Bug 1056982 - (CVE-2017-14106) VUL-0: CVE-2017-14106: kernel-source: Divide-by-zero in __tcp_select_window
(CVE-2017-14106)
VUL-0: CVE-2017-14106: kernel-source: Divide-by-zero in __tcp_select_window
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/191380/
CVSSv2:SUSE:CVE-2017-14106:2.1:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-04 04:40 UTC by Marcus Meissner
Modified: 2020-06-16 18:01 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
poc.c (37.51 KB, text/x-csrc)
2017-09-04 05:10 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-09-04 04:40:44 UTC
https://github.com/torvalds/linux/commit/499350a5a6e7512d9ed369ed63a4244b6536f4f8

tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

When tcp_disconnect() is called, inet_csk_delack_init() sets
icsk->icsk_ack.rcv_mss to 0.
This could potentially cause tcp_recvmsg() => tcp_cleanup_rbuf() =>
__tcp_select_window() call path to have division by 0 issue.
So this patch initializes rcv_mss to TCP_MIN_MSS instead of 0.


References:
http://seclists.org/oss-sec/2017/q3/389
https://github.com/torvalds/linux/commit/499350a5a6e7512d9ed369ed63a4244b6536f4f8
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8
Comment 1 Marcus Meissner 2017-09-04 04:48:25 UTC
[Suggested description]
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows
local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) 
by triggering a disconnect within a certain tcp_recvmsg code path.

[VulnerabilityType Other]
CWE-369: Divide By Zero

[Reference]
https://groups.google.com/forum/#!topic/syzkaller/e4SrsEBEziQ
https://www.mail-archive.com/netdev () vger kernel org/msg186255.html
https://github.com/torvalds/linux/commit/499350a5a6e7512d9ed369ed63a4244b6536f4f8
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8


[Discoverer]
Andrey Konovalov  <andreyknvl () google com>
Comment 2 Marcus Meissner 2017-09-04 05:10:58 UTC
Created attachment 739249 [details]
poc.c

syzkaller based PoC from list
Comment 3 Michal Kubeček 2017-09-07 12:34:33 UTC
While I can't confirm the issue can lead to an actual division by zero on
kernels as old as 2.6.16, it's quite likely: tcp_disconnect() clears the
rcv_mss value, the tcp_recvmg() -> __tcp_select_window() is already there
and __tcp_select_window() can divide by mss under certain cicumstances.

As the fix is really simple and makes good sense, I'm going to apply it to all
maintained branches based on versions < 4.12 (the fix is in mainline v4.12-rc3).
Comment 4 Swamp Workflow Management 2017-09-15 13:10:44 UTC
openSUSE-SU-2017:2494-1: An update that solves three vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1012829,1021424,1022743,1024405,1031717,1035479,1036060,1038583,1046529,1048893,1048912,1049361,1049580,1054654,1056261,1056849,1056982,1057015,1057031,1057035,1057038,1057047,1057067,1057389,1057849,1058116,971975,981309
CVE References: CVE-2017-1000251,CVE-2017-11472,CVE-2017-14106
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.87-25.1, kernel-default-4.4.87-25.1, kernel-docs-4.4.87-25.2, kernel-obs-build-4.4.87-25.1, kernel-obs-qa-4.4.87-25.1, kernel-source-4.4.87-25.1, kernel-syms-4.4.87-25.1, kernel-vanilla-4.4.87-25.1
Comment 5 Swamp Workflow Management 2017-09-15 13:18:09 UTC
openSUSE-SU-2017:2495-1: An update that solves 5 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1012829,1020645,1020657,1021424,1022743,1024405,1030850,1031717,1031784,1034048,1038583,1047487,1048155,1048893,1048934,1049226,1049580,1051790,1052580,1052888,1053117,1053802,1053915,1053919,1054084,1055013,1055096,1055359,1056261,1056588,1056827,1056982,1057015,1057389,1058116,971975,981309
CVE References: CVE-2017-1000251,CVE-2017-11472,CVE-2017-12134,CVE-2017-14051,CVE-2017-14106
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.87-18.29.1, kernel-default-4.4.87-18.29.1, kernel-docs-4.4.87-18.29.2, kernel-obs-build-4.4.87-18.29.1, kernel-obs-qa-4.4.87-18.29.1, kernel-source-4.4.87-18.29.1, kernel-syms-4.4.87-18.29.1, kernel-vanilla-4.4.87-18.29.1
Comment 6 Swamp Workflow Management 2017-10-25 13:33:52 UTC
SUSE-SU-2017:2847-1: An update that solves 11 vulnerabilities and has 170 fixes is now available.

Category: security (important)
Bug References: 1004527,1005776,1005778,1005780,1005781,1012382,1012829,1015342,1015343,1019675,1019680,1019695,1019699,1020412,1020645,1020657,1020989,1021424,1022595,1022604,1022743,1022912,1022967,1024346,1024373,1024405,1025461,1030850,1031717,1031784,1032150,1034048,1034075,1035479,1036060,1036215,1036737,1037579,1037838,1037890,1038583,1040813,1042847,1043598,1044503,1046529,1047238,1047487,1047989,1048155,1048228,1048325,1048327,1048356,1048501,1048893,1048912,1048934,1049226,1049272,1049291,1049336,1049361,1049580,1050471,1050742,1051790,1051987,1052093,1052094,1052095,1052360,1052384,1052580,1052593,1052888,1053043,1053309,1053472,1053627,1053629,1053633,1053681,1053685,1053802,1053915,1053919,1054082,1054084,1054654,1055013,1055096,1055272,1055290,1055359,1055493,1055567,1055709,1055755,1055896,1055935,1055963,1056061,1056185,1056230,1056261,1056427,1056587,1056588,1056596,1056686,1056827,1056849,1056982,1057015,1057031,1057035,1057038,1057047,1057067,1057383,1057498,1057849,1058038,1058116,1058135,1058410,1058507,1058512,1058550,1059051,1059465,1059500,1059863,1060197,1060229,1060249,1060400,1060985,1061017,1061046,1061064,1061067,1061172,1061451,1061721,1061775,1061831,1061872,1062279,1062520,1062962,1063102,1063349,1063460,1063475,1063479,1063501,1063509,1063520,1063570,1063667,1063671,1063695,1064064,1064206,1064388,1064436,963575,964944,966170,966172,966186,966191,966316,966318,969476,969477,969756,971975,981309
CVE References: CVE-2017-1000252,CVE-2017-11472,CVE-2017-12134,CVE-2017-12153,CVE-2017-12154,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14489,CVE-2017-15265,CVE-2017-15649
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.92-6.18.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.92-6.18.3, kernel-obs-build-4.4.92-6.18.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.92-6.18.1, kernel-source-4.4.92-6.18.1, kernel-syms-4.4.92-6.18.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_4-1-4.3
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.92-6.18.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.92-6.18.1, kernel-source-4.4.92-6.18.1, kernel-syms-4.4.92-6.18.1
Comment 7 Swamp Workflow Management 2017-10-27 16:49:14 UTC
SUSE-SU-2017:2869-1: An update that solves 16 vulnerabilities and has 120 fixes is now available.

Category: security (important)
Bug References: 1006180,1011913,1012382,1012829,1013887,1019151,1020645,1020657,1021424,1022476,1022743,1022967,1023175,1024405,1028173,1028286,1029693,1030552,1030850,1031515,1031717,1031784,1033587,1034048,1034075,1034762,1036303,1036632,1037344,1037404,1037994,1038078,1038583,1038616,1038792,1039915,1040307,1040351,1041958,1042286,1042314,1042422,1042778,1043652,1044112,1044636,1045154,1045563,1045922,1046682,1046821,1046985,1047027,1047048,1047096,1047118,1047121,1047152,1047277,1047343,1047354,1047487,1047651,1047653,1047670,1048155,1048221,1048317,1048891,1048893,1048914,1048934,1049226,1049483,1049486,1049580,1049603,1049645,1049882,1050061,1050188,1051022,1051059,1051239,1051399,1051478,1051479,1051556,1051663,1051790,1052049,1052223,1052533,1052580,1052593,1052709,1052773,1052794,1052888,1053117,1053802,1053915,1053919,1054084,1055013,1055096,1055359,1055493,1055755,1055896,1056261,1056588,1056827,1056982,1057015,1058038,1058116,1058410,1058507,1059051,1059465,1060197,1061017,1061046,1061064,1061067,1061172,1061831,1061872,1063667,1064206,1064388,964063,971975,974215,981309
CVE References: CVE-2017-1000252,CVE-2017-10810,CVE-2017-11472,CVE-2017-11473,CVE-2017-12134,CVE-2017-12153,CVE-2017-12154,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14489,CVE-2017-15649,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-8831
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.90-92.45.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.90-92.45.3, kernel-obs-build-4.4.90-92.45.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.90-92.45.1, kernel-source-4.4.90-92.45.1, kernel-syms-4.4.90-92.45.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.90-92.45.1, kernel-source-4.4.90-92.45.1, kernel-syms-4.4.90-92.45.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_14-1-2.4
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.90-92.45.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.90-92.45.1, kernel-source-4.4.90-92.45.1, kernel-syms-4.4.90-92.45.1
SUSE Container as a Service Platform ALL (src):    kernel-default-4.4.90-92.45.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.90-92.45.1
Comment 8 Swamp Workflow Management 2017-10-30 18:31:27 UTC
SUSE-SU-2017:2908-1: An update that solves 30 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1001459,1012985,1023287,1027149,1028217,1030531,1030552,1031515,1033960,1034405,1035531,1035738,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039348,1039354,1039456,1039721,1039864,1039882,1039883,1039885,1040069,1041160,1041429,1041431,1042696,1042832,1042863,1044125,1045327,1045487,1045922,1046107,1048275,1048788,1049645,1049882,1053148,1053152,1053317,1056588,1056982,1057179,1058410,1058507,1058524,1059863,1062471,1062520,1063667,1064388,856774,860250,863764,878240,922855,922871,986924,993099,994364
CVE References: CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.63.1
Comment 9 Swamp Workflow Management 2017-11-02 17:19:49 UTC
SUSE-SU-2017:2920-1: An update that solves 36 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1008353,1012422,1017941,1029850,1030593,1032268,1034405,1034670,1035576,1035877,1036752,1037182,1037183,1037306,1037994,1038544,1038879,1038981,1038982,1039348,1039349,1039354,1039456,1039721,1039882,1039883,1039885,1040069,1041431,1041958,1044125,1045327,1045487,1045922,1046107,1047408,1048275,1049645,1049882,1052593,1053148,1053152,1056588,1056982,1057179,1058038,1058410,1058507,1058524,1062520,1063667,1064388,938162,975596,977417,984779,985562,990682
CVE References: CVE-2015-9004,CVE-2016-10229,CVE-2016-9604,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8106,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.101.1, kernel-source-3.12.61-52.101.1, kernel-syms-3.12.61-52.101.1, kernel-xen-3.12.61-52.101.1, kgraft-patch-SLE12_Update_28-1-8.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.101.1
Comment 10 Swamp Workflow Management 2017-11-08 20:26:43 UTC
SUSE-SU-2017:2956-1: An update that solves 17 vulnerabilities and has 113 fixes is now available.

Category: security (important)
Bug References: 1005917,1006180,1011913,1012382,1012829,1013887,1018419,1019151,1020645,1020657,1020685,1021424,1022476,1022743,1023175,1024405,1028173,1028286,1028819,1029693,1030552,1030850,1031515,1031717,1031784,1033587,1034048,1034075,1034762,1036303,1036632,1037344,1037404,1037994,1038078,1038583,1038616,1038792,1038846,1038847,1039354,1039915,1040307,1040351,1041958,1042286,1042314,1042422,1042778,1043652,1044112,1044636,1045154,1045563,1045922,1046682,1046821,1046985,1047027,1047048,1047096,1047118,1047121,1047152,1047277,1047343,1047354,1047487,1047651,1047653,1047670,1048155,1048221,1048317,1048891,1048893,1048914,1048934,1049226,1049483,1049486,1049580,1049603,1049645,1049882,1050061,1050188,1051022,1051059,1051239,1051399,1051478,1051479,1051556,1051663,1051790,1052049,1052223,1052311,1052365,1052533,1052580,1052709,1052773,1052794,1052888,1053117,1053802,1053915,1054084,1055013,1055096,1055359,1056261,1056588,1056827,1056982,1057015,1057389,1058038,1058116,1058507,963619,964063,964944,971975,974215,981309,988784,993890
CVE References: CVE-2017-1000111,CVE-2017-1000112,CVE-2017-1000251,CVE-2017-1000252,CVE-2017-1000365,CVE-2017-10810,CVE-2017-11472,CVE-2017-11473,CVE-2017-12134,CVE-2017-12154,CVE-2017-14051,CVE-2017-14106,CVE-2017-7518,CVE-2017-7533,CVE-2017-7541,CVE-2017-7542,CVE-2017-8831
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.88-18.1, kernel-rt_debug-4.4.88-18.1, kernel-source-rt-4.4.88-18.1, kernel-syms-rt-4.4.88-18.1
Comment 11 Michal Kubeček 2017-12-13 08:08:31 UTC
The fix is now present in or submitted to (*) all relevant branches:

  SLE12-SP3               a7aa21b7c6e0 (4.4.89)
  SLE12-SP2               a7aa21b7c6e0 (4.4.89)
  cve/linux-3.12          f03c925706b5
  cve/linux-3.0           f4a395a8f959 * 
  cve-linux-2.6.32        37c6de1a3d9f *
  cve/linux-2.6.16        26da8953ae20 *

Reassigning to security team.
Comment 12 Marcus Meissner 2017-12-19 16:16:01 UTC
released
Comment 13 Swamp Workflow Management 2018-01-04 11:16:30 UTC
SUSE-SU-2018:0011-1: An update that solves 17 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1013018,1024612,1034862,1045479,1045538,1047487,1048185,1050231,1050431,1056982,1063043,1065180,1065600,1066569,1066693,1066973,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15115,CVE-2017-15868,CVE-2017-16534,CVE-2017-16538,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.21.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.21.1, kernel-default-3.0.101-108.21.1, kernel-ec2-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-source-3.0.101-108.21.1, kernel-syms-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.21.1, kernel-default-3.0.101-108.21.1, kernel-ec2-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
Comment 14 Swamp Workflow Management 2018-01-08 20:08:02 UTC
SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245
CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
Comment 15 Swamp Workflow Management 2018-01-23 17:12:50 UTC
SUSE-SU-2018:0180-1: An update that solves 26 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1012917,1013018,1024612,1034862,1045205,1045479,1045538,1047487,1048185,1050231,1050431,1051133,1054305,1056982,1063043,1064803,1064861,1065180,1065600,1066471,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1066973,1067085,1067816,1067888,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874,1074709
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15102,CVE-2017-15115,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.14.1, kernel-rt_trace-3.0.101.rt130-69.14.1, kernel-source-rt-3.0.101.rt130-69.14.1, kernel-syms-rt-3.0.101.rt130-69.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.14.1, kernel-rt_debug-3.0.101.rt130-69.14.1, kernel-rt_trace-3.0.101.rt130-69.14.1