pre-3.0 branches after hackweek.
Comment 34 Marcus Meissner 2016-06-27 11:26:49 UTC
can someone cross check comment #c23 ? 

(basically that affectedness starts only with Linux Kernel 3.8 ?)
Comment 35 Michal Kubeček 2016-06-27 11:46:30 UTC
(In reply to Michal Kubeček from comment #23)
> SLE12 branch was successfully tested so that it can be used for fast path
> updates of SLE12 and SLE12-SP1.
> 
> As for SLE11-SP4, the reproducer cannot be used the same way as in newer
> kernels (if you try, clone() call fails with EPERM). IMHO this is because
> SLE11-SP4 kernel lacks
> 
> > df008c91f835  net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm
> > 5eaf563e5329  userns: Allow unprivileged users to create user namespaces.
> 
> and other related commits that weren't added until 3.8. I believe this
> means while the SLE11-SP4 code is still affected by various bugs of the
> "data supplied by userspace not checked" type, this cannot be exploited
> without root privileges or at least root's help.

Minor correction: commit df008c91f835 allows netfilter rule management
via netlink interface (by userns root). Using IPT_SO_SET_REPLACE was
enabled by commit

  52e804c6dfaa  net: Allow userns root to control ipv4

But this also came in the same batch in v3.8-rc1 (and wasn't backported
to our pre-3.8 kernels either).
Comment 37 Swamp Workflow Management 2016-06-30 19:08:53 UTC
SUSE-SU-2016:1709-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (important)
Bug References: 971770,972124,981143,983394,986362
CVE References: CVE-2016-4998
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.59-60.45.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.59-60.45.4, kernel-obs-build-3.12.59-60.45.3
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.59-60.45.2, kernel-source-3.12.59-60.45.1, kernel-syms-3.12.59-60.45.1, kernel-xen-3.12.59-60.45.2
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.59-60.45.2
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_6-1-2.3
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.59-60.45.2, kernel-source-3.12.59-60.45.1, kernel-syms-3.12.59-60.45.1, kernel-xen-3.12.59-60.45.2
Comment 38 Swamp Workflow Management 2016-06-30 19:09:16 UTC
SUSE-SU-2016:1710-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 986362
CVE References: CVE-2016-4998
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.60-52.54.2
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.60-52.54.3, kernel-obs-build-3.12.60-52.54.3
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.60-52.54.2, kernel-source-3.12.60-52.54.1, kernel-syms-3.12.60-52.54.1, kernel-xen-3.12.60-52.54.2
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.60-52.54.2
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_15-1-2.3
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.60-52.54.2, kernel-source-3.12.60-52.54.1, kernel-syms-3.12.60-52.54.1, kernel-xen-3.12.60-52.54.2
Comment 39 Marcus Meissner 2016-06-30 20:13:00 UTC
can someone submit 13.2 and 42.1 too?
Comment 40 Takashi Iwai 2016-06-30 20:47:35 UTC
(In reply to Marcus Meissner from comment #39)
> can someone submit 13.2 and 42.1 too?

Submitted to openSUSE:Leap:42.1:Update via SRID#405786.
Comment 41 Bernhard Wiedemann 2016-06-30 22:00:37 UTC
This is an autogenerated message for OBS integration:
This bug (986362) was mentioned in
https://build.opensuse.org/request/show/405786 42.1 / kernel-source
Comment 42 Sascha Weber 2016-07-01 07:58:44 UTC
I have updated the TID to reflect the released patches.
Comment 44 Swamp Workflow Management 2016-07-14 12:09:32 UTC
openSUSE-SU-2016:1798-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 970114,970275,978469,980265,983977,984755,986362,986530,986572
CVE References: CVE-2016-4470,CVE-2016-4794,CVE-2016-4997,CVE-2016-5829
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.27-24.1, kernel-default-4.1.27-24.1, kernel-docs-4.1.27-24.2, kernel-ec2-4.1.27-24.1, kernel-obs-build-4.1.27-24.2, kernel-obs-qa-4.1.27-24.1, kernel-obs-qa-xen-4.1.27-24.1, kernel-pae-4.1.27-24.1, kernel-pv-4.1.27-24.1, kernel-source-4.1.27-24.1, kernel-syms-4.1.27-24.1, kernel-vanilla-4.1.27-24.1, kernel-xen-4.1.27-24.1
Comment 45 Michal Kubeček 2016-07-15 11:29:19 UTC
One of the patches hits performance badly for certain rule sets:

  http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/64099

Let's wait for review but I'm afraid we will need this as well.
Comment 46 Michal Kubeček 2016-07-15 12:26:12 UTC
I checked the code and I'm afraid I have bad news... there is at least one
lock that is held through (almost) all translate_compat_table() and while
the lock is per family (inet/inet6/arp/bridge), it is shared by all network
namespaces.

Unless I overlooked something important, this means a malicious user running
iptables-restore on a suitable dump could block any similar operation in any
other netns (including init_net) on that system for quite long (according to
Florian's tests, tens of minutes at least). And I'm afraid the note about
"DoS angle" in

  http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/64086/focus=64098

indicates my interpretation is correct.
Comment 47 Michal Kubeček 2016-07-27 07:17:52 UTC
Full series, including the latest follow-up fix (jump validation speed up)
is now either present in or submitted to

  SLE12-SP2
  cve/linux-3.12
  cve/linux-3.0
  master (-> stable)
  openSUSE-42.1
  openSUSE-13.2

I tried to backport the series also to cve/linux-2.6.32 but there was quite
i lot of small changes between 2.6.32 and 3.0 so that the series required
quite a lot of non-trivial tweaking. Given its size and the fact that the
security aspect only applies to kernel 3.8 and later (you must pass invalid
data as root (real root) on older kernels), I believe the benefit wouldn't
be worth the risk of introducing regressions with such backport. The same
applies to 2.6.16, of course.

Closing and reassigning to security team.
Comment 49 Swamp Workflow Management 2016-08-02 14:31:04 UTC
SUSE-SU-2016:1937-1: An update that solves 24 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 662458,676471,897662,928547,944309,945345,947337,950998,951844,953048,953233,954847,956491,957805,957986,957990,958390,958463,960857,962742,962846,963762,964727,965087,966245,967640,968667,969016,970114,970506,970604,970609,970948,971049,971770,971947,972124,972933,973378,973499,973570,974165,974308,974620,974646,974692,975533,975772,975788,976739,976821,976868,977417,977582,977685,978401,978469,978527,978822,979169,979213,979347,979419,979485,979489,979521,979548,979867,979879,979922,980246,980348,980371,980706,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983394,983721,983904,983977,984148,984456,984755,985232,985978,986362,986569,986572,986811,988215,988498,988552
CVE References: CVE-2014-9717,CVE-2014-9904,CVE-2015-7833,CVE-2015-8539,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2847,CVE-2016-3672,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.61-60.18.1, kernel-compute_debug-3.12.61-60.18.1, kernel-rt-3.12.61-60.18.1, kernel-rt_debug-3.12.61-60.18.1, kernel-source-rt-3.12.61-60.18.1, kernel-syms-rt-3.12.61-60.18.1
Comment 50 Michal Kubeček 2016-08-03 09:57:22 UTC
*** Bug 986365 has been marked as a duplicate of this bug. ***
Comment 51 Swamp Workflow Management 2016-08-08 18:21:20 UTC
SUSE-SU-2016:1985-1: An update that solves 20 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 676471,866130,909589,936530,944309,950998,953369,954847,956491,957986,960857,961518,963762,966245,967914,968500,969149,969391,970114,971030,971126,971360,971446,971944,971947,971989,973378,974620,974646,974787,975358,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,979915,980246,980371,980725,980788,980931,981231,981267,982532,982544,982691,983143,983213,983721,984107,984755,986362,986572,988498
CVE References: CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1, kernel-source-rt-3.0.101.rt130-57.1, kernel-syms-rt-3.0.101.rt130-57.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-57.1, kernel-rt_debug-3.0.101.rt130-57.1, kernel-rt_trace-3.0.101.rt130-57.1
Comment 52 Swamp Workflow Management 2016-08-09 19:11:18 UTC
SUSE-SU-2016:2018-1: An update that solves three vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 909589,954847,971030,974620,979915,982544,983721,984755,986362,986572,988498
CVE References: CVE-2016-4470,CVE-2016-4997,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-80.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-80.1, kernel-ec2-3.0.101-80.1, kernel-pae-3.0.101-80.1, kernel-ppc64-3.0.101-80.1, kernel-source-3.0.101-80.1, kernel-syms-3.0.101-80.1, kernel-trace-3.0.101-80.1, kernel-xen-3.0.101-80.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-80.1, kernel-pae-3.0.101-80.1, kernel-ppc64-3.0.101-80.1, kernel-trace-3.0.101-80.1, kernel-xen-3.0.101-80.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-80.1, kernel-ec2-3.0.101-80.1, kernel-pae-3.0.101-80.1, kernel-ppc64-3.0.101-80.1, kernel-trace-3.0.101-80.1, kernel-xen-3.0.101-80.1
Comment 53 Swamp Workflow Management 2016-08-19 12:22:56 UTC
SUSE-SU-2016:2105-1: An update that solves 21 vulnerabilities and has 55 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979074,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,980856,980883,981038,981143,981344,981597,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,984764,985232,985978,986362,986365,986569,986572,986573,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.62-60.62.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.62-60.62.3, kernel-obs-build-3.12.62-60.62.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.62-60.62.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_7-1-4.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
Comment 54 Swamp Workflow Management 2016-08-24 13:21:01 UTC
openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811
CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3
Comment 55 Swamp Workflow Management 2016-08-29 18:22:04 UTC
openSUSE-SU-2016:2184-1: An update that solves 21 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,985232,985978,986362,986365,986569,986572,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.32.2, crash-7.0.2-2.32.7, hdjmod-1.28-16.32.2, ipset-6.21.1-2.36.2, iscsitarget-1.4.20.3-13.32.2, kernel-debug-3.12.62-52.1, kernel-default-3.12.62-52.1, kernel-desktop-3.12.62-52.1, kernel-docs-3.12.62-52.2, kernel-ec2-3.12.62-52.1, kernel-pae-3.12.62-52.1, kernel-source-3.12.62-52.1, kernel-syms-3.12.62-52.1, kernel-trace-3.12.62-52.1, kernel-vanilla-3.12.62-52.1, kernel-xen-3.12.62-52.1, ndiswrapper-1.58-33.2, openvswitch-1.11.0-0.39.3, pcfclock-0.44-258.33.2, vhba-kmp-20130607-2.32.2, virtualbox-4.2.36-2.64.4, xen-4.3.4_10-65.3, xtables-addons-2.3-2.31.2
Comment 56 Swamp Workflow Management 2016-09-06 13:18:21 UTC
SUSE-SU-2016:2245-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 839104,866130,919351,944309,950998,960689,962404,963655,963762,966460,969149,970114,971126,971360,971446,971729,971944,974428,975945,978401,978821,978822,979213,979274,979548,979681,979867,979879,980371,980725,980788,980931,981267,983143,983213,983535,984107,984755,986362,986365,986445,986572,987709,988065,989152,989401,991608
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3955,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5696,CVE-2016-5829,CVE-2016-6480
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-ppc64-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
Comment 57 Swamp Workflow Management 2016-09-12 12:14:09 UTC
openSUSE-SU-2016:2290-1: An update that solves 17 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 963931,970948,971126,971360,974266,978821,978822,979018,979213,979879,980371,981058,981267,986362,986365,986570,987886,989084,989152,989176,990058,991110,991608,991665,994296,994520
CVE References: CVE-2015-8787,CVE-2016-1237,CVE-2016-2847,CVE-2016-3134,CVE-2016-3156,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4951,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828
Sources used:
openSUSE Leap 42.1 (src):    drbd-8.4.6-8.1, hdjmod-1.28-24.1, ipset-6.25.1-5.1, kernel-debug-4.1.31-30.2, kernel-default-4.1.31-30.2, kernel-docs-4.1.31-30.3, kernel-ec2-4.1.31-30.2, kernel-obs-build-4.1.31-30.3, kernel-obs-qa-4.1.31-30.1, kernel-obs-qa-xen-4.1.31-30.1, kernel-pae-4.1.31-30.2, kernel-pv-4.1.31-30.2, kernel-source-4.1.31-30.1, kernel-syms-4.1.31-30.1, kernel-vanilla-4.1.31-30.2, kernel-xen-4.1.31-30.2, lttng-modules-2.7.0-2.1, pcfclock-0.44-266.1, vhba-kmp-20140928-5.1
Comment 58 Swamp Workflow Management 2016-10-26 01:06:58 UTC
SUSE-SU-2016:2632-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1004418,986362
CVE References: CVE-2016-4997,CVE-2016-5195
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_10-6-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_10-6-2.1
Comment 59 Swamp Workflow Management 2016-12-02 15:32:37 UTC
SUSE-SU-2016:2976-1: An update that solves 13 vulnerabilities and has 87 fixes is now available.

Category: security (important)
Bug References: 1000189,1001419,1002165,1003077,1003344,1003568,1003677,1003866,1003925,1004517,1004520,1005857,1005896,1005903,1006917,1006919,1007944,763198,771065,799133,803320,839104,843236,860441,863873,865783,871728,907611,908458,908684,909077,909350,909484,909618,909994,911687,915183,920016,922634,922947,928138,929141,934760,951392,956514,960689,963655,967716,968010,968014,971975,971989,973203,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986337,986362,986365,986445,987565,988440,989152,989261,989764,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,995968,996329,996664,997708,998399,998689,999584,999600,999907,999932
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-3841,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-88.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-source-3.0.101-88.1, kernel-syms-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
Comment 60 Swamp Workflow Management 2016-12-09 17:20:06 UTC
SUSE-SU-2016:3069-1: An update that solves 11 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1000189,1001419,1002165,1004418,732582,839104,843236,909994,911687,915183,920016,934760,951392,956514,960689,963655,971975,971989,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986362,986365,986445,987565,988440,989152,989261,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,996329,996664,997708,998399,999584,999600,999932
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2016-0823,CVE-2016-3841,CVE-2016-4997,CVE-2016-4998,CVE-2016-5195,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7425
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-65.1, kernel-rt_trace-3.0.101.rt130-65.1, kernel-source-rt-3.0.101.rt130-65.1, kernel-syms-rt-3.0.101.rt130-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-65.1, kernel-rt_debug-3.0.101.rt130-65.1, kernel-rt_trace-3.0.101.rt130-65.1
Comment 61 Swamp Workflow Management 2016-12-30 17:30:11 UTC
SUSE-SU-2016:3304-1: An update that solves 13 vulnerabilities and has 118 fixes is now available.

Category: security (important)
Bug References: 1000189,1000287,1000304,1000776,1001419,1001486,1002165,1003079,1003153,1003400,1003568,1003925,1004252,1004418,1004462,1004517,1004520,1005666,1006691,1007615,1007886,744692,789311,857397,860441,865545,866130,868923,874131,875631,876145,876463,898675,904489,909994,911687,915183,921338,921784,922064,922634,924381,924384,930399,934067,937086,937888,941420,946309,955446,956514,959463,961257,962846,963655,963767,966864,967640,970943,971975,971989,974406,974620,975596,975772,976195,977687,978094,979451,979681,979928,980371,981597,982783,983619,984194,984419,984779,984992,985562,986362,986365,986445,987192,987333,987542,987565,987621,987805,988440,988617,988715,989152,989953,990058,990245,991247,991608,991665,991667,992244,992555,992568,992591,992593,992712,993392,993841,993890,993891,994167,994296,994438,994520,994758,995153,995968,996664,997059,997299,997708,997896,998689,998795,998825,999577,999584,999600,999779,999907,999932
CVE References: CVE-2015-8956,CVE-2016-2069,CVE-2016-4998,CVE-2016-5195,CVE-2016-5696,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-8658
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.67-60.27.1, kernel-compute_debug-3.12.67-60.27.1, kernel-rt-3.12.67-60.27.1, kernel-rt_debug-3.12.67-60.27.1, kernel-source-rt-3.12.67-60.27.1, kernel-syms-rt-3.12.67-60.27.1
Comment 62 Swamp Workflow Management 2017-01-30 19:22:59 UTC
SUSE-SU-2017:0333-1: An update that solves 46 vulnerabilities and has 31 fixes is now available.

Category: security (important)
Bug References: 1003077,1003925,1004517,1007944,1008645,1008831,1008833,1009443,1010150,1010467,1010501,1010507,1010711,1010716,1011482,1011685,1012422,1012832,1013038,1013531,1013542,1014746,1017710,1021258,835175,839104,863873,874145,896484,908069,914939,922947,927287,940966,950998,954984,956514,958000,960689,963053,967716,968500,969340,971360,971944,978401,978821,979213,979274,979548,979595,979879,979915,980363,980371,980725,981267,983143,983213,984755,986362,986365,986445,986572,989261,991608,991665,992566,993890,993891,994296,994436,994618,994759,995968,997059,999932
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2013-4312,CVE-2015-1350,CVE-2015-7513,CVE-2015-7833,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2016-0823,CVE-2016-10088,CVE-2016-1583,CVE-2016-2187,CVE-2016-2189,CVE-2016-3841,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5829,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.53.1, kernel-ec2-3.0.101-0.7.53.1, kernel-pae-3.0.101-0.7.53.1, kernel-source-3.0.101-0.7.53.1, kernel-syms-3.0.101-0.7.53.1, kernel-trace-3.0.101-0.7.53.1, kernel-xen-3.0.101-0.7.53.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.53.1, kernel-ec2-3.0.101-0.7.53.1, kernel-pae-3.0.101-0.7.53.1, kernel-trace-3.0.101-0.7.53.1, kernel-xen-3.0.101-0.7.53.1
Comment 63 Swamp Workflow Management 2017-02-15 20:18:07 UTC
SUSE-SU-2017:0471-1: An update that solves 34 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1003153,1003925,1004462,1004517,1005666,1007197,1008833,1008979,1009969,1010040,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011820,1012422,1013038,1013531,1013540,1013542,1014746,1016482,1017410,1017589,1017710,1019300,1019851,1020602,1021258,881008,915183,958606,961257,970083,971989,976195,978094,980371,980560,981038,981597,981709,982282,982544,983619,983721,983977,984148,984419,984755,985978,986362,986365,986445,986569,986572,986811,986941,987542,987565,987576,989152,990384,991608,991665,993392,993890,993891,994296,994748,994881,995968,997708,998795,999584,999600,999932,999943
CVE References: CVE-2014-9904,CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-4470,CVE-2016-4998,CVE-2016-5696,CVE-2016-5828,CVE-2016-5829,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-8658,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.66.1
Comment 64 Michal Kubeček 2017-04-12 10:42:13 UTC
Added the follow-up commit

  17a49cd549d9  netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT
                ACCEPT" failed in 64bit kernel

to all branches with a backport of mainline commit 09d9686047db
Comment 65 Swamp Workflow Management 2017-05-01 22:17:07 UTC
openSUSE-SU-2017:1140-1: An update that solves 10 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1010032,1012452,1012829,1013887,1014136,1017461,1019614,1021424,1021762,1022340,1023287,1027153,1027512,1027616,1027974,1028027,1028217,1028415,1028883,1029514,1029634,1030070,1030118,1030213,1031003,1031052,1031147,1031200,1031206,1031208,1031440,1031512,1031555,1031579,1031662,1031717,1031831,1032006,1032141,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033336,1033340,1033885,1034048,1034419,1034671,1034902,970083,986362,986365,988065,993832
CVE References: CVE-2016-4997,CVE-2016-4998,CVE-2017-2671,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7374,CVE-2017-7616,CVE-2017-7618
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.62-18.6.1, kernel-default-4.4.62-18.6.1, kernel-docs-4.4.62-18.6.2, kernel-obs-build-4.4.62-18.6.1, kernel-obs-qa-4.4.62-18.6.1, kernel-source-4.4.62-18.6.1, kernel-syms-4.4.62-18.6.1, kernel-vanilla-4.4.62-18.6.1
Comment 66 Swamp Workflow Management 2017-07-28 14:00:40 UTC
SUSE-SU-2017:1990-1: An update that solves 43 vulnerabilities and has 282 fixes is now available.

Category: security (important)
Bug References: 1000092,1003077,1003581,1004003,1007729,1007959,1007962,1008842,1009674,1009718,1010032,1010612,1010690,1011044,1011176,1011913,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013001,1013561,1013792,1013887,1013994,1014120,1014136,1015342,1015367,1015452,1015609,1016403,1017164,1017170,1017410,1017461,1017641,1018100,1018263,1018358,1018385,1018419,1018446,1018813,1018885,1018913,1019061,1019148,1019163,1019168,1019260,1019351,1019594,1019614,1019618,1019630,1019631,1019784,1019851,1020048,1020214,1020412,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021424,1021455,1021474,1021762,1022181,1022266,1022304,1022340,1022429,1022476,1022547,1022559,1022595,1022785,1022971,1023101,1023175,1023287,1023762,1023866,1023884,1023888,1024015,1024081,1024234,1024508,1024938,1025039,1025235,1025461,1025683,1026024,1026405,1026462,1026505,1026509,1026570,1026692,1026722,1027054,1027066,1027101,1027153,1027179,1027189,1027190,1027195,1027273,1027512,1027565,1027616,1027974,1028017,1028027,1028041,1028158,1028217,1028310,1028325,1028340,1028372,1028415,1028819,1028883,1028895,1029220,1029514,1029607,1029634,1029986,1030057,1030070,1030118,1030213,1030573,1031003,1031040,1031052,1031142,1031147,1031200,1031206,1031208,1031440,1031470,1031500,1031512,1031555,1031579,1031662,1031717,1031796,1031831,1032006,1032141,1032339,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033287,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042200,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045340,1045467,1045568,1046105,1046434,1046589,799133,863764,870618,922871,951844,966170,966172,966191,966321,966339,968697,969479,969755,970083,971975,982783,985561,986362,986365,987192,987576,988065,989056,989311,990058,990682,991273,993832,995542,995968,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-4997,CVE-2016-4998,CVE-2016-7117,CVE-2016-9191,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-2671,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7346,CVE-2017-7374,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.74-7.10.1, kernel-rt_debug-4.4.74-7.10.1, kernel-source-rt-4.4.74-7.10.1, kernel-syms-rt-4.4.74-7.10.1
Comment 67 Swamp Workflow Management 2017-09-04 19:40:08 UTC
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available.

Category: security (important)
Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245
CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1