880892 – (CVE-2014-3153) VUL-0: CVE-2014-3153: kernel: Exploitable futex vulnerability

Bug 880892 (CVE-2014-3153) - VUL-0: CVE-2014-3153: kernel: Exploitable futex vulnerability

Summary: VUL-0: CVE-2014-3153: kernel: Exploitable futex vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2014-3153

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Deadline:	2014-06-24
Assignee:	Jiri Kosina
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:57692:critical maint:re...
Keywords:	DSLA_REQUIRED

Depends on:
Blocks:

Clone This Bug

Reported:	2014-06-02 07:49 UTC by Johannes Segitz
Modified:	2018-10-19 18:23 UTC (History)
CC List:	13 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Updated patch for 593117: futex: Always cleanup owner tid in unlock_pi (4.71 KB, patch) 2014-06-06 08:31 UTC, Johannes Segitz	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2014-06-02 07:49:10 UTC

Created attachment 592933 [details]
Currently proposed patch

Via distros (From: Kees Cook <kees@outflux.net>). Embargoed, but no CRD currently available. Probably end of calendar week 23.

This vulnerability allows ring0 access via the futex syscall. The currently
proposed patch is attached. A reproducer will be attached later as we receive it.

>Original report:
> >----
> >The issue exists when after blocking in futex_wait_requeue_pi, q.rt_waiter
> >is NULL but &rt_waiter (on the stack) has been added to various waiter
> >lists by rt_mutex_start_proxy_lock.
> >
> >This is not supposed to be possible, because setting rt_waiter to NULL
> >indicates atomic acquisition. This is done by requeue_pi_wake_futex, which
> >is called by futex_requeue (FUTEX_CMP_REQUEUE_PI) in two cases where the
> >lock could be acquired immediately on behalf of some waiter rather than
> >blocking. Meanwhile, rt_mutex_start_proxy_lock is only called from the
> >bottom of futex_requeue, and only enqueues rt_waiter if the lock could not
> >be acquired immediately. Since any particular FUTEX_WAIT_REQUEUE_PI is only
> >supposed to be requeued once, those two possibilities should be mutually
> >exclusive.
> >
> >The requeue-once rule is enforced by only allowing requeueing to the futex
> >previously passed to futex_wait_requeue_pi as uaddr2, so it's not possible
> >to requeue from A to B, then from B to C - but it is possible to requeue
> >from B to B.
> >
> >When this happens, if (!q.rt_waiter) passes, so rt_mutex_finish_proxy_lock
> >is never called. (Also, AFAIK, free_pi_state is never called, which is true
> >even without this weird requeue; in the case where futex_requeue calls
> >requeue_pi_wake_futex directly, pi_state will sit around until it gets
> >cleaned up in exit_pi_state_list when the thread exits. This is not a
> >vulnerability.) futex_wait_requeue_pi exits, and various pointers to
> >rt_waiter become dangling.
> >---end-report---

Comment 12 Johannes Segitz 2014-06-03 12:57:27 UTC

Created attachment 593115 [details]
futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)

Comment 13 Johannes Segitz 2014-06-03 12:58:05 UTC

Created attachment 593116 [details]
futex: Validate atomic acquisition in futex_lock_pi_atomic()

Comment 14 Johannes Segitz 2014-06-03 12:58:36 UTC

Created attachment 593117 [details]
futex: Always cleanup owner tid in unlock_pi

Comment 15 Johannes Segitz 2014-06-03 12:59:07 UTC

Created attachment 593118 [details]
futex: Make lookup_pi_state more robust

Comment 16 Sebastian Krahmer 2014-06-04 06:06:41 UTC

Via distros:

Just for further clarification.

The first 2 patches address the CVE itself, but the poc code from kees
inspired me to write up two more interesting constructs, which make
use of the missing state checks in lookup_pi_state. After I
reimplemented the state checks in lookup_pi_state I found out, that
the stupid owner died handling in futex_unlock_pi caused existing user
space to fail, so I had to fix that up as well.

Thanks,

        Thomas

Comment 20 Swamp Workflow Management 2014-06-04 11:27:32 UTC

An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57668

Comment 24 Swamp Workflow Management 2014-06-04 12:59:08 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57685

Comment 25 SMASH SMASH 2014-06-04 13:35:15 UTC

Affected packages:

SLE-11-SP3: kernel-source
SLE-11-SP1-TERADATA: kernel-source

Comment 26 Swamp Workflow Management 2014-06-04 13:57:31 UTC

An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57692

Comment 27 Johannes Segitz 2014-06-04 18:30:42 UTC

issue is public 
http://article.gmane.org/gmane.linux.kernel.stable/92357

Comment 28 Marcus Meissner 2014-06-05 16:32:01 UTC

can be applied to all relevant branches now.

Comment 29 Jiri Kosina 2014-06-05 19:32:19 UTC

SLE11-SP3_EMBARGO merged into SLE11-SP3 and pushed out.

Comment 30 Jiri Kosina 2014-06-05 22:31:20 UTC

The two referenced patches should be enough to mitigate CVE PoC, but I am not 100% convinced that 866293ee from wouldn't be neede as well to achieve 100% correctness.

Adding Jiri Slaby so that this is handled via -stable and regular maintainance udpate properly.
Vlastimil pointed this thread out: http://seclists.org/oss-sec/2014/q2/468

Comment 31 Johannes Segitz 2014-06-06 08:31:25 UTC

Created attachment 593637 [details]
Updated patch for  593117: futex: Always cleanup owner tid in unlock_pi

Comment 34 Swamp Workflow Management 2014-06-10 19:49:30 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)

Comment 35 Swamp Workflow Management 2014-06-10 20:02:53 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)

Comment 36 Swamp Workflow Management 2014-06-10 21:04:24 UTC

Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)

Comment 37 Swamp Workflow Management 2014-06-10 22:47:43 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)

Comment 38 Swamp Workflow Management 2014-06-10 22:49:15 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)

Comment 39 Swamp Workflow Management 2014-06-10 23:50:23 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)

Comment 40 Swamp Workflow Management 2014-06-11 03:04:44 UTC

SUSE-SU-2014:0775-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-source-3.0.101-0.31.1, kernel-syms-3.0.101-0.31.1, kernel-trace-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.31.1, kernel-ec2-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-ppc64-3.0.101-0.31.1, kernel-source-3.0.101-0.31.1, kernel-syms-3.0.101-0.31.1, kernel-trace-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1, xen-4.2.4_02-0.7.33
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.69, gfs2-2-0.16.75, ocfs2-1.6-0.20.69
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-source-3.0.101-0.31.1, kernel-syms-3.0.101-0.31.1, kernel-trace-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1, xen-4.2.4_02-0.7.33
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.31.1, kernel-pae-3.0.101-0.31.1, kernel-ppc64-3.0.101-0.31.1, kernel-xen-3.0.101-0.31.1

Comment 41 Swamp Workflow Management 2014-06-11 03:05:43 UTC

Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)

Comment 42 Swamp Workflow Management 2014-06-11 03:06:28 UTC

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 43 Swamp Workflow Management 2014-06-11 03:06:48 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 44 Swamp Workflow Management 2014-06-11 03:07:09 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)

Comment 45 Swamp Workflow Management 2014-06-11 03:07:51 UTC

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 52 Jiri Kosina 2014-06-12 11:57:19 UTC

Patches 1 and 2 pushed to opensuse 12.3 and 13.1 as well.

Comment 53 Bernhard Wiedemann 2014-06-13 09:01:28 UTC

This is an autogenerated message for OBS integration:
This bug (880892) was mentioned in
https://build.opensuse.org/request/show/237091 13.1 / kernel-source
https://build.opensuse.org/request/show/237147 12.3 / kernel-source

Comment 54 Swamp Workflow Management 2014-06-13 20:46:00 UTC

Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-RT 11-SP3 (x86_64)

Comment 55 Swamp Workflow Management 2014-06-14 00:04:31 UTC

SUSE-SU-2014:0796-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.69, drbd-kmp-8.4.4-0.22.35, iscsitarget-1.4.20-0.38.54, kernel-rt-3.0.101.rt130-0.18.1, kernel-rt_trace-3.0.101.rt130-0.18.1, kernel-source-rt-3.0.101.rt130-0.18.1, kernel-syms-rt-3.0.101.rt130-0.18.1, lttng-modules-2.1.1-0.11.47, ocfs2-1.6-0.20.69, ofed-1.5.4.1-0.13.60

Comment 56 Swamp Workflow Management 2014-06-17 11:19:01 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57888

Comment 57 Swamp Workflow Management 2014-06-17 18:50:27 UTC

Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-SERVER 11-SP1-LTSS (i386)

Comment 58 Swamp Workflow Management 2014-06-17 18:57:03 UTC

Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-SERVER 11-SP1-LTSS (s390x)

Comment 59 Swamp Workflow Management 2014-06-17 19:52:20 UTC

Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-SERVER 11-SP1-LTSS (x86_64)

Comment 60 Swamp Workflow Management 2014-06-17 23:10:57 UTC

SUSE-SU-2014:0807-1: An update that solves 17 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 630970,661605,663516,761774,792407,852553,852967,854634,854743,856756,857643,863335,865310,866102,868049,868488,868653,869563,871561,873070,874108,875690,875798,876102,878289,880892
CVE References: CVE-2012-6647,CVE-2013-6382,CVE-2013-6885,CVE-2013-7027,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7339,CVE-2014-0101,CVE-2014-0196,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2678,CVE-2014-3122,CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    btrfs-0-0.3.163, ext4dev-0-7.9.130, hyper-v-0-0.18.39, kernel-default-2.6.32.59-0.13.1, kernel-ec2-2.6.32.59-0.13.1, kernel-pae-2.6.32.59-0.13.1, kernel-source-2.6.32.59-0.13.1, kernel-syms-2.6.32.59-0.13.1, kernel-trace-2.6.32.59-0.13.1, kernel-xen-2.6.32.59-0.13.1
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.13.1, kernel-pae-2.6.32.59-0.13.1, kernel-xen-2.6.32.59-0.13.1

Comment 61 Swamp Workflow Management 2014-06-17 23:13:07 UTC

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 62 Swamp Workflow Management 2014-06-17 23:14:18 UTC

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 63 Swamp Workflow Management 2014-06-17 23:17:04 UTC

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 64 Swamp Workflow Management 2014-06-24 14:48:28 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (x86_64)
SLE-SERVER 11-SP2-LTSS (x86_64)

Comment 65 Swamp Workflow Management 2014-06-24 18:04:24 UTC

SUSE-SU-2014:0837-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.21.1, kernel-ec2-3.0.101-0.7.21.1, kernel-source-3.0.101-0.7.21.1, kernel-syms-3.0.101-0.7.21.1, kernel-trace-3.0.101-0.7.21.1, kernel-xen-3.0.101-0.7.21.1, xen-4.1.6_06-0.5.16
SLE 11 SERVER Unsupported Extras (src):    ext4-writeable-0-0.14.103, kernel-default-3.0.101-0.7.21.1, kernel-pae-3.0.101-0.7.21.1, kernel-xen-3.0.101-0.7.21.1

Comment 66 Swamp Workflow Management 2014-06-24 18:05:02 UTC

Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Comment 67 Swamp Workflow Management 2014-06-24 18:05:23 UTC

Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-trace, kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

Comment 68 Swamp Workflow Management 2014-06-24 18:05:43 UTC

Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-pae, ext4-writeable-kmp-trace, ext4-writeable-kmp-xen, kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Comment 69 Swamp Workflow Management 2014-06-24 18:52:45 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (s390x)
SLE-SERVER 11-SP2-LTSS (s390x)

Comment 70 Swamp Workflow Management 2014-06-24 18:57:15 UTC

Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP2 (i386)
SLE-SERVER 11-SP2-LTSS (i386)

Comment 71 Swamp Workflow Management 2014-06-24 22:05:03 UTC

SUSE-SU-2014:0837-2: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880892
CVE References: CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.21.1, kernel-ec2-3.0.101-0.7.21.1, kernel-pae-3.0.101-0.7.21.1, kernel-source-3.0.101-0.7.21.1, kernel-syms-3.0.101-0.7.21.1, kernel-trace-3.0.101-0.7.21.1, kernel-xen-3.0.101-0.7.21.1, xen-4.1.6_06-0.5.16

Comment 72 Swamp Workflow Management 2014-06-25 07:10:14 UTC

openSUSE-SU-2014:0840-1: An update that solves 9 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 851338,858067,868315,869563,870173,870576,871561,872715,873374,876102,876981,877257,877713,877721,878115,878274,879258,879792,880599,880613,880892,881697,881727,882648
CVE References: CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3144,CVE-2014-3145,CVE-2014-3153
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.10.1, crash-7.0.2-2.10.9, hdjmod-1.28-16.10.1, ipset-6.21.1-2.14.1, iscsitarget-1.4.20.3-13.10.1, kernel-docs-3.11.10-17.6, kernel-source-3.11.10-17.2, kernel-syms-3.11.10-17.1, ndiswrapper-1.58-10.1, pcfclock-0.44-258.10.1, vhba-kmp-20130607-2.11.1, virtualbox-4.2.18-2.15.2, xen-4.3.2_01-18.2, xtables-addons-2.3-2.10.1

Comment 73 Bernhard Wiedemann 2014-06-25 20:00:13 UTC

This is an autogenerated message for OBS integration:
This bug (880892) was mentioned in
https://build.opensuse.org/request/show/238697 Evergreen:11.4 / kernel-trace+kernel-pae+kernel-desktop+kernel-syms+kernel-docs+kernel-source+kernel-debug+kernel-xen+kernel-default+kernel-ec2+kernel-vanilla+preload+kernel-vmi

Comment 74 Swamp Workflow Management 2014-07-01 10:06:03 UTC

openSUSE-SU-2014:0856-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 869563,870173,870576,871561,873374,876102,878274,880892
CVE References: CVE-2013-7339,CVE-2014-0055,CVE-2014-0077,CVE-2014-2678,CVE-2014-2851,CVE-2014-3122,CVE-2014-3153
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.36.2, kernel-source-3.7.10-1.36.1, kernel-syms-3.7.10-1.36.1

Comment 75 Swamp Workflow Management 2014-07-08 18:04:45 UTC

openSUSE-SU-2014:0878-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 877775,880892
CVE References: CVE-2014-3153
Sources used:
openSUSE 11.4 (src):    kernel-docs-3.0.101-87.2, kernel-source-3.0.101-87.1, kernel-syms-3.0.101-87.1, preload-1.2-6.65.1

Comment 76 Marcus Meissner 2014-07-17 08:35:08 UTC

I think we released everything.

Comment 77 Michal Hocko 2014-09-15 12:27:04 UTC

It seems that the original fix introduced a new issue fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13c42c2f43b19aab3195f2d357db00d1e885eaa8.

Comment 79 Michal Hocko 2014-09-15 13:06:33 UTC

pushed to SLE11-SP1-TD branch.

Comment 80 Davidlohr Bueso 2014-09-18 14:16:37 UTC

pushed fix to SLE11-SP3
pushed fix to SLE12

Comment 82 Swamp Workflow Management 2014-10-22 23:14:59 UTC

SUSE-SU-2014:1319-1: An update that solves 13 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 774818,806990,816708,826486,832309,833820,849123,855657,859840,860441,860593,863586,866130,866615,866864,866911,869055,869934,870161,871134,871797,876017,876055,876114,876590,879304,879921,880344,880370,880892,881051,881759,882317,882639,882804,882900,883096,883376,883518,883724,884333,884582,884725,884767,885262,885382,885422,885509,886840,887082,887418,887503,887608,887645,887680,888058,888105,888591,888607,888847,888849,888968,889061,889173,889451,889614,889727,890297,890426,890513,890526,891087,891259,891281,891619,891746,892200,892490,892723,893064,893496,893596,894200,895221,895608,895680,895983,896689
CVE References: CVE-2013-1979,CVE-2014-1739,CVE-2014-2706,CVE-2014-3153,CVE-2014-4027,CVE-2014-4171,CVE-2014-4508,CVE-2014-4667,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.40.1, kernel-ec2-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-ppc64-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1, xen-4.2.4_04-0.7.3
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.99, drbd-kmp-8.4.4-0.22.65, iscsitarget-1.4.20-0.38.84, kernel-rt-3.0.101.rt130-0.28.1, kernel-rt_trace-3.0.101.rt130-0.28.1, kernel-source-rt-3.0.101.rt130-0.28.1, kernel-syms-rt-3.0.101.rt130-0.28.1, lttng-modules-2.1.1-0.11.75, ocfs2-1.6-0.20.99, ofed-1.5.4.1-0.13.90
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.98, gfs2-2-0.16.104, ocfs2-1.6-0.20.98
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1, xen-4.2.4_04-0.7.3
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-ppc64-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1

Comment 83 Swamp Workflow Management 2015-01-16 13:07:40 UTC

SUSE-SU-2015:0068-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 851603,853040,860441,862957,863526,870498,873228,874025,877622,879255,880767,880892,881085,883139,887046,887382,887418,889295,889297,891259,891619,892254,892612,892650,892860,893454,894057,894863,895221,895387,895468,895680,895983,896391,897101,897736,897770,897912,898234,898297,899192,899489,899551,899785,899787,899908,900126,901090,901774,901809,901925,902010,902016,902346,902893,902898,903279,903307,904013,904077,904115,904354,904871,905087,905100,905296,905758,905772,907818,908184,909077,910251,910697
CVE References: CVE-2013-6405,CVE-2014-3185,CVE-2014-3610,CVE-2014-3611,CVE-2014-3647,CVE-2014-3673,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.32-33.3, kernel-obs-build-3.12.32-33.1
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1

Comment 84 Marcus Meissner 2015-01-16 13:23:00 UTC

reclose

Comment 85 Swamp Workflow Management 2015-03-11 19:08:46 UTC

SUSE-SU-2015:0481-1: An update that solves 34 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 771619,779488,833588,835839,847652,857643,864049,865442,867531,867723,870161,875051,876633,880892,883096,883948,887082,892490,892782,895680,896382,896390,896391,896392,897995,898693,899192,901885,902232,902346,902349,902351,902675,903640,904013,904700,905100,905312,905799,906586,907189,907338,907396,909078,912654,912705,915335
CVE References: CVE-2012-4398,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-2929,CVE-2013-7263,CVE-2014-0131,CVE-2014-0181,CVE-2014-2309,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-4943,CVE-2014-5471,CVE-2014-5472,CVE-2014-7826,CVE-2014-7841,CVE-2014-7842,CVE-2014-8134,CVE-2014-8369,CVE-2014-8559,CVE-2014-8709,CVE-2014-9584,CVE-2014-9585
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.29.1, kernel-ec2-3.0.101-0.7.29.1, kernel-pae-3.0.101-0.7.29.1, kernel-source-3.0.101-0.7.29.1, kernel-syms-3.0.101-0.7.29.1, kernel-trace-3.0.101-0.7.29.1, kernel-xen-3.0.101-0.7.29.1, xen-4.1.6_08-0.5.19
SLE 11 SERVER Unsupported Extras (src):    ext4-writeable-0-0.14.142, kernel-default-3.0.101-0.7.29.1, kernel-pae-3.0.101-0.7.29.1, kernel-xen-3.0.101-0.7.29.1

Comment 86 Swamp Workflow Management 2015-03-21 14:08:10 UTC

openSUSE-SU-2015:0566-1: An update that solves 38 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 771619,778463,833588,835839,847652,853040,864049,865442,867531,867723,870161,875051,876633,880892,883096,883724,883948,887082,892490,892782,895680,896382,896390,896391,896392,897995,898693,899192,901885,902232,902346,902349,902351,902675,903640,904013,904700,905100,905312,905799,906586,907189,907338,907396,907818,909077,909078,910251,912654,912705,915335
CVE References: CVE-2012-4398,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-2929,CVE-2013-7263,CVE-2014-0131,CVE-2014-0181,CVE-2014-2309,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5471,CVE-2014-5472,CVE-2014-7826,CVE-2014-7841,CVE-2014-7842,CVE-2014-8133,CVE-2014-8134,CVE-2014-8369,CVE-2014-8559,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322,CVE-2014-9584,CVE-2014-9585
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-docs-3.0.101-99.2, kernel-source-3.0.101-99.1, kernel-syms-3.0.101-99.1, preload-1.2-6.77.1