Bug 1168952 - (CVE-2020-11668) VUL-1: CVE-2020-11668: kernel-source: malicious USB device pretending to be Xirlink camera can corrupt random kernel memory
(CVE-2020-11668)
VUL-1: CVE-2020-11668: kernel-source: malicious USB device pretending to be X...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/256751/
CVSSv3.1:SUSE:CVE-2020-11668:7.1:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-04-08 09:04 UTC by Oliver Neukum
Modified: 2023-01-18 16:29 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2020-04-08 09:04:47 UTC
This is upstream commit a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
Author: Johan Hovold <johan@kernel.org>
Date:   Fri Jan 3 17:35:11 2020 +0100

    media: xirlink_cit: add missing descriptor sanity checks

A malicious device can make the kernel write out of bounds in the heap. I am afraid we need yet another CVE.
Comment 2 Oliver Neukum 2020-04-16 14:12:00 UTC
2.6.32 is not vulnerable, as we do not compile the driver
Comment 5 Swamp Workflow Management 2020-04-17 15:55:06 UTC
This is an autogenerated message for OBS integration:
This bug (1168952) was mentioned in
https://build.opensuse.org/request/show/794946 15.1 / kernel-source
Comment 9 Swamp Workflow Management 2020-04-23 13:27:47 UTC
SUSE-SU-2020:1085-1: An update that solves 11 vulnerabilities and has 91 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1104967,1109911,1114279,1118338,1120386,1133021,1136157,1137325,1144333,1145051,1145929,1146539,1148868,1154385,1157424,1158552,1158983,1159037,1159142,1159198,1159285,1160659,1161951,1162929,1162931,1163403,1163508,1163897,1164078,1164284,1164507,1164893,1165019,1165111,1165182,1165404,1165488,1165527,1165741,1165813,1165873,1165949,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1167005,1167288,1167290,1167316,1167421,1167423,1167629,1168075,1168202,1168276,1168295,1168424,1168443,1168486,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169057,1169390
CVE References: CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.18.1, kernel-rt_debug-4.12.14-8.18.1, kernel-source-rt-4.12.14-8.18.1, kernel-syms-rt-4.12.14-8.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-04-23 13:41:19 UTC
openSUSE-SU-2020:0543-1: An update that solves 7 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 1051510,1065600,1065729,1083647,1085030,1109911,1111666,1113956,1114279,1118338,1120386,1137325,1142685,1145051,1145929,1148868,1157424,1158983,1159037,1159198,1159199,1161561,1161951,1162171,1163403,1163897,1164284,1164777,1164780,1164893,1165019,1165182,1165185,1165211,1165823,1165949,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8834
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.48.1, kernel-default-4.12.14-lp151.28.48.1, kernel-docs-4.12.14-lp151.28.48.1, kernel-kvmsmall-4.12.14-lp151.28.48.1, kernel-obs-build-4.12.14-lp151.28.48.1, kernel-obs-qa-4.12.14-lp151.28.48.1, kernel-source-4.12.14-lp151.28.48.1, kernel-syms-4.12.14-lp151.28.48.1, kernel-vanilla-4.12.14-lp151.28.48.1
Comment 11 Swamp Workflow Management 2020-04-23 19:30:32 UTC
SUSE-SU-2020:1087-1: An update that solves 12 vulnerabilities and has 139 fixes is now available.

Category: security (important)
Bug References: 1044231,1051510,1051858,1056686,1060463,1065600,1065729,1071995,1083647,1085030,1103990,1103992,1104353,1104745,1109837,1109911,1111666,1111974,1112178,1112374,1113956,1114279,1114685,1118338,1119680,1120386,1127611,1133021,1134090,1136157,1136333,1137325,1141895,1142685,1144333,1145051,1145929,1146539,1148868,1156510,1157424,1158187,1158983,1159037,1159198,1159199,1159285,1160659,1161561,1161951,1162171,1162929,1162931,1163403,1163897,1163971,1164078,1164284,1164507,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.30.1, kernel-source-azure-4.12.14-8.30.1, kernel-syms-azure-4.12.14-8.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-04-27 13:31:47 UTC
SUSE-SU-2020:1118-1: An update that solves 12 vulnerabilities and has 139 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1164078,1164284,1164507,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.13.1, kernel-source-azure-4.12.14-16.13.1, kernel-syms-azure-4.12.14-16.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2020-04-27 13:46:32 UTC
SUSE-SU-2020:1119-1: An update that solves 11 vulnerabilities and has 96 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1071995,1083647,1085030,1104967,1109911,1111666,1114279,1118338,1120386,1133021,1136157,1137325,1144333,1145051,1145929,1146539,1148868,1154385,1157424,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161951,1162929,1162931,1163403,1163508,1163897,1164078,1164284,1164507,1164893,1165019,1165111,1165182,1165404,1165488,1165527,1165741,1165813,1165873,1165949,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1167005,1167288,1167290,1167316,1167421,1167423,1167629,1168075,1168202,1168276,1168295,1168424,1168443,1168486,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169057,1169390,1169514,1169625
CVE References: CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.40.1, kernel-source-azure-4.12.14-6.40.1, kernel-syms-azure-4.12.14-6.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2020-04-29 16:26:20 UTC
SUSE-SU-2020:1141-1: An update that solves 11 vulnerabilities and has 94 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1104967,1109911,1114279,1118338,1120386,1133021,1136157,1137325,1144333,1145051,1145929,1146539,1148868,1154385,1157424,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161951,1162929,1162931,1163403,1163508,1163897,1164078,1164284,1164507,1164893,1165019,1165111,1165182,1165404,1165488,1165527,1165741,1165813,1165873,1165949,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1167005,1167288,1167290,1167316,1167421,1167423,1167629,1168075,1168202,1168276,1168295,1168424,1168443,1168486,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169057,1169390,1169514,1169625
CVE References: CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.51.1, kgraft-patch-SLE12-SP4_Update_13-1-6.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-04-29 16:42:21 UTC
SUSE-SU-2020:1141-1: An update that solves 11 vulnerabilities and has 94 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1104967,1109911,1114279,1118338,1120386,1133021,1136157,1137325,1144333,1145051,1145929,1146539,1148868,1154385,1157424,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161951,1162929,1162931,1163403,1163508,1163897,1164078,1164284,1164507,1164893,1165019,1165111,1165182,1165404,1165488,1165527,1165741,1165813,1165873,1165949,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1167005,1167288,1167290,1167316,1167421,1167423,1167629,1168075,1168202,1168276,1168295,1168424,1168443,1168486,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169057,1169390,1169514,1169625
CVE References: CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.51.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.51.1, kernel-obs-build-4.12.14-95.51.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.51.1, kernel-source-4.12.14-95.51.1, kernel-syms-4.12.14-95.51.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.51.1, kgraft-patch-SLE12-SP4_Update_13-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2020-04-29 17:02:48 UTC
SUSE-SU-2020:1142-1: An update that solves 13 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144162,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1163971,1164051,1164078,1164115,1164284,1164388,1164471,1164507,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kgraft-patch-SLE12-SP5_Update_4-1-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2020-04-29 17:26:56 UTC
SUSE-SU-2020:1142-1: An update that solves 13 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144162,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1163971,1164051,1164078,1164115,1164284,1164388,1164471,1164507,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.20.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.20.1, kernel-obs-build-4.12.14-122.20.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kernel-source-4.12.14-122.20.1, kernel-syms-4.12.14-122.20.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kgraft-patch-SLE12-SP5_Update_4-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2020-04-29 17:37:29 UTC
SUSE-SU-2020:1146-1: An update that solves 7 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1051510,1065600,1065729,1071995,1083647,1085030,1109911,1111666,1113956,1114279,1118338,1120386,1137325,1142685,1145051,1145929,1148868,1157424,1158983,1159037,1159198,1159199,1161561,1161951,1162171,1163403,1163897,1164284,1164777,1164780,1164893,1165019,1165182,1165185,1165211,1165823,1165949,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8834
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.40.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-debug-4.12.14-197.40.1, kernel-default-4.12.14-197.40.1, kernel-docs-4.12.14-197.40.1, kernel-kvmsmall-4.12.14-197.40.1, kernel-obs-qa-4.12.14-197.40.1, kernel-source-4.12.14-197.40.1, kernel-vanilla-4.12.14-197.40.1, kernel-zfcpdump-4.12.14-197.40.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.40.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.40.1, kernel-obs-build-4.12.14-197.40.1, kernel-source-4.12.14-197.40.1, kernel-syms-4.12.14-197.40.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.40.1, kernel-source-4.12.14-197.40.1, kernel-zfcpdump-4.12.14-197.40.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2020-04-29 17:48:16 UTC
SUSE-SU-2020:1146-1: An update that solves 7 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1051510,1065600,1065729,1071995,1083647,1085030,1109911,1111666,1113956,1114279,1118338,1120386,1137325,1142685,1145051,1145929,1148868,1157424,1158983,1159037,1159198,1159199,1161561,1161951,1162171,1163403,1163897,1164284,1164777,1164780,1164893,1165019,1165182,1165185,1165211,1165823,1165949,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8834
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.40.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-debug-4.12.14-197.40.1, kernel-default-4.12.14-197.40.1, kernel-docs-4.12.14-197.40.1, kernel-kvmsmall-4.12.14-197.40.1, kernel-obs-qa-4.12.14-197.40.1, kernel-source-4.12.14-197.40.1, kernel-vanilla-4.12.14-197.40.1, kernel-zfcpdump-4.12.14-197.40.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.40.1, kernel-livepatch-SLE15-SP1_Update_11-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.40.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.40.1, kernel-obs-build-4.12.14-197.40.1, kernel-source-4.12.14-197.40.1, kernel-syms-4.12.14-197.40.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.40.1, kernel-source-4.12.14-197.40.1, kernel-zfcpdump-4.12.14-197.40.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Marcus Meissner 2020-06-24 16:59:35 UTC
Oliver, can you also add the CVE reference to the patch in git?
Comment 23 Swamp Workflow Management 2020-09-03 13:29:59 UTC
SUSE-SU-2020:2478-1: An update that solves 39 vulnerabilities and has 234 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1065729,1071995,1082555,1083647,1085030,1089895,1103990,1103991,1103992,1104745,1104967,1109837,1111666,1112178,1112374,1113956,1114279,1124278,1127354,1127355,1127371,1133021,1137325,1141558,1142685,1144333,1145929,1148868,1150660,1151794,1151927,1152107,1152489,1152624,1154824,1157169,1158265,1158983,1159037,1159058,1159199,1160388,1160947,1161016,1162002,1162063,1163309,1163403,1163897,1164284,1164780,1164871,1165183,1165478,1165741,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166969,1166978,1166985,1167104,1167288,1167574,1167851,1167867,1168081,1168202,1168332,1168486,1168503,1168670,1168760,1168762,1168763,1168764,1168765,1168789,1168881,1168884,1168952,1168959,1169005,1169013,1169020,1169057,1169194,1169390,1169514,1169525,1169625,1169762,1169771,1169795,1170011,1170056,1170125,1170145,1170284,1170345,1170442,1170457,1170522,1170592,1170617,1170618,1170620,1170621,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171124,1171189,1171191,1171195,1171202,1171205,1171214,1171217,1171218,1171219,1171220,1171244,1171293,1171417,1171424,1171527,1171529,1171530,1171558,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171662,1171673,1171679,1171691,1171692,1171694,1171695,1171732,1171736,1171739,1171743,1171753,1171759,1171761,1171817,1171835,1171841,1171868,1171904,1171948,1171949,1171951,1171952,1171979,1171982,1171983,1172017,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172201,1172202,1172218,1172221,1172247,1172249,1172251,1172253,1172257,1172317,1172342,1172343,1172344,1172366,1172378,1172391,1172397,1172453,1172458,1172472,1172484,1172537,1172538,1172687,1172719,1172759,1172770,1172775,1172781,1172782,1172783,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173462,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174130,1174186,1174187,1174296
CVE References: CVE-2018-1000199,CVE-2019-16746,CVE-2019-19462,CVE-2019-20806,CVE-2019-20810,CVE-2019-20812,CVE-2019-20908,CVE-2019-9455,CVE-2020-0543,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-11669,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12659,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.13.1, kernel-rt_debug-4.12.14-10.13.1, kernel-source-rt-4.12.14-10.13.1, kernel-syms-rt-4.12.14-10.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2020-09-04 10:23:28 UTC
SUSE-SU-2020:2487-1: An update that solves 40 vulnerabilities and has 227 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1065729,1071995,1082555,1083647,1085030,1089895,1090036,1103990,1103991,1103992,1104745,1109837,1111666,1112178,1112374,1113956,1114279,1124278,1127354,1127355,1127371,1133021,1137325,1142685,1144333,1145929,1148868,1150660,1151794,1151927,1152489,1152624,1154824,1157169,1158265,1158983,1159037,1159058,1159199,1160388,1160947,1161016,1162002,1162063,1163309,1163403,1163897,1164284,1164780,1164871,1165183,1165478,1165741,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166969,1166978,1166985,1167104,1167288,1167574,1167851,1167867,1168081,1168202,1168332,1168486,1168670,1168760,1168762,1168763,1168764,1168765,1168789,1168881,1168884,1168952,1168959,1169020,1169057,1169194,1169390,1169514,1169525,1169625,1169762,1169771,1169795,1170011,1170056,1170125,1170145,1170284,1170345,1170442,1170457,1170522,1170592,1170617,1170618,1170620,1170621,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171124,1171189,1171191,1171195,1171202,1171205,1171214,1171217,1171218,1171219,1171220,1171244,1171293,1171417,1171424,1171527,1171529,1171530,1171558,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171662,1171679,1171691,1171692,1171694,1171695,1171732,1171736,1171739,1171743,1171753,1171759,1171817,1171835,1171841,1171868,1171904,1171948,1171949,1171951,1171952,1171979,1171982,1171983,1171988,1172017,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172201,1172202,1172221,1172247,1172249,1172251,1172257,1172317,1172342,1172343,1172344,1172366,1172378,1172391,1172397,1172453,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462
CVE References: CVE-2018-1000199,CVE-2019-19462,CVE-2019-20806,CVE-2019-20810,CVE-2019-20812,CVE-2019-20908,CVE-2019-9455,CVE-2020-0305,CVE-2020-0543,CVE-2020-10135,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-11669,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12659,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.28.1, kernel-rt_debug-4.12.14-14.28.1, kernel-source-rt-4.12.14-14.28.1, kernel-syms-rt-4.12.14-14.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Miroslav Beneš 2020-09-23 11:41:06 UTC
Still not fixed in SLE12-SP2-LTSS, SLE12-SP3-LTSS and SLE15-LTSS.
Comment 26 Oliver Neukum 2020-12-08 10:33:29 UTC
Submitted to all cve trees save 2.6.32, which is not vulnerable and CVE number added to the SLE15 trees that alreadz had gotten the patch before CVE was assigned.
Comment 40 Swamp Workflow Management 2021-01-12 23:35:20 UTC
SUSE-SU-2021:0097-1: An update that solves 15 vulnerabilities and has 83 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1111666,1112178,1112374,1115431,1118657,1122971,1136460,1136461,1138374,1139944,1144912,1152457,1158775,1164780,1168952,1171078,1172145,1172538,1172694,1173834,1174784,1174852,1176558,1176559,1176956,1177666,1178270,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179141,1179142,1179204,1179403,1179406,1179418,1179419,1179421,1179429,1179444,1179520,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-29371,CVE-2020-29660,CVE-2020-29661,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.58.1, kernel-source-azure-4.12.14-8.58.1, kernel-syms-azure-4.12.14-8.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2021-01-12 23:44:35 UTC
SUSE-SU-2021:0096-1: An update that solves 12 vulnerabilities and has 93 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178590,1178612,1178634,1178660,1178756,1178780,1179204,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.32.1, kernel-source-azure-5.3.18-18.32.1, kernel-syms-azure-5.3.18-18.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 OBSbugzilla Bot 2021-01-13 07:51:36 UTC
This is an autogenerated message for OBS integration:
This bug (1168952) was mentioned in
https://build.opensuse.org/request/show/862807 15.1 / kernel-source
Comment 43 Swamp Workflow Management 2021-01-13 14:20:35 UTC
SUSE-SU-2021:0108-1: An update that solves 13 vulnerabilities and has 89 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1176396,1176942,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178612,1178660,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179604,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27825,CVE-2020-27830,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-22.1, kernel-rt_debug-5.3.18-22.1, kernel-source-rt-5.3.18-22.1, kernel-syms-rt-5.3.18-22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 OBSbugzilla Bot 2021-01-13 16:22:10 UTC
This is an autogenerated message for OBS integration:
This bug (1168952) was mentioned in
https://build.opensuse.org/request/show/862934 15.2 / kernel-source
Comment 45 Swamp Workflow Management 2021-01-14 08:18:44 UTC
SUSE-SU-2021:0117-1: An update that solves 15 vulnerabilities and has 98 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-livepatch-SLE15-SP2_Update_9-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.46.1, kernel-obs-build-5.3.18-24.46.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1, kernel-syms-5.3.18-24.46.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-default-base-5.3.18-24.46.1.9.19.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2021-01-15 02:17:59 UTC
openSUSE-SU-2021:0060-1: An update that solves 17 vulnerabilities and has 99 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175389,1175480,1175995,1176396,1176846,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179878,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,1180773
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-27835,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.60.1, kernel-default-5.3.18-lp152.60.1, kernel-docs-5.3.18-lp152.60.1, kernel-kvmsmall-5.3.18-lp152.60.1, kernel-obs-build-5.3.18-lp152.60.1, kernel-obs-qa-5.3.18-lp152.60.1, kernel-preempt-5.3.18-lp152.60.1, kernel-source-5.3.18-lp152.60.1, kernel-syms-5.3.18-lp152.60.1
Comment 47 Swamp Workflow Management 2021-01-16 14:18:54 UTC
openSUSE-SU-2021:0075-1: An update that solves 17 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1112178,1115431,1129770,1138374,1139944,1144912,1152457,1163727,1164780,1168952,1171078,1172145,1172538,1172694,1174784,1176558,1176559,1176846,1176956,1177666,1178049,1178270,1178372,1178401,1178590,1178634,1178762,1178900,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179444,1179508,1179509,1179520,1179575,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,1180676
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.91.1, kernel-default-4.12.14-lp151.28.91.1, kernel-docs-4.12.14-lp151.28.91.1, kernel-kvmsmall-4.12.14-lp151.28.91.1, kernel-obs-build-4.12.14-lp151.28.91.1, kernel-obs-qa-4.12.14-lp151.28.91.1, kernel-source-4.12.14-lp151.28.91.1, kernel-syms-4.12.14-lp151.28.91.1, kernel-vanilla-4.12.14-lp151.28.91.1
Comment 55 Swamp Workflow Management 2021-02-05 20:33:51 UTC
openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available.

Category: security (moderate)
Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541
CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1
Comment 57 Swamp Workflow Management 2021-02-11 20:19:39 UTC
SUSE-SU-2021:0437-1: An update that solves 26 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1070943,1121826,1121872,1157298,1168952,1173942,1176395,1176485,1177411,1178123,1178182,1178589,1178622,1178886,1179107,1179140,1179141,1179204,1179419,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1181349,969755
CVE References: CVE-2019-19063,CVE-2019-20934,CVE-2019-6133,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25285,CVE-2020-25668,CVE-2020-25669,CVE-2020-27068,CVE-2020-27673,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28915,CVE-2020-28974,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2021-3347
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.149.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2021-02-11 20:33:13 UTC
SUSE-SU-2021:0438-1: An update that solves 29 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1163840,1168952,1172199,1173074,1173942,1176395,1176846,1177666,1178182,1178272,1178372,1178589,1178590,1178684,1178886,1179071,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20806,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-10781,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1, kernel-zfcpdump-4.12.14-150.66.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.66.1, kernel-livepatch-SLE15_Update_22-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Swamp Workflow Management 2021-02-12 20:16:04 UTC
SUSE-SU-2021:0452-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1105322,1105323,1139944,1168952,1173942,1175306,1176395,1176485,1177440,1177666,1178182,1178272,1178589,1178886,1179107,1179140,1179141,1179204,1179419,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180815,1181096,1181158,1181349,1181553,969755
CVE References: CVE-2018-10902,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25285,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28915,CVE-2020-28974,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.138.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 60 Swamp Workflow Management 2021-02-16 20:16:38 UTC
SUSE-SU-2021:14630-1: An update that solves 28 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1152107,1168952,1173659,1173942,1174205,1174247,1174993,1175691,1176011,1176012,1176235,1176253,1176278,1176395,1176423,1176482,1176485,1176722,1176896,1177206,1177226,1177666,1177766,1177906,1178123,1178182,1178589,1178590,1178622,1178886,1179107,1179140,1179141,1179419,1179601,1179616,1179745,1179877,1180029,1180030,1180052,1180086,1180559,1180562,1181158,1181166,1181349,1181553
CVE References: CVE-2019-16746,CVE-2020-0404,CVE-2020-0431,CVE-2020-0465,CVE-2020-11668,CVE-2020-14331,CVE-2020-14353,CVE-2020-14381,CVE-2020-14390,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25284,CVE-2020-25285,CVE-2020-25643,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28974,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.120.1, kernel-default-3.0.101-108.120.1, kernel-ec2-3.0.101-108.120.1, kernel-pae-3.0.101-108.120.1, kernel-ppc64-3.0.101-108.120.1, kernel-source-3.0.101-108.120.1, kernel-syms-3.0.101-108.120.1, kernel-trace-3.0.101-108.120.1, kernel-xen-3.0.101-108.120.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.120.1, kernel-pae-3.0.101-108.120.1, kernel-ppc64-3.0.101-108.120.1, kernel-trace-3.0.101-108.120.1, kernel-xen-3.0.101-108.120.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.120.1, kernel-default-3.0.101-108.120.1, kernel-ec2-3.0.101-108.120.1, kernel-pae-3.0.101-108.120.1, kernel-ppc64-3.0.101-108.120.1, kernel-trace-3.0.101-108.120.1, kernel-xen-3.0.101-108.120.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 61 ni yingjun 2021-04-12 02:32:26 UTC
Hi Support,
Will this CVE be merged into SLES11-SP3? I have a customer who are applying for this patch.
Comment 64 Marcus Meissner 2021-08-05 13:49:54 UTC
released

SLES 11 SP3 is in reactive support, needs to be requested via L3.