Bug 1135281 - (CVE-2019-11833) VUL-1: CVE-2019-11833: kernel-source: fs/ext4/extents.c does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitia
(CVE-2019-11833)
VUL-1: CVE-2019-11833: kernel-source: fs/ext4/extents.c does not zero out th...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/232981/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-16 05:18 UTC by Marcus Meissner
Modified: 2019-09-23 22:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-05-16 05:18:15 UTC
CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused
memory region in the extent tree block, which might allow local users to obtain
sensitive information by reading uninitialized data in the filesystem.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833
https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
Comment 1 Jan Kara 2019-05-16 07:42:42 UTC
I don't see a way for non-root user to actually read the stored information from the extent tree block. So I think the problem is actually harmless. Sure it makes sense to zero out the buffer tail before writeout just as a future-proofing but I don't see this being security relevant in any way.

In the light of this, to which branches do we want to port the commit? I assume all supported ones. But do we want also all LTSS?
Comment 2 Takashi Iwai 2019-05-16 08:03:18 UTC
Yes, all security issues tagged with CVE are targets for LTSS, so please backport to cve/* branches if possible.
Comment 3 Marcus Meissner 2019-05-16 14:05:46 UTC
which branches are affected?
Comment 4 Jan Kara 2019-05-16 14:39:24 UTC
Likely everything which has ext4 driver - i.e., anything 3.0-based or newer, supported in SLE since SLE12 (3.12-based kernels).
Comment 5 Jan Kara 2019-05-22 16:19:02 UTC
OK, I've pushed out the fix to SLE15, cve/linux-4.4, cve/linux-3.12 branches. In 3.0-based kernels we support ext4 in read-only mode so I would just ignore the issue (should not happen in supported configuration) and older kernels don't have ext4 supported / present at all.
Comment 6 Jan Kara 2019-05-23 10:57:57 UTC
OK, build-bot confirmed all branches are fine, reassigning to security-team for further handling.
Comment 24 Swamp Workflow Management 2019-06-17 18:07:18 UTC
This is an autogenerated message for OBS integration:
This bug (1135281) was mentioned in
https://build.opensuse.org/request/show/710403 15.0 / kernel-source
https://build.opensuse.org/request/show/710405 42.3 / kernel-source
Comment 25 Swamp Workflow Management 2019-06-17 22:26:32 UTC
SUSE-SU-2019:1529-1: An update that solves 14 vulnerabilities and has 130 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1055186,1056787,1058115,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111696,1112063,1113722,1114427,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128979,1129138,1129273,1129497,1129693,1129770,1130579,1130699,1130972,1131326,1131451,1131488,1131565,1131673,1132044,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134597,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.22.1, kernel-livepatch-SLE15_Update_11-1-1.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2019-06-17 22:45:33 UTC
SUSE-SU-2019:1530-1: An update that solves 14 vulnerabilities and has 132 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1056787,1058115,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108838,1110946,1111696,1112063,1113722,1114427,1114893,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128905,1128979,1129138,1129497,1129693,1129770,1129848,1129857,1130409,1130699,1130972,1131451,1131488,1131565,1131673,1132044,1132894,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134591,1134597,1134607,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.19.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.19.1, kernel-obs-build-4.12.14-95.19.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.19.1, kernel-source-4.12.14-95.19.1, kernel-syms-4.12.14-95.19.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.19.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.19.1, kernel-source-4.12.14-95.19.1, kernel-syms-4.12.14-95.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2019-06-17 23:04:58 UTC
SUSE-SU-2019:1529-1: An update that solves 14 vulnerabilities and has 130 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1055186,1056787,1058115,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111696,1112063,1113722,1114427,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128979,1129138,1129273,1129497,1129693,1129770,1130579,1130699,1130972,1131326,1131451,1131488,1131565,1131673,1132044,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134597,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.22.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.22.1, kernel-docs-4.12.14-150.22.1, kernel-obs-qa-4.12.14-150.22.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.22.1, kernel-livepatch-SLE15_Update_11-1-1.5.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.22.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.22.1, kernel-obs-build-4.12.14-150.22.1, kernel-source-4.12.14-150.22.1, kernel-syms-4.12.14-150.22.1, kernel-vanilla-4.12.14-150.22.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.22.1, kernel-source-4.12.14-150.22.1, kernel-zfcpdump-4.12.14-150.22.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2019-06-17 23:24:03 UTC
SUSE-SU-2019:1530-1: An update that solves 14 vulnerabilities and has 132 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1056787,1058115,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108838,1110946,1111696,1112063,1113722,1114427,1114893,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128905,1128979,1129138,1129497,1129693,1129770,1129848,1129857,1130409,1130699,1130972,1131451,1131488,1131565,1131673,1132044,1132894,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134591,1134597,1134607,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.19.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.19.1, kernel-obs-build-4.12.14-95.19.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.19.1, kernel-source-4.12.14-95.19.1, kernel-syms-4.12.14-95.19.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_5-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.19.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.19.1, kernel-source-4.12.14-95.19.1, kernel-syms-4.12.14-95.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2019-06-17 23:38:23 UTC
SUSE-SU-2019:1532-1: An update that solves 13 vulnerabilities and has 73 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1012382,1019695,1019696,1022604,1063638,1065600,1085535,1085539,1090888,1099658,1100132,1106110,1106284,1106929,1108293,1108838,1110785,1110946,1112063,1112178,1116803,1117562,1119086,1120642,1120843,1120902,1122776,1126040,1126356,1128052,1129138,1129770,1130972,1131107,1131488,1131565,1132212,1132472,1133188,1133874,1134160,1134162,1134338,1134537,1134564,1134565,1134566,1134651,1134760,1134806,1134813,1134848,1135013,1135014,1135015,1135100,1135120,1135281,1135603,1135642,1135661,1135878,1136424,1136438,1136448,1136449,1136451,1136452,1136455,1136458,1136539,1136573,1136575,1136586,1136590,1136623,1136810,1136935,1136990,1137142,1137162,1137586,843419
CVE References: CVE-2018-17972,CVE-2018-7191,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_26-1-4.3.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2019-06-17 23:55:21 UTC
SUSE-SU-2019:1536-1: An update that solves 13 vulnerabilities and has 132 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1056787,1058115,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108838,1110946,1111696,1112063,1113722,1114427,1114893,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128905,1128979,1129138,1129497,1129693,1129770,1129848,1129857,1130409,1130972,1131451,1131488,1131565,1131673,1132044,1132894,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134591,1134597,1134607,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.15.2, kernel-source-azure-4.12.14-6.15.2, kernel-syms-azure-4.12.14-6.15.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2019-06-18 00:02:49 UTC
SUSE-SU-2019:1533-1: An update that solves 9 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1104367,1110785,1113769,1120843,1120885,1125580,1125931,1131543,1131587,1132374,1132472,1134848,1135281,1136424,1136446,1137586
CVE References: CVE-2018-17972,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11833,CVE-2019-11884,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.115.1, kernel-source-3.12.74-60.64.115.1, kernel-syms-3.12.74-60.64.115.1, kernel-xen-3.12.74-60.64.115.1, kgraft-patch-SLE12-SP1_Update_34-1-2.5.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.115.1, kernel-source-3.12.74-60.64.115.1, kernel-syms-3.12.74-60.64.115.1, kernel-xen-3.12.74-60.64.115.1, kgraft-patch-SLE12-SP1_Update_34-1-2.5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2019-06-18 00:12:19 UTC
SUSE-SU-2019:1532-1: An update that solves 13 vulnerabilities and has 73 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1012382,1019695,1019696,1022604,1063638,1065600,1085535,1085539,1090888,1099658,1100132,1106110,1106284,1106929,1108293,1108838,1110785,1110946,1112063,1112178,1116803,1117562,1119086,1120642,1120843,1120902,1122776,1126040,1126356,1128052,1129138,1129770,1130972,1131107,1131488,1131565,1132212,1132472,1133188,1133874,1134160,1134162,1134338,1134537,1134564,1134565,1134566,1134651,1134760,1134806,1134813,1134848,1135013,1135014,1135015,1135100,1135120,1135281,1135603,1135642,1135661,1135878,1136424,1136438,1136448,1136449,1136451,1136452,1136455,1136458,1136539,1136573,1136575,1136586,1136590,1136623,1136810,1136935,1136990,1137142,1137162,1137586,843419
CVE References: CVE-2018-17972,CVE-2018-7191,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.180-94.97.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.180-94.97.1, kernel-obs-build-4.4.180-94.97.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.180-94.97.1, kernel-source-4.4.180-94.97.1, kernel-syms-4.4.180-94.97.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_26-1-4.3.3
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.97.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.180-94.97.1, kernel-source-4.4.180-94.97.1, kernel-syms-4.4.180-94.97.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.180-94.97.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2019-06-18 00:24:15 UTC
SUSE-SU-2019:1527-1: An update that solves 14 vulnerabilities and has 81 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1012382,1019695,1019696,1022604,1053043,1063638,1065600,1066223,1085535,1085539,1090888,1099658,1100132,1106110,1106284,1106929,1108293,1108838,1110785,1110946,1112063,1112178,1116803,1117562,1119086,1120642,1120843,1120885,1120902,1122776,1125580,1126040,1126356,1128052,1129138,1129770,1130972,1131107,1131488,1131543,1131565,1132212,1132374,1132472,1133188,1133874,1134160,1134162,1134338,1134537,1134564,1134565,1134566,1134651,1134760,1134806,1134813,1134848,1135013,1135014,1135015,1135100,1135120,1135281,1135603,1135642,1135661,1135878,1136424,1136438,1136446,1136448,1136449,1136451,1136452,1136455,1136458,1136539,1136573,1136575,1136586,1136590,1136623,1136810,1136935,1136990,1137142,1137162,1137586,1137739,1137752,843419
CVE References: CVE-2013-4343,CVE-2018-17972,CVE-2018-7191,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.180-4.31.1, kernel-source-azure-4.4.180-4.31.1, kernel-syms-azure-4.4.180-4.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2019-06-18 00:43:56 UTC
SUSE-SU-2019:1535-1: An update that solves 14 vulnerabilities and has 131 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1055186,1056787,1058115,1061840,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111696,1112063,1113722,1114427,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128979,1129138,1129273,1129497,1129693,1129770,1130579,1130699,1130972,1131326,1131451,1131488,1131565,1131673,1132044,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134597,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.30.1, kernel-source-azure-4.12.14-5.30.1, kernel-syms-azure-4.12.14-5.30.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-azure-4.12.14-5.30.1, kernel-source-azure-4.12.14-5.30.1, kernel-syms-azure-4.12.14-5.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2019-06-18 00:51:04 UTC
SUSE-SU-2019:1534-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1099658,1106284,1110785,1113769,1120843,1120885,1131543,1131565,1132374,1132472,1134537,1134596,1134848,1135281,1135603,1136424,1136446,1136586,1136935,1137586
CVE References: CVE-2018-17972,CVE-2018-7191,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.114.1, kernel-source-4.4.121-92.114.1, kernel-syms-4.4.121-92.114.1, kgraft-patch-SLE12-SP2_Update_30-1-3.5.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.114.1, kernel-source-4.4.121-92.114.1, kernel-syms-4.4.121-92.114.1, kgraft-patch-SLE12-SP2_Update_30-1-3.5.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.114.1, kernel-source-4.4.121-92.114.1, kernel-syms-4.4.121-92.114.1, kgraft-patch-SLE12-SP2_Update_30-1-3.5.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.114.1, kernel-source-4.4.121-92.114.1, kernel-syms-4.4.121-92.114.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.114.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.114.1, kernel-source-4.4.121-92.114.1, kernel-syms-4.4.121-92.114.1, kgraft-patch-SLE12-SP2_Update_30-1-3.5.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.114.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2019-06-18 13:20:10 UTC
openSUSE-SU-2019:1570-1: An update that solves 15 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1012382,1019695,1019696,1022604,1053043,1063638,1065600,1066223,1085535,1085539,1090888,1099658,1100132,1106110,1106284,1106929,1108838,1109137,1112178,1117562,1119086,1120642,1120843,1120902,1125580,1126356,1127155,1128052,1129770,1131107,1131543,1131565,1132374,1132472,1133190,1133874,1134338,1134806,1134813,1135120,1135281,1135603,1135642,1135661,1135878,1136424,1136438,1136448,1136449,1136451,1136452,1136455,1136458,1136539,1136573,1136575,1136586,1136590,1136598,1136623,1136810,1136922,1136935,1136990,1136993,1137142,1137162,1137586,1137739,1137752,1137915,1138291,1138293,1138374
CVE References: CVE-2018-7191,CVE-2019-11190,CVE-2019-11191,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11487,CVE-2019-11833,CVE-2019-12380,CVE-2019-12382,CVE-2019-12456,CVE-2019-12818,CVE-2019-12819,CVE-2019-3846,CVE-2019-5489
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.180-102.1, kernel-default-4.4.180-102.1, kernel-docs-4.4.180-102.1, kernel-obs-build-4.4.180-102.1, kernel-obs-qa-4.4.180-102.1, kernel-source-4.4.180-102.1, kernel-syms-4.4.180-102.1, kernel-vanilla-4.4.180-102.1
Comment 37 Swamp Workflow Management 2019-06-18 19:48:53 UTC
SUSE-SU-2019:1550-1: An update that solves 28 vulnerabilities and has 318 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1050549,1051510,1052904,1053043,1055117,1055121,1055186,1056787,1058115,1061840,1063638,1064802,1065600,1065729,1066129,1068546,1070872,1071995,1075020,1082387,1082555,1083647,1085535,1085536,1086657,1088804,1093389,1097583,1097584,1097585,1097586,1097587,1097588,1099658,1103186,1103259,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111331,1111666,1111696,1112063,1112128,1112178,1113722,1113956,1114279,1114427,1114542,1114638,1115688,1117114,1117158,1117561,1118139,1119680,1119843,1120091,1120318,1120423,1120566,1120843,1120902,1122767,1122776,1123454,1123663,1124503,1124839,1126206,1126356,1126704,1127175,1127371,1127374,1127616,1128052,1128415,1128544,1128904,1128971,1128979,1129138,1129273,1129497,1129693,1129770,1129845,1130195,1130425,1130527,1130567,1130579,1130699,1130937,1130972,1131326,1131427,1131438,1131451,1131467,1131488,1131530,1131565,1131574,1131587,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132044,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132673,1132681,1132726,1132828,1132894,1132943,1132982,1133005,1133016,1133094,1133095,1133115,1133149,1133176,1133188,1133190,1133320,1133486,1133529,1133547,1133584,1133593,1133612,1133616,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,1133897,1134090,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134223,1134354,1134393,1134397,1134459,1134460,1134461,1134597,1134600,1134607,1134618,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1134945,1134946,1134947,1134948,1134949,1134950,1134951,1134952,1134953,1134972,1134974,1134975,1134980,1134981,1134983,1134987,1134989,1134990,1134994,1134995,1134998,1134999,1135006,1135007,1135008,1135018,1135021,1135024,1135026,1135027,1135028,1135029,1135031,1135033,1135034,1135035,1135036,1135037,1135038,1135039,1135041,1135042,1135044,1135045,1135046,1135047,1135049,1135051,1135052,1135053,1135055,1135056,1135058,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136188,1136206,1136215,1136345,1136347,1136348,1136353,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136456,1136460,1136461,1136469,1136477,1136478,1136498,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137201,1137224,1137232,1137233,1137236,1137372,1137429,1137444,1137586,1137739,1137752,1138291,1138293
CVE References: CVE-2017-5753,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16880,CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11091,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11811,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-12818,CVE-2019-12819,CVE-2019-3846,CVE-2019-3882,CVE-2019-5489,CVE-2019-8564,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.4.1, kernel-livepatch-SLE15-SP1_Update_1-1-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2019-06-18 22:20:10 UTC
openSUSE-SU-2019:1579-1: An update that solves 15 vulnerabilities and has 115 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1051510,1053043,1056787,1058115,1061840,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106284,1108838,1111696,1113722,1114427,1115688,1117158,1117561,1118139,1120091,1120423,1120566,1120843,1120902,1123454,1123663,1124503,1126356,1127616,1128052,1128432,1128904,1129693,1129770,1130699,1131565,1131673,1133190,1133320,1133612,1133616,1134597,1134671,1134806,1134936,1135056,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136598,1136881,1136922,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137429,1137444,1137586,1137739,1137752,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375
CVE References: CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11487,CVE-2019-11833,CVE-2019-12380,CVE-2019-12382,CVE-2019-12456,CVE-2019-12818,CVE-2019-12819,CVE-2019-3846,CVE-2019-5489
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.64.1, kernel-default-4.12.14-lp150.12.64.1, kernel-docs-4.12.14-lp150.12.64.1, kernel-kvmsmall-4.12.14-lp150.12.64.1, kernel-obs-build-4.12.14-lp150.12.64.1, kernel-obs-qa-4.12.14-lp150.12.64.1, kernel-source-4.12.14-lp150.12.64.1, kernel-syms-4.12.14-lp150.12.64.1, kernel-vanilla-4.12.14-lp150.12.64.1
Comment 39 Swamp Workflow Management 2019-06-18 23:04:25 UTC
SUSE-SU-2019:1550-1: An update that solves 28 vulnerabilities and has 318 fixes is now available.

Category: security (important)
Bug References: 1012382,1050242,1050549,1051510,1052904,1053043,1055117,1055121,1055186,1056787,1058115,1061840,1063638,1064802,1065600,1065729,1066129,1068546,1070872,1071995,1075020,1082387,1082555,1083647,1085535,1085536,1086657,1088804,1093389,1097583,1097584,1097585,1097586,1097587,1097588,1099658,1103186,1103259,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111331,1111666,1111696,1112063,1112128,1112178,1113722,1113956,1114279,1114427,1114542,1114638,1115688,1117114,1117158,1117561,1118139,1119680,1119843,1120091,1120318,1120423,1120566,1120843,1120902,1122767,1122776,1123454,1123663,1124503,1124839,1126206,1126356,1126704,1127175,1127371,1127374,1127616,1128052,1128415,1128544,1128904,1128971,1128979,1129138,1129273,1129497,1129693,1129770,1129845,1130195,1130425,1130527,1130567,1130579,1130699,1130937,1130972,1131326,1131427,1131438,1131451,1131467,1131488,1131530,1131565,1131574,1131587,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132044,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132673,1132681,1132726,1132828,1132894,1132943,1132982,1133005,1133016,1133094,1133095,1133115,1133149,1133176,1133188,1133190,1133320,1133486,1133529,1133547,1133584,1133593,1133612,1133616,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,1133897,1134090,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134223,1134354,1134393,1134397,1134459,1134460,1134461,1134597,1134600,1134607,1134618,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1134945,1134946,1134947,1134948,1134949,1134950,1134951,1134952,1134953,1134972,1134974,1134975,1134980,1134981,1134983,1134987,1134989,1134990,1134994,1134995,1134998,1134999,1135006,1135007,1135008,1135018,1135021,1135024,1135026,1135027,1135028,1135029,1135031,1135033,1135034,1135035,1135036,1135037,1135038,1135039,1135041,1135042,1135044,1135045,1135046,1135047,1135049,1135051,1135052,1135053,1135055,1135056,1135058,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136188,1136206,1136215,1136345,1136347,1136348,1136353,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136456,1136460,1136461,1136469,1136477,1136478,1136498,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137201,1137224,1137232,1137233,1137236,1137372,1137429,1137444,1137586,1137739,1137752,1138291,1138293
CVE References: CVE-2017-5753,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16880,CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11091,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11811,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-12818,CVE-2019-12819,CVE-2019-3846,CVE-2019-3882,CVE-2019-5489,CVE-2019-8564,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.4.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.4.1, kernel-debug-4.12.14-197.4.1, kernel-default-4.12.14-197.4.1, kernel-docs-4.12.14-197.4.1, kernel-kvmsmall-4.12.14-197.4.1, kernel-obs-qa-4.12.14-197.4.1, kernel-source-4.12.14-197.4.1, kernel-vanilla-4.12.14-197.4.1, kernel-zfcpdump-4.12.14-197.4.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.4.1, kernel-livepatch-SLE15-SP1_Update_1-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.4.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.4.1, kernel-obs-build-4.12.14-197.4.1, kernel-source-4.12.14-197.4.1, kernel-syms-4.12.14-197.4.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.4.1, kernel-source-4.12.14-197.4.1, kernel-zfcpdump-4.12.14-197.4.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2019-06-24 22:12:45 UTC
SUSE-SU-2019:1692-1: An update that solves 9 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1090078,1110785,1113769,1120843,1120885,1125580,1125931,1131543,1131587,1132374,1132472,1134848,1135281,1136424,1136446,1137586
CVE References: CVE-2018-17972,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11833,CVE-2019-11884,CVE-2019-3846,CVE-2019-5489
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.154.1, kernel-source-3.12.61-52.154.1, kernel-syms-3.12.61-52.154.1, kernel-xen-3.12.61-52.154.1, kgraft-patch-SLE12_Update_40-1-1.5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.154.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Marcus Meissner 2019-07-15 08:51:42 UTC
done
Comment 45 Swamp Workflow Management 2019-09-23 14:01:35 UTC
SUSE-SU-2019:2430-1: An update that solves 45 vulnerabilities and has 474 fixes is now available.

Category: security (important)
Bug References: 1050242,1050549,1051510,1052904,1053043,1055117,1055121,1055186,1056787,1058115,1061840,1064802,1065600,1065729,1066129,1070872,1071995,1075020,1082387,1082555,1083647,1083710,1085535,1085536,1088047,1088804,1093389,1094555,1096003,1098633,1099658,1102247,1103186,1103259,1103990,1103991,1103992,1104745,1106011,1106284,1106383,1106751,1108193,1108838,1108937,1109837,1110946,1111331,1111666,1111696,1112063,1112128,1112178,1112374,1113722,1113956,1114279,1114427,1114542,1114638,1114685,1115688,1117114,1117158,1117561,1118139,1119113,1119222,1119532,1119680,1120091,1120318,1120423,1120566,1120843,1120902,1122767,1122776,1123080,1123454,1123663,1124503,1124839,1125703,1126206,1126356,1126704,1127034,1127175,1127315,1127371,1127374,1127611,1127616,1128052,1128415,1128432,1128544,1128902,1128904,1128971,1128979,1129138,1129273,1129693,1129770,1129845,1130195,1130425,1130527,1130567,1130579,1130699,1130836,1130937,1130972,1131326,1131427,1131438,1131451,1131467,1131488,1131530,1131565,1131574,1131587,1131645,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132044,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132390,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132673,1132681,1132726,1132828,1132894,1132943,1132982,1133005,1133016,1133021,1133094,1133095,1133115,1133149,1133176,1133188,1133190,1133311,1133320,1133401,1133486,1133529,1133547,1133584,1133593,1133612,1133616,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133738,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,1133897,1134090,1134097,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134223,1134303,1134354,1134390,1134393,1134395,1134397,1134399,1134459,1134460,1134461,1134597,1134600,1134607,1134618,1134651,1134671,1134730,1134738,1134743,1134760,1134806,1134810,1134813,1134848,1134936,1134945,1134946,1134947,1134948,1134949,1134950,1134951,1134952,1134953,1134972,1134974,1134975,1134980,1134981,1134983,1134987,1134989,1134990,1134994,1134995,1134998,1134999,1135006,1135007,1135008,1135018,1135021,1135024,1135026,1135027,1135028,1135029,1135031,1135033,1135034,1135035,1135036,1135037,1135038,1135039,1135041,1135042,1135044,1135045,1135046,1135047,1135049,1135051,1135052,1135053,1135055,1135056,1135058,1135100,1135120,1135153,1135278,1135281,1135296,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135335,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1135897,1136156,1136157,1136161,1136188,1136206,1136215,1136217,1136264,1136271,1136333,1136342,1136343,1136345,1136347,1136348,1136353,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136456,1136460,1136461,1136462,1136467,1136469,1136477,1136478,1136498,1136573,1136586,1136598,1136881,1136922,1136935,1136978,1136990,1137103,1137151,1137152,1137153,1137162,1137194,1137201,1137224,1137232,1137233,1137236,1137366,1137372,1137429,1137444,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137739,1137752,1137811,1137827,1137884,1137985,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138263,1138291,1138293,1138336,1138374,1138375,1138589,1138681,1138719,1138732,1138874,1138879,1139358,1139619,1139712,1139751,1139771,1139865,1140133,1140139,1140228,1140322,1140328,1140405,1140424,1140428,1140454,1140463,1140559,1140575,1140577,1140637,1140652,1140658,1140676,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141312,1141401,1141402,1141452,1141453,1141454,1141478,1141558,1142023,1142052,1142083,1142112,1142115,1142119,1142220,1142221,1142254,1142350,1142351,1142354,1142359,1142450,1142623,1142673,1142701,1142868,1143003,1143045,1143105,1143185,1143189,1143191,1143209,1143507
CVE References: CVE-2017-5753,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16871,CVE-2018-16880,CVE-2018-20836,CVE-2018-20855,CVE-2018-7191,CVE-2019-10124,CVE-2019-10638,CVE-2019-10639,CVE-2019-11085,CVE-2019-11091,CVE-2019-1125,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11599,CVE-2019-11810,CVE-2019-11811,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12380,CVE-2019-12382,CVE-2019-12456,CVE-2019-12614,CVE-2019-12817,CVE-2019-12818,CVE-2019-12819,CVE-2019-13233,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284,CVE-2019-3846,CVE-2019-3882,CVE-2019-5489,CVE-2019-8564,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.8.1, kernel-rt_debug-4.12.14-14.8.1, kernel-source-rt-4.12.14-14.8.1, kernel-syms-rt-4.12.14-14.8.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.8.1, kernel-rt_debug-4.12.14-14.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.