Bug 1123161 - (CVE-2019-3819) VUL-1: CVE-2019-3819: kernel-source: kernel: infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()
(CVE-2019-3819)
VUL-1: CVE-2019-3819: kernel-source: kernel: infinite loop in drivers/hid/hid...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/223750/
CVSSv3:SUSE:CVE-2019-3819:4.2:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-25 11:59 UTC by Alexander Bergmann
Modified: 2020-06-08 23:25 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-01-25 11:59:36 UTC
rh#1669187

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service.

A suggested patch:

https://lore.kernel.org/lkml/20190125095744.3813-1-vdronov@redhat.com/T/#u

https://marc.info/?l=linux-input&m=154841031101012&w=2

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1669187
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819
Comment 1 Swamp Workflow Management 2019-02-19 20:22:29 UTC
SUSE-SU-2019:0439-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1012382,1023175,1042286,1065600,1065726,1070805,1084721,1086095,1086535,1091158,1091171,1091197,1094825,1095344,1098996,1099523,1099597,1100105,1101555,1103624,1104731,1105025,1105931,1106293,1107256,1107299,1107385,1107866,1108145,1108498,1109330,1110286,1110837,1111062,1113192,1113751,1113769,1114190,1114648,1114763,1115433,1115440,1116027,1116183,1116345,1117186,1117187,1118152,1118319,1119714,1119946,1119947,1120743,1120758,1121621,1123161
CVE References: CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.101.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.101.1
Comment 2 Takashi Iwai 2019-02-22 11:20:26 UTC
I backported to SLE15 now (without noticing this entry before :).
The upstream commit is 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035

SLE12-SP3 already received the fix via 4.4.175 stable.  A similar fix is needed to cve/linux-4.4 and cve/linux-3.12.

cve/linux-3.0 seems unaffected because it lacks the commit 717adfdaf147.
Comment 4 Swamp Workflow Management 2019-03-13 14:23:53 UTC
This is an autogenerated message for OBS integration:
This bug (1123161) was mentioned in
https://build.opensuse.org/request/show/684697 15.0 / kernel-source
Comment 5 Swamp Workflow Management 2019-03-15 09:57:52 UTC
This is an autogenerated message for OBS integration:
This bug (1123161) was mentioned in
https://build.opensuse.org/request/show/685279 15.0 / kernel-source
Comment 13 Swamp Workflow Management 2019-03-26 13:35:36 UTC
This is an autogenerated message for OBS integration:
This bug (1123161) was mentioned in
https://build.opensuse.org/request/show/688712 15.0 / kernel-source
Comment 14 Swamp Workflow Management 2019-03-26 20:27:55 UTC
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178
CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-03-27 09:38:52 UTC
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178
CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_3-1-6.7.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2019-03-27 19:04:58 UTC
SUSE-SU-2019:0767-1: An update that solves 12 vulnerabilities and has 205 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122159,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126284,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127081,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127577,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128378,1128451,1128895,1129016,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,828192
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.9.1, kernel-source-azure-4.12.14-6.9.1, kernel-syms-azure-4.12.14-6.9.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-03-28 12:48:35 UTC
SUSE-SU-2019:0784-1: An update that solves 12 vulnerabilities and has 197 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.14.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.14.2, kernel-docs-4.12.14-150.14.1, kernel-obs-qa-4.12.14-150.14.2
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.14.2, kernel-livepatch-SLE15_Update_9-1-1.9.3
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.14.2
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.14.1, kernel-obs-build-4.12.14-150.14.2, kernel-source-4.12.14-150.14.1, kernel-syms-4.12.14-150.14.1, kernel-vanilla-4.12.14-150.14.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.14.2, kernel-source-4.12.14-150.14.1, kernel-zfcpdump-4.12.14-150.14.2
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.14.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-03-28 12:52:12 UTC
SUSE-SU-2019:0784-1: An update that solves 12 vulnerabilities and has 197 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.14.2, kernel-livepatch-SLE15_Update_9-1-1.9.3

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2019-03-28 14:25:53 UTC
SUSE-SU-2019:0785-1: An update that solves 12 vulnerabilities and has 198 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127578,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.24.1, kernel-source-azure-4.12.14-5.24.1, kernel-syms-azure-4.12.14-5.24.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2019-04-03 10:09:11 UTC
This is an autogenerated message for OBS integration:
This bug (1123161) was mentioned in
https://build.opensuse.org/request/show/690934 15.0 / kernel-source
Comment 21 Swamp Workflow Management 2019-04-12 10:23:42 UTC
openSUSE-SU-2019:1193-1: An update that solves 6 vulnerabilities and has 171 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050549,1051510,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1086095,1086282,1088133,1094244,1094555,1098995,1100132,1103429,1106811,1107078,1107665,1108101,1110096,1113042,1113399,1113722,1113939,1114279,1114585,1117108,1117645,1119019,1119086,1119843,1120008,1120601,1120854,1120902,1120909,1121317,1121789,1121805,1122192,1122764,1122822,1122982,1123060,1123061,1123105,1123161,1123456,1123882,1124055,1124235,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1125125,1125252,1125315,1125342,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126356,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126740,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127378,1127445,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129276,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129770,1129923,1130130,1130154,1130335,1130336,1130337,1130338,1130425,1130427,1130518,1131062,824948
CVE References: CVE-2019-2024,CVE-2019-3819,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.58.1, kernel-default-4.12.14-lp150.12.58.1, kernel-docs-4.12.14-lp150.12.58.1, kernel-kvmsmall-4.12.14-lp150.12.58.1, kernel-obs-build-4.12.14-lp150.12.58.1, kernel-obs-qa-4.12.14-lp150.12.58.1, kernel-source-4.12.14-lp150.12.58.1, kernel-syms-4.12.14-lp150.12.58.1, kernel-vanilla-4.12.14-lp150.12.58.1
Comment 22 Swamp Workflow Management 2019-05-21 06:07:11 UTC
SUSE-SU-2019:1289-1: An update that solves 33 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1031240,1034862,1066674,1071021,1086535,1091171,1094825,1100001,1102517,1103097,1104475,1105025,1105296,1106913,1107829,1108498,1110768,1111331,1111516,1113751,1113769,1114648,1114920,1115007,1115038,1116345,1116841,1118152,1118319,1119714,1119946,1120743,1120758,1121621,1122015,1123161,1124010,1124728,1124732,1124735,1126890,1128166,1131416,1131427,1132828,1133188
CVE References: CVE-2016-10741,CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2017-7472,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-14633,CVE-2018-15572,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-5391,CVE-2018-9516,CVE-2018-9568,CVE-2019-11091,CVE-2019-11486,CVE-2019-3459,CVE-2019-3460,CVE-2019-3882,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-8564,CVE-2019-9213,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.110.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Borislav Petkov 2019-08-12 08:00:02 UTC
This is done now, bouncing back.
Comment 31 Swamp Workflow Management 2019-09-02 10:24:51 UTC
SUSE-SU-2019:2263-1: An update that solves 12 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1106061,1123161,1125674,1127034,1128977,1130972,1133860,1134399,1135335,1135365,1137584,1139358,1139826,1140652,1140903,1140945,1141181,1141401,1141402,1141452,1141453,1141454,1142023,1142254,1142857,1143045,1143048,1143189,1143191,1143333,1144257,1144273,1144288,1144920,1145920,1145922
CVE References: CVE-2018-20855,CVE-2018-20856,CVE-2019-10207,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284,CVE-2019-15117,CVE-2019-15118,CVE-2019-3819
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.103.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.103.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2019-09-05 10:14:31 UTC
SUSE-SU-2019:2299-1: An update that solves 12 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1045640,1076033,1107256,1123161,1130972,1134399,1139358,1140012,1140652,1140903,1140945,1141401,1141402,1141452,1141453,1141454,1141628,1142023,1142098,1142857,1143045,1143048,1143189,1143191,1144257,1144273,1144288,1144920,1145920,1145922,1146163
CVE References: CVE-2017-18551,CVE-2018-20855,CVE-2018-20856,CVE-2019-10207,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-14283,CVE-2019-14284,CVE-2019-15117,CVE-2019-15118,CVE-2019-3819
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.120.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Marcus Meissner 2020-02-03 07:18:06 UTC
fixed