Bugzilla – Bug 1063667
VUL-0: CVE-2017-13080: kernel-source: mac80211 driver also has key reinstallation problem "KRACK"
Last modified: 2024-06-25 13:42:52 UTC
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=fdf7cb4185b60c68e1a75e61691c4afdc15dea0e "KRACK" also affects the management parts in the kernel, mac80211 part. mac80211: accept key reinstall without changing anything When a key is reinstalled we can reset the replay counters etc. which can lead to nonce reuse and/or replay detection being impossible, breaking security properties, as described in the "KRACK attacks". In particular, CVE-2017-13080 applies to GTK rekeying that happened in firmware while the host is in D3, with the second part of the attack being done after the host wakes up. In this case, the wpa_supplicant mitigation isn't sufficient since wpa_supplicant doesn't know the GTK material. In case this happens, simply silently accept the new key coming from userspace but don't take any action on it since it's the same key; this keeps the PN replay counters intact. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The problem, in the sense of "we do the whole install even if the key is the same", seems to exist since really long time ago, definitely since 2.6.32. Probably even 2.6.16 but things get a bit blurry before commit 11a843b7e160 ("[MAC80211]: rework key handling"). Exploitability is a different question as the commit message describes an attack abusing D3 state and wake on WLAN which is something I'm not sure we did support at those times. On the other hand, it seems to make sense to apply the change anyway.
(In reply to Michal Kubeček from comment #1) > Exploitability is a different question as the commit message describes an > attack abusing D3 state and wake on WLAN which is something I'm not sure we > did support at those times. Its worth elaborating that from the R&D perspective the KRACK vulnerability was considered to be a client side issue [0], to this day the FAQ only refer to this being a WiFi client issue. In practice its not, and furthermore even non WiFi network can be vulnerable depending on what software is used for the 802.1X implementation and what solutions are out there for this. I'll confine further comments below to the WiFi particular issue. Its important to understand why the R&D ended up focusing on the client side issue, this will help understand the severity of the issue better and also other possible issues which I allude to. KRACK is an attack against the 4-way handshake of WPA2. The 4-way handshake is implemented using a supplicant and on the Linux world this is wpa_supplicant. The main set of fixes then all are within wpa_supplicant then, however AP side functionality is also affected in practice when considering other enhancements to the IEEE 802.11 protocol which authors of the paper perhaps did not consider. AP side: hostapd's notes [1] make it clear an AP using RSN/WPA2 network with FT (Fast BSS Transition from IEEE 802.11r) can be affected. Likewise an AP/Authenticator is also affected when hostapd requested to rekey the PTK without performing EAP reauthentication (either through local periodic rekeying or due to a request from an association station). STA side: On the GTK key update from the AP. This is actually the original motivation of the paper and the issue is undermining of security. The use of the word "undermining" here is intentional given that for wpa_supplicant 2.6 users or those using a git release without the latest fixes (the paper alludes this is 50% of Android devices out there) there is an incredibly horrible security vulnerability possible: when the STA detects part 3 of 4 of the 4-way handshake is resent the "client will install an all-zero encryption key instead of reinstalling the real key". This was done due "a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time". A clear key would be used and therefore an attacker could decrypt communications by inferring this. PeerKey / TDLS PeerKey are affected but read the hostapd notes [1] for further details. The last exception to point out is when the GTK update is done in firmware from WoWLAN, and that's the patch in mac80211. First of all, you need to support WoWLAN, and not all drivers support this. The only affected device driver as far as I can tell is iwlmvm which calls ieee80211_gtk_rekey_add(), its path for which is fixed in the mac80211 upstream commit. Even though ieee80211_key_link() *is* called from the generic mac80211 stack on key add for the cfg80211 key_add -- the information contained here would be issued via the supplicant, and a fix there is where this was appropriate. The WoWLAN was an after thought. Its actually pretty hard to get WoWLAN working well and even supported. Even on device drivers that in theory had support for this, this is also a fringe thing. For instance even though Atheros ath9k devices in theory support WoWLAN only a few devices in the field (in practice Atheros Apples WiFI devices) had something on the OTP to enable this. So even though ath9k now has some merged code for this, I highly doubt anyone has used this other than for tinkering. Also, since most ath9k devices lacked a an internal CPU it *also* meant not being able to do the GTK ;) so upon wake up it would have to completely re-associate using wpa_supplicant. Evaluation for other drivers may be in order like ath10k but chances are pretty high all the fun stuff is done in firmware and well, that seems like a good exploit for the NSA to keep against those daring devils willing to use such a feature. [0] https://www.krackattacks.com/ [1] https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt > On the other hand, it seems to make sense to apply the change anyway. Sure but applying it down to all kernels is simply doesn't make much sense given all the above. Instead we should focus on merging the fixes for wpa_supplicant/hostapd [2], and later evaluate possible generic 802.1x attacks. The real severity KRACK then is applicable on userspace, not the kernel front. In practice this kernel commit is very likely not applicable to *any* of our customers. [2] https://w1.fi/security/2017-1/
Pushed a respective backport onto all relevant repos: o users/lurodriguez/master/for-next o users/lurodriguez/stable/for-next o users/lurodriguez/SLE15/for-next o users/lurodriguez/SLE12-SP3/for-next o users/lurodriguez/SLE12-SP2/for-next o users/lurodriguez/cve/linux-3.12/for-next o users/lurodriguez/cve/linux-3.0/for-next o users/lurodriguez/cve/linux-2.6.32/for-next The cve/linux-2.6.16 branch is a different older IEEE stack on net/ieee80211, and only two drivers use the encryption stuff there, ipw2100 and ipw2200. Adding a respective backport there would simply be adding a lot of code and for very little coverage. The other wireless drivers of the day or relevance is prism54 and that can use old wireless extensions, the semantics are different and in the end the respective mac80211 fix is *is* for WoWLAN, for a corner case. The proper fix for the rest of the KRACK stuff is all in userspace, and a respective hostapd/wpa_supplicant package should be pushed out for cases where WPA2 was supported.
(In reply to Luis Rodriguez from comment #12) [...] > The cve/linux-2.6.16 branch is a different older IEEE stack on > net/ieee80211, and only two drivers use the encryption stuff there, ipw2100 > and ipw2200. Adding a respective backport there would simply be adding a lot > of code and for very little coverage. The other wireless drivers of the day > or relevance is prism54 and that can use old wireless extensions, the > semantics are different and in the end the respective mac80211 fix is *is* > for WoWLAN, for a corner case. Understood and agreed. We should however try to backport the respective userspace fixes there.
(In reply to Michal Hocko from comment #16) > (In reply to Luis Rodriguez from comment #12) > [...] > > The cve/linux-2.6.16 branch is a different older IEEE stack on > > net/ieee80211, and only two drivers use the encryption stuff there, ipw2100 > > and ipw2200. Adding a respective backport there would simply be adding a lot > > of code and for very little coverage. The other wireless drivers of the day > > or relevance is prism54 and that can use old wireless extensions, the > > semantics are different and in the end the respective mac80211 fix is *is* > > for WoWLAN, for a corner case. > > Understood and agreed. We should however try to backport the respective > userspace fixes there. That should be a separate bug and should include all of the 10 KRACK CVE tags, and there are two fronts on userspace: hostapd, and wpa_supplicant. The live patch evaluation for the kernel for this bug is another. So in total we have a total of 4 bugs related to KRACK: o bsc#1063667 - this kernel bug - mac80211 fix for WoWLAN o bsc#1063671 - live patch evaluation for mac80211 kernel bug above o bsc#1056061 - wpa_supplicant - which required an EMU - fixed o bsc#1063479 - hostapd - work submitted but only for opensuse Its unclear if hostapd packages were part of SLE releases, if so then bsc#1063479 needs work to ensure those packages are also respectively updated. So AFAICT -- we're on great track, we only have the hostapd package to consider next and that's all.
Created attachment 745220 [details] simple-sta.conf for wpa_supplicant Simple configuration for wpa_supplicant
Created attachment 745221 [details] simple-ap.conf for hostapd Simple AP configuration for hostapd.
I've tested the cve/linux-3.0 changes against the Linux kernel driver mac80211_hswim [0] and used hostapd and wpa_supplicant on an SLE11 system to ensure we don't regress. [0] https://www.kernel.org/doc/readme/Documentation-networking-mac80211_hwsim-README In case it may be of use to others later trying to test against future mac80211 / cfg80211 fixes to ensure we don't regress below is an simple example of a way to test without having any 802.11 hardware using our orthos systems. Requirements: a) kernel with mac80211_hwsim driver - fortunately we carry this since our 3.0 kernels, so SLE11-SP4 carries it. b) wpa_supplicant - we provide a package c) hostapd - no package provided it seems, but the git tag hostap_2_5 compiles cd hostap/hostapd/ cp defconfig .config make -j 8 make install mac80211_hwsim setup --------------------- modprobe mac80211_hwsim This will create 2 wlan devices on your system, even if you don't have 802.11 hardware. Use the attached for wlan0 for the AP setup. Use the attached for wlan1 for the STA setup. AP: hostapd simple-ap.conf STA: wpa_supplicant -Dnl80211 -i wlan1 -c simple-sta.conf Depending on what you need to test you may need to change parameters. The attached configuration files use WPA2 and CCMP with PSK. For this particular case we have to test against the 4-way handshake, testing against anything that requires WPA2 suffices. hostapd however relies on the terminology proto=WPA2 to mean the final version of IEEE-802.11i, while proto=WPA for the IEEE 802.11i draft, both use the 4-way handshake. Folks with the access to the proof of concept code can use the above and extensions to alter the mechanisms to try to reproduce the original issue, note of course however that the real set of fixes for the known issues are all in userspace, both on wpa_supplicant and hostapd. This bug relates to a mac80211 corner case for WoWLAN for device drivers which issue go through GTK rekeying upon resume from suspend and there is only one device driver that does this today: iwlmvm.
This is an autogenerated message for OBS integration: This bug (1063667) was mentioned in https://build.opensuse.org/request/show/535772 42.2 / kernel-source
openSUSE-SU-2017:2846-1: An update that solves three vulnerabilities and has 60 fixes is now available. Category: security (important) Bug References: 1004527,1012382,1015342,1015343,1019675,1019680,1019695,1019699,1020412,1020989,1022595,1022604,1022912,1024346,1024373,1025461,1032150,1034075,1037579,1037890,1050471,1052360,1055567,1056230,1056427,1056587,1056596,1058135,1059863,1060249,1060400,1060985,1061451,1061721,1061775,1062279,1062520,1062962,1063102,1063349,1063460,1063475,1063501,1063509,1063520,1063570,1063667,1063695,1064064,1064206,1064388,1064436,963575,964944,966170,966172,966186,966191,966316,966318,969476,969477,971975 CVE References: CVE-2017-13080,CVE-2017-15265,CVE-2017-15649 Sources used: openSUSE Leap 42.3 (src): kernel-debug-4.4.92-31.1, kernel-default-4.4.92-31.1, kernel-docs-4.4.92-31.2, kernel-obs-build-4.4.92-31.1, kernel-obs-qa-4.4.92-31.1, kernel-source-4.4.92-31.1, kernel-syms-4.4.92-31.1, kernel-vanilla-4.4.92-31.1
SUSE-SU-2017:2847-1: An update that solves 11 vulnerabilities and has 170 fixes is now available. Category: security (important) Bug References: 1004527,1005776,1005778,1005780,1005781,1012382,1012829,1015342,1015343,1019675,1019680,1019695,1019699,1020412,1020645,1020657,1020989,1021424,1022595,1022604,1022743,1022912,1022967,1024346,1024373,1024405,1025461,1030850,1031717,1031784,1032150,1034048,1034075,1035479,1036060,1036215,1036737,1037579,1037838,1037890,1038583,1040813,1042847,1043598,1044503,1046529,1047238,1047487,1047989,1048155,1048228,1048325,1048327,1048356,1048501,1048893,1048912,1048934,1049226,1049272,1049291,1049336,1049361,1049580,1050471,1050742,1051790,1051987,1052093,1052094,1052095,1052360,1052384,1052580,1052593,1052888,1053043,1053309,1053472,1053627,1053629,1053633,1053681,1053685,1053802,1053915,1053919,1054082,1054084,1054654,1055013,1055096,1055272,1055290,1055359,1055493,1055567,1055709,1055755,1055896,1055935,1055963,1056061,1056185,1056230,1056261,1056427,1056587,1056588,1056596,1056686,1056827,1056849,1056982,1057015,1057031,1057035,1057038,1057047,1057067,1057383,1057498,1057849,1058038,1058116,1058135,1058410,1058507,1058512,1058550,1059051,1059465,1059500,1059863,1060197,1060229,1060249,1060400,1060985,1061017,1061046,1061064,1061067,1061172,1061451,1061721,1061775,1061831,1061872,1062279,1062520,1062962,1063102,1063349,1063460,1063475,1063479,1063501,1063509,1063520,1063570,1063667,1063671,1063695,1064064,1064206,1064388,1064436,963575,964944,966170,966172,966186,966191,966316,966318,969476,969477,969756,971975,981309 CVE References: CVE-2017-1000252,CVE-2017-11472,CVE-2017-12134,CVE-2017-12153,CVE-2017-12154,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14489,CVE-2017-15265,CVE-2017-15649 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): kernel-default-4.4.92-6.18.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-4.4.92-6.18.3, kernel-obs-build-4.4.92-6.18.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-default-4.4.92-6.18.1, kernel-source-4.4.92-6.18.1, kernel-syms-4.4.92-6.18.1 SUSE Linux Enterprise Live Patching 12-SP3 (src): kgraft-patch-SLE12-SP3_Update_4-1-4.3 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.92-6.18.1 SUSE Linux Enterprise Desktop 12-SP3 (src): kernel-default-4.4.92-6.18.1, kernel-source-4.4.92-6.18.1, kernel-syms-4.4.92-6.18.1
SUSE-SU-2017:2869-1: An update that solves 16 vulnerabilities and has 120 fixes is now available. Category: security (important) Bug References: 1006180,1011913,1012382,1012829,1013887,1019151,1020645,1020657,1021424,1022476,1022743,1022967,1023175,1024405,1028173,1028286,1029693,1030552,1030850,1031515,1031717,1031784,1033587,1034048,1034075,1034762,1036303,1036632,1037344,1037404,1037994,1038078,1038583,1038616,1038792,1039915,1040307,1040351,1041958,1042286,1042314,1042422,1042778,1043652,1044112,1044636,1045154,1045563,1045922,1046682,1046821,1046985,1047027,1047048,1047096,1047118,1047121,1047152,1047277,1047343,1047354,1047487,1047651,1047653,1047670,1048155,1048221,1048317,1048891,1048893,1048914,1048934,1049226,1049483,1049486,1049580,1049603,1049645,1049882,1050061,1050188,1051022,1051059,1051239,1051399,1051478,1051479,1051556,1051663,1051790,1052049,1052223,1052533,1052580,1052593,1052709,1052773,1052794,1052888,1053117,1053802,1053915,1053919,1054084,1055013,1055096,1055359,1055493,1055755,1055896,1056261,1056588,1056827,1056982,1057015,1058038,1058116,1058410,1058507,1059051,1059465,1060197,1061017,1061046,1061064,1061067,1061172,1061831,1061872,1063667,1064206,1064388,964063,971975,974215,981309 CVE References: CVE-2017-1000252,CVE-2017-10810,CVE-2017-11472,CVE-2017-11473,CVE-2017-12134,CVE-2017-12153,CVE-2017-12154,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14489,CVE-2017-15649,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-8831 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): kernel-default-4.4.90-92.45.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): kernel-docs-4.4.90-92.45.3, kernel-obs-build-4.4.90-92.45.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): kernel-default-4.4.90-92.45.1, kernel-source-4.4.90-92.45.1, kernel-syms-4.4.90-92.45.1 SUSE Linux Enterprise Server 12-SP2 (src): kernel-default-4.4.90-92.45.1, kernel-source-4.4.90-92.45.1, kernel-syms-4.4.90-92.45.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP2_Update_14-1-2.4 SUSE Linux Enterprise High Availability 12-SP2 (src): kernel-default-4.4.90-92.45.1 SUSE Linux Enterprise Desktop 12-SP2 (src): kernel-default-4.4.90-92.45.1, kernel-source-4.4.90-92.45.1, kernel-syms-4.4.90-92.45.1 SUSE Container as a Service Platform ALL (src): kernel-default-4.4.90-92.45.1 OpenStack Cloud Magnum Orchestration 7 (src): kernel-default-4.4.90-92.45.1
openSUSE-SU-2017:2905-1: An update that solves three vulnerabilities and has 32 fixes is now available. Category: security (important) Bug References: 1012382,1020645,1022595,1022600,1025461,1028971,1034048,1055567,1056427,1059863,1060985,1061451,1062520,1062962,1063460,1063475,1063501,1063509,1063520,1063667,1063695,1064206,1064388,964944,966170,966172,966186,966191,966316,966318,969474,969475,969476,969477,971975 CVE References: CVE-2017-13080,CVE-2017-15265,CVE-2017-15649 Sources used: openSUSE Leap 42.2 (src): kernel-debug-4.4.92-18.36.1, kernel-default-4.4.92-18.36.1, kernel-docs-4.4.92-18.36.2, kernel-obs-build-4.4.92-18.36.1, kernel-obs-qa-4.4.92-18.36.1, kernel-source-4.4.92-18.36.1, kernel-syms-4.4.92-18.36.1, kernel-vanilla-4.4.92-18.36.1
SUSE-SU-2017:2908-1: An update that solves 30 vulnerabilities and has 38 fixes is now available. Category: security (important) Bug References: 1001459,1012985,1023287,1027149,1028217,1030531,1030552,1031515,1033960,1034405,1035531,1035738,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039348,1039354,1039456,1039721,1039864,1039882,1039883,1039885,1040069,1041160,1041429,1041431,1042696,1042832,1042863,1044125,1045327,1045487,1045922,1046107,1048275,1048788,1049645,1049882,1053148,1053152,1053317,1056588,1056982,1057179,1058410,1058507,1058524,1059863,1062471,1062520,1063667,1064388,856774,860250,863764,878240,922855,922871,986924,993099,994364 CVE References: CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242 Sources used: SUSE OpenStack Cloud 6 (src): kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.74-60.64.63.1
Luis, just to be sure, do we need any of the follow-up fixes from the merge commit 9618aec3349b ("Merge tag 'mac80211-for-davem-2017-10-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211") ?
SUSE-SU-2017:2920-1: An update that solves 36 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 1008353,1012422,1017941,1029850,1030593,1032268,1034405,1034670,1035576,1035877,1036752,1037182,1037183,1037306,1037994,1038544,1038879,1038981,1038982,1039348,1039349,1039354,1039456,1039721,1039882,1039883,1039885,1040069,1041431,1041958,1044125,1045327,1045487,1045922,1046107,1047408,1048275,1049645,1049882,1052593,1053148,1053152,1056588,1056982,1057179,1058038,1058410,1058507,1058524,1062520,1063667,1064388,938162,975596,977417,984779,985562,990682 CVE References: CVE-2015-9004,CVE-2016-10229,CVE-2016-9604,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8106,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): kernel-default-3.12.61-52.101.1, kernel-source-3.12.61-52.101.1, kernel-syms-3.12.61-52.101.1, kernel-xen-3.12.61-52.101.1, kgraft-patch-SLE12_Update_28-1-8.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.61-52.101.1
(In reply to Miroslav Beneš from comment #29) > Luis, just to be sure, do we need any of the follow-up fixes from the merge > commit 9618aec3349b ("Merge tag 'mac80211-for-davem-2017-10-25' of > git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211") ? That's a merge commit with two key commits in question. The commits in question came through git-fixes emails as expected. I've created two bugs for each, each have their own justification and should be treated as such: o bsc#1066471 - backport 2bdd713b92a9ca mac80211: use constant time comparison with keys o bsc#1066472 - backport cfbb0d90a7abb2 mac80211: don't compare TKIP TX MIC key in reinstall prevention The short answer is yes, might as well merge them, but the constant time one only if the kernel carries the helper crypto_memneq(), added as of commit 6bf37e5aa90f1 ("crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks") on v3.13.
SUSE-SU-2017:3165-1: An update that solves 5 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 1022967,1036286,1044228,1045327,1052593,1053317,1056230,1056504,1057796,1059051,1059525,1060245,1060665,1061017,1061180,1062520,1062842,1063301,1063544,1063667,909484,996376 CVE References: CVE-2017-1000253,CVE-2017-13080,CVE-2017-14489,CVE-2017-15265,CVE-2017-15274 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-69.11.1, kernel-rt_trace-3.0.101.rt130-69.11.1, kernel-source-rt-3.0.101.rt130-69.11.1, kernel-syms-rt-3.0.101.rt130-69.11.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-69.11.1, kernel-rt_debug-3.0.101.rt130-69.11.1, kernel-rt_trace-3.0.101.rt130-69.11.1
SUSE-SU-2017:3265-1: An update that solves 20 vulnerabilities and has 53 fixes is now available. Category: security (important) Bug References: 1012917,1013018,1022967,1024450,1031358,1036286,1036629,1037441,1037667,1037669,1037994,1039803,1040609,1042863,1045154,1045205,1045327,1045538,1047523,1050381,1050431,1051133,1051932,1052311,1052365,1052370,1052593,1053148,1053152,1053317,1053802,1053933,1054070,1054076,1054093,1054247,1054305,1054706,1056230,1056504,1056588,1057179,1057796,1058524,1059051,1060245,1060665,1061017,1061180,1062520,1062842,1063301,1063544,1063667,1064803,1064861,1065180,1066471,1066472,1066573,1066606,1066618,1066625,1066650,1066671,1066700,1066705,1067085,1067816,1067888,909484,984530,996376 CVE References: CVE-2017-1000112,CVE-2017-10661,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14140,CVE-2017-14340,CVE-2017-14489,CVE-2017-15102,CVE-2017-15265,CVE-2017-15274,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16649,CVE-2017-8831 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-108.18.3 SUSE Linux Enterprise Server 11-SP4 (src): kernel-bigmem-3.0.101-108.18.1, kernel-default-3.0.101-108.18.1, kernel-ec2-3.0.101-108.18.1, kernel-pae-3.0.101-108.18.1, kernel-ppc64-3.0.101-108.18.1, kernel-source-3.0.101-108.18.1, kernel-syms-3.0.101-108.18.1, kernel-trace-3.0.101-108.18.1, kernel-xen-3.0.101-108.18.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.18.1, kernel-pae-3.0.101-108.18.1, kernel-ppc64-3.0.101-108.18.1, kernel-trace-3.0.101-108.18.1, kernel-xen-3.0.101-108.18.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.18.1, kernel-default-3.0.101-108.18.1, kernel-ec2-3.0.101-108.18.1, kernel-pae-3.0.101-108.18.1, kernel-ppc64-3.0.101-108.18.1, kernel-trace-3.0.101-108.18.1, kernel-xen-3.0.101-108.18.1
SUSE-SU-2017:3267-1: An update that solves 5 vulnerabilities and has 56 fixes is now available. Category: security (important) Bug References: 1012382,1017461,1020645,1022595,1022600,1022914,1022967,1025461,1028971,1030061,1034048,1037890,1052593,1053919,1055493,1055567,1055755,1055896,1056427,1058135,1058410,1058624,1059051,1059465,1059863,1060197,1060985,1061017,1061046,1061064,1061067,1061172,1061451,1061831,1061872,1062520,1062962,1063460,1063475,1063501,1063509,1063520,1063667,1063695,1064206,1064388,1064701,964944,966170,966172,966186,966191,966316,966318,969474,969475,969476,969477,971975,974590,996376 CVE References: CVE-2017-12153,CVE-2017-13080,CVE-2017-14489,CVE-2017-15265,CVE-2017-15649 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP2 (src): kernel-rt-4.4.95-21.1, kernel-rt_debug-4.4.95-21.1, kernel-source-rt-4.4.95-21.1, kernel-syms-rt-4.4.95-21.1
SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245 CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
released for the kernel.