1178782 – (CVE-2020-25705) VUL-0: CVE-2020-25705: SADDNS attack

Bug 1178782 (CVE-2020-25705) - VUL-0: CVE-2020-25705: SADDNS attack

Summary: VUL-0: CVE-2020-25705: SADDNS attack

Status:	RESOLVED FIXED

Alias:	CVE-2020-25705

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/271665/
Whiteboard:
Keywords:

Depends on:	1175721 1178783
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2020-11-13 15:42 UTC by Marcus Meissner
Modified:	2024-06-07 07:50 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2020-11-13 15:42:52 UTC

CVE-2020-25705

 SAD DNS is a revival of the classic DNS cache poisoning attack (which no longer works since 2008) leveraging novel network side channels that exist in all modern operating systems, including Linux, Windows, macOS, and FreeBSD. This represents an important milestone --- the first weaponizable network side channel attack that has serious security impacts. The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq). 

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705
https://www.cs.ucr.edu/~zhiyunq/SADDNS.html

Comment 1 Marcus Meissner 2020-11-13 15:46:12 UTC

Linux kernel mitigation: tracked in bug 1175721

Comment 2 Swamp Workflow Management 2020-11-23 17:26:20 UTC

SUSE-SU-2020:3484-1: An update that solves 15 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1055014,1058115,1061843,1065600,1065729,1066382,1077428,1112178,1131277,1134760,1140683,1163592,1167030,1168468,1170415,1170446,1170630,1171558,1171675,1172538,1172873,1173432,1174748,1175306,1175520,1175721,1176354,1176381,1176382,1176400,1176485,1176560,1176713,1176723,1176855,1176907,1176946,1176983,1177027,1177086,1177101,1177258,1177271,1177281,1177340,1177410,1177411,1177470,1177511,1177513,1177685,1177687,1177703,1177719,1177724,1177725,1177740,1177749,1177750,1177753,1177754,1177755,1177766,1177819,1177820,1177855,1177856,1177861,1178003,1178027,1178123,1178166,1178182,1178185,1178187,1178188,1178202,1178234,1178330,1178393,1178589,1178591,1178622,1178686,1178700,1178765,1178782,1178838,1178878,927455
CVE References: CVE-2020-0430,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25285,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.52.1, kernel-source-azure-4.12.14-8.52.1, kernel-syms-azure-4.12.14-8.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 3 Swamp Workflow Management 2020-11-24 17:21:37 UTC

SUSE-SU-2020:3501-1: An update that solves 17 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1065600,1083244,1131277,1170415,1175721,1175749,1176011,1176235,1176253,1176278,1176381,1176382,1176423,1176482,1176721,1176722,1176725,1176896,1176922,1176990,1177027,1177086,1177165,1177206,1177226,1177410,1177411,1177511,1177513,1177725,1177766,1178782
CVE References: CVE-2017-18204,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25705,CVE-2020-26088,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.146.1, kernel-source-4.4.121-92.146.1, kernel-syms-4.4.121-92.146.1, kgraft-patch-SLE12-SP2_Update_38-1-3.5.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.146.1, kernel-source-4.4.121-92.146.1, kernel-syms-4.4.121-92.146.1, kgraft-patch-SLE12-SP2_Update_38-1-3.5.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.146.1, kernel-source-4.4.121-92.146.1, kernel-syms-4.4.121-92.146.1, kgraft-patch-SLE12-SP2_Update_38-1-3.5.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.146.1, kernel-source-4.4.121-92.146.1, kernel-syms-4.4.121-92.146.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.146.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 4 Swamp Workflow Management 2020-11-24 17:26:54 UTC

SUSE-SU-2020:3503-1: An update that solves 21 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1065600,1083244,1121826,1121872,1157298,1160917,1170415,1175228,1175306,1175721,1175749,1176011,1176069,1176235,1176253,1176278,1176381,1176382,1176423,1176482,1176721,1176722,1176725,1176816,1176896,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177511,1177513,1177725,1177766,1177816,1178123,1178622,1178782
CVE References: CVE-2017-18204,CVE-2019-19063,CVE-2019-6133,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25705,CVE-2020-26088,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.135.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Swamp Workflow Management 2020-11-24 20:18:58 UTC

SUSE-SU-2020:3507-1: An update that solves three vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1058115,1163592,1167030,1172873,1175306,1175721,1176855,1176907,1176983,1177703,1177819,1177820,1178123,1178393,1178589,1178622,1178686,1178765,1178782,927455
CVE References: CVE-2020-25668,CVE-2020-25704,CVE-2020-25705
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.72.1, kernel-livepatch-SLE15-SP1_Update_19-1-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Swamp Workflow Management 2020-11-24 20:21:57 UTC

SUSE-SU-2020:3507-1: An update that solves three vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1058115,1163592,1167030,1172873,1175306,1175721,1176855,1176907,1176983,1177703,1177819,1177820,1178123,1178393,1178589,1178622,1178686,1178765,1178782,927455
CVE References: CVE-2020-25668,CVE-2020-25704,CVE-2020-25705
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.72.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.72.1, kernel-livepatch-SLE15-SP1_Update_19-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.72.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.72.2, kernel-obs-build-4.12.14-197.72.1, kernel-source-4.12.14-197.72.1, kernel-syms-4.12.14-197.72.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.72.1, kernel-source-4.12.14-197.72.1, kernel-zfcpdump-4.12.14-197.72.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.72.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Swamp Workflow Management 2020-11-25 14:24:35 UTC

SUSE-SU-2020:3512-1: An update that solves 11 vulnerabilities and has 74 fixes is now available.

Category: security (important)
Bug References: 1055014,1058115,1061843,1065600,1065729,1066382,1077428,1112178,1114648,1131277,1134760,1140683,1152624,1157424,1163592,1167030,1170415,1170446,1171558,1172538,1172757,1173432,1174748,1175306,1175520,1175721,1176354,1176400,1176485,1176560,1176713,1176723,1176855,1176907,1176946,1176983,1177086,1177101,1177271,1177281,1177359,1177410,1177411,1177470,1177685,1177687,1177703,1177719,1177724,1177725,1177729,1177740,1177749,1177750,1177753,1177754,1177755,1177762,1177766,1177819,1177820,1177855,1177856,1177861,1178003,1178027,1178123,1178166,1178185,1178187,1178188,1178202,1178234,1178330,1178393,1178589,1178591,1178607,1178622,1178686,1178700,1178765,1178782,927455,936888
CVE References: CVE-2020-0430,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-16120,CVE-2020-25285,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.22.1, kernel-rt_debug-4.12.14-10.22.1, kernel-source-rt-4.12.14-10.22.1, kernel-syms-rt-4.12.14-10.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2020-11-25 14:34:01 UTC

SUSE-SU-2020:3513-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1055014,1058115,1061843,1065600,1065729,1066382,1077428,1112178,1131277,1134760,1163592,1167030,1170415,1170446,1171558,1172873,1173432,1174748,1175306,1175721,1176354,1176485,1176560,1176713,1176723,1176855,1176907,1176983,1177086,1177101,1177271,1177281,1177410,1177411,1177470,1177685,1177687,1177703,1177719,1177724,1177725,1177740,1177749,1177750,1177753,1177754,1177755,1177762,1177766,1177819,1177820,1177855,1177856,1177861,1178003,1178027,1178123,1178166,1178185,1178187,1178188,1178202,1178234,1178330,1178393,1178589,1178591,1178622,1178686,1178765,1178782,1178838,927455
CVE References: CVE-2020-0430,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-16120,CVE-2020-25285,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.41.2, kernel-rt_debug-4.12.14-14.41.2, kernel-source-rt-4.12.14-14.41.2, kernel-syms-rt-4.12.14-14.41.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2020-11-25 17:29:12 UTC

SUSE-SU-2020:3522-1: An update that solves 12 vulnerabilities and has 103 fixes is now available.

Category: security (important)
Bug References: 1055014,1055186,1061843,1065600,1065729,1066382,1077428,1129923,1134760,1149032,1152489,1162702,1163592,1164648,1165692,1166146,1166166,1167030,1170415,1170446,1171073,1171688,1172873,1174003,1174098,1174748,1174969,1175052,1175306,1175621,1175721,1175749,1175807,1175898,1176180,1176354,1176400,1176485,1176564,1176713,1176907,1176983,1177086,1177090,1177109,1177271,1177281,1177353,1177410,1177411,1177470,1177617,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177727,1177729,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178183,1178184,1178185,1178186,1178190,1178191,1178246,1178255,1178304,1178307,1178330,1178393,1178395,1178461,1178579,1178581,1178584,1178585,1178589,1178591,1178622,1178659,1178661,1178686,1178700,1178782
CVE References: CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-16120,CVE-2020-24490,CVE-2020-25285,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-28974,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-16.1, kernel-rt_debug-5.3.18-16.1, kernel-source-rt-5.3.18-16.1, kernel-syms-rt-5.3.18-16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2020-11-26 17:17:16 UTC

openSUSE-SU-2020:2034-1: An update that solves four vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1050549,1067665,1170630,1172873,1175306,1175721,1176855,1176983,1177397,1177703,1177819,1177820,1178182,1178393,1178589,1178686,1178765,1178782,1178838,1178853,1178854,1178878,1178886,927455
CVE References: CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-28915
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.83.1, kernel-default-4.12.14-lp151.28.83.1, kernel-docs-4.12.14-lp151.28.83.1, kernel-kvmsmall-4.12.14-lp151.28.83.1, kernel-obs-build-4.12.14-lp151.28.83.1, kernel-obs-qa-4.12.14-lp151.28.83.1, kernel-source-4.12.14-lp151.28.83.1, kernel-syms-4.12.14-lp151.28.83.1, kernel-vanilla-4.12.14-lp151.28.83.1

Comment 11 Swamp Workflow Management 2020-11-26 17:24:20 UTC

SUSE-SU-2020:3532-1: An update that solves 26 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1161360,1163524,1166965,1170232,1170415,1171417,1172073,1172366,1173115,1173233,1175306,1175721,1175749,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176877,1176907,1176922,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177470,1177511,1177513,1177724,1177725,1177766,1178003,1178123,1178330,1178393,1178622,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.63.1, kernel-livepatch-SLE15_Update_21-1-1.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2020-11-26 17:36:31 UTC

SUSE-SU-2020:3532-1: An update that solves 26 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1161360,1163524,1166965,1170232,1170415,1171417,1172073,1172366,1173115,1173233,1175306,1175721,1175749,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176877,1176907,1176922,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177470,1177511,1177513,1177724,1177725,1177766,1178003,1178123,1178330,1178393,1178622,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1, kernel-zfcpdump-4.12.14-150.63.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.63.1, kernel-livepatch-SLE15_Update_21-1-1.5.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2020-11-26 20:31:26 UTC

SUSE-SU-2020:3544-1: An update that solves 26 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1163524,1166965,1168468,1170139,1170232,1170415,1171417,1171675,1172073,1172366,1173115,1173233,1175228,1175306,1175721,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176869,1176907,1176922,1176935,1176950,1176990,1177027,1177086,1177121,1177206,1177340,1177410,1177411,1177470,1177511,1177724,1177725,1177766,1177816,1178123,1178330,1178393,1178669,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2020-11-26 20:53:52 UTC

SUSE-SU-2020:3544-1: An update that solves 26 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1163524,1166965,1168468,1170139,1170232,1170415,1171417,1171675,1172073,1172366,1173115,1173233,1175228,1175306,1175721,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176869,1176907,1176922,1176935,1176950,1176990,1177027,1177086,1177121,1177206,1177340,1177410,1177411,1177470,1177511,1177724,1177725,1177766,1177816,1178123,1178330,1178393,1178669,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.65.1, kgraft-patch-SLE12-SP4_Update_17-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2020-12-05 02:21:33 UTC

openSUSE-SU-2020:2161-1: An update that solves 11 vulnerabilities and has 57 fixes is now available.

Category: security (important)
Bug References: 1149032,1152489,1153274,1154353,1155518,1160634,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175721,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177666,1177703,1177820,1178182,1178227,1178286,1178304,1178401,1178426,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178782,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179424,1179426,1179427,1179429,1179432
CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-25705,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.54.1, kernel-default-5.3.18-lp152.54.1, kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1, kernel-docs-5.3.18-lp152.54.2, kernel-kvmsmall-5.3.18-lp152.54.1, kernel-obs-build-5.3.18-lp152.54.1, kernel-obs-qa-5.3.18-lp152.54.1, kernel-preempt-5.3.18-lp152.54.1, kernel-source-5.3.18-lp152.54.1, kernel-syms-5.3.18-lp152.54.1

Comment 16 Swamp Workflow Management 2020-12-09 14:19:17 UTC

SUSE-SU-2020:3717-1: An update that solves 10 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1050549,1067665,1111666,1112178,1158775,1170139,1170630,1172542,1172873,1174726,1175306,1175721,1175916,1176109,1176855,1176983,1177304,1177397,1177703,1177805,1177808,1177809,1177819,1177820,1178123,1178182,1178393,1178589,1178607,1178635,1178669,1178686,1178765,1178782,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179211,1179213,1179259,1179424,1179426,1179427,1179429,927455
CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371
JIRA References: 
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.54.1, kgraft-patch-SLE12-SP5_Update_13-1-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2020-12-09 14:31:49 UTC

SUSE-SU-2020:3717-1: An update that solves 10 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1050549,1067665,1111666,1112178,1158775,1170139,1170630,1172542,1172873,1174726,1175306,1175721,1175916,1176109,1176855,1176983,1177304,1177397,1177703,1177805,1177808,1177809,1177819,1177820,1178123,1178182,1178393,1178589,1178607,1178635,1178669,1178686,1178765,1178782,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179211,1179213,1179259,1179424,1179426,1179427,1179429,927455
CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.54.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.54.1, kernel-obs-build-4.12.14-122.54.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.54.1, kernel-source-4.12.14-122.54.1, kernel-syms-4.12.14-122.54.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.54.1, kgraft-patch-SLE12-SP5_Update_13-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2020-12-11 17:27:47 UTC

SUSE-SU-2020:3764-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1139944,1149032,1152489,1153274,1154353,1155518,1158775,1160634,1161099,1167773,1170139,1171558,1173504,1174852,1175721,1175918,1175995,1176109,1176200,1176481,1176586,1176855,1176956,1177066,1177070,1177353,1177397,1177666,1178182,1178203,1178227,1178286,1178401,1178426,1178590,1178634,1178635,1178653,1178669,1178740,1178755,1178756,1178762,1178782,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,1179578,1179601,1179639
CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-25705,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28941,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-19.1, kernel-rt_debug-5.3.18-19.1, kernel-source-rt-5.3.18-19.1, kernel-syms-rt-5.3.18-19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.