Bug 1137865 - (CVE-2019-9506) VUL-0: CVE-2019-9506: generic bluetooth problem (VU#918987) aka the "KNOB Attack"
(CVE-2019-9506)
VUL-0: CVE-2019-9506: generic bluetooth problem (VU#918987) aka the "KNOB Att...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/234804
CVSSv3:SUSE:CVE-2019-9506:6.4:(AV:A/A...
:
Depends on:
Blocks: 1146042
  Show dependency treegraph
 
Reported: 2019-06-11 13:06 UTC by Marcus Meissner
Modified: 2020-08-04 13:03 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Marcus Meissner 2019-08-16 06:31:59 UTC
https://knobattack.com/


About the KNOB Attack

Bluetooth is a wireless communication protocol commonly used between nearby devices to transfer data, for example between a wireless headset and a phone, or between two phones when transferring files between them. This communication can contain private and sensitive data, and the Bluetooth standard provides security features to protect against eavesdropping and manipulation. We found an attack that allows an attacker to break this security mechanism for any standard-compliant Bluetooth device. As a result, an attacker is able to the listen in on, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.

We call our attack the Key Negotiation of Bluetooth (KNOB) Attack. Because this attack affects basically all devices that "speak Bluetooth", we decided to coordinate public disclosure with industry to try to make sure that workarounds could be put in place. In November 2018 we shared details of the attack with the Bluetooth Special Interest Group (Bluetooth SIG)—the standards organisation that oversees the development of Bluetooth standards—as well as the CERT Coordination Center and the International Consortium for Advancement of Cybersecurity on the Internet (ICASI)—an industry led coordination body founded by Intel, Microsoft, Cisco, Juniper and IBM.

For more information on affected systems see CVE-2019-9506 . The technical details of the attack is available in our research paper. TL;DR: The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced.
Are my Devices Vulnerable?

The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.

After we disclosed our attack to industry in late 2018, some vendors might have implemented workarounds for the vulnerability on their devices. So the short answer is: if your device was not updated after late 2018, it is likely vulnerable. Devices updated afterwards might be fixed.
Comment 3 Marcus Meissner 2019-08-19 05:46:47 UTC
https://github.com/francozappa/knob

Al, is there any news from the linux bluetooth people on this?
Comment 4 Al Cho 2019-08-20 08:53:38 UTC
(In reply to Marcus Meissner from comment #3)
> https://github.com/francozappa/knob
> 
> Al, is there any news from the linux bluetooth people on this?

This is Hardware issue, but mitigation in Linux kernel can be applied:
d5bb334a8e17 Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (v5.2-rc1)
693cd8ce3f88 Bluetooth: Fix regression with minimum encryption key size alignment (v5.2-rc6)
eca94432934f Bluetooth: Fix faulty expression for minimum encryption key size check (v5.2)
Comment 5 Al Cho 2019-08-20 08:58:09 UTC
(In reply to Al Cho from comment #4)
> (In reply to Marcus Meissner from comment #3)
> > https://github.com/francozappa/knob
> > 
> > Al, is there any news from the linux bluetooth people on this?
> 
> This is Hardware issue, but mitigation in Linux kernel can be applied:
> d5bb334a8e17 Bluetooth: Align minimum encryption key size for LE and BR/EDR
> connections (v5.2-rc1)
> 693cd8ce3f88 Bluetooth: Fix regression with minimum encryption key size
> alignment (v5.2-rc6)
> eca94432934f Bluetooth: Fix faulty expression for minimum encryption key
> size check (v5.2)

SLE15 already backporting.
1b46ddeb012e Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). 
e8cd5876fc25 Replace the bluetooth fix with the upstream commit (bsc#1135556)
aa5dec4bfa13 Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).
Comment 8 Swamp Workflow Management 2019-10-08 19:32:20 UTC
This is an autogenerated message for OBS integration:
This bug (1137865) was mentioned in
https://build.opensuse.org/request/show/736317 15.0 / kernel-source
https://build.opensuse.org/request/show/736319 15.1 / kernel-source
Comment 9 Swamp Workflow Management 2019-10-10 22:13:58 UTC
openSUSE-SU-2019:2308-1: An update that solves four vulnerabilities and has 59 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1111666,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1137982,1140155,1141013,1142076,1142635,1146042,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150305,1150381,1150423,1150846,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.20.1, kernel-default-4.12.14-lp151.28.20.1, kernel-docs-4.12.14-lp151.28.20.1, kernel-kvmsmall-4.12.14-lp151.28.20.1, kernel-obs-build-4.12.14-lp151.28.20.1, kernel-obs-qa-4.12.14-lp151.28.20.1, kernel-source-4.12.14-lp151.28.20.1, kernel-syms-4.12.14-lp151.28.20.1, kernel-vanilla-4.12.14-lp151.28.20.1
Comment 10 Swamp Workflow Management 2019-10-10 22:23:17 UTC
openSUSE-SU-2019:2307-1: An update that solves four vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.76.1, kernel-default-4.12.14-lp150.12.76.1, kernel-docs-4.12.14-lp150.12.76.1, kernel-kvmsmall-4.12.14-lp150.12.76.1, kernel-obs-build-4.12.14-lp150.12.76.1, kernel-obs-qa-4.12.14-lp150.12.76.1, kernel-source-4.12.14-lp150.12.76.1, kernel-syms-4.12.14-lp150.12.76.1, kernel-vanilla-4.12.14-lp150.12.76.1
Comment 12 Swamp Workflow Management 2019-10-14 13:23:44 UTC
SUSE-SU-2019:2651-1: An update that solves 42 vulnerabilities and has 210 fixes is now available.

Category: security (important)
Bug References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1085030,1085536,1085539,1087092,1090734,1091171,1093205,1102097,1104902,1104967,1106061,1106284,1106434,1108382,1109158,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1114279,1114542,1118689,1119086,1120876,1120902,1120937,1123034,1123105,1124370,1127988,1129424,1129519,1129664,1131107,1131304,1131565,1134291,1134881,1134882,1135219,1135642,1135897,1136261,1137069,1137865,1137884,1137959,1138539,1139020,1139021,1139101,1139500,1140012,1140155,1140426,1140487,1141013,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1143300,1143466,1143765,1143841,1143843,1144123,1144333,1144474,1144518,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145051,1145059,1145134,1145189,1145235,1145300,1145302,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1146042,1146074,1146084,1146163,1146285,1146346,1146351,1146352,1146361,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148303,1148363,1148379,1148394,1148527,1148574,1148616,1148617,1148619,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150381,1150423,1150562,1150727,1150860,1150861,1150933,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.41.1, kernel-source-azure-4.12.14-5.41.1, kernel-syms-azure-4.12.14-5.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-10-14 19:25:10 UTC
SUSE-SU-2019:2658-1: An update that solves 45 vulnerabilities and has 270 fixes is now available.

Category: security (important)
Bug References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1082635,1085030,1085536,1085539,1086103,1087092,1090734,1091171,1093205,1102097,1103990,1104353,1104427,1104745,1104902,1104967,1106061,1106284,1106434,1108382,1109158,1109837,1111666,1112178,1112374,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1113994,1114279,1114542,1118689,1119086,1119113,1120046,1120876,1120902,1123034,1123105,1123959,1124370,1127988,1129424,1129519,1129664,1131107,1131281,1131304,1131489,1131565,1132686,1133021,1134291,1134476,1134881,1134882,1135219,1135642,1135897,1135990,1136039,1136261,1136346,1136349,1136352,1136496,1136498,1136502,1136682,1137069,1137322,1137323,1137586,1137865,1137884,1137959,1137982,1138099,1138100,1138539,1139020,1139021,1139101,1139500,1140012,1140155,1140426,1140487,1141013,1141340,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1142857,1143300,1143331,1143466,1143706,1143738,1143765,1143841,1143843,1143962,1144123,1144333,1144375,1144474,1144518,1144582,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145018,1145051,1145059,1145134,1145189,1145235,1145256,1145300,1145302,1145357,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145446,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1145946,1146042,1146074,1146084,1146141,1146163,1146215,1146285,1146346,1146351,1146352,1146361,1146368,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148219,1148297,1148303,1148308,1148363,1148379,1148394,1148527,1148570,1148574,1148616,1148617,1148619,1148698,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150562,1150727,1150846,1150860,1150861,1150933,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-11477,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15099,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.16.1, kernel-source-azure-4.12.14-8.16.1, kernel-syms-azure-4.12.14-8.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2019-10-17 16:16:46 UTC
SUSE-SU-2019:2706-1: An update that solves four vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.38.1, kernel-docs-4.12.14-150.38.1, kernel-obs-qa-4.12.14-150.38.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.38.1, kernel-obs-build-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-syms-4.12.14-150.38.1, kernel-vanilla-4.12.14-150.38.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-zfcpdump-4.12.14-150.38.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-10-17 16:25:39 UTC
SUSE-SU-2019:2706-1: An update that solves four vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.38.1, kernel-docs-4.12.14-150.38.1, kernel-obs-qa-4.12.14-150.38.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.38.1, kernel-livepatch-SLE15_Update_15-1-1.3.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.38.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.38.1, kernel-obs-build-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-syms-4.12.14-150.38.1, kernel-vanilla-4.12.14-150.38.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.38.1, kernel-source-4.12.14-150.38.1, kernel-zfcpdump-4.12.14-150.38.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-10-18 13:14:21 UTC
SUSE-SU-2019:2710-1: An update that solves four vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1111666,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1137982,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150305,1150381,1150423,1150846,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.21.1, kernel-debug-4.12.14-197.21.1, kernel-default-4.12.14-197.21.1, kernel-docs-4.12.14-197.21.1, kernel-kvmsmall-4.12.14-197.21.1, kernel-obs-qa-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-vanilla-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.21.1, kernel-obs-build-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-syms-4.12.14-197.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2019-10-18 13:25:00 UTC
SUSE-SU-2019:2710-1: An update that solves four vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1111666,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1137982,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150305,1150381,1150423,1150846,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.21.1, kernel-debug-4.12.14-197.21.1, kernel-default-4.12.14-197.21.1, kernel-docs-4.12.14-197.21.1, kernel-kvmsmall-4.12.14-197.21.1, kernel-obs-qa-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-vanilla-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.21.1, kernel-livepatch-SLE15-SP1_Update_6-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.21.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.21.1, kernel-obs-build-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-syms-4.12.14-197.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.21.1, kernel-source-4.12.14-197.21.1, kernel-zfcpdump-4.12.14-197.21.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2019-10-23 19:32:15 UTC
SUSE-SU-2019:2756-1: An update that solves 44 vulnerabilities and has 368 fixes is now available.

Category: security (important)
Bug References: 1012382,1047238,1050911,1051510,1053043,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1083647,1083710,1085030,1085536,1085539,1086103,1087092,1088047,1090734,1091171,1093205,1094555,1098633,1102097,1102247,1104902,1104967,1106061,1106284,1106383,1106434,1106751,1108382,1109137,1109158,1111666,1112178,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1114279,1114542,1115688,1117158,1118139,1118689,1119086,1119222,1119532,1120423,1120566,1120876,1120902,1120937,1123034,1123080,1123105,1123959,1124167,1124370,1124503,1127034,1127155,1127315,1127988,1128432,1128902,1128910,1129424,1129519,1129664,1129770,1130972,1131107,1131281,1131304,1131565,1132154,1132390,1132686,1133021,1133401,1134097,1134291,1134303,1134390,1134671,1134881,1134882,1135219,1135296,1135335,1135556,1135642,1135661,1135897,1136157,1136261,1136811,1136896,1136935,1136990,1137069,1137162,1137221,1137366,1137372,1137429,1137444,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137739,1137752,1137811,1137827,1137865,1137884,1137959,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138374,1138375,1138539,1138589,1138719,1139020,1139021,1139101,1139500,1139771,1139782,1139865,1140012,1140133,1140139,1140155,1140322,1140328,1140405,1140424,1140426,1140428,1140487,1140637,1140652,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141013,1141401,1141402,1141450,1141452,1141453,1141454,1141478,1141543,1141554,1142019,1142076,1142109,1142112,1142117,1142118,1142119,1142129,1142220,1142221,1142350,1142351,1142354,1142359,1142450,1142496,1142541,1142635,1142685,1142701,1142857,1142868,1143003,1143105,1143185,1143300,1143466,1143507,1143765,1143841,1143843,1144123,1144333,1144474,1144518,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145024,1145051,1145059,1145189,1145235,1145300,1145302,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1146042,1146074,1146084,1146163,1146285,1146346,1146351,1146352,1146361,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148303,1148363,1148379,1148394,1148527,1148574,1148616,1148617,1148619,1148698,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150381,1150423,1150562,1150727,1150860,1150861,1150933,1151350,1151610,1151667,1151671,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975
CVE References: CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-11479,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.6.1, kernel-rt_debug-4.12.14-8.6.1, kernel-source-rt-4.12.14-8.6.1, kernel-syms-rt-4.12.14-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2019-10-31 20:20:09 UTC
SUSE-SU-2019:2879-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1086323,1087092,1089644,1093205,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1113722,1114279,1117665,1119086,1122363,1123034,1123080,1127155,1127988,1131304,1133140,1134303,1135642,1135854,1135873,1137799,1137861,1137865,1137959,1140155,1140729,1140845,1140883,1141600,1142076,1142635,1142667,1144375,1144449,1145099,1146042,1146519,1146540,1146664,1148133,1148410,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1150452,1150465,1150875,1151350,1151508,1151610,1151667,1151671,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152788,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153646,1153713,1153717,1153718,1153719,1153811,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154747
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-16232,CVE-2019-16234,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.37.1, kernel-obs-build-4.12.14-95.37.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2019-10-31 20:36:20 UTC
SUSE-SU-2019:2879-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1086323,1087092,1089644,1093205,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1113722,1114279,1117665,1119086,1122363,1123034,1123080,1127155,1127988,1131304,1133140,1134303,1135642,1135854,1135873,1137799,1137861,1137865,1137959,1140155,1140729,1140845,1140883,1141600,1142076,1142635,1142667,1144375,1144449,1145099,1146042,1146519,1146540,1146664,1148133,1148410,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1150452,1150465,1150875,1151350,1151508,1151610,1151667,1151671,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152788,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153646,1153713,1153717,1153718,1153719,1153811,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154747
CVE References: CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-16232,CVE-2019-16234,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.37.1, kernel-obs-build-4.12.14-95.37.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_9-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.37.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.37.1, kernel-source-4.12.14-95.37.1, kernel-syms-4.12.14-95.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2019-11-12 23:20:13 UTC
SUSE-SU-2019:2949-1: An update that solves 49 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1051510,1084878,1117665,1131107,1133140,1135966,1135967,1136261,1137865,1139073,1140671,1141013,1141054,1142458,1143187,1144123,1144903,1145477,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146550,1146584,1146589,1147022,1147122,1148394,1148938,1149083,1149376,1149522,1149527,1149555,1149612,1150025,1150112,1150452,1150457,1150465,1150727,1150942,1151347,1151350,1152685,1152782,1152788,1153158,1153263,1154103,1154372,1155131,1155671
CVE References: CVE-2016-10906,CVE-2017-18379,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.107.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.107.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2019-11-13 01:34:40 UTC
SUSE-SU-2019:2950-1: An update that solves 40 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1117665,1123959,1137586,1137865,1137944,1139073,1139751,1142857,1144903,1145477,1145922,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146584,1146612,1147122,1148938,1149376,1149522,1149527,1149555,1150025,1150112,1150452,1150457,1150465,1151347,1151350,1152782,1152788,1153119,1155671,999278
CVE References: CVE-2016-10906,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-10207,CVE-2019-10220,CVE-2019-11135,CVE-2019-11477,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15118,CVE-2019-15212,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15807,CVE-2019-15902,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-17055,CVE-2019-17056,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.124.1, kernel-source-3.12.74-60.64.124.1, kernel-syms-3.12.74-60.64.124.1, kernel-xen-3.12.74-60.64.124.1, kgraft-patch-SLE12-SP1_Update_37-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.124.1, kernel-source-3.12.74-60.64.124.1, kernel-syms-3.12.74-60.64.124.1, kernel-xen-3.12.74-60.64.124.1, kgraft-patch-SLE12-SP1_Update_37-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2019-11-15 14:14:03 UTC
SUSE-SU-2019:2984-1: An update that solves 49 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1068032,1084878,1092497,1106913,1117665,1135966,1135967,1137865,1139550,1140671,1141054,1144338,1144903,1145477,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146584,1147122,1148394,1148938,1149376,1149522,1149527,1149555,1149612,1149849,1150025,1150112,1150223,1150452,1150457,1150465,1150466,1151347,1151350,1152685,1152782,1152788,1153158,1154372,1155671,1155898,1156187
CVE References: CVE-2016-10906,CVE-2017-18509,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18680,CVE-2019-18805,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.125.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2019-12-06 23:23:26 UTC
SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2019-12-07 00:00:39 UTC
SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.7.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.7.1, kernel-obs-build-4.12.14-122.7.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kernel-source-4.12.14-122.7.1, kernel-syms-4.12.14-122.7.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2019-12-13 23:43:51 UTC
SUSE-SU-2019:3295-1: An update that solves 20 vulnerabilities and has 186 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1111666,1112178,1113722,1113994,1114279,1117665,1119086,1119461,1119465,1123034,1123080,1127988,1131107,1131304,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137069,1137799,1137861,1137865,1137959,1137982,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141600,1142076,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146042,1146519,1146540,1146612,1146664,1148133,1148410,1148712,1148868,1149119,1149313,1149446,1149448,1149555,1149651,1149853,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150846,1150875,1151067,1151192,1151350,1151508,1151610,1151661,1151662,1151667,1151680,1151807,1151891,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154124,1154189,1154242,1154268,1154354,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155692,1155812,1155817,1155836,1155945,1155982,1156187,1156429,1156466,1156494,1156609,1156700,1156729,1156882
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-15291,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.14.3, kernel-rt_debug-4.12.14-14.14.3, kernel-source-rt-4.12.14-14.14.2, kernel-syms-rt-4.12.14-14.14.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.14.3, kernel-rt_debug-4.12.14-14.14.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2020-01-14 14:25:42 UTC
SUSE-SU-2020:0093-1: An update that solves 80 vulnerabilities and has 310 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1078248,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1090888,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103989,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1115026,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120853,1120902,1122363,1123034,1123080,1123105,1126206,1126390,1127155,1127354,1127371,1127611,1127988,1129770,1131107,1131304,1131489,1133140,1134476,1134973,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1140948,1141013,1141340,1141543,1142076,1142095,1142635,1142667,1142924,1143706,1143959,1144333,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146519,1146544,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151910,1151955,1152024,1152025,1152026,1152033,1152107,1152161,1152187,1152325,1152446,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152631,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154244,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154768,1154848,1154858,1154905,1154916,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155331,1155334,1155671,1155689,1155692,1155812,1155817,1155836,1155897,1155921,1155945,1156187,1156258,1156259,1156286,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157895,1157908,1158021,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096,1159297,1159483,1159484,1159500,1159569,1159841,1159908,1159909,1159910,972655
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-14901,CVE-2019-15030,CVE-2019-15031,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16746,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.7.1, kernel-source-azure-4.12.14-16.7.1, kernel-syms-azure-4.12.14-16.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Alexandros Toptsoglou 2020-08-04 13:03:54 UTC
Done