853040 – (CVE-2013-6405) VUL-1: CVE-2013-6405: kernel: net: multiple uninitialised memory leakage

Bug 853040 (CVE-2013-6405) - VUL-1: CVE-2013-6405: kernel: net: multiple uninitialised memory leakage

Summary: VUL-1: CVE-2013-6405: kernel: net: multiple uninitialised memory leakage

Status:	RESOLVED FIXED

Alias:	CVE-2013-6405

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-03-05
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle10-sp3:59691 main...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-11-30 09:42 UTC by Marcus Meissner
Modified:	2019-05-01 16:12 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2013-11-30 09:42:25 UTC

is public, via oss-sec

CVE-2013-6405

Linux kernel built with the networking support(CONFIG_NET), is vulnerable to a 
memory leakage flaw. It occurs while doing the recvmsg(2), recvfrom(2), 
recvmmsg(2) socket calls.

A user/program could use this flaw to leak kernel memory bytes.

Upstream fix:
-------------
  -> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=bceaa90240b6019ed73b49965eac7d167610be69

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1035875

Comment 1 Marcus Meissner 2013-11-30 09:42:55 UTC

From: Hannes Frederic Sowa <hannes@stressinduktion.org>

>  https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=bceaa90240b6019ed73b49965eac7d167610be69

This patch does break stuff, a follow-up is needed which did not get
to Linus yet, but is already queued up for stable. Otherwise traceroute
is broken:

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=85fbaa75037d0b6b786ff18658ddf0b4014ce2a4

I found other leaks in non-inet protocols:

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c

The protocols where I did remove msg_namelen = 0 where actually
safe. Some of the protocols I did not touch could leak up to 128 bytes
of uninitialized data from the stack.

Hardening against out-of-bounds writes:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be

Also there is a small 2-bytes memory leak in extended error reporting:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be

Greetings,

  Hannes

Comment 2 Swamp Workflow Management 2013-11-30 23:00:22 UTC

bugbot adjusting priority

Comment 3 Borislav Petkov 2013-12-18 17:57:19 UTC

WTF, am I counting this correctly, 5! fixes for one CVE??? Do mark each one with that CVE number or only the first patch but still backport the rest?

Comment 4 Marcus Meissner 2013-12-19 14:22:37 UTC

try marking them all with the same CVE, as they seem to be all covered by it :/

Comment 5 Borislav Petkov 2013-12-19 16:15:54 UTC

Btw, Jiri, this is a related one to the msg_namelen deal in 854722. Might taking a look please?

Comment 6 Marcus Meissner 2014-06-30 14:27:22 UTC

commit bceaa90240b6019ed73b49965eac7d167610be69  seems in SLE11 SP3 in some form already.

also some other patches are in.

we might be good already? 

Jiri? Borislav?

Comment 7 Jiri Bohac 2014-07-01 11:58:41 UTC

Indeed, didn't notice David Chang did these backports. Please close. Thanks.

Comment 8 Marcus Meissner 2014-10-01 12:30:38 UTC

would say we can close

Comment 9 Borislav Petkov 2014-11-06 12:44:41 UTC

Markus asked me to go over sec BSCs and double check everything is ok.

I'm looking at this one and

68c6beb37395 ("net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
sockaddr_storage)") is still missing from 11SP3. Jiri, what's up, should it be
backported?

It looks to me like we probably should run some testing on 11SP3 to make sure
the BUG_ON doesn't trigger in the field first though.



@Marcus, in the message you pasted, the last two patches are the same one:

"Hardening against out-of-bounds writes:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be

Also there is a small 2-bytes memory leak in extended error reporting:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be"

Can you still find out what was the last one?

Thanks.

Comment 10 Marcus Meissner 2014-11-06 16:50:57 UTC

From: Hannes Frederic Sowa <hannes@stressinduktion.org>

commit 1fa4c710b6fe7b0aac9907240291b6fe6aafc3b8
Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date:   Sat Nov 23 07:22:33 2013 +0100

    ipv6: fix leaking uninitialized port number of offender sockaddr

Bye,
Hannes

Comment 11 Borislav Petkov 2014-11-07 13:54:17 UTC

1fa4c710b6fe ("ipv6: fix leaking uninitialized port number of offender sockaddr") applied to 11SP3.

Comment 12 Michal Hocko 2014-11-10 09:51:37 UTC

(In reply to Borislav Petkov from comment #11)
[...]
> 68c6beb37395 ("net: add BUG_ON if kernel advertises msg_namelen >
> sizeof(struct
> sockaddr_storage)") is still missing from 11SP3. Jiri, what's up, should it
> be backported?

I am waiting with this one.

(In reply to Borislav Petkov from comment #11)
> 1fa4c710b6fe ("ipv6: fix leaking uninitialized port number of offender
> sockaddr") applied to 11SP3.

Pushed to SLE11-SP1-TD and SLES10-SP3-TD.

Comment 13 Jiri Bohac 2014-11-11 11:22:47 UTC

(In reply to Borislav Petkov from comment #9)

> 68c6beb37395 ("net: add BUG_ON if kernel advertises msg_namelen >
> sizeof(struct
> sockaddr_storage)") is still missing from 11SP3. Jiri, what's up, should it
> be
> backported?

The BUG_ON does not prevent any leak. The check for len >  sizeof(struct sockaddr_storage) is there and -EINVAL is correctly returned.

However, if we did make a mistake in one of the related backports a debugging aid could be useful. So I just pushed in a patch with a WARN_ON instead. A BUG_ON would calling for unnecessary Crit-Sits ;)

Comment 14 Borislav Petkov 2014-11-11 11:54:51 UTC

Thanks.(In reply to Jiri Bohac from comment #13)
> The BUG_ON does not prevent any leak. The check for len >  sizeof(struct
> sockaddr_storage) is there and -EINVAL is correctly returned.
> 
> However, if we did make a mistake in one of the related backports a
> debugging aid could be useful. So I just pushed in a patch with a WARN_ON
> instead. A BUG_ON would calling for unnecessary Crit-Sits ;)

Ok, better.

We probably should still ratelimit this though so that it doesn't start
filling up system logs all of a sudden and customers start crying and we
then cry together :)

Thanks.

Comment 15 Michal Hocko 2014-11-11 16:55:07 UTC

(In reply to Jiri Bohac from comment #13)
> (In reply to Borislav Petkov from comment #9)
> 
> > 68c6beb37395 ("net: add BUG_ON if kernel advertises msg_namelen >
> > sizeof(struct
> > sockaddr_storage)") is still missing from 11SP3. Jiri, what's up, should it
> > be
> > backported?
> 
> The BUG_ON does not prevent any leak. The check for len >  sizeof(struct
> sockaddr_storage) is there and -EINVAL is correctly returned.
> 
> However, if we did make a mistake in one of the related backports a
> debugging aid could be useful. So I just pushed in a patch with a WARN_ON
> instead. A BUG_ON would calling for unnecessary Crit-Sits ;)

I think that EINVAL is much more safer so I will stick with the current code.

Comment 16 Jiri Bohac 2014-11-11 16:58:30 UTC

I think it's good as it is. It's in user context, it should not lock up the kernel by flooding the logs. At least we'll get a bug report.

Comment 17 Borislav Petkov 2014-11-11 17:00:42 UTC

Ok, thanks Jiri. Finally closing.

Comment 19 Swamp Workflow Management 2014-11-17 07:32:11 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-11-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59690

Comment 20 Johannes Segitz 2014-12-02 10:13:14 UTC

Split of this CVE:
CVE-2013-6405: ** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281.  Reason: This candidate is a duplicate of CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and CVE-2013-7281.  Notes: All CVE users should reference CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and/or CVE-2013-7281 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage (bnc#853040, bnc#854722).

Comment 21 Swamp Workflow Management 2014-12-19 18:05:37 UTC

openSUSE-SU-2014:1669-1: An update that solves 22 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 768714,818561,835839,853040,865882,882639,883518,883724,883948,887082,889173,890624,892490,896382,896385,896390,896391,896392,896689,899785,904013,904700,905100,905764,907818,909077,910251
CVE References: CVE-2013-2889,CVE-2013-2891,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.45.2, kernel-source-3.7.10-1.45.1, kernel-syms-3.7.10-1.45.1

Comment 22 Swamp Workflow Management 2014-12-21 12:05:19 UTC

openSUSE-SU-2014:1677-1: An update that solves 31 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 818966,835839,853040,856659,864375,865882,873790,875051,881008,882639,882804,883518,883724,883948,883949,884324,887046,887082,889173,890114,891689,892490,893429,896382,896385,896390,896391,896392,896689,897736,899785,900392,902346,902349,902351,904013,904700,905100,905744,907818,908163,909077,910251
CVE References: CVE-2013-2891,CVE-2013-2898,CVE-2014-0181,CVE-2014-0206,CVE-2014-1739,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4611,CVE-2014-4943,CVE-2014-5077,CVE-2014-5206,CVE-2014-5207,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-7975,CVE-2014-8133,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.16.1, crash-7.0.2-2.16.1, hdjmod-1.28-16.16.1, ipset-6.21.1-2.20.1, iscsitarget-1.4.20.3-13.16.1, kernel-docs-3.11.10-25.2, kernel-source-3.11.10-25.1, kernel-syms-3.11.10-25.1, ndiswrapper-1.58-16.1, pcfclock-0.44-258.16.1, vhba-kmp-20130607-2.17.1, virtualbox-4.2.18-2.21.1, xen-4.3.2_02-30.1, xtables-addons-2.3-2.16.1

Comment 23 Swamp Workflow Management 2014-12-23 18:07:49 UTC

SUSE-SU-2014:1693-1: An update that solves 21 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 755743,779488,800255,835839,851603,853040,857643,860441,868049,873228,876633,883724,883948,885077,887418,888607,891211,891368,891790,892782,893758,894058,894895,895387,895468,896382,896390,896391,896392,896415,897502,897694,897708,898295,898375,898554,899192,899574,899843,901638,902346,902349,903331,903653,904013,904358,904700,905100,905522
CVE References: CVE-2012-4398,CVE-2013-2889,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-7263,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-4508,CVE-2014-4608,CVE-2014-7826,CVE-2014-7841,CVE-2014-8709,CVE-2014-8884
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.42.1, kernel-pae-3.0.101-0.42.1, kernel-source-3.0.101-0.42.1, kernel-syms-3.0.101-0.42.1, kernel-trace-3.0.101-0.42.1, kernel-xen-3.0.101-0.42.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.42.1, kernel-ec2-3.0.101-0.42.1, kernel-pae-3.0.101-0.42.1, kernel-source-3.0.101-0.42.1, kernel-syms-3.0.101-0.42.1, kernel-trace-3.0.101-0.42.1, kernel-xen-3.0.101-0.42.1, xen-4.2.5_02-0.7.2
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.115, gfs2-2-0.16.121, ocfs2-1.6-0.20.115
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.42.1, kernel-pae-3.0.101-0.42.1, kernel-source-3.0.101-0.42.1, kernel-syms-3.0.101-0.42.1, kernel-trace-3.0.101-0.42.1, kernel-xen-3.0.101-0.42.1, xen-4.2.5_02-0.7.2
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.42.1, kernel-pae-3.0.101-0.42.1, kernel-ppc64-3.0.101-0.42.1, kernel-xen-3.0.101-0.42.1

Comment 24 Swamp Workflow Management 2014-12-23 19:06:17 UTC

SUSE-SU-2014:1695-1: An update that solves 24 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 755743,779488,800255,835839,851603,853040,857643,860441,868049,873228,876633,883724,883948,885077,887418,888607,891211,891368,891790,892782,893758,894058,894895,895387,895468,896382,896390,896391,896392,896415,897502,897694,897708,898295,898375,898554,899192,899574,899843,901638,902346,902349,903331,903653,904013,904358,904700,905100,905522,907818,909077,910251
CVE References: CVE-2012-4398,CVE-2013-2889,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-7263,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-4508,CVE-2014-4608,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-source-3.0.101-0.46.1, kernel-syms-3.0.101-0.46.1, kernel-trace-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-ec2-3.0.101-0.46.1, kernel-source-3.0.101-0.46.1, kernel-syms-3.0.101-0.46.1, kernel-trace-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1, xen-4.2.5_02-0.7.9
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.120, gfs2-2-0.16.126, ocfs2-1.6-0.20.120
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-source-3.0.101-0.46.1, kernel-syms-3.0.101-0.46.1, kernel-trace-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1, xen-4.2.5_02-0.7.9
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1

Comment 25 Swamp Workflow Management 2014-12-24 07:10:05 UTC

SUSE-SU-2014:1693-2: An update that solves 21 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 755743,779488,800255,835839,851603,853040,857643,860441,868049,873228,876633,883724,883948,885077,887418,888607,891211,891368,891790,892782,893758,894058,894895,895387,895468,896382,896390,896391,896392,896415,897502,897694,897708,898295,898375,898554,899192,899574,899843,901638,902346,902349,903331,903653,904013,904358,904700,905100,905522
CVE References: CVE-2012-4398,CVE-2013-2889,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-7263,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-4508,CVE-2014-4608,CVE-2014-7826,CVE-2014-7841,CVE-2014-8709,CVE-2014-8884
Sources used:
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.42.1, kernel-ppc64-3.0.101-0.42.1, kernel-source-3.0.101-0.42.1, kernel-syms-3.0.101-0.42.1, kernel-trace-3.0.101-0.42.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.115, gfs2-2-0.16.121, ocfs2-1.6-0.20.115

Comment 26 Swamp Workflow Management 2015-01-14 18:06:40 UTC

SUSE-SU-2014:1695-2: An update that solves 24 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 755743,779488,800255,835839,851603,853040,857643,860441,868049,873228,876633,883724,883948,885077,887418,888607,891211,891368,891790,892782,893758,894058,894895,895387,895468,896382,896390,896391,896392,896415,897502,897694,897708,898295,898375,898554,899192,899574,899843,901638,902346,902349,903331,903653,904013,904358,904700,905100,905522,907818,909077,910251
CVE References: CVE-2012-4398,CVE-2013-2889,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-7263,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-4508,CVE-2014-4608,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.121, drbd-kmp-8.4.4-0.22.87, iscsitarget-1.4.20-0.38.106, kernel-rt-3.0.101.rt130-0.32.1, kernel-rt_trace-3.0.101.rt130-0.32.1, kernel-source-rt-3.0.101.rt130-0.32.1, kernel-syms-rt-3.0.101.rt130-0.32.1, lttng-modules-2.1.1-0.11.96, ocfs2-1.6-0.20.121, ofed-1.5.4.1-0.13.112

Comment 27 Swamp Workflow Management 2015-01-16 13:05:29 UTC

SUSE-SU-2015:0068-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 851603,853040,860441,862957,863526,870498,873228,874025,877622,879255,880767,880892,881085,883139,887046,887382,887418,889295,889297,891259,891619,892254,892612,892650,892860,893454,894057,894863,895221,895387,895468,895680,895983,896391,897101,897736,897770,897912,898234,898297,899192,899489,899551,899785,899787,899908,900126,901090,901774,901809,901925,902010,902016,902346,902893,902898,903279,903307,904013,904077,904115,904354,904871,905087,905100,905296,905758,905772,907818,908184,909077,910251,910697
CVE References: CVE-2013-6405,CVE-2014-3185,CVE-2014-3610,CVE-2014-3611,CVE-2014-3647,CVE-2014-3673,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.32-33.3, kernel-obs-build-3.12.32-33.1
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1

Comment 28 Swamp Workflow Management 2015-02-26 09:59:13 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-03-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60808

Comment 29 Swamp Workflow Management 2015-03-21 14:06:15 UTC

openSUSE-SU-2015:0566-1: An update that solves 38 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 771619,778463,833588,835839,847652,853040,864049,865442,867531,867723,870161,875051,876633,880892,883096,883724,883948,887082,892490,892782,895680,896382,896390,896391,896392,897995,898693,899192,901885,902232,902346,902349,902351,902675,903640,904013,904700,905100,905312,905799,906586,907189,907338,907396,907818,909077,909078,910251,912654,912705,915335
CVE References: CVE-2012-4398,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-2929,CVE-2013-7263,CVE-2014-0131,CVE-2014-0181,CVE-2014-2309,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5471,CVE-2014-5472,CVE-2014-7826,CVE-2014-7841,CVE-2014-7842,CVE-2014-8133,CVE-2014-8134,CVE-2014-8369,CVE-2014-8559,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322,CVE-2014-9584,CVE-2014-9585
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-docs-3.0.101-99.2, kernel-source-3.0.101-99.1, kernel-syms-3.0.101-99.1, preload-1.2-6.77.1

Comment 30 Swamp Workflow Management 2015-03-24 06:06:48 UTC

SUSE-SU-2015:0581-1: An update that solves 21 vulnerabilities and has 67 fixes is now available.

Category: security (important)
Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250
CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-ec2-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.7, gfs2-2-0.17.1.7, ocfs2-1.6-0.21.1.7
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1

Comment 31 Swamp Workflow Management 2015-04-20 19:07:02 UTC

SUSE-SU-2015:0736-1: An update that solves 21 vulnerabilities and has 69 fixes is now available.

Category: security (important)
Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910251,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250,924282
CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.14, drbd-kmp-8.4.4-0.23.1.14, iscsitarget-1.4.20-0.39.1.14, kernel-rt-3.0.101.rt130-0.33.36.1, kernel-rt_trace-3.0.101.rt130-0.33.36.1, kernel-source-rt-3.0.101.rt130-0.33.36.1, kernel-syms-rt-3.0.101.rt130-0.33.36.1, lttng-modules-2.1.1-0.12.1.13, ocfs2-1.6-0.21.1.14, ofed-1.5.4.1-0.14.1.14

Comment 32 Swamp Workflow Management 2015-04-30 19:10:52 UTC

SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available.

Category: security (important)
Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325
CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1