Bug 989152 (CVE-2016-5696) - VUL-1: CVE-2016-5696: kernel-source: challenge ACK counter information disclosure
Summary: VUL-1: CVE-2016-5696: kernel-source: challenge ACK counter information disclo...
Status: RESOLVED FIXED
Alias: CVE-2016-5696
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/170974/
Whiteboard: CVSSv2:SUSE:CVE-2016-5696:4.3:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-15 11:28 UTC by Andreas Stieger
Modified: 2021-11-05 13:04 UTC (History)
17 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-07-15 11:28:36 UTC 
From: Eric Dumazet <eduma...@google.com>

Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.


This patch increases the default limit from 100 to 1000, and adds
some randomization so that the attacker can no longer hijack
sessions without spending a considerable amount of probes.

Based on initial analysis and patch from Linus.

Note that we also have per socket rate limiting, so it is tempting
to remove the host limit. This might be done later.

Fixes: 282f23c6ee34 ("tcp: implement RFC 5961 3.2")
Reported-by: Yue Cao <ycao...@ucr.edu>
Signed-off-by: Eric Dumazet <eduma...@google.com>
Suggested-by: Linus Torvalds <torva...@linux-foundation.org>
Cc: Yuchung Cheng <ych...@google.com>
Cc: Neal Cardwell <ncardw...@google.com>
---
diff --git a/Documentation/networking/ip-sysctl.txt 
b/Documentation/networking/ip-sysctl.txt
index 9ae929395b24..391ed93a8e49 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -732,7 +732,7 @@ tcp_limit_output_bytes - INTEGER
 tcp_challenge_ack_limit - INTEGER
        Limits number of Challenge ACK sent per second, as recommended
        in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
-       Default: 100
+       Default: 1000
 
 UDP variables:
 
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index d6c8f4cd0800..25f95a41090a 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -87,7 +87,7 @@ int sysctl_tcp_adv_win_scale __read_mostly = 1;
 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
 
 /* rfc5961 challenge ack rate limiting */
-int sysctl_tcp_challenge_ack_limit = 100;
+int sysctl_tcp_challenge_ack_limit = 1000;
 
 int sysctl_tcp_stdurg __read_mostly;
 int sysctl_tcp_rfc1337 __read_mostly;
@@ -3455,10 +3455,11 @@ not_rate_limited:
 static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
 {
        /* unprotected vars, we dont care of overwrites */
-       static u32 challenge_timestamp;
+       static unsigned int challenge_window = HZ;
+       static unsigned long challenge_timestamp;
        static unsigned int challenge_count;
        struct tcp_sock *tp = tcp_sk(sk);
-       u32 now;
+       unsigned long now;
 
        /* First check our per-socket dupack rate limit. */
        if (tcp_oow_rate_limited(sock_net(sk), skb,
@@ -3467,9 +3468,11 @@ static void tcp_send_challenge_ack(struct sock *sk, 
const struct sk_buff *skb)
                return;
 
        /* Then check the check host-wide RFC 5961 rate limit. */
-       now = jiffies / HZ;
-       if (now != challenge_timestamp) {
+       now = jiffies;
+       if (time_before(now, challenge_timestamp) ||
+           time_after_eq(now, challenge_timestamp + challenge_window)) {
                challenge_timestamp = now;
+               challenge_window = HZ/2 + prandom_u32_max(HZ);
                challenge_count = 0;
        }
        if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {





References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5696
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html



The rate limiting implementation commit 282f23c6ee343126156dd41218b22ece96d747e3 first appeared in 3.6, thus affecting SLE 12 kernels.

This CVE was assigned as "incompete fix" for the above, with CVE-2004-0230 being the underlying problem, and RFC 5961 a proposed solution.
Comment 1 Michal Kubeček 2016-07-15 11:47:36 UTC 
This is v1, final version is a bit different:

  http://thread.gmane.org/gmane.linux.network/420880/focus=420945

It is in net tree now as

  75ff39ccc1bd  tcp: make challenge acks less predictable

It should be also queued for future stable updates.
Comment 2 Michal Kubeček 2016-07-18 11:36:34 UTC 
A related commit was added to net tree:

  083ae308280d  tcp: enable per-socket rate limiting of all 'challenge acks'

I'll have to look more closely into it to see how important it is (the commit
message seems to indicate it would depend on commit f2b2c582e824 from 4.0).
Comment 3 Michal Kubeček 2016-07-27 12:25:04 UTC 
Challenge ACKs (RFC 5961 3.2 and 4.2) were implemented in 3.6 and backported
to 3.0.58 stable update. The relevant commits were reverted for SLE11-SP2
(breaking public interface) but the kABI fix was dropped in transition to
SLE11-SP3. Therefore SLE11-SP3-LTSS, SLE11-SP4 and newer kernels (except
master/stable which already have the fix via 4.7) need commit 75ff39ccc1bd.

Commit 083ae308280d is not strictly necessary but IMHO desirable so that I'm
going to add it to SLE12-SP2 and openSUSE-42.1.
Comment 6 Marcus Meissner 2016-08-11 05:45:55 UTC 
https://lwn.net/Articles/696868/  (subscriber only current)
Comment 8 Andreas Stieger 2016-08-12 12:01:31 UTC 
From http://www.heise.de/security/meldung/Sicherheitsforscher-kapern-HTTP-Verbindungen-von-Linux-3292257.html

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=083ae308280d13d187512b9babe3454342a7987e
tcp: enable per-socket rate limiting of all 'challenge acks'

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758
tcp: make challenge acks less predictable

Work-around (not checked:

/etc/sysctl.conf 
net.ipv4.tcp_challenge_ack_limit = 999999999

sysctl -p
Comment 9 Andreas Stieger 2016-08-12 12:07:56 UTC 
Paper http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
"Off-Path TCP Exploits: Global Rate Limit Considered Dangerous"
Comment 15 Michal Kubeček 2016-08-18 14:28:39 UTC 
The fix is now present in or submitted to

  SLE12-SP2 (replaced with 4.4.18)
  cve/linux-3.12
  SLE11-SP4
  SLE11-SP3-LTSS
  master/stable (via 4.7)
  openSUSE-42.1
  openSUSE-13.2

Pre-3.0 kernels lack the implementation of challenge ACKs and so does
SLE11-SP2-LTSS (see comment 3).

Closing and reassigning to security team.
Comment 16 Michal Kubeček 2016-08-18 15:07:22 UTC 
Also submitted to SLE11-SP3-TD.
Comment 17 Marcus Meissner 2016-08-18 15:28:31 UTC 
we will close it once released
Comment 18 Swamp Workflow Management 2016-08-18 22:00:15 UTC 
bugbot adjusting priority
Comment 19 Forgotten User 6N3-_N_lRq 2016-08-19 04:43:00 UTC 
My server is running SLES 11 SP3 with kernel 3.0.101-0.35-default.
Is my server affected ?

Thank You
Comment 20 Marcus Meissner 2016-08-19 06:34:25 UTC 
this sles 11 sp3 ltss is affected by this problem, yes.
Comment 21 Forgotten User 6N3-_N_lRq 2016-08-19 06:41:45 UTC 
(In reply to Marcus Meissner from comment #20)
> this sles 11 sp3 ltss is affected by this problem, yes.

As per this article I see sles 11 sp3 ltss kernel is 3.0.101-0.47.79.1.
And we run sles 11 sp3, the kernel version is 3.0.101-0.35.1.

Are we still affected ?
Comment 22 Michal Kubeček 2016-08-19 06:45:47 UTC 
(In reply to Dhivya Gurusamy from comment #21)
> (In reply to Marcus Meissner from comment #20)
> > this sles 11 sp3 ltss is affected by this problem, yes.
> 
> As per this article I see sles 11 sp3 ltss kernel is 3.0.101-0.47.79.1.
> And we run sles 11 sp3, the kernel version is 3.0.101-0.35.1.
> 
> Are we still affected ?

Yes. Actually, with a two year old kernel, you are also affected by many
other bugs that have been fixed since then.
Comment 27 Swamp Workflow Management 2016-09-06 13:19:45 UTC 
SUSE-SU-2016:2245-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 839104,866130,919351,944309,950998,960689,962404,963655,963762,966460,969149,970114,971126,971360,971446,971729,971944,974428,975945,978401,978821,978822,979213,979274,979548,979681,979867,979879,980371,980725,980788,980931,981267,983143,983213,983535,984107,984755,986362,986365,986445,986572,987709,988065,989152,989401,991608
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-7833,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2187,CVE-2016-3134,CVE-2016-3955,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5696,CVE-2016-5829,CVE-2016-6480
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-ppc64-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-source-3.0.101-0.47.86.1, kernel-syms-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.86.1, kernel-default-3.0.101-0.47.86.1, kernel-ec2-3.0.101-0.47.86.1, kernel-pae-3.0.101-0.47.86.1, kernel-trace-3.0.101-0.47.86.1, kernel-xen-3.0.101-0.47.86.1
Comment 28 Swamp Workflow Management 2016-09-12 12:15:08 UTC 
openSUSE-SU-2016:2290-1: An update that solves 17 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 963931,970948,971126,971360,974266,978821,978822,979018,979213,979879,980371,981058,981267,986362,986365,986570,987886,989084,989152,989176,990058,991110,991608,991665,994296,994520
CVE References: CVE-2015-8787,CVE-2016-1237,CVE-2016-2847,CVE-2016-3134,CVE-2016-3156,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4951,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828
Sources used:
openSUSE Leap 42.1 (src):    drbd-8.4.6-8.1, hdjmod-1.28-24.1, ipset-6.25.1-5.1, kernel-debug-4.1.31-30.2, kernel-default-4.1.31-30.2, kernel-docs-4.1.31-30.3, kernel-ec2-4.1.31-30.2, kernel-obs-build-4.1.31-30.3, kernel-obs-qa-4.1.31-30.1, kernel-obs-qa-xen-4.1.31-30.1, kernel-pae-4.1.31-30.2, kernel-pv-4.1.31-30.2, kernel-source-4.1.31-30.1, kernel-syms-4.1.31-30.1, kernel-vanilla-4.1.31-30.2, kernel-xen-4.1.31-30.2, lttng-modules-2.7.0-2.1, pcfclock-0.44-266.1, vhba-kmp-20140928-5.1
Comment 29 Forgotten User sOeyBjDkQP 2016-09-30 13:36:25 UTC 
Will the fix for SLES12(LTSS) and SLES12_SP1 be delivered in the near future?
Comment 30 Marcus Meissner 2016-10-03 21:48:31 UTC 
A sles12 sp1 kernel update with this fix is currently in QA, release ETA in around 1-2 weeks.

A sles12 ltss kernel update is not yet scheduled.
Comment 31 Swamp Workflow Management 2016-10-25 17:11:15 UTC 
openSUSE-SU-2016:2625-1: An update that solves 12 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1000287,1001486,1003077,1003925,1003931,1004045,1004418,1004462,881008,909994,911687,922634,951155,960689,978094,980371,986570,989152,991247,991608,991665,993890,993891,994296,994520,994748,994752,994759,996664,999600,999932
CVE References: CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-1237,CVE-2016-5195,CVE-2016-5696,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7117,CVE-2016-7425,CVE-2016-8658
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.22.1, cloop-2.639-14.22.1, crash-7.0.8-22.1, hdjmod-1.28-18.23.1, ipset-6.23-22.1, kernel-debug-3.16.7-45.1, kernel-default-3.16.7-45.1, kernel-desktop-3.16.7-45.1, kernel-docs-3.16.7-45.2, kernel-ec2-3.16.7-45.1, kernel-obs-build-3.16.7-45.1, kernel-obs-qa-3.16.7-45.1, kernel-obs-qa-xen-3.16.7-45.1, kernel-pae-3.16.7-45.1, kernel-source-3.16.7-45.1, kernel-syms-3.16.7-45.1, kernel-vanilla-3.16.7-45.1, kernel-xen-3.16.7-45.1, pcfclock-0.44-260.22.1, vhba-kmp-20140629-2.22.1, virtualbox-5.0.28-54.2, xen-4.4.4_05-51.2, xtables-addons-2.6-24.1
Comment 36 Swamp Workflow Management 2016-11-25 16:27:48 UTC 
SUSE-SU-2016:2912-1: An update that solves 11 vulnerabilities and has 111 fixes is now available.

Category: security (important)
Bug References: 1000189,1000287,1000304,1000776,1001419,1001486,1002165,1003079,1003153,1003400,1003568,1003866,1003925,1003964,1004252,1004462,1004517,1004520,1005666,1006691,1007615,1007886,744692,772786,789311,857397,860441,865545,866130,868923,874131,876463,898675,904489,909994,911687,915183,921338,921784,922064,922634,924381,924384,930399,931454,934067,937086,937888,940545,941420,946309,955446,956514,959463,961257,962846,966864,967640,970943,971975,971989,974406,974620,975596,975772,976195,977687,978094,979451,979928,982783,983619,984194,984419,984779,984992,985562,986445,987192,987333,987542,987565,987621,987805,988440,988617,988715,989152,989953,990245,991247,991608,991665,992244,992555,992591,992593,992712,993392,993841,993890,993891,994296,994438,994520,994748,995153,995968,996664,997059,997299,997708,997896,998689,998795,998825,999577,999584,999600,999779,999907,999932
CVE References: CVE-2015-8956,CVE-2016-5696,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-8658,CVE-2016-8666
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.67-60.64.18.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.67-60.64.18.3, kernel-obs-build-3.12.67-60.64.18.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.67-60.64.18.1, kernel-source-3.12.67-60.64.18.1, kernel-syms-3.12.67-60.64.18.1, kernel-xen-3.12.67-60.64.18.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.67-60.64.18.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_9-1-6.3
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.67-60.64.18.1, kernel-source-3.12.67-60.64.18.1, kernel-syms-3.12.67-60.64.18.1, kernel-xen-3.12.67-60.64.18.1
Comment 37 Swamp Workflow Management 2016-12-02 15:33:58 UTC 
SUSE-SU-2016:2976-1: An update that solves 13 vulnerabilities and has 87 fixes is now available.

Category: security (important)
Bug References: 1000189,1001419,1002165,1003077,1003344,1003568,1003677,1003866,1003925,1004517,1004520,1005857,1005896,1005903,1006917,1006919,1007944,763198,771065,799133,803320,839104,843236,860441,863873,865783,871728,907611,908458,908684,909077,909350,909484,909618,909994,911687,915183,920016,922634,922947,928138,929141,934760,951392,956514,960689,963655,967716,968010,968014,971975,971989,973203,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986337,986362,986365,986445,987565,988440,989152,989261,989764,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,995968,996329,996664,997708,998399,998689,999584,999600,999907,999932
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-3841,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-88.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-source-3.0.101-88.1, kernel-syms-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
Comment 38 Swamp Workflow Management 2016-12-06 12:30:36 UTC 
openSUSE-SU-2016:3021-1: An update that solves 12 vulnerabilities and has 118 fixes is now available.

Category: security (important)
Bug References: 1000189,1000287,1000304,1000776,1001419,1001486,1002165,1003079,1003153,1003400,1003568,1003866,1003925,1004252,1004418,1004462,1004517,1004520,1005666,1006691,1007615,1007886,744692,772786,789311,799133,857397,860441,865545,866130,868923,874131,875631,876145,876463,898675,904489,909994,911687,915183,921338,921784,922064,922634,924381,924384,930399,931454,934067,937086,937888,940545,941420,946309,954986,955446,956514,959463,961257,962846,963655,963767,966864,967640,970943,971975,971989,974406,974620,975596,975772,976195,977687,978094,979451,979681,979928,982783,983619,984194,984419,984779,984992,985562,986445,987192,987333,987542,987565,987621,987805,988440,988617,988715,989152,989953,990245,991247,991608,991665,992244,992555,992591,992593,992712,993392,993841,993890,993891,994296,994438,994520,994748,994758,995153,995968,996664,997059,997299,997708,997896,998689,998795,998825,999577,999584,999600,999779,999907,999932
CVE References: CVE-2013-5634,CVE-2015-8956,CVE-2016-2069,CVE-2016-5696,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-8658
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.36.1, crash-7.0.2-2.36.1, hdjmod-1.28-16.36.1, ipset-6.21.1-2.40.1, iscsitarget-1.4.20.3-13.36.1, kernel-debug-3.12.67-58.1, kernel-default-3.12.67-58.1, kernel-desktop-3.12.67-58.1, kernel-docs-3.12.67-58.2, kernel-ec2-3.12.67-58.1, kernel-pae-3.12.67-58.1, kernel-source-3.12.67-58.1, kernel-syms-3.12.67-58.1, kernel-trace-3.12.67-58.1, kernel-vanilla-3.12.67-58.1, kernel-xen-3.12.67-58.1, ndiswrapper-1.58-37.1, openvswitch-1.11.0-0.43.1, pcfclock-0.44-258.37.1, vhba-kmp-20130607-2.36.1, virtualbox-4.2.36-2.68.1, xen-4.3.4_10-69.1, xtables-addons-2.3-2.35.1
Comment 39 Swamp Workflow Management 2016-12-09 17:21:24 UTC 
SUSE-SU-2016:3069-1: An update that solves 11 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1000189,1001419,1002165,1004418,732582,839104,843236,909994,911687,915183,920016,934760,951392,956514,960689,963655,971975,971989,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986362,986365,986445,987565,988440,989152,989261,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,996329,996664,997708,998399,999584,999600,999932
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2016-0823,CVE-2016-3841,CVE-2016-4997,CVE-2016-4998,CVE-2016-5195,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7425
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-65.1, kernel-rt_trace-3.0.101.rt130-65.1, kernel-source-rt-3.0.101.rt130-65.1, kernel-syms-rt-3.0.101.rt130-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-65.1, kernel-rt_debug-3.0.101.rt130-65.1, kernel-rt_trace-3.0.101.rt130-65.1
Comment 40 Swamp Workflow Management 2016-12-30 17:32:54 UTC 
SUSE-SU-2016:3304-1: An update that solves 13 vulnerabilities and has 118 fixes is now available.

Category: security (important)
Bug References: 1000189,1000287,1000304,1000776,1001419,1001486,1002165,1003079,1003153,1003400,1003568,1003925,1004252,1004418,1004462,1004517,1004520,1005666,1006691,1007615,1007886,744692,789311,857397,860441,865545,866130,868923,874131,875631,876145,876463,898675,904489,909994,911687,915183,921338,921784,922064,922634,924381,924384,930399,934067,937086,937888,941420,946309,955446,956514,959463,961257,962846,963655,963767,966864,967640,970943,971975,971989,974406,974620,975596,975772,976195,977687,978094,979451,979681,979928,980371,981597,982783,983619,984194,984419,984779,984992,985562,986362,986365,986445,987192,987333,987542,987565,987621,987805,988440,988617,988715,989152,989953,990058,990245,991247,991608,991665,991667,992244,992555,992568,992591,992593,992712,993392,993841,993890,993891,994167,994296,994438,994520,994758,995153,995968,996664,997059,997299,997708,997896,998689,998795,998825,999577,999584,999600,999779,999907,999932
CVE References: CVE-2015-8956,CVE-2016-2069,CVE-2016-4998,CVE-2016-5195,CVE-2016-5696,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-8658
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.67-60.27.1, kernel-compute_debug-3.12.67-60.27.1, kernel-rt-3.12.67-60.27.1, kernel-rt_debug-3.12.67-60.27.1, kernel-source-rt-3.12.67-60.27.1, kernel-syms-rt-3.12.67-60.27.1
Comment 41 Swamp Workflow Management 2017-02-09 20:26:22 UTC 
SUSE-SU-2017:0437-1: An update that solves 20 vulnerabilities and has 79 fixes is now available.

Category: security (important)
Bug References: 1003813,1005877,1007615,1008557,1008645,1008831,1008833,1008893,1009875,1010150,1010175,1010201,1010467,1010501,1010507,1010711,1010713,1010716,1011685,1011820,1012183,1012411,1012422,1012832,1012851,1012852,1012917,1013018,1013038,1013042,1013070,1013531,1013542,1014410,1014454,1014746,1015561,1015752,1015760,1015796,1015803,1015817,1015828,1015844,1015848,1015878,1015932,1016320,1016505,1016520,1016668,1016688,1016824,1016831,1017686,1017710,1019079,1019148,1019165,1019348,1019783,1020214,1021258,748806,786036,790588,795297,800999,821612,824171,851603,853052,871728,901809,909350,909491,913387,914939,919382,924708,925065,953233,961589,962846,969340,973691,987333,987576,989152,989680,989896,990245,992991,993739,993832,996541,996557,997401,999101
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2013-6368,CVE-2015-1350,CVE-2015-8962,CVE-2015-8964,CVE-2016-10088,CVE-2016-5696,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-94.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-94.1, kernel-default-3.0.101-94.1, kernel-ec2-3.0.101-94.1, kernel-pae-3.0.101-94.1, kernel-ppc64-3.0.101-94.1, kernel-source-3.0.101-94.1, kernel-syms-3.0.101-94.1, kernel-trace-3.0.101-94.1, kernel-xen-3.0.101-94.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-94.1, kernel-pae-3.0.101-94.1, kernel-ppc64-3.0.101-94.1, kernel-trace-3.0.101-94.1, kernel-xen-3.0.101-94.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-94.1, kernel-default-3.0.101-94.1, kernel-ec2-3.0.101-94.1, kernel-pae-3.0.101-94.1, kernel-ppc64-3.0.101-94.1, kernel-trace-3.0.101-94.1, kernel-xen-3.0.101-94.1
Comment 42 Swamp Workflow Management 2017-02-15 20:19:57 UTC 
SUSE-SU-2017:0471-1: An update that solves 34 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1003153,1003925,1004462,1004517,1005666,1007197,1008833,1008979,1009969,1010040,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011820,1012422,1013038,1013531,1013540,1013542,1014746,1016482,1017410,1017589,1017710,1019300,1019851,1020602,1021258,881008,915183,958606,961257,970083,971989,976195,978094,980371,980560,981038,981597,981709,982282,982544,983619,983721,983977,984148,984419,984755,985978,986362,986365,986445,986569,986572,986811,986941,987542,987565,987576,989152,990384,991608,991665,993392,993890,993891,994296,994748,994881,995968,997708,998795,999584,999600,999932,999943
CVE References: CVE-2014-9904,CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-4470,CVE-2016-4998,CVE-2016-5696,CVE-2016-5828,CVE-2016-5829,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-8658,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.66.1
Comment 43 Swamp Workflow Management 2017-02-17 17:19:14 UTC 
SUSE-SU-2017:0494-1: An update that solves 27 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1001419,1002165,1003077,1003253,1003925,1004517,1007944,1008374,1008645,1008831,1008833,1008850,1009875,1010150,1010467,1010501,1010507,1010711,1010713,1010716,1011685,1011820,1012183,1012422,1012832,1012851,1012852,1012895,1013038,1013042,1013531,1013542,1014454,1014746,1015878,1017710,1018446,1019079,1019783,1021258,821612,824171,914939,929141,935436,956514,961923,966826,967716,969340,973691,979595,987576,989152,989261,991665,992566,992569,992906,992991,993890,993891,994296,994618,994759,995968,996329,996541,996557,997059,997401,997708,998689,999932,999943
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2015-1350,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2015-8970,CVE-2016-0823,CVE-2016-10088,CVE-2016-3841,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-ppc64-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
Comment 44 Marcus Meissner 2017-03-02 11:10:10 UTC 
released
Comment 45 Swamp Workflow Management 2017-04-25 19:34:01 UTC 
SUSE-SU-2017:1102-1: An update that solves 27 vulnerabilities and has 114 fixes is now available.

Category: security (important)
Bug References: 1003077,1003344,1003568,1003677,1003813,1003866,1003925,1004517,1004520,1005857,1005877,1005896,1005903,1006917,1006919,1007615,1007944,1008557,1008645,1008831,1008833,1008893,1009875,1010150,1010175,1010201,1010467,1010501,1010507,1010711,1010716,1011685,1011820,1012411,1012422,1012832,1012851,1012917,1013018,1013038,1013042,1013070,1013531,1013533,1013542,1013604,1014410,1014454,1014746,1015561,1015752,1015760,1015796,1015803,1015817,1015828,1015844,1015848,1015878,1015932,1016320,1016505,1016520,1016668,1016688,1016824,1016831,1017686,1017710,1019148,1019165,1019348,1019783,1020214,1021258,748806,763198,771065,786036,790588,795297,799133,800999,803320,821612,824171,851603,853052,860441,863873,865783,871728,901809,907611,908458,908684,909077,909350,909484,909491,909618,913387,914939,919382,922634,924708,925065,928138,929141,953233,956514,960689,961589,962846,963655,967716,968010,969340,973203,973691,979681,984194,986337,987333,987576,989152,989680,989764,989896,990245,992566,992991,993739,993832,995968,996541,996557,997401,998689,999101,999907
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2013-6368,CVE-2015-1350,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2016-10088,CVE-2016-3841,CVE-2016-5696,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9576,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2016-9794,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-68.1, kernel-rt_trace-3.0.101.rt130-68.1, kernel-source-rt-3.0.101.rt130-68.1, kernel-syms-rt-3.0.101.rt130-68.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-68.1, kernel-rt_debug-3.0.101.rt130-68.1, kernel-rt_trace-3.0.101.rt130-68.1