Bug 1157303 (CVE-2019-19066) - VUL-1: CVE-2019-19066: kernel-source: memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c
Summary: VUL-1: CVE-2019-19066: kernel-source: memory leak in the bfad_im_get_stats() ...
Status: RESOLVED FIXED
Alias: CVE-2019-19066
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/247504/
Whiteboard: CVSSv3.1:SUSE:CVE-2019-19066:4.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-20 10:50 UTC by Wolfgang Frisch
Modified: 2024-06-25 14:07 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-20 10:50:03 UTC 
CVE-2019-19066

A memory leak in the bfad_im_get_stats() function in
drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers
to cause a denial of service (memory consumption) by triggering
bfa_port_get_stats() failures, aka CID-0e62395da2bd.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19066
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19066.html
https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19066
Comment 2 Hannes Reinecke 2019-12-09 11:20:44 UTC 
Lee, can you have a look?
Comment 3 Lee Duncan 2019-12-09 18:17:21 UTC 
This is not a true vulnerability, in my opinion. The error path where memory is leaked is only called when the driver is not able to get port status. If an attacker is trying to trigger this issue, they will be connected to the port, which means the port status check should not fail.

There is no demonstration of this attack, because it can't be done.

There should be no rush to fix this, and no need to port it back to 20 different releases.
Comment 4 Lee Duncan 2019-12-09 18:25:57 UTC 
Security team, I'm reassigning back to you, as suggested by my Labs team. Please dispute this CVE, as described in my earlier comment. Thank you.
Comment 5 Lee Duncan 2019-12-09 18:26:44 UTC 
Actually resetting "Assigned To".
Comment 6 Takashi Iwai 2019-12-09 18:51:28 UTC 
(In reply to Lee Duncan from comment #3)
> This is not a true vulnerability, in my opinion. The error path where memory
> is leaked is only called when the driver is not able to get port status. If
> an attacker is trying to trigger this issue, they will be connected to the
> port, which means the port status check should not fail.

Can one trigger get_stats call concurrently?  The bfa_port_get_stats() has a check of ports->stats_busy and this is one of two cases of error path which leads to a memory leak.

> There is no demonstration of this attack, because it can't be done.
> 
> There should be no rush to fix this, and no need to port it back to 20
> different releases.

That's true and no serious bug at all; though, we might want the fix if one can trigger it easily on their will.  So just to be sure...
Comment 7 Takashi Iwai 2019-12-09 18:54:36 UTC 
... and there is no reason to ignore the fix commit for the active maintained branches like SLE15 and SLE15-SP2.  (Maybe the latter will get the fix from stable tree in anyway.)
Comment 8 Lee Duncan 2019-12-11 19:24:57 UTC 
(In reply to Takashi Iwai from comment #7)
> ... and there is no reason to ignore the fix commit for the active
> maintained branches like SLE15 and SLE15-SP2.  (Maybe the latter will get
> the fix from stable tree in anyway.)

I will be glad to backport this commit where needed. Should we clone this with a non-CVE bug for that work, or should I wait until security figures out the address this?
(In reply to Takashi Iwai from comment #6)
> (In reply to Lee Duncan from comment #3)
> > This is not a true vulnerability, in my opinion. The error path where memory
> > is leaked is only called when the driver is not able to get port status. If
> > an attacker is trying to trigger this issue, they will be connected to the
> > port, which means the port status check should not fail.
> 
> Can one trigger get_stats call concurrently?  The bfa_port_get_stats() has a
> check of ports->stats_busy and this is one of two cases of error path which
> leads to a memory leak.

No, I believe the spin lock around the call to bfa_port_get_stats() prevents this.

> 
> > There is no demonstration of this attack, because it can't be done.
> > 
> > There should be no rush to fix this, and no need to port it back to 20
> > different releases.
> 
> That's true and no serious bug at all; though, we might want the fix if one
> can trigger it easily on their will.  So just to be sure...
Comment 9 Takashi Iwai 2019-12-11 22:05:03 UTC 
(In reply to Lee Duncan from comment #8)
> (In reply to Takashi Iwai from comment #7)
> > ... and there is no reason to ignore the fix commit for the active
> > maintained branches like SLE15 and SLE15-SP2.  (Maybe the latter will get
> > the fix from stable tree in anyway.)
> 
> I will be glad to backport this commit where needed. Should we clone this
> with a non-CVE bug for that work, or should I wait until security figures
> out the address this?

Well, you can take this bugzilla number without CVE-number, or you can clone the bug by yourself as you like.  But I would just backport the fix to SLE15 branch with this bugzilla number + CVE-number as usual.  Showing the bugz+CVE won't hurt even if it's no real security issue, after all :)

Backporting to the rest cvs/linux-* branches can be skipped if the security report can be disputed.  So it can be postponed.

> (In reply to Takashi Iwai from comment #6)
> > (In reply to Lee Duncan from comment #3)
> > > This is not a true vulnerability, in my opinion. The error path where memory
> > > is leaked is only called when the driver is not able to get port status. If
> > > an attacker is trying to trigger this issue, they will be connected to the
> > > port, which means the port status check should not fail.
> > 
> > Can one trigger get_stats call concurrently?  The bfa_port_get_stats() has a
> > check of ports->stats_busy and this is one of two cases of error path which
> > leads to a memory leak.
> 
> No, I believe the spin lock around the call to bfa_port_get_stats() prevents
> this.

But port->stats_busy might be still BFA_TRUE right after calling bfa_port_get_stats(), so the spinlock there doesn't help for the possible race, I'm afraid.

That is, bfa_port_get_stats() just queues to mbox and sets the stat_busy=BFA_TRUE, then returns.  So only queuing is protected by spinlock, and the function unlocks at this point.  It then waits for mbox isr that clears the stat_busy flag via wait_for_completion(), but it's outside the spinlock (naturally).

And, IIUC, get_fc_host_stats callback may be called from the sysfs read, hence user may trigger bfa_port_get_stats() again during mbox wait completion.  It'd hit port->stats_busy check and lead to a memory leak at the error path.

I'm no expert in this area and I hope I overlooked something, though...
Comment 10 Lee Duncan 2019-12-13 20:15:49 UTC 
Changes pushed to users/lduncan/SLE15-SP2/for-next
Comment 11 Lee Duncan 2019-12-13 22:01:30 UTC 
Changes pushed to users/lduncan/SLE15/for-next

I will leave it to security to push back on the other (older) branches. Please reassign to me if that fails.
Comment 12 Borislav Petkov 2019-12-13 23:33:58 UTC 
(In reply to Lee Duncan from comment #11)
> Changes pushed to users/lduncan/SLE15/for-next
> 
> I will leave it to security to push back on the other (older) branches.
> Please reassign to me if that fails.

That's our job, not theirs. Please backport to all the relevant branches, cf:

https://pes.suse.de/Labs/kernel/sec/

Thx.
Comment 18 Swamp Workflow Management 2019-12-23 14:22:44 UTC 
SUSE-SU-2019:3381-1: An update that solves 48 vulnerabilities and has 90 fixes is now available.

Category: security (important)
Bug References: 1046303,1048942,1051510,1065600,1071995,1078248,1082635,1083647,1089644,1090888,1091041,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1131107,1138039,1140948,1142095,1143706,1143959,1144333,1146519,1146544,1149448,1150466,1151548,1151900,1152631,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155331,1155334,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156259,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159297
CVE References: CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.47.1, kernel-docs-4.12.14-150.47.1, kernel-obs-qa-4.12.14-150.47.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.47.1, kernel-obs-build-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-syms-4.12.14-150.47.1, kernel-vanilla-4.12.14-150.47.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-zfcpdump-4.12.14-150.47.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2019-12-23 14:39:32 UTC 
SUSE-SU-2019:3381-1: An update that solves 48 vulnerabilities and has 90 fixes is now available.

Category: security (important)
Bug References: 1046303,1048942,1051510,1065600,1071995,1078248,1082635,1083647,1089644,1090888,1091041,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1131107,1138039,1140948,1142095,1143706,1143959,1144333,1146519,1146544,1149448,1150466,1151548,1151900,1152631,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155331,1155334,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156259,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159297
CVE References: CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.47.1, kernel-docs-4.12.14-150.47.1, kernel-obs-qa-4.12.14-150.47.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.47.1, kernel-livepatch-SLE15_Update_17-1-1.3.2
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.47.1, kernel-obs-build-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-syms-4.12.14-150.47.1, kernel-vanilla-4.12.14-150.47.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-zfcpdump-4.12.14-150.47.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2019-12-27 17:17:31 UTC 
SUSE-SU-2019:3389-1: An update that solves 24 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1078248,1083647,1089644,1090888,1108043,1111666,1112178,1113956,1114279,1115026,1117169,1119461,1119465,1120853,1129770,1137223,1138039,1138190,1140948,1142095,1142635,1144333,1146519,1146544,1151067,1151548,1152107,1152631,1153811,1154043,1154355,1154768,1154905,1154916,1155689,1155921,1156462,1156471,1156928,1157042,1157115,1157160,1157169,1157171,1157303,1157424,1157463,1157499,1157698,1157778,1157895,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096
CVE References: CVE-2019-14901,CVE-2019-15213,CVE-2019-16746,CVE-2019-19051,CVE-2019-19066,CVE-2019-19077,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.12.1, kgraft-patch-SLE12-SP5_Update_2-1-8.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2019-12-27 17:29:46 UTC 
SUSE-SU-2019:3389-1: An update that solves 24 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1078248,1083647,1089644,1090888,1108043,1111666,1112178,1113956,1114279,1115026,1117169,1119461,1119465,1120853,1129770,1137223,1138039,1138190,1140948,1142095,1142635,1144333,1146519,1146544,1151067,1151548,1152107,1152631,1153811,1154043,1154355,1154768,1154905,1154916,1155689,1155921,1156462,1156471,1156928,1157042,1157115,1157160,1157169,1157171,1157303,1157424,1157463,1157499,1157698,1157778,1157895,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096
CVE References: CVE-2019-14901,CVE-2019-15213,CVE-2019-16746,CVE-2019-19051,CVE-2019-19066,CVE-2019-19077,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.12.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.12.1, kernel-obs-build-4.12.14-122.12.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.12.1, kernel-source-4.12.14-122.12.1, kernel-syms-4.12.14-122.12.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.12.1, kgraft-patch-SLE12-SP5_Update_2-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Lee Duncan 2020-01-08 21:49:19 UTC 
fix pushed to:

* users/lduncan/cve/linux-4.4/for-next
* users/lduncan/cve/linux-3.12/for-next
* users/lduncan/cve/linux-3.0/for-next

Not needed in 2.6.32 and earlier since the status are static there, i.e. not allocated, so they cannot be leaked.

I believe that is all the relevant repositories.
Comment 24 Swamp Workflow Management 2020-01-14 14:51:55 UTC 
SUSE-SU-2020:0093-1: An update that solves 80 vulnerabilities and has 310 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1078248,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1090888,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103989,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1115026,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120853,1120902,1122363,1123034,1123080,1123105,1126206,1126390,1127155,1127354,1127371,1127611,1127988,1129770,1131107,1131304,1131489,1133140,1134476,1134973,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1140948,1141013,1141340,1141543,1142076,1142095,1142635,1142667,1142924,1143706,1143959,1144333,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146519,1146544,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151910,1151955,1152024,1152025,1152026,1152033,1152107,1152161,1152187,1152325,1152446,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152631,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154244,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154768,1154848,1154858,1154905,1154916,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155331,1155334,1155671,1155689,1155692,1155812,1155817,1155836,1155897,1155921,1155945,1156187,1156258,1156259,1156286,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157895,1157908,1158021,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096,1159297,1159483,1159484,1159500,1159569,1159841,1159908,1159909,1159910,972655
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-14901,CVE-2019-15030,CVE-2019-15031,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16746,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.7.1, kernel-source-azure-4.12.14-16.7.1, kernel-syms-azure-4.12.14-16.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2020-02-27 17:36:44 UTC 
SUSE-SU-2020:0511-1: An update that solves 34 vulnerabilities and has 170 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.27.1, kernel-source-azure-4.12.14-8.27.1, kernel-syms-azure-4.12.14-8.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2020-03-02 17:51:27 UTC 
SUSE-SU-2020:0559-1: An update that solves 23 vulnerabilities and has 136 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1051510,1051858,1061840,1065600,1065729,1071995,1085030,1086301,1086313,1086314,1088810,1104427,1105392,1111666,1112178,1112504,1114279,1118338,1123328,1127371,1133021,1133147,1134973,1140025,1143959,1144333,1151910,1151927,1153917,1154243,1155331,1155334,1156259,1156286,1156462,1157155,1157157,1157303,1157424,1157692,1157853,1157966,1158013,1158021,1158026,1158533,1158819,1159028,1159271,1159297,1159394,1159483,1159484,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160195,1160210,1160211,1160218,1160433,1160442,1160476,1160560,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161360,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161875,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19447,CVE-2019-19767,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.37.1, kernel-source-azure-4.12.14-6.37.1, kernel-syms-azure-4.12.14-6.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2020-03-02 20:23:56 UTC 
SUSE-SU-2020:0560-1: An update that solves 36 vulnerabilities and has 196 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1129770,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1146519,1146544,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.34.1, kernel-livepatch-SLE15-SP1_Update_9-1-3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2020-03-02 20:55:44 UTC 
SUSE-SU-2020:0560-1: An update that solves 36 vulnerabilities and has 196 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1129770,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1146519,1146544,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.34.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-debug-4.12.14-197.34.1, kernel-default-4.12.14-197.34.1, kernel-docs-4.12.14-197.34.1, kernel-kvmsmall-4.12.14-197.34.1, kernel-obs-qa-4.12.14-197.34.1, kernel-source-4.12.14-197.34.1, kernel-vanilla-4.12.14-197.34.1, kernel-zfcpdump-4.12.14-197.34.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.34.1, kernel-livepatch-SLE15-SP1_Update_9-1-3.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.34.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.34.1, kernel-obs-build-4.12.14-197.34.1, kernel-source-4.12.14-197.34.1, kernel-syms-4.12.14-197.34.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.34.1, kernel-source-4.12.14-197.34.1, kernel-zfcpdump-4.12.14-197.34.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2020-03-04 14:21:03 UTC 
SUSE-SU-2020:0584-1: An update that solves 43 vulnerabilities and has 163 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1104427,1105392,1111666,1112178,1112504,1114279,1115026,1118338,1120853,1123328,1127371,1133021,1133147,1134973,1140025,1141054,1142095,1143959,1144333,1146519,1146544,1151548,1151910,1151927,1152631,1153917,1154243,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157692,1157853,1157908,1157966,1158013,1158021,1158026,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159394,1159483,1159484,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160195,1160210,1160211,1160218,1160433,1160442,1160476,1160560,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161360,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161875,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.48.1, kgraft-patch-SLE12-SP4_Update_12-1-6.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2020-03-04 14:56:55 UTC 
SUSE-SU-2020:0584-1: An update that solves 43 vulnerabilities and has 163 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1104427,1105392,1111666,1112178,1112504,1114279,1115026,1118338,1120853,1123328,1127371,1133021,1133147,1134973,1140025,1141054,1142095,1143959,1144333,1146519,1146544,1151548,1151910,1151927,1152631,1153917,1154243,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157692,1157853,1157908,1157966,1158013,1158021,1158026,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159394,1159483,1159484,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160195,1160210,1160211,1160218,1160433,1160442,1160476,1160560,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161360,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161875,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.48.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.48.1, kernel-obs-build-4.12.14-95.48.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.48.1, kernel-source-4.12.14-95.48.1, kernel-syms-4.12.14-95.48.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.48.1, kgraft-patch-SLE12-SP4_Update_12-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2020-03-05 20:25:49 UTC 
SUSE-SU-2020:0599-1: An update that solves 60 vulnerabilities and has 119 fixes is now available.

Category: security (moderate)
Bug References: 1046303,1050244,1051510,1051858,1065600,1065729,1071995,1078248,1083647,1085030,1086301,1086313,1086314,1089644,1090888,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1134973,1138039,1140948,1141054,1142095,1143959,1144333,1146519,1146544,1151548,1151900,1151910,1151927,1152631,1153811,1153917,1154043,1154058,1154355,1155331,1155334,1155689,1155897,1155921,1156258,1156259,1156286,1156462,1156471,1157038,1157042,1157070,1157143,1157145,1157155,1157157,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157692,1157698,1157778,1157853,1157908,1158013,1158021,1158026,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159297,1159394,1159483,1159484,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160195,1160210,1160211,1160433,1160442,1160476,1160560,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1161087,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161875,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067
CVE References: CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-16994,CVE-2019-18660,CVE-2019-18683,CVE-2019-18808,CVE-2019-18809,CVE-2019-19036,CVE-2019-19045,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19054,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.12.1, kernel-rt_debug-4.12.14-8.12.1, kernel-source-rt-4.12.14-8.12.1, kernel-syms-rt-4.12.14-8.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2020-03-06 19:16:23 UTC 
This is an autogenerated message for OBS integration:
This bug (1157303) was mentioned in
https://build.opensuse.org/request/show/782233 15.1 / kernel-source
Comment 42 Swamp Workflow Management 2020-03-09 14:32:41 UTC 
SUSE-SU-2020:0613-1: An update that solves 69 vulnerabilities and has 168 fixes is now available.

Category: security (moderate)
Bug References: 1046303,1050244,1051510,1051858,1061840,1065600,1065729,1071995,1078248,1083647,1085030,1086301,1086313,1086314,1089644,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1114685,1115026,1117169,1118661,1119113,1120853,1123328,1126206,1126390,1127354,1127371,1127611,1127682,1129551,1129770,1134973,1134983,1137223,1137236,1138039,1140948,1141054,1142095,1142635,1142924,1143959,1144333,1146519,1146544,1151067,1151548,1151900,1151910,1151927,1152107,1152631,1153535,1153628,1153811,1153917,1154043,1154058,1154243,1154355,1154601,1154768,1154916,1155331,1155334,1155689,1155897,1155921,1156258,1156259,1156286,1156462,1156471,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157155,1157157,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157692,1157698,1157778,1157853,1157895,1157908,1158013,1158021,1158026,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1161087,1161243,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139
CVE References: CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18660,CVE-2019-18683,CVE-2019-18808,CVE-2019-18809,CVE-2019-19036,CVE-2019-19045,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19054,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053,CVE-2020-8428
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.17.1, kernel-rt_debug-4.12.14-14.17.1, kernel-source-rt-4.12.14-14.17.1, kernel-syms-rt-4.12.14-14.17.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.17.1, kernel-rt_debug-4.12.14-14.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2020-03-13 12:11:29 UTC 
openSUSE-SU-2020:0336-1: An update that solves 35 vulnerabilities and has 194 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1060463,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1103992,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1129770,1133021,1133147,1134090,1134973,1136157,1136333,1140025,1142685,1143959,1144162,1144333,1146539,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158533,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160659,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1161951,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1165404,1165488,1165527,1165813,1165881
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.40.1, kernel-default-4.12.14-lp151.28.40.1, kernel-docs-4.12.14-lp151.28.40.1, kernel-kvmsmall-4.12.14-lp151.28.40.1, kernel-obs-build-4.12.14-lp151.28.40.1, kernel-obs-qa-4.12.14-lp151.28.40.1, kernel-source-4.12.14-lp151.28.40.1, kernel-syms-4.12.14-lp151.28.40.1, kernel-vanilla-4.12.14-lp151.28.40.1
Comment 46 Swamp Workflow Management 2020-04-30 19:17:32 UTC 
SUSE-SU-2020:14354-1: An update that solves 28 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1012382,1091041,1105327,1131107,1136471,1136922,1146519,1146544,1146612,1148871,1149448,1152631,1156652,1157038,1157070,1157143,1157155,1157157,1157303,1157344,1157678,1157804,1157923,1158381,1158410,1158413,1158427,1158445,1158823,1158824,1158834,1158900,1158904,1159285,1159841,1159908,1159911,1161358,1162928,1162929,1162931,1164078,1165111,1165985,1167629,1168075,1168829,1168854
CVE References: CVE-2019-12456,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-15916,CVE-2019-18660,CVE-2019-18675,CVE-2019-19066,CVE-2019-19073,CVE-2019-19074,CVE-2019-19227,CVE-2019-19523,CVE-2019-19524,CVE-2019-19527,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19537,CVE-2019-19768,CVE-2019-19965,CVE-2019-19966,CVE-2019-20096,CVE-2020-10942,CVE-2020-11608,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.111.1, kernel-default-3.0.101-108.111.1, kernel-ec2-3.0.101-108.111.1, kernel-pae-3.0.101-108.111.1, kernel-ppc64-3.0.101-108.111.1, kernel-source-3.0.101-108.111.1, kernel-syms-3.0.101-108.111.1, kernel-trace-3.0.101-108.111.1, kernel-xen-3.0.101-108.111.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.111.1, kernel-pae-3.0.101-108.111.1, kernel-ppc64-3.0.101-108.111.1, kernel-trace-3.0.101-108.111.1, kernel-xen-3.0.101-108.111.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.111.1, kernel-default-3.0.101-108.111.1, kernel-ec2-3.0.101-108.111.1, kernel-pae-3.0.101-108.111.1, kernel-ppc64-3.0.101-108.111.1, kernel-trace-3.0.101-108.111.1, kernel-xen-3.0.101-108.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2020-05-12 13:22:02 UTC 
SUSE-SU-2020:1255-1: An update that solves 53 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1037216,1075091,1075994,1087082,1087813,1091041,1099279,1120386,1131107,1133147,1136449,1137325,1146519,1146544,1146612,1149591,1153811,1154844,1155311,1155897,1156060,1157038,1157042,1157070,1157143,1157155,1157157,1157158,1157303,1157324,1157333,1157464,1157804,1157923,1158021,1158132,1158381,1158394,1158398,1158410,1158413,1158417,1158427,1158445,1158819,1158823,1158824,1158827,1158834,1158900,1158903,1158904,1159199,1159285,1159297,1159841,1159908,1159910,1159911,1159912,1160195,1162227,1162298,1162928,1162929,1162931,1163971,1164069,1164078,1164846,1165111,1165311,1165873,1165881,1165984,1165985,1167629,1168075,1168295,1168424,1168829,1168854,1170056,1170345,1170778
CVE References: CVE-2017-18255,CVE-2018-21008,CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-18660,CVE-2019-18675,CVE-2019-18683,CVE-2019-19052,CVE-2019-19062,CVE-2019-19066,CVE-2019-19073,CVE-2019-19074,CVE-2019-19319,CVE-2019-19332,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19527,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19767,CVE-2019-19768,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20096,CVE-2019-3701,CVE-2019-5108,CVE-2019-9455,CVE-2019-9458,CVE-2020-10690,CVE-2020-10720,CVE-2020-10942,CVE-2020-11494,CVE-2020-11608,CVE-2020-11609,CVE-2020-2732,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-8992,CVE-2020-9383
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1, kgraft-patch-SLE12-SP2_Update_34-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1, kgraft-patch-SLE12-SP2_Update_34-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1, kgraft-patch-SLE12-SP2_Update_34-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2020-05-14 13:17:19 UTC 
SUSE-SU-2020:1275-1: An update that solves 35 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1056134,1087813,1120386,1133147,1137325,1145929,1149591,1154118,1154844,1155689,1157155,1157157,1157303,1157804,1158021,1158642,1158819,1159199,1159285,1159297,1159841,1159908,1159910,1159911,1159912,1160195,1161586,1162227,1162928,1162929,1162931,1163508,1163971,1164009,1164051,1164069,1164078,1164846,1165111,1165311,1165873,1165881,1165984,1165985,1167421,1167423,1167629,1168075,1168295,1168424,1168829,1168854,1170056,1170345,1170778,1170847
CVE References: CVE-2017-18255,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-21008,CVE-2019-11091,CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-18675,CVE-2019-19066,CVE-2019-19319,CVE-2019-19447,CVE-2019-19767,CVE-2019-19768,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20096,CVE-2019-3701,CVE-2019-5108,CVE-2019-9455,CVE-2019-9458,CVE-2020-10690,CVE-2020-10720,CVE-2020-10942,CVE-2020-11494,CVE-2020-11608,CVE-2020-11609,CVE-2020-2732,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-8992,CVE-2020-9383
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.116.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Alexandros Toptsoglou 2020-08-04 14:46:32 UTC 
Done