Bug 1039348 (CVE-2017-1000364) - VUL-0: CVE-2017-1000364: kernel-source: stack gap guard page too small: Qualys new root/setuid privilege escalation method 05-2017
Summary: VUL-0: CVE-2017-1000364: kernel-source: stack gap guard page too small: Qualy...
Status: RESOLVED FIXED
: 1086310 (view as bug list)
Alias: CVE-2017-1000364
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2017-06-12
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:SUSE:CVE-2017-1000364:6.9:(AV:...
Keywords:
Depends on:
Blocks: 1039346
  Show dependency treegraph
 
Reported: 2017-05-16 15:19 UTC by Marcus Meissner
Modified: 2020-06-08 23:24 UTC (History)
24 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
mhocko: needinfo? (jkosina)

Attachments
test program to test stack guard page behavior (1.80 KB, text/x-c)
2017-05-17 07:14 UTC, Michal Hocko 		Details
fix candidate v4 (1.46 KB, patch)
2017-06-03 08:06 UTC, Michal Hocko 		Details | Diff
follow up fix (1.71 KB, patch)
2017-06-03 08:06 UTC, Michal Hocko 		Details | Diff
test program to test stack guard page behavior (2.05 KB, text/x-c)
2017-06-05 06:52 UTC, Michal Hocko 		Details
fix candidate v4 (16.42 KB, patch)
2017-06-06 08:05 UTC, Michal Hocko 		Details | Diff
follow up fix (2.10 KB, patch)
2017-06-06 08:06 UTC, Michal Hocko 		Details | Diff
follow up fix2 (2.92 KB, patch)
2017-06-22 12:15 UTC, Michal Hocko 		Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Michal Hocko 2017-05-17 07:14:56 UTC 
Created attachment 725338 [details]
test program to test stack guard page behavior

$ gcc -o stack_crash stack_crash.c
$ ./stack_crash 
Stack top:0x7ffd41fc5c6c mmap:0x7ffd41ec5000
address:0x7ffd41ec6d18 aligned:0x7ffd41ec6000 mapped:[7ffd41ec5000,7ffd41ec6000] diff:3352
560aa1405000-560aa1406000 r-xp 00000000 08:07 66393                      /home/miso/tmp/stack_crash
560aa1606000-560aa1607000 r--p 00001000 08:07 66393                      /home/miso/tmp/stack_crash
560aa1607000-560aa1608000 rw-p 00002000 08:07 66393                      /home/miso/tmp/stack_crash
560aa1608000-560aa1629000 rw-p 00000000 00:00 0                          [heap]
7f33778a2000-7f3377a37000 r-xp 00000000 08:01 33003                      /lib/x86_64-linux-gnu/libc-2.24.so
7f3377a37000-7f3377c36000 ---p 00195000 08:01 33003                      /lib/x86_64-linux-gnu/libc-2.24.so
7f3377c36000-7f3377c3a000 r--p 00194000 08:01 33003                      /lib/x86_64-linux-gnu/libc-2.24.so
7f3377c3a000-7f3377c3c000 rw-p 00198000 08:01 33003                      /lib/x86_64-linux-gnu/libc-2.24.so
7f3377c3c000-7f3377c40000 rw-p 00000000 00:00 0 
7f3377c40000-7f3377c63000 r-xp 00000000 08:01 32863                      /lib/x86_64-linux-gnu/ld-2.24.so
7f3377d41000-7f3377e44000 rw-p 00000000 00:00 0 
7f3377e60000-7f3377e63000 rw-p 00000000 00:00 0 
7f3377e63000-7f3377e64000 r--p 00023000 08:01 32863                      /lib/x86_64-linux-gnu/ld-2.24.so
7f3377e64000-7f3377e65000 rw-p 00024000 08:01 32863                      /lib/x86_64-linux-gnu/ld-2.24.so
7f3377e65000-7f3377e66000 rw-p 00000000 00:00 0 
7ffd41ec5000-7ffd41ec6000 rw-p 00000000 00:00 0 
7ffd41ec7000-7ffd41fc8000 rw-p 00000000 00:00 0                          [stack]
7ffd41ff2000-7ffd41ff4000 r--p 00000000 00:00 0                          [vvar]
7ffd41ff4000-7ffd41ff6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

This is with the current Linus tree. We can see that there is one page space between mmap [7ffd41ec5000-7ffd41ec6000] and the stack [7ffd41ec7000-7ffd41fc8000]

The faulting address was 1kB close to the mmap.

With the patch applied I am getting:
$ ./stack_crash 
Stack top:0x7ffcbda7005c mmap:0x7ffcbd970000
address:0x7ffcbda6dfe8 aligned:0x7ffcbda6d000 mapped:[7ffcbd970000,7ffcbd971000] diff:1036264
55e39926c000-55e39926d000 r-xp 00000000 03:01 16392                      /root/stack_crash
55e39946d000-55e39946e000 r--p 00001000 03:01 16392                      /root/stack_crash
55e39946e000-55e39946f000 rw-p 00002000 03:01 16392                      /root/stack_crash
7fc6e1809000-7fc6e198a000 r-xp 00000000 03:01 67273                      /lib/x86_64-linux-gnu/libc-2.13.so
7fc6e198a000-7fc6e1b8a000 ---p 00181000 03:01 67273                      /lib/x86_64-linux-gnu/libc-2.13.so
7fc6e1b8a000-7fc6e1b8e000 r--p 00181000 03:01 67273                      /lib/x86_64-linux-gnu/libc-2.13.so
7fc6e1b8e000-7fc6e1b8f000 rw-p 00185000 03:01 67273                      /lib/x86_64-linux-gnu/libc-2.13.so
7fc6e1b8f000-7fc6e1b94000 rw-p 00000000 00:00 0 
7fc6e1b94000-7fc6e1bb4000 r-xp 00000000 03:01 67285                      /lib/x86_64-linux-gnu/ld-2.13.so
7fc6e1ca8000-7fc6e1dac000 rw-p 00000000 00:00 0 
7fc6e1db0000-7fc6e1db3000 rw-p 00000000 00:00 0 
7fc6e1db3000-7fc6e1db4000 r--p 0001f000 03:01 67285                      /lib/x86_64-linux-gnu/ld-2.13.so
7fc6e1db4000-7fc6e1db5000 rw-p 00020000 03:01 67285                      /lib/x86_64-linux-gnu/ld-2.13.so
7fc6e1db5000-7fc6e1db6000 rw-p 00000000 00:00 0 
7ffcbd851000-7ffcbd970000 rw-p 00000000 00:00 0 
7ffcbd970000-7ffcbd971000 rw-p 00000000 00:00 0 
7ffcbd972000-7ffcbda71000 rw-p 00000000 00:00 0                          [stack]
7ffcbdaae000-7ffcbdab1000 r--p 00000000 00:00 0                          [vvar]
7ffcbdab1000-7ffcbdab3000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

mmap [7ffcbd970000-7ffcbd971000] has one unmapped page before stack [7ffcbd972000-7ffcbda71000] but the faulting address is ~1M away from the mmap.
Comment 14 Marcus Meissner 2017-05-23 11:57:52 UTC 
Embargo was changed to:

CRD: 2017-06-19
Comment 43 Michal Hocko 2017-06-03 08:06:29 UTC 
Created attachment 727600 [details]
fix candidate v4
Comment 44 Michal Hocko 2017-06-03 08:06:52 UTC 
Created attachment 727601 [details]
follow up fix
Comment 45 Michal Hocko 2017-06-05 06:52:12 UTC 
Created attachment 727627 [details]
test program to test stack guard page behavior

updated test program to support stacks growing up. Just compile with -DCONFIG_STACK_GROWSUP
Comment 46 Marcus Meissner 2017-06-06 06:57:07 UTC 
Michal, can you check if you attached the right things. These are unrelated patches in debugfs and xgbe?
Comment 47 Michal Hocko 2017-06-06 08:05:58 UTC 
Created attachment 727764 [details]
fix candidate v4

sorry about the previous unrelated patch (too many things in my local kernel tree happening).
Comment 48 Michal Hocko 2017-06-06 08:06:40 UTC 
Created attachment 727765 [details]
follow up fix
Comment 49 Swamp Workflow Management 2017-06-08 06:34:28 UTC 
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2017-06-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63658
Comment 52 Michal Hocko 2017-06-15 09:03:54 UTC 
Hugh Dickins has noticed that we over account total_vm with the gap and that breaks their init process which runs with ulimit -S -v 20000. I have a patch to address that but I assume more accounting anomalies because the current implementation of the stack gap is inherently prone to these errors all over the place (e.g. if we fix this then the unmap will get broken etc). I am not sure we want to play this whack a mole game and maybe it would be more reasonable to simply admit that the accounting is slightly weird. That being said we should probably document that the increased gap is accounted to the both mlock and AS limit so if somebody sees an unexpected ENOMEM from mmap then they should increase the limit by 1MB. Is that acceptable or we should go with fix attempts and still see potential and unexpected fallouts and more importantly a new resubmit?
Comment 53 Marcus Meissner 2017-06-16 07:47:22 UTC 
We can document that for now and do potential fix ups later.

We definitely should not take a resubmit, otherwise we will not make the deadline.
Comment 54 Marcus Meissner 2017-06-19 11:22:21 UTC 
What can make this happen:

- setting ulimits
- using argument / environment area which is allowed to grow very large in current kernels ( 2.6.23 or later I think. )

- memory leaks in relevant applications or the libraries they used that can be attacker controlled to get close to memory close to exhaustion. Qualys identified e.g.

  - sudo: the recursive device lookup kept structures in memory and collected more
     and could be tricked by a ever changing symlink maze in /dev/shm/

  - exim: /usr/sbin/exim parameter -p leaked a bit of memory and could be used multiple times and so leak as much memory as you could fit -p x arguments on the commandline.

  - other setuid tools or network services would need to be reviewed for memory leakage that could be used in such scenarios
Comment 55 Michal Hocko 2017-06-19 11:32:39 UTC 
(In reply to Marcus Meissner from comment #54)
> What can make this happen:
> 
> - setting ulimits
> - using argument / environment area which is allowed to grow very large in
> current kernels ( 2.6.23 or later I think. )
> 
> - memory leaks in relevant applications or the libraries they used that can
> be attacker controlled to get close to memory close to exhaustion. Qualys
> identified e.g.
> 
>   - sudo: the recursive device lookup kept structures in memory and
> collected more
>      and could be tricked by a ever changing symlink maze in /dev/shm/
> 
>   - exim: /usr/sbin/exim parameter -p leaked a bit of memory and could be
> used multiple times and so leak as much memory as you could fit -p x
> arguments on the commandline.
> 
>   - other setuid tools or network services would need to be reviewed for
> memory leakage that could be used in such scenarios

OK, thanks for the clarification. I was under impression that pre 2.6.23 were not vulnerable. That would be sles10. Has anybody tried to exploit sudo/exim on such an old code stream? Do we need cve/linux-2.6.16 backport today?
Comment 60 Marcus Meissner 2017-06-19 15:19:39 UTC 
This issue is now public:

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Comment 61 Bernhard Wiedemann 2017-06-19 16:01:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1039348) was mentioned in
https://build.opensuse.org/request/show/504823 42.2 / kernel-source
Comment 62 Swamp Workflow Management 2017-06-19 19:12:03 UTC 
SUSE-SU-2017:1613-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 1039348,979021
CVE References: CVE-2015-3288,CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.102.1, kernel-default-3.0.101-0.47.102.1, kernel-ec2-3.0.101-0.47.102.1, kernel-pae-3.0.101-0.47.102.1, kernel-source-3.0.101-0.47.102.1, kernel-syms-3.0.101-0.47.102.1, kernel-trace-3.0.101-0.47.102.1, kernel-xen-3.0.101-0.47.102.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.102.1, kernel-default-3.0.101-0.47.102.1, kernel-pae-3.0.101-0.47.102.1, kernel-ppc64-3.0.101-0.47.102.1, kernel-trace-3.0.101-0.47.102.1, kernel-xen-3.0.101-0.47.102.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.102.1, kernel-ec2-3.0.101-0.47.102.1, kernel-pae-3.0.101-0.47.102.1, kernel-source-3.0.101-0.47.102.1, kernel-syms-3.0.101-0.47.102.1, kernel-trace-3.0.101-0.47.102.1, kernel-xen-3.0.101-0.47.102.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.102.1, kernel-default-3.0.101-0.47.102.1, kernel-ec2-3.0.101-0.47.102.1, kernel-pae-3.0.101-0.47.102.1, kernel-trace-3.0.101-0.47.102.1, kernel-xen-3.0.101-0.47.102.1
Comment 63 Swamp Workflow Management 2017-06-19 19:13:37 UTC 
SUSE-SU-2017:1615-1: An update that solves one vulnerability and has one errata is now available.

Category: security (critical)
Bug References: 1039348,1042292
CVE References: CVE-2017-1000364
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.45.1, kernel-source-3.12.74-60.64.45.1, kernel-syms-3.12.74-60.64.45.1, kernel-xen-3.12.74-60.64.45.1, kgraft-patch-SLE12-SP1_Update_16-1-4.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.45.1, kernel-source-3.12.74-60.64.45.1, kernel-syms-3.12.74-60.64.45.1, kernel-xen-3.12.74-60.64.45.1, kgraft-patch-SLE12-SP1_Update_16-1-4.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.45.1, kernel-source-3.12.74-60.64.45.1, kernel-syms-3.12.74-60.64.45.1, kernel-xen-3.12.74-60.64.45.1, kgraft-patch-SLE12-SP1_Update_16-1-4.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.45.1
Comment 64 Swamp Workflow Management 2017-06-19 19:15:05 UTC 
SUSE-SU-2017:1617-1: An update that solves one vulnerability and has one errata is now available.

Category: security (critical)
Bug References: 1037384,1039348
CVE References: CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.59-92.20.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.59-92.20.3, kernel-obs-build-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.59-92.20.2, kernel-source-4.4.59-92.20.2, kernel-syms-4.4.59-92.20.2
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.59-92.20.2, kernel-source-4.4.59-92.20.2, kernel-syms-4.4.59-92.20.2
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_8-1-2.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.59-92.20.2, kernel-source-4.4.59-92.20.2, kernel-syms-4.4.59-92.20.2
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.59-92.20.2
Comment 65 Swamp Workflow Management 2017-06-19 19:15:38 UTC 
SUSE-SU-2017:1618-1: An update that solves one vulnerability and has one errata is now available.

Category: security (critical)
Bug References: 1039348,1042292
CVE References: CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.77.1, kernel-source-3.12.61-52.77.1, kernel-syms-3.12.61-52.77.1, kernel-xen-3.12.61-52.77.1, kgraft-patch-SLE12_Update_22-1-4.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.77.1, kernel-source-3.12.61-52.77.1, kernel-syms-3.12.61-52.77.1, kernel-xen-3.12.61-52.77.1, kgraft-patch-SLE12_Update_22-1-4.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.77.1
Comment 67 Marcus Meissner 2017-06-20 09:12:54 UTC 
On SLES 10 and SLES 11 SP1 you can adjust the stack guard page by:

echo 256 > /proc/sys/vm/heap-stack-gap

or permanently by adding into /etc/sysctl.conf

vm.heap-stack-gap = 256
Comment 68 Marcus Meissner 2017-06-20 15:30:28 UTC 
There was a regression report for the mainline kernel patch: 

https://lkml.org/lkml/2017/6/19/1515
Comment 69 Jiri Kosina 2017-06-20 21:37:20 UTC 
(In reply to Marcus Meissner from comment #68)
> There was a regression report for the mainline kernel patch: 
> 
> https://lkml.org/lkml/2017/6/19/1515

Also

   http://lkml.kernel.org/r/20170620075206.GB1909@uranus.lan

I don't think we're affected either way and the only known issue remains the errorneous accounting of the gap.
Comment 70 Swamp Workflow Management 2017-06-20 22:09:52 UTC 
SUSE-SU-2017:1628-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (critical)
Bug References: 1018074,1035920,1039348,1042921,1043234
CVE References: CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-104.7
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-104.2, kernel-default-3.0.101-104.2, kernel-ec2-3.0.101-104.2, kernel-pae-3.0.101-104.2, kernel-ppc64-3.0.101-104.2, kernel-source-3.0.101-104.2, kernel-syms-3.0.101-104.2, kernel-trace-3.0.101-104.2, kernel-xen-3.0.101-104.2
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-104.2, kernel-pae-3.0.101-104.2, kernel-ppc64-3.0.101-104.2, kernel-trace-3.0.101-104.2, kernel-xen-3.0.101-104.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-104.2, kernel-default-3.0.101-104.2, kernel-ec2-3.0.101-104.2, kernel-pae-3.0.101-104.2, kernel-ppc64-3.0.101-104.2, kernel-trace-3.0.101-104.2, kernel-xen-3.0.101-104.2
Comment 72 Swamp Workflow Management 2017-06-21 10:14:02 UTC 
openSUSE-SU-2017:1633-1: An update that solves four vulnerabilities and has 35 fixes is now available.

Category: security (important)
Bug References: 1012060,1012382,1012422,1012829,1015452,1022595,1031796,1032339,1036638,1037840,1038085,1039348,1039900,1040855,1041242,1041431,1041810,1042286,1042356,1042421,1042517,1042535,1042536,1042886,1043014,1043231,1043236,1043371,1043467,1043598,1043935,1044015,1044125,1044532,863764,966321,966339,971975,995542
CVE References: CVE-2017-1000364,CVE-2017-1000380,CVE-2017-7346,CVE-2017-9242
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.72-18.12.2, kernel-default-4.4.72-18.12.2, kernel-docs-4.4.72-18.12.3, kernel-obs-build-4.4.72-18.12.2, kernel-obs-qa-4.4.72-18.12.1, kernel-source-4.4.72-18.12.1, kernel-syms-4.4.72-18.12.1, kernel-vanilla-4.4.72-18.12.2
Comment 75 Michal Hocko 2017-06-22 12:15:54 UTC 
Created attachment 729853 [details]
follow up fix2

OK, so this has worked out and it fixes the regression reported in bug 1045340.

I think that we should go with this as another fast track for 3.0 and older based kernels. I will replace SLE12* implementation with the upstream solution.
Comment 82 Bernhard Wiedemann 2017-06-22 20:01:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1039348) was mentioned in
https://build.opensuse.org/request/show/505760 42.2 / kernel-source
Comment 83 Michal Hocko 2017-06-23 06:22:27 UTC 
(In reply to Michal Hocko from comment #75)
> Created attachment 729853 [details]
> follow up fix2
> 
> OK, so this has worked out and it fixes the regression reported in bug
> 1045340.
> 
> I think that we should go with this as another fast track for 3.0 and older
> based kernels. I will replace SLE12* implementation with the upstream
> solution.

FTR, Hugh and Ben are working on 3.2 backport. That should be quite close to 3.0 mmap code so I will try to backport that once they are finished. This would mean that we will be consistent with others. Which is always good.
Comment 84 Bernhard Wiedemann 2017-06-24 08:01:14 UTC 
This is an autogenerated message for OBS integration:
This bug (1039348) was mentioned in
https://build.opensuse.org/request/show/505992 42.2 / kernel-source
Comment 85 Swamp Workflow Management 2017-06-26 13:19:06 UTC 
openSUSE-SU-2017:1685-1: An update that solves one vulnerability and has 27 fixes is now available.

Category: security (important)
Bug References: 1015342,1022595,1027101,1037669,1039214,1039348,1040351,1040364,1040567,1040609,1042286,1042863,1043990,1044082,1044120,1044767,1044772,1044880,1045154,1045235,1045286,1045307,1045467,1045568,966170,966172,966191,990682
CVE References: CVE-2017-1000364
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.73-18.17.1, kernel-default-4.4.73-18.17.1, kernel-docs-4.4.73-18.17.2, kernel-obs-build-4.4.73-18.17.1, kernel-obs-qa-4.4.73-18.17.1, kernel-source-4.4.73-18.17.1, kernel-syms-4.4.73-18.17.1, kernel-vanilla-4.4.73-18.17.1
Comment 86 Andreas Osterburg 2017-06-26 20:04:00 UTC 
(In reply to Swamp Workflow Management from comment #85)
> openSUSE-SU-2017:1685-1: An update that solves one vulnerability and has 27
> fixes is now available.
> 
> Category: security (important)
> Bug References:
> 1015342,1022595,1027101,1037669,1039214,1039348,1040351,1040364,1040567,
> 1040609,1042286,1042863,1043990,1044082,1044120,1044767,1044772,1044880,
> 1045154,1045235,1045286,1045307,1045467,1045568,966170,966172,966191,990682
> CVE References: CVE-2017-1000364
> Sources used:
> openSUSE Leap 42.2 (src):    kernel-debug-4.4.73-18.17.1,
> kernel-default-4.4.73-18.17.1, kernel-docs-4.4.73-18.17.2,
> kernel-obs-build-4.4.73-18.17.1, kernel-obs-qa-4.4.73-18.17.1,
> kernel-source-4.4.73-18.17.1, kernel-syms-4.4.73-18.17.1,
> kernel-vanilla-4.4.73-18.17.1

Where is this update? It's not in the repo.
Comment 87 Marcus Meissner 2017-06-26 20:41:52 UTC 
there seems to be a publisher issue, the 42.2 repo was not refreshed since june 22nd. I contact the admin person.
Comment 92 Marcus Meissner 2017-07-10 07:45:41 UTC 
updates and regression fix updates were released, code seems stable currently
Comment 94 Swamp Workflow Management 2017-07-13 13:23:49 UTC 
SUSE-SU-2017:1853-1: An update that solves 15 vulnerabilities and has 162 fixes is now available.

Category: security (important)
Bug References: 1003581,1004003,1011044,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013561,1013887,1015342,1015452,1017461,1018885,1020412,1021424,1022266,1022595,1023287,1025461,1026570,1027101,1027512,1027974,1028217,1028310,1028340,1028883,1029607,1030057,1030070,1031040,1031142,1031147,1031470,1031500,1031512,1031555,1031717,1031796,1032141,1032339,1032345,1032400,1032581,1032803,1033117,1033281,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039214,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045467,1045568,1046105,1046434,1046589,799133,863764,922871,939801,966170,966172,966191,966321,966339,971975,988065,989311,990058,990682,993832,995542
CVE References: CVE-2017-1000365,CVE-2017-1000380,CVE-2017-7346,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.74-92.29.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.74-92.29.3, kernel-obs-build-4.4.74-92.29.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.74-92.29.1, kernel-source-4.4.74-92.29.1, kernel-syms-4.4.74-92.29.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.74-92.29.1, kernel-source-4.4.74-92.29.1, kernel-syms-4.4.74-92.29.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_10-1-4.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.74-92.29.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.74-92.29.1, kernel-source-4.4.74-92.29.1, kernel-syms-4.4.74-92.29.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.74-92.29.1
Comment 95 Swamp Workflow Management 2017-07-20 13:10:15 UTC 
SUSE-SU-2017:1903-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1039348,1039496,1045340,1045406
CVE References: CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_8-2-2.1
Comment 96 Swamp Workflow Management 2017-07-20 19:15:07 UTC 
SUSE-SU-2017:1912-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1039348,1039496,1045340,1045406
CVE References: CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kgraft-patch-SLE12_Update_22-2-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kgraft-patch-SLE12_Update_22-2-2.1
Comment 97 Swamp Workflow Management 2017-07-20 19:18:27 UTC 
SUSE-SU-2017:1915-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1039348,1039496,1045340,1045406
CVE References: CVE-2017-1000364
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kgraft-patch-SLE12-SP1_Update_16-2-2.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kgraft-patch-SLE12-SP1_Update_16-2-2.1
Comment 98 Swamp Workflow Management 2017-07-28 13:46:52 UTC 
SUSE-SU-2017:1990-1: An update that solves 43 vulnerabilities and has 282 fixes is now available.

Category: security (important)
Bug References: 1000092,1003077,1003581,1004003,1007729,1007959,1007962,1008842,1009674,1009718,1010032,1010612,1010690,1011044,1011176,1011913,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013001,1013561,1013792,1013887,1013994,1014120,1014136,1015342,1015367,1015452,1015609,1016403,1017164,1017170,1017410,1017461,1017641,1018100,1018263,1018358,1018385,1018419,1018446,1018813,1018885,1018913,1019061,1019148,1019163,1019168,1019260,1019351,1019594,1019614,1019618,1019630,1019631,1019784,1019851,1020048,1020214,1020412,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021424,1021455,1021474,1021762,1022181,1022266,1022304,1022340,1022429,1022476,1022547,1022559,1022595,1022785,1022971,1023101,1023175,1023287,1023762,1023866,1023884,1023888,1024015,1024081,1024234,1024508,1024938,1025039,1025235,1025461,1025683,1026024,1026405,1026462,1026505,1026509,1026570,1026692,1026722,1027054,1027066,1027101,1027153,1027179,1027189,1027190,1027195,1027273,1027512,1027565,1027616,1027974,1028017,1028027,1028041,1028158,1028217,1028310,1028325,1028340,1028372,1028415,1028819,1028883,1028895,1029220,1029514,1029607,1029634,1029986,1030057,1030070,1030118,1030213,1030573,1031003,1031040,1031052,1031142,1031147,1031200,1031206,1031208,1031440,1031470,1031500,1031512,1031555,1031579,1031662,1031717,1031796,1031831,1032006,1032141,1032339,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033287,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042200,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045340,1045467,1045568,1046105,1046434,1046589,799133,863764,870618,922871,951844,966170,966172,966191,966321,966339,968697,969479,969755,970083,971975,982783,985561,986362,986365,987192,987576,988065,989056,989311,990058,990682,991273,993832,995542,995968,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-4997,CVE-2016-4998,CVE-2016-7117,CVE-2016-9191,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-2671,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7346,CVE-2017-7374,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.74-7.10.1, kernel-rt_debug-4.4.74-7.10.1, kernel-source-rt-4.4.74-7.10.1, kernel-syms-rt-4.4.74-7.10.1
Comment 101 Swamp Workflow Management 2017-08-29 16:19:55 UTC 
SUSE-SU-2017:2286-1: An update that solves 8 vulnerabilities and has 150 fixes is now available.

Category: security (important)
Bug References: 1005778,1006180,1011913,1012829,1013887,1015337,1015342,1016119,1019151,1019695,1020645,1022476,1022600,1022604,1023175,1024346,1024373,1025461,1026570,1028173,1028286,1029693,1030552,1031515,1031717,1031784,1033587,1034075,1034113,1034762,1036215,1036632,1037344,1037404,1037838,1037994,1038078,1038616,1038792,1039153,1039348,1039915,1040307,1040347,1040351,1041958,1042257,1042286,1042314,1042422,1042778,1043261,1043347,1043520,1043598,1043652,1043805,1043912,1044112,1044443,1044623,1044636,1045154,1045293,1045330,1045404,1045563,1045596,1045709,1045715,1045866,1045922,1045937,1046105,1046170,1046434,1046651,1046655,1046682,1046821,1046985,1047027,1047048,1047096,1047118,1047121,1047152,1047174,1047277,1047343,1047354,1047418,1047506,1047595,1047651,1047653,1047670,1047802,1048146,1048155,1048221,1048317,1048348,1048356,1048421,1048451,1048501,1048891,1048912,1048914,1048916,1048919,1049231,1049289,1049298,1049361,1049483,1049486,1049603,1049619,1049645,1049706,1049882,1050061,1050188,1050211,1050320,1050322,1050677,1051022,1051048,1051059,1051239,1051399,1051471,1051478,1051479,1051556,1051663,1051689,1051979,1052049,1052223,1052311,1052325,1052365,1052442,1052533,1052709,1052773,1052794,1052899,1052925,1053043,1053117,964063,974215,998664
CVE References: CVE-2017-1000111,CVE-2017-1000112,CVE-2017-10810,CVE-2017-11473,CVE-2017-7533,CVE-2017-7541,CVE-2017-7542,CVE-2017-8831
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.82-6.3.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.82-6.3.5, kernel-obs-build-4.4.82-6.3.3
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.82-6.3.1, kernel-source-4.4.82-6.3.1, kernel-syms-4.4.82-6.3.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_1-1-2.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.82-6.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.82-6.3.1, kernel-source-4.4.82-6.3.1, kernel-syms-4.4.82-6.3.1
Comment 102 Swamp Workflow Management 2017-09-04 19:25:33 UTC 
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available.

Category: security (important)
Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245
CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1
Comment 103 Swamp Workflow Management 2017-10-30 18:27:45 UTC 
SUSE-SU-2017:2908-1: An update that solves 30 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1001459,1012985,1023287,1027149,1028217,1030531,1030552,1031515,1033960,1034405,1035531,1035738,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039348,1039354,1039456,1039721,1039864,1039882,1039883,1039885,1040069,1041160,1041429,1041431,1042696,1042832,1042863,1044125,1045327,1045487,1045922,1046107,1048275,1048788,1049645,1049882,1053148,1053152,1053317,1056588,1056982,1057179,1058410,1058507,1058524,1059863,1062471,1062520,1063667,1064388,856774,860250,863764,878240,922855,922871,986924,993099,994364
CVE References: CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.63.1
Comment 104 Swamp Workflow Management 2017-11-02 17:15:59 UTC 
SUSE-SU-2017:2920-1: An update that solves 36 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1008353,1012422,1017941,1029850,1030593,1032268,1034405,1034670,1035576,1035877,1036752,1037182,1037183,1037306,1037994,1038544,1038879,1038981,1038982,1039348,1039349,1039354,1039456,1039721,1039882,1039883,1039885,1040069,1041431,1041958,1044125,1045327,1045487,1045922,1046107,1047408,1048275,1049645,1049882,1052593,1053148,1053152,1056588,1056982,1057179,1058038,1058410,1058507,1058524,1062520,1063667,1064388,938162,975596,977417,984779,985562,990682
CVE References: CVE-2015-9004,CVE-2016-10229,CVE-2016-9604,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8106,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.101.1, kernel-source-3.12.61-52.101.1, kernel-syms-3.12.61-52.101.1, kernel-xen-3.12.61-52.101.1, kgraft-patch-SLE12_Update_28-1-8.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.101.1
Comment 105 Swamp Workflow Management 2018-04-25 19:07:48 UTC 
SUSE-SU-2018:1080-1: An update that solves 18 vulnerabilities and has 29 fixes is now available.

Category: security (important)
Bug References: 1010470,1013018,1039348,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087260,1087762,1088147,1088260,1089608,909077,940776,943786
CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2017-5715,CVE-2018-10087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.38.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.38.1, kernel-default-3.0.101-108.38.1, kernel-ec2-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-source-3.0.101-108.38.1, kernel-syms-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.38.1, kernel-default-3.0.101-108.38.1, kernel-ec2-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1
Comment 106 Swamp Workflow Management 2018-05-08 22:09:19 UTC 
SUSE-SU-2018:1172-1: An update that solves 20 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1010470,1039348,1052943,1062568,1062840,1063416,1067118,1072689,1072865,1078669,1078672,1078673,1078674,1080464,1080757,1082424,1083242,1083483,1083494,1084536,1085331,1086162,1087088,1087209,1087260,1087762,1088147,1088260,1089608,1089752,940776
CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-source-3.0.101-0.47.106.22.1, kernel-syms-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-ppc64-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-source-3.0.101-0.47.106.22.1, kernel-syms-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
Comment 107 Josef Cejka 2018-05-11 10:36:44 UTC 
*** Bug 1086310 has been marked as a duplicate of this bug. ***
Comment 108 Swamp Workflow Management 2018-05-16 19:11:45 UTC 
SUSE-SU-2018:1309-1: An update that solves 18 vulnerabilities and has 36 fixes is now available.

Category: security (important)
Bug References: 1010470,1013018,1032084,1039348,1050431,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087209,1087260,1087762,1088147,1088260,1089608,1089665,1089668,1089752,909077,940776,943786,951638
CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2018-10087,CVE-2018-10124,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.24.1, kernel-rt_trace-3.0.101.rt130-69.24.1, kernel-source-rt-3.0.101.rt130-69.24.1, kernel-syms-rt-3.0.101.rt130-69.24.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.24.1, kernel-rt_debug-3.0.101.rt130-69.24.1, kernel-rt_trace-3.0.101.rt130-69.24.1