Bug 1013604 – VUL-0: CVE-2016-9576: kernel: Use-after-free in SCSI Generic driver

Bug 1013604 - (CVE-2016-9576) VUL-0: CVE-2016-9576: kernel: Use-after-free in SCSI Generic driver

(CVE-2016-9576)
Summary:	VUL-0: CVE-2016-9576: kernel: Use-after-free in SCSI Generic driver

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2016-9576:6.2:(AV:L...
Keywords:

Depends on:	CVE-2016-10088
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-12-05 08:37 UTC by Johannes Thumshirn
Modified:	2019-05-01 12:51 UTC (History)
CC List:	16 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
dmesg and trace buffer from test run (89.87 KB, text/plain) 2016-12-05 10:13 UTC, Johannes Thumshirn	Details
gistfile1.txt (6.92 KB, text/plain) 2016-12-07 13:57 UTC, Marcus Meissner	Details
FMODE based patch (2.24 KB, patch) 2016-12-07 13:59 UTC, Johannes Thumshirn	Details \| Diff
Don't feed anything but regular iovec's to blk_rq_map_user_iov (1.08 KB, patch) 2016-12-07 19:09 UTC, Johannes Thumshirn	Details \| Diff
splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (2.59 KB, patch) 2016-12-09 10:10 UTC, Johannes Thumshirn	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Thumshirn 2016-12-05 08:37:52 UTC

It is possible to trigger a use-after-free bug in the Linux Kernel's SCSI generic driver with the program from [1]. The corresponding upstream report is in [2].

[1] https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
[2] http://www.spinics.net/lists/linux-scsi/msg102232.html

Comment 1 Johannes Thumshirn 2016-12-05 10:13:12 UTC

Created attachment 704782 [details]
dmesg and trace buffer from test run

dmesg and trace buffer from test run with a trace_printk() augmented kernel.

Comment 2 Johannes Thumshirn 2016-12-05 10:18:28 UTC

In the trace data from comment 1 the faulting address was equal to the dxferp from the SCSI generic header.

In other tests I've ran it was dxferp + offset with offset always being a) smaller than dxferp + dxfer_len and b) always a multiple of 0x1000.

Comment 3 Marcus Meissner 2016-12-05 12:39:50 UTC

(seems security relevant)

Comment 4 Marcus Meissner 2016-12-07 12:53:14 UTC

affects all kernels down to 2.6.

Comment 5 Johannes Thumshirn 2016-12-07 13:28:35 UTC

cve/linux-2.6.16 is unaffected.
cve/linux-2.6.32 is and all newer branches are affected.

Comment 6 Marcus Meissner 2016-12-07 13:57:22 UTC

Created attachment 705341 [details]
gistfile1.txt

gistfile1.txt

Comment 7 Johannes Thumshirn 2016-12-07 13:59:44 UTC

Created attachment 705342 [details]
FMODE based patch

Patch suggested by Al Viro and sent to Al and Linus for review.

Comment 8 Johannes Thumshirn 2016-12-07 14:11:42 UTC

As a side note: The splice() system call, which enables the creative abuse of the sg and bsg drivers, was introduced with kernel 2.6.17.

Comment 9 Johannes Thumshirn 2016-12-07 19:09:11 UTC

Created attachment 705446 [details]
Don't feed anything but regular iovec's to blk_rq_map_user_iov

Linus' patch for 4.9 fixing the issue (already applied mainline as commit a0ac402cf)

Comment 10 Johannes Thumshirn 2016-12-08 09:10:27 UTC

Can I start backporting the fix to these kernel's even without an official CVE number available yet?

Comment 11 Marcus Meissner 2016-12-08 16:58:58 UTC

can you start backporting it to our kernels ... 

We will need to add the CVE reference later on.

Comment 13 Marcus Meissner 2016-12-08 23:04:26 UTC

CVE-2016-9576

Comment 14 Marcus Meissner 2016-12-08 23:15:02 UTC

The linux-distros team urged me to make it public asap, as it is upstream known, and so i did.

- issue is public

please apply to all branches.

Comment 15 Johannes Thumshirn 2016-12-09 09:30:30 UTC

Linus' fix committed to:
- master
- stable
- openSUSE-42.1
- SLES12-SP2

Older branches aren't fixable using Linus' fix. I'll backport my FMODE based fix instead.

Comment 17 Johannes Thumshirn 2016-12-09 10:10:28 UTC

Created attachment 705827 [details]
splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE

Version I've sent upstream

Comment 18 Johannes Thumshirn 2016-12-09 10:41:53 UTC

Branches which received my fix are:
- openSUSE-13.2
- cve/linux-3.0
- cve/linux-3.12
- cve/linux-2.6.32

Comment 19 Johannes Thumshirn 2016-12-09 10:43:27 UTC

All applicable branches pushed. Back to security.

Comment 20 Bernhard Wiedemann 2016-12-09 21:03:54 UTC

This is an autogenerated message for OBS integration:
This bug (1013604) was mentioned in
https://build.opensuse.org/request/show/445180 42.1 / kernel-source
https://build.opensuse.org/request/show/445181 42.2 / kernel-source

Comment 22 Swamp Workflow Management 2016-12-12 16:08:21 UTC

openSUSE-SU-2016:3085-1: An update that solves one vulnerability and has 7 fixes is now available.

Category: security (important)
Bug References: 1003606,1006827,1008557,1011913,1013001,1013604,1014120,981825
CVE References: CVE-2016-9576
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.36-8.1, kernel-default-4.4.36-8.1, kernel-docs-4.4.36-8.2, kernel-obs-build-4.4.36-8.1, kernel-obs-qa-4.4.36-8.1, kernel-source-4.4.36-8.1, kernel-syms-4.4.36-8.1, kernel-vanilla-4.4.36-8.1

Comment 23 Swamp Workflow Management 2016-12-12 16:09:10 UTC

openSUSE-SU-2016:3086-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1013604
CVE References: CVE-2016-9576
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.36-41.1, kernel-default-4.1.36-41.1, kernel-docs-4.1.36-41.2, kernel-ec2-4.1.36-41.1, kernel-obs-build-4.1.36-41.1, kernel-obs-qa-4.1.36-41.1, kernel-pae-4.1.36-41.1, kernel-pv-4.1.36-41.1, kernel-source-4.1.36-41.1, kernel-syms-4.1.36-41.1, kernel-vanilla-4.1.36-41.1, kernel-xen-4.1.36-41.1

Comment 26 Swamp Workflow Management 2016-12-13 16:08:25 UTC

openSUSE-SU-2016:3118-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.40.1, crash-7.0.2-2.40.1, hdjmod-1.28-16.40.1, ipset-6.21.1-2.44.1, iscsitarget-1.4.20.3-13.40.1, kernel-debug-3.12.67-64.1, kernel-default-3.12.67-64.1, kernel-desktop-3.12.67-64.1, kernel-docs-3.12.67-64.2, kernel-ec2-3.12.67-64.1, kernel-pae-3.12.67-64.1, kernel-source-3.12.67-64.1, kernel-syms-3.12.67-64.1, kernel-trace-3.12.67-64.1, kernel-vanilla-3.12.67-64.1, kernel-xen-3.12.67-64.1, ndiswrapper-1.58-41.1, openvswitch-1.11.0-0.47.1, pcfclock-0.44-258.41.1, vhba-kmp-20130607-2.40.1, virtualbox-4.2.36-2.72.1, xen-4.3.4_10-73.1, xtables-addons-2.3-2.39.1

Comment 27 Swamp Workflow Management 2016-12-14 01:07:26 UTC

SUSE-SU-2016:3146-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.21-90.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.21-90.3, kernel-obs-build-4.4.21-90.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.21-90.1, kernel-source-4.4.21-90.1, kernel-syms-4.4.21-90.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.21-90.1, kernel-source-4.4.21-90.1, kernel-syms-4.4.21-90.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_3-1-2.3
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.21-90.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.21-90.1, kernel-source-4.4.21-90.1, kernel-syms-4.4.21-90.1

Comment 28 Swamp Workflow Management 2016-12-16 19:10:40 UTC

SUSE-SU-2016:3188-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.67-60.64.24.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.67-60.64.24.3, kernel-obs-build-3.12.67-60.64.24.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.67-60.64.24.1, kernel-source-3.12.67-60.64.24.1, kernel-syms-3.12.67-60.64.24.1, kernel-xen-3.12.67-60.64.24.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.67-60.64.24.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_11-1-2.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.67-60.64.24.1, kernel-source-3.12.67-60.64.24.1, kernel-syms-3.12.67-60.64.24.1, kernel-xen-3.12.67-60.64.24.1

Comment 29 Swamp Workflow Management 2016-12-20 21:07:32 UTC

SUSE-SU-2016:3203-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-91.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-91.1, kernel-default-3.0.101-91.1, kernel-ec2-3.0.101-91.1, kernel-pae-3.0.101-91.1, kernel-ppc64-3.0.101-91.1, kernel-source-3.0.101-91.1, kernel-syms-3.0.101-91.1, kernel-trace-3.0.101-91.1, kernel-xen-3.0.101-91.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-91.1, kernel-pae-3.0.101-91.1, kernel-ppc64-3.0.101-91.1, kernel-trace-3.0.101-91.1, kernel-xen-3.0.101-91.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-91.1, kernel-default-3.0.101-91.1, kernel-ec2-3.0.101-91.1, kernel-pae-3.0.101-91.1, kernel-ppc64-3.0.101-91.1, kernel-trace-3.0.101-91.1, kernel-xen-3.0.101-91.1

Comment 30 Swamp Workflow Management 2016-12-21 20:10:10 UTC

SUSE-SU-2016:3217-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.60-52.63.1, kernel-source-3.12.60-52.63.1, kernel-syms-3.12.60-52.63.1, kernel-xen-3.12.60-52.63.1, kgraft-patch-SLE12_Update_18-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.60-52.63.1, kernel-source-3.12.60-52.63.1, kernel-syms-3.12.60-52.63.1, kernel-xen-3.12.60-52.63.1, kgraft-patch-SLE12_Update_18-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.60-52.63.1

Comment 31 Swamp Workflow Management 2016-12-22 17:09:33 UTC

SUSE-SU-2016:3248-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.93.1, kernel-default-3.0.101-0.47.93.1, kernel-ec2-3.0.101-0.47.93.1, kernel-source-3.0.101-0.47.93.1, kernel-syms-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.93.1, kernel-default-3.0.101-0.47.93.1, kernel-ec2-3.0.101-0.47.93.1, kernel-source-3.0.101-0.47.93.1, kernel-syms-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.93.1, kernel-default-3.0.101-0.47.93.1, kernel-ec2-3.0.101-0.47.93.1, kernel-source-3.0.101-0.47.93.1, kernel-syms-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.93.1, kernel-default-3.0.101-0.47.93.1, kernel-ec2-3.0.101-0.47.93.1, kernel-pae-3.0.101-0.47.93.1, kernel-source-3.0.101-0.47.93.1, kernel-syms-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.93.1, kernel-default-3.0.101-0.47.93.1, kernel-pae-3.0.101-0.47.93.1, kernel-ppc64-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.93.1, kernel-ec2-3.0.101-0.47.93.1, kernel-pae-3.0.101-0.47.93.1, kernel-source-3.0.101-0.47.93.1, kernel-syms-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.93.1, kernel-default-3.0.101-0.47.93.1, kernel-ec2-3.0.101-0.47.93.1, kernel-pae-3.0.101-0.47.93.1, kernel-trace-3.0.101-0.47.93.1, kernel-xen-3.0.101-0.47.93.1

Comment 32 Swamp Workflow Management 2016-12-22 19:08:37 UTC

SUSE-SU-2016:3252-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1013533,1013604
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.47.1, kernel-ec2-3.0.101-0.7.47.1, kernel-pae-3.0.101-0.7.47.1, kernel-source-3.0.101-0.7.47.1, kernel-syms-3.0.101-0.7.47.1, kernel-trace-3.0.101-0.7.47.1, kernel-xen-3.0.101-0.7.47.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.47.1, kernel-ec2-3.0.101-0.7.47.1, kernel-pae-3.0.101-0.7.47.1, kernel-trace-3.0.101-0.7.47.1, kernel-xen-3.0.101-0.7.47.1

Comment 33 Marcus Meissner 2016-12-22 20:40:33 UTC

released

Comment 34 Swamp Workflow Management 2017-01-20 16:10:35 UTC

SUSE-SU-2017:0226-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_7-5-2.1

Comment 35 Swamp Workflow Management 2017-01-20 16:13:23 UTC

SUSE-SU-2017:0229-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_9-3-2.1

Comment 36 Swamp Workflow Management 2017-01-20 16:14:16 UTC

SUSE-SU-2017:0230-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_6-6-2.1

Comment 37 Swamp Workflow Management 2017-01-20 16:15:19 UTC

SUSE-SU-2017:0231-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_2-8-2.1

Comment 38 Swamp Workflow Management 2017-01-20 16:16:47 UTC

SUSE-SU-2017:0233-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_3-7-2.1

Comment 39 Swamp Workflow Management 2017-01-20 16:17:52 UTC

SUSE-SU-2017:0234-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_4-6-2.1

Comment 40 Swamp Workflow Management 2017-01-20 16:18:51 UTC

SUSE-SU-2017:0235-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_5-6-2.1

Comment 41 Swamp Workflow Management 2017-01-21 14:09:05 UTC

SUSE-SU-2017:0244-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_12-5-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_12-5-2.1

Comment 42 Swamp Workflow Management 2017-01-21 14:10:12 UTC

SUSE-SU-2017:0245-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_16-3-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_16-3-2.1

Comment 43 Swamp Workflow Management 2017-01-21 14:11:15 UTC

SUSE-SU-2017:0246-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_15-5-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_15-5-2.1

Comment 44 Swamp Workflow Management 2017-01-21 14:12:20 UTC

SUSE-SU-2017:0247-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_10-8-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_10-8-2.1

Comment 45 Swamp Workflow Management 2017-01-21 14:13:24 UTC

SUSE-SU-2017:0248-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_14-5-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_14-5-2.1

Comment 46 Swamp Workflow Management 2017-01-21 14:14:28 UTC

SUSE-SU-2017:0249-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_13-5-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_13-5-2.1

Comment 47 Swamp Workflow Management 2017-01-24 11:09:24 UTC

SUSE-SU-2017:0267-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1013543,1013604,1014271,1017589
CVE References: CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_17-2-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_17-2-2.1

Comment 48 Swamp Workflow Management 2017-01-24 11:10:42 UTC

SUSE-SU-2017:0268-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271,1017589
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794,CVE-2016-9806
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_11-7-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_11-7-2.1

Comment 49 Swamp Workflow Management 2017-01-25 11:09:40 UTC

SUSE-SU-2017:0278-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1012852,1013543,1013604,1014271
CVE References: CVE-2016-8632,CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_8-4-2.1

Comment 50 Swamp Workflow Management 2017-01-26 19:09:48 UTC

SUSE-SU-2017:0294-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1013543,1013604,1014271
CVE References: CVE-2016-9576,CVE-2016-9794
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_10-2-2.1

Comment 51 Haral Tsitsivas 2017-01-31 00:33:29 UTC

As per comment #5 kernel 2.6.32 is affected.
Requesting PTF for SLES11SP1.

Comment 52 Haral Tsitsivas 2017-01-31 00:35:56 UTC

(In reply to Haral Tsitsivas from comment #51)
> As per comment #5 kernel 2.6.32 is affected.
> Requesting PTF for SLES11SP1.

Same request for CVE-2016-9794 which is part of this patch.

Comment 53 Ahmad Sadeghpour 2017-01-31 00:45:24 UTC

(In reply to Haral Tsitsivas from comment #52)
> (In reply to Haral Tsitsivas from comment #51)
> > As per comment #5 kernel 2.6.32 is affected.
> > Requesting PTF for SLES11SP1.
> 
> Same request for CVE-2016-9794 which is part of this patch.

please open a new Bugzilla for this request

Comment 54 Swamp Workflow Management 2017-02-06 20:13:52 UTC

SUSE-SU-2017:0407-1: An update that solves 24 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008831,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011685,1012060,1012422,1012754,1012917,1012985,1013001,1013038,1013479,1013531,1013533,1013540,1013604,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8645,CVE-2016-8655,CVE-2016-9083,CVE-2016-9084,CVE-2016-9555,CVE-2016-9576,CVE-2016-9756,CVE-2016-9793,CVE-2016-9794,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.69-60.30.1, kernel-compute_debug-3.12.69-60.30.1, kernel-rt-3.12.69-60.30.1, kernel-rt_debug-3.12.69-60.30.1, kernel-source-rt-3.12.69-60.30.1, kernel-syms-rt-3.12.69-60.30.1

Comment 55 Swamp Workflow Management 2017-04-25 19:18:04 UTC

SUSE-SU-2017:1102-1: An update that solves 27 vulnerabilities and has 114 fixes is now available.

Category: security (important)
Bug References: 1003077,1003344,1003568,1003677,1003813,1003866,1003925,1004517,1004520,1005857,1005877,1005896,1005903,1006917,1006919,1007615,1007944,1008557,1008645,1008831,1008833,1008893,1009875,1010150,1010175,1010201,1010467,1010501,1010507,1010711,1010716,1011685,1011820,1012411,1012422,1012832,1012851,1012917,1013018,1013038,1013042,1013070,1013531,1013533,1013542,1013604,1014410,1014454,1014746,1015561,1015752,1015760,1015796,1015803,1015817,1015828,1015844,1015848,1015878,1015932,1016320,1016505,1016520,1016668,1016688,1016824,1016831,1017686,1017710,1019148,1019165,1019348,1019783,1020214,1021258,748806,763198,771065,786036,790588,795297,799133,800999,803320,821612,824171,851603,853052,860441,863873,865783,871728,901809,907611,908458,908684,909077,909350,909484,909491,909618,913387,914939,919382,922634,924708,925065,928138,929141,953233,956514,960689,961589,962846,963655,967716,968010,969340,973203,973691,979681,984194,986337,987333,987576,989152,989680,989764,989896,990245,992566,992991,993739,993832,995968,996541,996557,997401,998689,999101,999907
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2013-6368,CVE-2015-1350,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2016-10088,CVE-2016-3841,CVE-2016-5696,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9576,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2016-9794,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-68.1, kernel-rt_trace-3.0.101.rt130-68.1, kernel-source-rt-3.0.101.rt130-68.1, kernel-syms-rt-3.0.101.rt130-68.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-68.1, kernel-rt_debug-3.0.101.rt130-68.1, kernel-rt_trace-3.0.101.rt130-68.1

Comment 59 gm chen 2017-12-25 08:25:43 UTC

(In reply to gm chen from comment #57)
> (In reply to Zhigang Gao from comment #56)
> > Where is the PTF link of
> > kernel-default-base-3.0.101-0.47.90.1.12144.2.PTF.1013604 ?
> > Customer needs the debuginfo package of kernel
> > 3.0.101-0.47.90.1.12144.2.PTF.1013604
> 
> hi  Johannes Thumshirn  Marcus Meissner 
>    Please help to check where is the PTF link of
> kernel-default-base-3.0.101-0.47.90.1.12144.2.PTF.1013604
> 
> thanks

The SLES11SP3 ptf is here:
https://ptf.suse.com/b27a428a0750dc195e58933ba4411674/sles11-sp3/12144/x86_64/20170106/