Bug 760902 (CVE-2012-2319) - VUL-1: CVE-2012-2319: kernel: hfsplus: mounting crafted filesystem can cause code execution
Summary: VUL-1: CVE-2012-2319: kernel: hfsplus: mounting crafted filesystem can cause ...
Status: RESOLVED FIXED
Alias: CVE-2012-2319
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Deadline: 2013-11-20
Assignee: Jiri Kosina
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle10-sp4:47604 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-07 09:15 UTC by Marcus Meissner
Modified: 2015-04-30 19:09 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-05-07 09:15:24 UTC 
is public, via oss-sec

The Linux kernel (at least 3.x <= 3.3.4 and 2.6.x <= 2.6.35.13) contains
a vulnerability in the driver for HFS plus file systems that may be
exploited for code execution or privilege escalation.

A specially-crafted HFS plus filesystem can cause a buffer overflow via
the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c). The functions

        hfsplus_rename_cat() (in fs/hfsplus/catalog.c) and
        hfsplus_readdir() (in fs/hfsplus/dir.c)

call hfs_bnode_read() with values that result in a memcpy() call with a
fixed-length destination buffer and both, a source buffer and length,
that are read from the filesystem without sufficient validation.

The buffer overflows were previously fixed in the HFS filesystem driver
and have been assigned CVE-2009-4020 (commit
ec81aecb29668ad71f699f4e7b96ec46691895b6 [1]).
Commit 6f24f892871acc47b40dd594c63606a17c714f77 ("hfsplus: fix a
potential buffer overflow") [2] also fixes the issue in the HFS plus
filesystem driver.

[1] http://git.kernel.org/linus/ec81aecb29668ad71f699f4e7b96ec46691895b6
[2] http://git.kernel.org/linus/6f24f892871acc47b40dd594c63606a17c714f77
Comment 1 Marcus Meissner 2012-05-07 16:13:21 UTC 
CVE-2012-2319
Comment 2 Swamp Workflow Management 2012-05-07 22:00:11 UTC 
bugbot adjusting priority
Comment 3 Michal Hocko 2012-05-10 08:26:56 UTC 
Applied to SLES9-SP3-TD, SLES10-SP3-TD and SLE11-SP1-TD branches.
Comment 4 Marcus Meissner 2012-05-15 13:19:59 UTC 
is in 3.0.31, so fixed in SLE 11 SP2 via stable.
Comment 6 Jiri Kosina 2012-05-25 13:26:40 UTC 
commit f163908f94e7931f779a20efc797ca755844480d
Author: Jiri Kosina <jkosina@suse.cz>
Date:   Fri May 25 15:15:50 2012 +0200

    - patches.fixes/hfsplus-fix-potential-buffer-overflow.patch:
      hfsplus: Fix potential buffer overflows (bnc#760902
      CVE-2009-4020).


pushed to SLE10 SP4 branch. Closing.
Comment 7 Swamp Workflow Management 2012-05-31 13:52:12 UTC 
The SWAMPID for this issue is 47597.
This issue was rated as important.
Please submit fixed packages until 2012-06-07.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 8 Marcus Meissner 2012-06-04 07:31:52 UTC 
Umm, Jiri ... SLE11-SP1, SLERT11-SP1, SLERT10-SP3 and openSUSE * are missing fixes
still I think.
Comment 9 Jiri Kosina 2012-06-04 15:17:08 UTC 
Mea culpa, thanks for spotting it. Pushed out to appropriate branches, closing again.
Comment 10 Marcus Meissner 2012-06-14 09:03:23 UTC 
We have just released a SUSE Linux Enterprise 10 SP4 kernel update that fixes/mentions this bug. The released version was 2.6.16.60-0.97.1.
Comment 11 Swamp Workflow Management 2012-06-14 11:32:04 UTC 
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo
Products:
SLE-DEBUGINFO 10-SP4 (i386)
SLE-DESKTOP 10-SP4 (i386)
SLE-SDK 10-SP4 (i386)
SLE-SERVER 10-SP4 (i386)
Comment 12 Swamp Workflow Management 2012-06-14 11:50:29 UTC 
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 10-SP4 (ia64)
SLE-SDK 10-SP4 (ia64)
SLE-SERVER 10-SP4 (ia64)
Comment 13 Swamp Workflow Management 2012-06-14 12:16:36 UTC 
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo
Products:
SLE-DEBUGINFO 10-SP4 (x86_64)
SLE-DESKTOP 10-SP4 (x86_64)
SLE-SDK 10-SP4 (x86_64)
SLE-SERVER 10-SP4 (x86_64)
Comment 14 Swamp Workflow Management 2012-06-14 12:34:21 UTC 
Update released for: kernel-default, kernel-default-debuginfo, kernel-iseries64, kernel-iseries64-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-ppc64, kernel-ppc64-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 10-SP4 (ppc)
SLE-SDK 10-SP4 (ppc)
SLE-SERVER 10-SP4 (ppc)
Comment 15 Swamp Workflow Management 2012-06-14 12:41:08 UTC 
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms
Products:
SLE-DEBUGINFO 10-SP4 (s390x)
SLE-SERVER 10-SP4 (s390x)
Comment 16 Swamp Workflow Management 2012-06-22 09:13:17 UTC 
openSUSE-SU-2012:0781-1: An update that solves 7 vulnerabilities and has 23 fixes is now available.

Category: security (moderate)
Bug References: 700174,716996,731720,732006,735362,736268,745929,747038,747404,748463,748859,752460,754186,756840,757783,757789,758243,758260,758813,759545,759554,760077,760279,760860,760902,761681,762991,762992,765102,765320
CVE References: CVE-2009-4020,CVE-2011-3347,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2373,CVE-2012-2663
Sources used:
openSUSE 12.1 (src):    kernel-docs-3.1.10-1.13.2, kernel-source-3.1.10-1.13.1, kernel-syms-3.1.10-1.13.1
Comment 17 Swamp Workflow Management 2012-06-28 08:17:47 UTC 
openSUSE-SU-2012:0799-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (moderate)
Bug References: 466279,651219,653260,655696,676204,681186,681639,683671,689860,703410,707332,711941,713430,714455,717209,717749,721366,726045,726600,729247,730118,731673,732908,737624,738644,740448,740703,740745,744658,745832,746980,747038,747660,748859,749569,750079,750959,756203,756840,757278,758243,758260,758813,759545,760902,765102,765320
CVE References: CVE-2009-4020,CVE-2010-3873,CVE-2010-4164,CVE-2010-4249,CVE-2011-1083,CVE-2011-1173,CVE-2011-2517,CVE-2011-2700,CVE-2011-2909,CVE-2011-2928,CVE-2011-3619,CVE-2011-3638,CVE-2011-4077,CVE-2011-4086,CVE-2011-4330,CVE-2012-0038,CVE-2012-0044,CVE-2012-0207,CVE-2012-1090,CVE-2012-1097,CVE-2012-1146,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2663
Sources used:
openSUSE 11.4 (src):    kernel-docs-2.6.37.6-0.20.2, kernel-source-2.6.37.6-0.20.1, kernel-syms-2.6.37.6-0.20.1, preload-1.2-6.17.1
Comment 18 Swamp Workflow Management 2012-07-03 12:13:16 UTC 
openSUSE-SU-2012:0812-1: An update that solves 7 vulnerabilities and has 27 fixes is now available.

Category: security (moderate)
Bug References: 700174,716996,731537,731720,732006,735362,736268,745929,747038,747404,748463,748859,752460,754186,756840,757783,757789,758243,758260,758813,759545,759554,760077,760279,760860,760902,760974,761681,762991,762992,764864,765102,765320,767786
CVE References: CVE-2009-4020,CVE-2011-3347,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2373,CVE-2012-2663
Sources used:
openSUSE 12.1 (src):    kernel-docs-3.1.10-1.16.2, kernel-source-3.1.10-1.16.1, kernel-syms-3.1.10-1.16.1
Comment 19 Swamp Workflow Management 2012-07-03 18:09:49 UTC 
The SWAMPID for this issue is 48129.
This issue was rated as important.
Please submit fixed packages until 2012-07-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 20 Swamp Workflow Management 2012-07-06 12:09:44 UTC 
Update released for: kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 21 Swamp Workflow Management 2012-07-13 00:09:17 UTC 
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 22 Swamp Workflow Management 2012-07-17 14:32:39 UTC 
The SWAMPID for this issue is 48337.
This issue was rated as low.
Please submit fixed packages until 2012-08-14.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/48337
Comment 23 Swamp Workflow Management 2012-07-20 13:09:03 UTC 
Update released for: kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 24 Marcus Meissner 2012-07-23 14:46:18 UTC 
A kernel update for SUSE Linux Enterprise 11 SP1 was just released that mentions/fixes this bug. The released kernel version is 2.6.32.59-0.7.1.
Comment 25 Swamp Workflow Management 2012-07-23 16:55:54 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-ppc64, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-ppc64, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (ppc64)
SLE-HAE 11-SP1 (ppc64)
SLE-SERVER 11-SP1 (ppc64)
Comment 26 Swamp Workflow Management 2012-07-23 17:25:51 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-DESKTOP 11-SP1 (i386)
SLE-HAE 11-SP1 (i386)
SLE-SERVER 11-SP1 (i386)
SLES4VMWARE 11-SP1 (i386)
Comment 27 Swamp Workflow Management 2012-07-23 17:39:48 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (ia64)
SLE-HAE 11-SP1 (ia64)
SLE-SERVER 11-SP1 (ia64)
Comment 28 Swamp Workflow Management 2012-07-23 17:59:26 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-DESKTOP 11-SP1 (x86_64)
SLE-HAE 11-SP1 (x86_64)
SLE-SERVER 11-SP1 (x86_64)
SLES4VMWARE 11-SP1 (x86_64)
Comment 29 Swamp Workflow Management 2012-07-23 18:11:54 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-HAE 11-SP1 (s390x)
SLE-SERVER 11-SP1 (s390x)
Comment 30 Swamp Workflow Management 2012-07-23 22:09:32 UTC 
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 31 Swamp Workflow Management 2012-07-23 22:12:51 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 32 Swamp Workflow Management 2012-07-23 22:13:43 UTC 
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 33 Swamp Workflow Management 2012-07-23 22:20:38 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 34 Swamp Workflow Management 2012-08-29 15:53:52 UTC 
Update released for: brocade-bna-kmp-rt, cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-source-rt, kernel-syms-rt, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt
Products:
SLE-RT 11-SP1 (x86_64)
Comment 35 Swamp Workflow Management 2012-11-05 09:20:11 UTC 
openSUSE-SU-2012:1439-1: An update that solves 26 vulnerabilities and has 28 fixes is now available.

Category: security (moderate)
Bug References: 466279,651219,653260,655696,676204,681186,681639,683671,689860,703410,707332,711941,713430,714455,717209,717749,721366,726045,726600,729247,730118,731673,732908,734056,737624,738644,740448,740703,740745,744658,745832,746980,747038,747660,748859,749569,750079,750959,755546,756203,756840,757278,758243,758260,758813,759545,760902,765102,765320,769408,769784,769896,774285,781134
CVE References: CVE-2009-4020,CVE-2010-3873,CVE-2010-4164,CVE-2010-4249,CVE-2011-1083,CVE-2011-1173,CVE-2011-2517,CVE-2011-2700,CVE-2011-2909,CVE-2011-2928,CVE-2011-3619,CVE-2011-3638,CVE-2011-4077,CVE-2011-4086,CVE-2011-4110,CVE-2011-4330,CVE-2012-0038,CVE-2012-0044,CVE-2012-0207,CVE-2012-1090,CVE-2012-1097,CVE-2012-1146,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2663
Sources used:
openSUSE 11.4 (src):    kernel-docs-2.6.37.6-24.2, kernel-source-2.6.37.6-24.1, kernel-syms-2.6.37.6-24.1, preload-1.2-6.19.1
Comment 36 Swamp Workflow Management 2013-11-06 14:39:27 UTC 
The SWAMPID for this issue is 54954.
This issue was rated as moderate.
Please submit fixed packages until 2013-11-20.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 37 Swamp Workflow Management 2013-12-06 23:50:53 UTC 
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms
Products:
SLE-DEBUGINFO 10-SP3 (s390x)
SLE-SERVER 10-SP3-LTSS (s390x)
Comment 38 Swamp Workflow Management 2013-12-07 01:45:40 UTC 
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo
Products:
SLE-DEBUGINFO 10-SP3 (i386)
SLE-SERVER 10-SP3-LTSS (i386)
Comment 39 Swamp Workflow Management 2015-04-30 19:09:24 UTC 
SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available.

Category: security (important)
Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325
CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1