Bugzilla – Bug 951440
VUL-0: CVE-2015-7872: kernel: Keyrings crash triggerable by unprivileged user
Last modified: 2018-01-26 23:38:04 UTC
Via RH: A vulnerability in keyrings garbage collector allowing any user to trigger an oops was found. Problem arrises when using request_key() or keyctl request2. Reproducer: i=`keyctl add user a a @s` keyctl request2 keyring foo bar @t keyctl unlink $i @s This code sequence tries to invoke an upcall to instantiate a keyring if one doesn't already exist by that name within the user's keyring set. However, if the upcall fails, the code sets keyring->type_data.reject_error to -ENOKEY or some other error code. When the key is garbage collected, the key destroy function is called unconditionally and keyring_destroy() uses list_empty() on keyring->type_data.link - which is in a union with reject_error. Subsequently, the kernel tries to unlink the keyring from the keyring names list, which leads to an oops. Affected versions of kernel are anything since v2.6.39-rc1. http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c This command sequence: i=`keyctl add user a a @s` keyctl request2 keyring foo bar @t keyctl unlink $i @s Will cause the keyrings garbage collector to crash because the keyring_destroy() function sees the cached error code in the key as a pointer to its name, resulting in an oops that looks like the following. Note the value in RAX that is -ENOKEY as a 32-bit value. BUG: unable to handle kernel paging request at 00000000ffffff8a IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88 PGD 0 Oops: 0002 [#1] SMP Modules linked in: CPU: 0 PID: 1201 Comm: kworker/0:2 Tainted: G W 4.3.0-rc2-fsdevel #456 Hardware name: /DG965RY, BIOS MQ96510J.86A.0816.2006.0716.2308 07/16/2006 Workqueue: events key_garbage_collector task: ffff88003bfc6200 ti: ffff88003e2f0000 task.ti: ffff88003e2f0000 RIP: 0010:[<ffffffff8126e051>] [<ffffffff8126e051>] keyring_destroy+0x3d/0x88 RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203 RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40 RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000 R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900 R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000 FS: 0000000000000000(0000) GS:ffff88003da00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0 Stack: ffff88003bf1a908 ffff88003e2f3d58 ffffffff8126c756 00000000561fc960 7fffffffffffffff ffff88003e2f3da0 ffffffff8126ca71 ffff88003bf1a400 ffff88003e1fd4c0 ffff88003e2f3cd0 ffffffff81a73720 ffff88003da14f80 Call Trace: [<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f [<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351 [<ffffffff8105ec9b>] process_one_work+0x28e/0x547 [<ffffffff8105fd17>] worker_thread+0x26e/0x361 [<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8 [<ffffffff810648ad>] kthread+0xf3/0xfb [<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2 [<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70 [<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2 References: https://bugzilla.redhat.com/show_bug.cgi?id=1272371 https://bugzilla.redhat.com/show_bug.cgi?id=1272172 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7872 http://seclists.org/oss-sec/2015/q4/112 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7872.html
bugbot adjusting priority
Created attachment 652893 [details] KEYS: Fix race between key destruction and finding a keyring by name There appears to be a race between: (1) key_gc_unused_keys() which frees key->security and then calls keyring_destroy() to unlink the name from the name list (2) find_keyring_by_name() which calls key_permission(), thus accessing key->security, on a key before checking to see whether the key usage is 0 (ie. the key is dead and might be cleaned up). Fix this by calling ->destroy() before cleaning up the core key data - including key->security.
Created attachment 652894 [details] KEYS: Don't permit request_key() to construct a new keyring If request_key() is used to find a keyring, only do the search part - don't do the construction part if the keyring was not found by the search. We don't really want keyrings in the negative instantiated state since the rejected/negative instantiation error value in the payload is unioned with keyring metadata. Now the kernel gives an error: request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
Created attachment 652895 [details] KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring The following sequence of commands: i=`keyctl add user a a @s` keyctl request2 keyring foo bar @t keyctl unlink $i @s tries to invoke an upcall to instantiate a keyring if one doesn't already exist by that name within the user's keyring set. However, if the upcall fails, the code sets keyring->type_data.reject_error to -ENOKEY or some other error code. When the key is garbage collected, the key destroy function is called unconditionally and keyring_destroy() uses list_empty() on keyring->type_data.link - which is in a union with reject_error. Subsequently, the kernel tries to unlink the keyring from the keyring names list - which oopses like this: BUG: unable to handle kernel paging request at 00000000ffffff8a IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88 ... Workqueue: events key_garbage_collector ... RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88 RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203 RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40 RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000 R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900 R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000 ... ... CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0 ... Call Trace: [<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f [<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351 [<ffffffff8105ec9b>] process_one_work+0x28e/0x547 [<ffffffff8105fd17>] worker_thread+0x26e/0x361 [<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8 [<ffffffff810648ad>] kthread+0xf3/0xfb [<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2 [<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70 [<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2 Note the value in RAX. This is a 32-bit representation of -ENOKEY. The solution is to only call ->destroy() if the key was successfully instantiated.
Patches applied to openSUSE 13.1 and openSUSE 13.2. HEAD will get it on Sunday automatically.
I cherry-picked these fixes to openSUSE-42.1 branch, too.
I am backporting patches to SLE11 and SLE12.
This is an autogenerated message for OBS integration: This bug (951440) was mentioned in https://build.opensuse.org/request/show/340964 Leap:42.1 / kernel-source
openSUSE-SU-2015:1842-1: An update that solves 7 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 919154,926238,937969,938645,939834,940338,941104,941305,941867,942178,944296,947155,951195,951440 CVE References: CVE-2015-0272,CVE-2015-1333,CVE-2015-2925,CVE-2015-3290,CVE-2015-5283,CVE-2015-5707,CVE-2015-7872 Sources used: openSUSE 13.2 (src): bbswitch-0.8-3.13.2, cloop-2.639-14.13.2, crash-7.0.8-13.2, hdjmod-1.28-18.14.2, ipset-6.23-13.2, kernel-debug-3.16.7-29.1, kernel-default-3.16.7-29.1, kernel-desktop-3.16.7-29.1, kernel-docs-3.16.7-29.3, kernel-ec2-3.16.7-29.1, kernel-obs-build-3.16.7-29.2, kernel-obs-qa-3.16.7-29.1, kernel-obs-qa-xen-3.16.7-29.1, kernel-pae-3.16.7-29.1, kernel-source-3.16.7-29.1, kernel-syms-3.16.7-29.1, kernel-vanilla-3.16.7-29.1, kernel-xen-3.16.7-29.1, pcfclock-0.44-260.13.2, vhba-kmp-20140629-2.13.2, xen-4.4.2_06-27.2, xtables-addons-2.6-13.2
(In reply to Joey Lee from comment #8) > I am backporting patches to SLE11 and SLE12. Any news here? I do not see anything in cve/linux-3.0 branch. I am submitting SLE11-SP3-TD kernel today so it would be great if this was resolved. Thanks!
(In reply to Michal Hocko from comment #11) > (In reply to Joey Lee from comment #8) > > I am backporting patches to SLE11 and SLE12. > > Any news here? I do not see anything in cve/linux-3.0 branch. I am > submitting SLE11-SP3-TD kernel today so it would be great if this was > resolved. Thanks! Those 3 patches wwere backported to SLE12/SLE12 SP1. For v3.0, the code are affected by ce1fad27 that were changed from v3.0 to v4.3-rc7. I am looking at the history of patches for backporting.
Hi Michal, (In reply to Michal Hocko from comment #11) > (In reply to Joey Lee from comment #8) > > I am backporting patches to SLE11 and SLE12. > > Any news here? I do not see anything in cve/linux-3.0 branch. I am > submitting SLE11-SP3-TD kernel today so it would be great if this was > resolved. Thanks! I backport patches base on cve/linux-3.0 branch, but I found those patches conflict with patch in SLE11-SP4 branch. Which code base should I base on for backporting? Thanks a lot!
(In reply to Joey Lee from comment #13) > Hi Michal, > > (In reply to Michal Hocko from comment #11) > > (In reply to Joey Lee from comment #8) > > > I am backporting patches to SLE11 and SLE12. > > > > Any news here? I do not see anything in cve/linux-3.0 branch. I am > > submitting SLE11-SP3-TD kernel today so it would be great if this was > > resolved. Thanks! > > I backport patches base on cve/linux-3.0 branch, but I found those patches > conflict with patch in SLE11-SP4 branch. Which code base should I base on > for backporting? The conflict can be resolved in the merge commit.
(In reply to Michal Hocko from comment #14) > (In reply to Joey Lee from comment #13) > > Hi Michal, > > > > (In reply to Michal Hocko from comment #11) > > > (In reply to Joey Lee from comment #8) > > > > I am backporting patches to SLE11 and SLE12. > > > > > > Any news here? I do not see anything in cve/linux-3.0 branch. I am > > > submitting SLE11-SP3-TD kernel today so it would be great if this was > > > resolved. Thanks! > > > > I backport patches base on cve/linux-3.0 branch, but I found those patches > > conflict with patch in SLE11-SP4 branch. Which code base should I base on > > for backporting? > > The conflict can be resolved in the merge commit. BAse on cve/linux-3.0, I just push 3 backported patch to my jlee/cve/linux-3.0/for-next branch. Thanks for your help.
Got Michal's help to merge to cve/linux-3.0 branch. commit 5db2952bdb511a03569e3f7182a30ce0fb60e3cf Author: Lee, Chun-Yi <jlee@suse.com> Date: Mon Nov 2 18:54:17 2015 +0800 KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring (CVE-2015-7872 bsc#951440). commit e51eb8945ba7fecf12871aaf1e3c658435982a4d Author: Lee, Chun-Yi <jlee@suse.com> Date: Mon Nov 2 18:54:17 2015 +0800 KEYS: Don't permit request_key() to construct a new keyring (CVE-2015-7872 bsc#951440). commit b66edc9847a42b1d8e09ff538ecc3f2678ef0b71 Author: Lee, Chun-Yi <jlee@suse.com> Date: Mon Nov 2 18:54:17 2015 +0800 KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440).
Backported patches were merged to SLE12 GA/SP1 and SLE11 SP3/SP4. Set this bug to fixed.
SUSE-SU-2015:2108-1: An update that solves 8 vulnerabilities and has 51 fixes is now available. Category: security (important) Bug References: 777565,814440,900610,904348,904965,920016,923002,926007,926709,926774,930145,930788,932350,932805,933721,935053,935757,936118,938706,939826,939926,939955,940017,940925,941202,942204,942305,942367,942605,942688,942938,943786,944296,944831,944837,944989,944993,945691,945825,945827,946078,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949981,951440,952084,952384,952579,953527,953980,954404 CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP3 (src): kernel-docs-3.0.101-0.47.71.3 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1 SUSE Linux Enterprise Server 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-ec2-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1 SUSE Linux Enterprise Desktop 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-ec2-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE-SU-2015:2194-1: An update that solves 8 vulnerabilities and has 45 fixes is now available. Category: security (important) Bug References: 814440,867595,904348,921949,924493,930145,933514,935961,936076,936773,939826,939926,940853,941202,941867,942938,944749,945626,946078,947241,947321,947478,948521,948685,948831,949100,949463,949504,949706,949744,950013,950750,950862,950998,951110,951165,951199,951440,951546,952666,952758,953796,953980,954635,955148,955224,955422,955533,955644,956047,956053,956703,956711 CVE References: CVE-2015-0272,CVE-2015-2925,CVE-2015-5283,CVE-2015-5307,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): kernel-default-3.12.51-52.31.1 SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.51-52.31.5, kernel-obs-build-3.12.51-52.31.1 SUSE Linux Enterprise Server 12 (src): kernel-default-3.12.51-52.31.1, kernel-source-3.12.51-52.31.1, kernel-syms-3.12.51-52.31.1, kernel-xen-3.12.51-52.31.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.51-52.31.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_9-1-2.2 SUSE Linux Enterprise Desktop 12 (src): kernel-default-3.12.51-52.31.1, kernel-source-3.12.51-52.31.1, kernel-syms-3.12.51-52.31.1, kernel-xen-3.12.51-52.31.1
SUSE-SU-2015:2292-1: An update that solves 7 vulnerabilities and has 54 fixes is now available. Category: security (important) Bug References: 758040,814440,904348,921949,924493,926238,933514,936773,939826,939926,940776,941113,941202,943959,944296,947241,947478,949100,949192,949706,949744,949936,950013,950580,950750,950998,951110,951165,951440,951638,951864,952384,952666,953717,953826,953830,953971,953980,954635,954986,955136,955148,955224,955354,955422,955533,955644,956047,956053,956147,956284,956703,956711,956717,956801,956876,957395,957546,958504,958510,958647 CVE References: CVE-2015-0272,CVE-2015-2925,CVE-2015-5156,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8215 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): kernel-default-3.12.51-60.20.2 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): kernel-docs-3.12.51-60.20.2, kernel-obs-build-3.12.51-60.20.1 SUSE Linux Enterprise Server 12-SP1 (src): kernel-default-3.12.51-60.20.2, kernel-source-3.12.51-60.20.2, kernel-syms-3.12.51-60.20.2, kernel-xen-3.12.51-60.20.2 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.51-60.20.2 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP1_Update_1-1-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): kernel-default-3.12.51-60.20.2, kernel-source-3.12.51-60.20.2, kernel-syms-3.12.51-60.20.2, kernel-xen-3.12.51-60.20.2
SUSE-SU-2015:2339-1: An update that solves 10 vulnerabilities and has 57 fixes is now available. Category: security (important) Bug References: 814440,879378,879381,900610,904348,904965,921081,926774,930145,930770,930788,930835,932805,935123,935757,937256,937444,938706,939826,939926,939955,940017,940913,940946,941202,942938,943786,944296,944677,944831,944837,944989,944993,945691,945825,945827,946078,946214,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949936,949981,950298,950750,950998,951440,952084,952384,952579,952976,953527,953799,953980,954404,954628,954950,954984,955673,956709 CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7509,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-68.2 SUSE Linux Enterprise Server 11-SP4 (src): kernel-default-3.0.101-68.1, kernel-ec2-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-ppc64-3.0.101-68.1, kernel-source-3.0.101-68.1, kernel-syms-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-ppc64-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1 SUSE Linux Enterprise Desktop 11-SP4 (src): kernel-default-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-source-3.0.101-68.1, kernel-syms-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-default-3.0.101-68.1, kernel-ec2-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-ppc64-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1
SUSE-SU-2015:2350-1: An update that solves 10 vulnerabilities and has 62 fixes is now available. Category: security (important) Bug References: 814440,879378,879381,900610,904348,904965,921081,926709,926774,930145,930770,930788,930835,932805,935053,935123,935757,937256,937444,937969,937970,938706,939207,939826,939926,939955,940017,940913,940946,941202,942938,943786,944677,944831,944837,944989,944993,945691,945825,945827,946078,946214,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949936,949981,950298,950750,950998,951440,952084,952384,952579,952976,953527,953799,953980,954404,954628,954950,954984,955354,955673,956709 CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7509,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-48.1, kernel-rt_trace-3.0.101.rt130-48.1, kernel-source-rt-3.0.101.rt130-48.1, kernel-syms-rt-3.0.101.rt130-48.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-48.1, kernel-rt_debug-3.0.101.rt130-48.1, kernel-rt_trace-3.0.101.rt130-48.1
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075 CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728 Sources used: openSUSE 13.1 (src): cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1
SUSE-SU-2016:0354-1: An update that solves 9 vulnerabilities and has 54 fixes is now available. Category: security (important) Bug References: 777565,814440,900610,904348,904965,920016,923002,926007,926709,926774,930145,930788,932350,932805,933721,935053,935757,936118,937969,937970,938706,939207,939826,939926,939955,940017,940925,941202,942204,942305,942367,942605,942688,942938,943786,944296,944831,944837,944989,944993,945691,945825,945827,946078,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949981,951440,952084,952384,952579,953527,953980,954404,955354 CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP3 (src): kernel-rt-3.0.101.rt130-0.33.44.2, kernel-rt_trace-3.0.101.rt130-0.33.44.2, kernel-source-rt-3.0.101.rt130-0.33.44.2, kernel-syms-rt-3.0.101.rt130-0.33.44.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-rt-3.0.101.rt130-0.33.44.2, kernel-rt_trace-3.0.101.rt130-0.33.44.2
openSUSE-SU-2016:1008-1: An update that solves 15 vulnerabilities and has 26 fixes is now available. Category: security (important) Bug References: 814440,884701,949936,951440,951542,951626,951638,953527,954018,954404,954405,954876,958439,958463,958504,959709,960561,960563,960710,961263,961500,961509,962257,962866,962977,963746,963765,963767,963931,965125,966137,966179,966259,966437,966684,966693,968018,969356,969582,970845,971125 CVE References: CVE-2015-1339,CVE-2015-7799,CVE-2015-7872,CVE-2015-7884,CVE-2015-8104,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8787,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2184,CVE-2016-2383,CVE-2016-2384 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.20-11.1, kernel-default-4.1.20-11.1, kernel-docs-4.1.20-11.3, kernel-ec2-4.1.20-11.1, kernel-obs-build-4.1.20-11.2, kernel-obs-qa-4.1.20-11.1, kernel-obs-qa-xen-4.1.20-11.1, kernel-pae-4.1.20-11.1, kernel-pv-4.1.20-11.1, kernel-source-4.1.20-11.1, kernel-syms-4.1.20-11.1, kernel-vanilla-4.1.20-11.1, kernel-xen-4.1.20-11.1
SUSE-SU-2016:2074-1: An update that solves 48 vulnerabilities and has 13 fixes is now available. Category: security (important) Bug References: 816446,861093,928130,935757,939826,942367,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822 CVE References: CVE-2013-2015,CVE-2013-7446,CVE-2015-0272,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-source-3.0.101-0.7.40.1, kernel-syms-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
openSUSE-SU-2016:2649-1: An update that solves 49 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 1004418,758540,816446,861093,917648,928130,935757,939826,942367,944296,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,969356,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822 CVE References: CVE-2013-7446,CVE-2015-0272,CVE-2015-1339,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486,CVE-2016-5195 Sources used: openSUSE Evergreen 11.4 (src): kernel-debug-3.0.101-105.1, kernel-default-3.0.101-105.1, kernel-desktop-3.0.101-105.1, kernel-docs-3.0.101-105.2, kernel-ec2-3.0.101-105.1, kernel-pae-3.0.101-105.1, kernel-source-3.0.101-105.1, kernel-syms-3.0.101-105.1, kernel-trace-3.0.101-105.1, kernel-vanilla-3.0.101-105.1, kernel-vmi-3.0.101-105.1, kernel-xen-3.0.101-105.1, preload-1.2-6.83.1