Bug 1173265 – VUL-0: CVE-2020-10769: kernel-source: buffer over-read in IPsec authenc crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned

Bug 1173265 - (CVE-2020-10769) VUL-0: CVE-2020-10769: kernel-source: buffer over-read in IPsec authenc crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned

(CVE-2020-10769)
Summary:	VUL-0: CVE-2020-10769: kernel-source: buffer over-read in IPsec authenc crypt...

Status:	REOPENED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/262171/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-10769:5.5:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-06-23 11:44 UTC by Wolfgang Frisch
Modified:	2022-06-14 22:25 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2020-06-23 11:44:50 UTC

CVE-2020-10769

A buffer overread problem was found in crypto_authenc_extractkeys in crypto/authenc.c in IPsec Cryptographic algorithms module authenc. When a payload longer than 4 bytes, is not following a 4-byte alignment boundary guidelines, may cause a buffer overread threat, leading to a system crash problem. An attacker locally with a user privilege can cause a denial of service (DoS).  

crypto_authenc_extractkeys() fails to consider the case where the rtattr's payload is longer than 4 bytes but not 4-byte aligned, and where the key ends before the next 4-byte aligned boundary.  In this case, 'keylen -=RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX.  This causes a buffer overread and crash during  crypto_ahash_setkey().

Proposed upstream patch:
https://lkml.org/lkml/2019/1/21/675

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1708775
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10769

Comment 1 Takashi Iwai 2020-06-23 11:53:34 UTC

The upstream commit 8f9c469348487844328e162db57112f7d347c49f
    crypto: authenc - fix parsing key with misaligned rta_len

Already backported in cve/linux-4.12 and SLE15-SP2 via git-fixes.
Will update the patch reference for those.

Comment 2 Takashi Iwai 2020-06-23 11:54:50 UTC

Correction: SLE15-SP2 already contains it because the fix was merged in 5.0 kernel.

Comment 3 Takashi Iwai 2020-06-23 12:07:23 UTC

The fix was backported to cve/linux-3.12, cve/linux-3.0 and cve/linux-2.6.32 branches, too.
cve/linux-2.6.16 is unaffected.

Reassigned back to security team.

Comment 11 OBSbugzilla Bot 2020-07-30 12:46:05 UTC

This is an autogenerated message for OBS integration:
This bug (1173265) was mentioned in
https://build.opensuse.org/request/show/823567 15.1 / kernel-source

Comment 12 Swamp Workflow Management 2020-08-03 13:21:06 UTC

SUSE-SU-2020:2103-1: An update that solves 15 vulnerabilities and has 81 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543
CVE References: CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.38.1, kernel-source-azure-4.12.14-8.38.1, kernel-syms-azure-4.12.14-8.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2020-08-03 19:15:00 UTC

SUSE-SU-2020:2106-1: An update that solves 14 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1104967,1152107,1158755,1162002,1170011,1171078,1171673,1171732,1171868,1172257,1172775,1172781,1172782,1172783,1172999,1173265,1173280,1173514,1173567,1173573,1173659,1173999,1174000,1174115,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.55.1, kernel-livepatch-SLE15_Update_19-1-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2020-08-03 19:17:41 UTC

SUSE-SU-2020:14442-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1159912,1159913,1162002,1171218,1171219,1171220,1172775,1172999,1173265,1174462,1174543
CVE References: CVE-2019-5108,CVE-2020-0305,CVE-2020-10732,CVE-2020-10769,CVE-2020-10773,CVE-2020-12652,CVE-2020-12656,CVE-2020-13974,CVE-2020-14416
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.117.1, kernel-default-3.0.101-108.117.1, kernel-ec2-3.0.101-108.117.1, kernel-pae-3.0.101-108.117.1, kernel-ppc64-3.0.101-108.117.1, kernel-source-3.0.101-108.117.1, kernel-syms-3.0.101-108.117.1, kernel-trace-3.0.101-108.117.1, kernel-xen-3.0.101-108.117.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.117.1, kernel-pae-3.0.101-108.117.1, kernel-ppc64-3.0.101-108.117.1, kernel-trace-3.0.101-108.117.1, kernel-xen-3.0.101-108.117.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.117.1, kernel-default-3.0.101-108.117.1, kernel-ec2-3.0.101-108.117.1, kernel-pae-3.0.101-108.117.1, kernel-ppc64-3.0.101-108.117.1, kernel-trace-3.0.101-108.117.1, kernel-xen-3.0.101-108.117.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2020-08-03 19:27:20 UTC

SUSE-SU-2020:2107-1: An update that solves 16 vulnerabilities and has 82 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.48.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.48.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.48.1, kernel-obs-build-4.12.14-197.48.1, kernel-source-4.12.14-197.48.1, kernel-syms-4.12.14-197.48.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.48.1, kernel-source-4.12.14-197.48.1, kernel-zfcpdump-4.12.14-197.48.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2020-08-03 19:59:51 UTC

SUSE-SU-2020:2106-1: An update that solves 14 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1104967,1152107,1158755,1162002,1170011,1171078,1171673,1171732,1171868,1172257,1172775,1172781,1172782,1172783,1172999,1173265,1173280,1173514,1173567,1173573,1173659,1173999,1174000,1174115,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.55.1, kernel-docs-4.12.14-150.55.1, kernel-obs-build-4.12.14-150.55.1, kernel-source-4.12.14-150.55.1, kernel-syms-4.12.14-150.55.1, kernel-vanilla-4.12.14-150.55.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.55.1, kernel-docs-4.12.14-150.55.1, kernel-obs-build-4.12.14-150.55.1, kernel-source-4.12.14-150.55.1, kernel-syms-4.12.14-150.55.1, kernel-vanilla-4.12.14-150.55.1, kernel-zfcpdump-4.12.14-150.55.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.55.1, kernel-livepatch-SLE15_Update_19-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.55.1, kernel-docs-4.12.14-150.55.1, kernel-obs-build-4.12.14-150.55.1, kernel-source-4.12.14-150.55.1, kernel-syms-4.12.14-150.55.1, kernel-vanilla-4.12.14-150.55.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.55.1, kernel-docs-4.12.14-150.55.1, kernel-obs-build-4.12.14-150.55.1, kernel-source-4.12.14-150.55.1, kernel-syms-4.12.14-150.55.1, kernel-vanilla-4.12.14-150.55.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.55.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2020-08-03 20:35:34 UTC

SUSE-SU-2020:2107-1: An update that solves 16 vulnerabilities and has 82 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.48.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.48.1, kernel-livepatch-SLE15-SP1_Update_13-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.48.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.48.1, kernel-obs-build-4.12.14-197.48.1, kernel-source-4.12.14-197.48.1, kernel-syms-4.12.14-197.48.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.48.1, kernel-source-4.12.14-197.48.1, kernel-zfcpdump-4.12.14-197.48.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2020-08-04 19:20:45 UTC

SUSE-SU-2020:2119-1: An update that solves 13 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1104967,1111666,1112178,1113956,1114279,1150660,1151927,1152107,1152624,1158983,1159058,1162002,1163309,1167104,1168959,1169514,1169771,1169795,1170011,1170442,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171673,1171732,1171739,1171743,1171753,1171759,1171761,1171835,1171841,1171868,1171988,1172247,1172257,1172344,1172484,1172687,1172719,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173462,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174130,1174186,1174187,1174205,1174247,1174296,1174343,1174356,1174409,1174438,1174462,1174543,1174549
CVE References: CVE-2019-16746,CVE-2019-20908,CVE-2020-0305,CVE-2020-10135,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-14331,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.22.1, kernel-source-azure-4.12.14-16.22.1, kernel-syms-azure-4.12.14-16.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2020-08-04 19:30:49 UTC

SUSE-SU-2020:2121-1: An update that solves 15 vulnerabilities and has 37 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1085030,1104967,1114279,1144333,1148868,1150660,1152107,1152472,1152624,1158983,1159058,1161016,1162002,1162063,1168081,1169194,1169514,1169795,1170011,1170592,1170618,1171124,1171424,1171558,1171673,1171732,1171761,1171868,1171904,1172257,1172344,1172458,1172484,1172759,1172775,1172781,1172782,1172783,1172999,1173265,1173280,1173428,1173462,1173514,1173567,1173573,1174115,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Swamp Workflow Management 2020-08-04 19:37:40 UTC

SUSE-SU-2020:2121-1: An update that solves 15 vulnerabilities and has 37 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1085030,1104967,1114279,1144333,1148868,1150660,1152107,1152472,1152624,1158983,1159058,1161016,1162002,1162063,1168081,1169194,1169514,1169795,1170011,1170592,1170618,1171124,1171424,1171558,1171673,1171732,1171761,1171868,1171904,1172257,1172344,1172458,1172484,1172759,1172775,1172781,1172782,1172783,1172999,1173265,1173280,1173428,1173462,1173514,1173567,1173573,1174115,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.57.1, kernel-source-4.12.14-95.57.1, kernel-syms-4.12.14-95.57.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.57.1, kgraft-patch-SLE12-SP4_Update_15-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2020-08-04 22:19:44 UTC

SUSE-SU-2020:2122-1: An update that solves 13 vulnerabilities and has 70 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1104967,1111666,1112178,1113956,1114279,1150660,1151927,1152107,1152624,1158983,1159058,1162002,1163309,1167104,1168959,1169514,1169771,1169795,1170011,1170442,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171673,1171732,1171739,1171743,1171753,1171759,1171761,1171835,1171841,1171868,1171988,1172247,1172257,1172344,1172484,1172687,1172719,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173462,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174130,1174205,1174296,1174343,1174356,1174409,1174438,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20908,CVE-2020-0305,CVE-2020-10135,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-14331,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.29.1, kgraft-patch-SLE12-SP5_Update_7-1-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2020-08-04 22:29:58 UTC

SUSE-SU-2020:2122-1: An update that solves 13 vulnerabilities and has 70 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1104967,1111666,1112178,1113956,1114279,1150660,1151927,1152107,1152624,1158983,1159058,1162002,1163309,1167104,1168959,1169514,1169771,1169795,1170011,1170442,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171673,1171732,1171739,1171743,1171753,1171759,1171761,1171835,1171841,1171868,1171988,1172247,1172257,1172344,1172484,1172687,1172719,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173462,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174130,1174205,1174296,1174343,1174356,1174409,1174438,1174462,1174543
CVE References: CVE-2019-16746,CVE-2019-20908,CVE-2020-0305,CVE-2020-10135,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-14331,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.29.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.29.1, kernel-obs-build-4.12.14-122.29.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.29.1, kernel-source-4.12.14-122.29.1, kernel-syms-4.12.14-122.29.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.29.1, kgraft-patch-SLE12-SP5_Update_7-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 OBSbugzilla Bot 2020-08-05 12:46:10 UTC

This is an autogenerated message for OBS integration:
This bug (1173265) was mentioned in
https://build.opensuse.org/request/show/824481 15.1 / kernel-source

Comment 24 Swamp Workflow Management 2020-08-06 16:22:55 UTC

openSUSE-SU-2020:1153-1: An update that solves 19 vulnerabilities and has 92 fixes is now available.

Category: security (important)
Bug References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1120163,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1171988,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172963,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174070,1174113,1174115,1174122,1174123,1174205,1174296,1174343,1174356,1174409,1174438,1174462,1174543,1174549,1174658,1174685,1174757,1174840,1174841,1174843,1174844,1174845,1174887
CVE References: CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10135,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14331,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780,CVE-2020-16166
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.59.1, kernel-default-4.12.14-lp151.28.59.1, kernel-docs-4.12.14-lp151.28.59.1, kernel-kvmsmall-4.12.14-lp151.28.59.1, kernel-obs-build-4.12.14-lp151.28.59.1, kernel-obs-qa-4.12.14-lp151.28.59.1, kernel-source-4.12.14-lp151.28.59.1, kernel-syms-4.12.14-lp151.28.59.1, kernel-vanilla-4.12.14-lp151.28.59.1

Comment 25 Swamp Workflow Management 2020-08-06 22:32:10 UTC

SUSE-SU-2020:2156-1: An update that solves 32 vulnerabilities and has 122 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065729,1071995,1082555,1085030,1089895,1104967,1111666,1114279,1133021,1144333,1148868,1150660,1151794,1152107,1152489,1152624,1154824,1157169,1158265,1158983,1159058,1159199,1160388,1160947,1161016,1162002,1162063,1165183,1165741,1166969,1167574,1167851,1168081,1168503,1168670,1169020,1169194,1169514,1169525,1169625,1169795,1170011,1170056,1170125,1170145,1170345,1170457,1170522,1170592,1170618,1170620,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171124,1171189,1171191,1171195,1171202,1171205,1171217,1171218,1171219,1171220,1171293,1171417,1171424,1171527,1171558,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171673,1171679,1171691,1171694,1171695,1171736,1171761,1171868,1171904,1171948,1171949,1171951,1171952,1171982,1171983,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172221,1172253,1172257,1172317,1172342,1172343,1172344,1172366,1172391,1172397,1172453,1172458,1172484,1172759,1172775,1172781,1172782,1172783,1172999,1173265,1173280,1173428,1173462,1173659
CVE References: CVE-2018-1000199,CVE-2019-16746,CVE-2019-19462,CVE-2019-20806,CVE-2019-20810,CVE-2019-20812,CVE-2019-9455,CVE-2020-0543,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12769,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.23.1, kernel-rt_debug-4.12.14-8.23.1, kernel-source-rt-4.12.14-8.23.1, kernel-syms-rt-4.12.14-8.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2020-09-03 13:46:10 UTC

SUSE-SU-2020:2478-1: An update that solves 39 vulnerabilities and has 234 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1065729,1071995,1082555,1083647,1085030,1089895,1103990,1103991,1103992,1104745,1104967,1109837,1111666,1112178,1112374,1113956,1114279,1124278,1127354,1127355,1127371,1133021,1137325,1141558,1142685,1144333,1145929,1148868,1150660,1151794,1151927,1152107,1152489,1152624,1154824,1157169,1158265,1158983,1159037,1159058,1159199,1160388,1160947,1161016,1162002,1162063,1163309,1163403,1163897,1164284,1164780,1164871,1165183,1165478,1165741,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166969,1166978,1166985,1167104,1167288,1167574,1167851,1167867,1168081,1168202,1168332,1168486,1168503,1168670,1168760,1168762,1168763,1168764,1168765,1168789,1168881,1168884,1168952,1168959,1169005,1169013,1169020,1169057,1169194,1169390,1169514,1169525,1169625,1169762,1169771,1169795,1170011,1170056,1170125,1170145,1170284,1170345,1170442,1170457,1170522,1170592,1170617,1170618,1170620,1170621,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171124,1171189,1171191,1171195,1171202,1171205,1171214,1171217,1171218,1171219,1171220,1171244,1171293,1171417,1171424,1171527,1171529,1171530,1171558,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171662,1171673,1171679,1171691,1171692,1171694,1171695,1171732,1171736,1171739,1171743,1171753,1171759,1171761,1171817,1171835,1171841,1171868,1171904,1171948,1171949,1171951,1171952,1171979,1171982,1171983,1172017,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172201,1172202,1172218,1172221,1172247,1172249,1172251,1172253,1172257,1172317,1172342,1172343,1172344,1172366,1172378,1172391,1172397,1172453,1172458,1172472,1172484,1172537,1172538,1172687,1172719,1172759,1172770,1172775,1172781,1172782,1172783,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173462,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174130,1174186,1174187,1174296
CVE References: CVE-2018-1000199,CVE-2019-16746,CVE-2019-19462,CVE-2019-20806,CVE-2019-20810,CVE-2019-20812,CVE-2019-20908,CVE-2019-9455,CVE-2020-0543,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-11669,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12659,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.13.1, kernel-rt_debug-4.12.14-10.13.1, kernel-source-rt-4.12.14-10.13.1, kernel-syms-rt-4.12.14-10.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2020-09-04 10:38:25 UTC

SUSE-SU-2020:2487-1: An update that solves 40 vulnerabilities and has 227 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1065729,1071995,1082555,1083647,1085030,1089895,1090036,1103990,1103991,1103992,1104745,1109837,1111666,1112178,1112374,1113956,1114279,1124278,1127354,1127355,1127371,1133021,1137325,1142685,1144333,1145929,1148868,1150660,1151794,1151927,1152489,1152624,1154824,1157169,1158265,1158983,1159037,1159058,1159199,1160388,1160947,1161016,1162002,1162063,1163309,1163403,1163897,1164284,1164780,1164871,1165183,1165478,1165741,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166969,1166978,1166985,1167104,1167288,1167574,1167851,1167867,1168081,1168202,1168332,1168486,1168670,1168760,1168762,1168763,1168764,1168765,1168789,1168881,1168884,1168952,1168959,1169020,1169057,1169194,1169390,1169514,1169525,1169625,1169762,1169771,1169795,1170011,1170056,1170125,1170145,1170284,1170345,1170442,1170457,1170522,1170592,1170617,1170618,1170620,1170621,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171124,1171189,1171191,1171195,1171202,1171205,1171214,1171217,1171218,1171219,1171220,1171244,1171293,1171417,1171424,1171527,1171529,1171530,1171558,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171662,1171679,1171691,1171692,1171694,1171695,1171732,1171736,1171739,1171743,1171753,1171759,1171817,1171835,1171841,1171868,1171904,1171948,1171949,1171951,1171952,1171979,1171982,1171983,1171988,1172017,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172201,1172202,1172221,1172247,1172249,1172251,1172257,1172317,1172342,1172343,1172344,1172366,1172378,1172391,1172397,1172453,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462
CVE References: CVE-2018-1000199,CVE-2019-19462,CVE-2019-20806,CVE-2019-20810,CVE-2019-20812,CVE-2019-20908,CVE-2019-9455,CVE-2020-0305,CVE-2020-0543,CVE-2020-10135,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-11669,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12659,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.28.1, kernel-rt_debug-4.12.14-14.28.1, kernel-source-rt-4.12.14-14.28.1, kernel-syms-rt-4.12.14-14.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Marcus Meissner 2021-08-05 13:51:07 UTC

done

Comment 35 Jan Kara 2022-05-11 10:43:36 UTC

OK, so I all done I guess reassigning back to security team now...

Comment 39 Swamp Workflow Management 2022-06-14 22:17:49 UTC

SUSE-SU-2022:2077-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1199012,1199063,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.175.2, kernel-source-4.4.121-92.175.2, kernel-syms-4.4.121-92.175.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Swamp Workflow Management 2022-06-14 22:25:45 UTC

SUSE-SU-2022:2082-1: An update that solves 29 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1051510,1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1195651,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1198962,1198997,1199012,1199063,1199314,1199426,1199505,1199507,1199605,1199650,1199785,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.164.3
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.