Bug 1099922 - (CVE-2018-12896) VUL-0: CVE-2018-12896: kernel-source: integer Overflowin kernel/time/posix-timers.c in the POSIX timer code is caused by the way theoverrun accounting works.
(CVE-2018-12896)
VUL-0: CVE-2018-12896: kernel-source: integer Overflowin kernel/time/posix-ti...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/209270/
CVSSv3:RedHat:CVE-2018-12896:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-03 05:27 UTC by Marcus Meissner
Modified: 2019-08-28 09:18 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Backported upstream fix for SLE15 (5.78 KB, patch)
2018-09-07 13:17 UTC, Takashi Iwai
Details | Diff
kABI workaround (4.85 KB, patch)
2018-09-07 13:18 UTC, Takashi Iwai
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-07-03 05:27:26 UTC
CVE-2018-12896

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow
in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the
overrun accounting works. Depending on interval and expiry time values, the
overrun can be larger than INT_MAX, but the accounting is int based. This
basically makes the accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user
can cause a denial of service (signed integer overflow) via crafted mmap, futex,
timer_create, and timer_settime system calls.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12896
http://www.cvedetails.com/cve/CVE-2018-12896/
https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
https://github.com/lcytxw/bug_repro/tree/master/bug_200189
https://bugzilla.kernel.org/show_bug.cgi?id=200189
Comment 1 Marcus Meissner 2018-07-03 05:29:12 UTC
reproducer at https://github.com/lcytxw/bug_repro/tree/master/bug_200189
Comment 2 Takashi Iwai 2018-07-03 16:11:50 UTC
Hm, this looks difficult to apply with kABI compatibility...
Comment 5 Takashi Iwai 2018-09-07 13:17:49 UTC
Created attachment 782392 [details]
Backported upstream fix for SLE15
Comment 6 Takashi Iwai 2018-09-07 13:18:08 UTC
Created attachment 782393 [details]
kABI workaround
Comment 7 Takashi Iwai 2018-09-10 20:32:02 UTC
I backported to SLE15, SLE12-SP3 and SLE12-SP2-LTSS now.
Will check for the older branches.
Comment 9 Swamp Workflow Management 2018-09-11 15:35:15 UTC
This is an autogenerated message for OBS integration:
This bug (1099922) was mentioned in
https://build.opensuse.org/request/show/635004 42.3 / kernel-source
Comment 12 Swamp Workflow Management 2018-09-16 13:20:22 UTC
openSUSE-SU-2018:2738-1: An update that solves 14 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1087092,1089066,1090888,1091171,1091860,1092903,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099832,1099922,1099999,1100000,1100001,1100132,1101822,1102346,1102486,1102517,1102715,1102797,1104485,1104683,1104897,1105271,1105292,1105296,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106191,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107937,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.155-68.1, kernel-default-4.4.155-68.1, kernel-docs-4.4.155-68.1, kernel-obs-build-4.4.155-68.1, kernel-obs-qa-4.4.155-68.1, kernel-source-4.4.155-68.1, kernel-syms-4.4.155-68.1, kernel-vanilla-4.4.155-68.1
Comment 16 Swamp Workflow Management 2018-09-20 22:20:47 UTC
SUSE-SU-2018:2775-1: An update that solves 21 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1103717,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_17-1-4.3.1
Comment 17 Swamp Workflow Management 2018-09-20 22:40:16 UTC
SUSE-SU-2018:2776-1: An update that solves 21 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1103717,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.155-94.50.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.155-94.50.1, kernel-obs-build-4.4.155-94.50.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.155-94.50.1, kernel-source-4.4.155-94.50.1, kernel-syms-4.4.155-94.50.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.155-94.50.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.155-94.50.1, kernel-source-4.4.155-94.50.1, kernel-syms-4.4.155-94.50.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.155-94.50.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.155-94.50.1
Comment 21 Swamp Workflow Management 2018-09-25 16:21:48 UTC
SUSE-SU-2018:2858-1: An update that solves 22 vulnerabilities and has 96 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1092903,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106594,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-azure-4.4.155-4.16.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.155-4.16.1, kernel-source-azure-4.4.155-4.16.1, kernel-syms-azure-4.4.155-4.16.1
Comment 22 Swamp Workflow Management 2018-09-25 19:20:21 UTC
SUSE-SU-2018:2862-1: An update that solves 12 vulnerabilities and has 83 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1087092,1089066,1090888,1092903,1096748,1097105,1098822,1099597,1099810,1099832,1099922,1099999,1100000,1100001,1100132,1102346,1102486,1102517,1104485,1104683,1105271,1105296,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106191,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.155-3.23.1, kernel-rt_debug-4.4.155-3.23.1, kernel-source-rt-4.4.155-3.23.1, kernel-syms-rt-4.4.155-3.23.1
Comment 23 Swamp Workflow Management 2018-09-26 16:13:38 UTC
SUSE-SU-2018:2879-1: An update that solves 12 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1037441,1045538,1047487,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1097562,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1103884,1103909,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912
CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.71.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.71.1, kernel-default-3.0.101-108.71.1, kernel-ec2-3.0.101-108.71.1, kernel-pae-3.0.101-108.71.1, kernel-ppc64-3.0.101-108.71.1, kernel-source-3.0.101-108.71.1, kernel-syms-3.0.101-108.71.1, kernel-trace-3.0.101-108.71.1, kernel-xen-3.0.101-108.71.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.71.1, kernel-pae-3.0.101-108.71.1, kernel-ppc64-3.0.101-108.71.1, kernel-trace-3.0.101-108.71.1, kernel-xen-3.0.101-108.71.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.71.1, kernel-default-3.0.101-108.71.1, kernel-ec2-3.0.101-108.71.1, kernel-pae-3.0.101-108.71.1, kernel-ppc64-3.0.101-108.71.1, kernel-trace-3.0.101-108.71.1, kernel-xen-3.0.101-108.71.1
Comment 24 Swamp Workflow Management 2018-09-27 19:18:40 UTC
SUSE-SU-2018:2908-1: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.104.1
Comment 28 Swamp Workflow Management 2018-10-02 19:26:42 UTC
SUSE-SU-2018:2980-1: An update that solves 13 vulnerabilities and has 134 fixes is now available.

Category: security (important)
Bug References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344
CVE References: CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.19.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.19.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.19.1, kernel-obs-build-4.12.14-25.19.1, kernel-source-4.12.14-25.19.1, kernel-syms-4.12.14-25.19.1, kernel-vanilla-4.12.14-25.19.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.19.1, kernel-source-4.12.14-25.19.1, kernel-zfcpdump-4.12.14-25.19.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.19.1
Comment 29 Swamp Workflow Management 2018-10-02 19:50:18 UTC
SUSE-SU-2018:2981-1: An update that solves 13 vulnerabilities and has 134 fixes is now available.

Category: security (important)
Bug References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344
CVE References: CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.19.1, kernel-livepatch-SLE15_Update_5-1-1.3.1
Comment 30 Swamp Workflow Management 2018-10-04 19:15:52 UTC
This is an autogenerated message for OBS integration:
This bug (1099922) was mentioned in
https://build.opensuse.org/request/show/640014 15.0 / kernel-source
Comment 31 Swamp Workflow Management 2018-10-08 13:22:29 UTC
openSUSE-SU-2018:3071-1: An update that solves 18 vulnerabilities and has 201 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082519,1082555,1083647,1083663,1084332,1085030,1085042,1085262,1086282,1086327,1089663,1090078,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099922,1099999,1100000,1100001,1100132,1101480,1101557,1101669,1101822,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103269,1103363,1103387,1103405,1103421,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104365,1104482,1104683,1104708,1104824,1104888,1104890,1104897,1105190,1105247,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108243,1108281,1108323,1108399,1108520,1108823,1108870,1109244,1109269,1109333,1109336,1109337,1109511,1109603,1109806,1109859,1109979,1109992,1110006,1110301,1110363,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1110716,971975
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.19.2, kernel-default-4.12.14-lp150.12.19.2, kernel-docs-4.12.14-lp150.12.19.3, kernel-kvmsmall-4.12.14-lp150.12.19.2, kernel-obs-build-4.12.14-lp150.12.19.2, kernel-obs-qa-4.12.14-lp150.12.19.2, kernel-source-4.12.14-lp150.12.19.1, kernel-syms-4.12.14-lp150.12.19.1, kernel-vanilla-4.12.14-lp150.12.19.2
Comment 32 Swamp Workflow Management 2018-10-09 16:11:32 UTC
SUSE-SU-2018:3083-1: An update that solves 20 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1012382,1062604,1064232,1065999,1092903,1093215,1096547,1097104,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1100089,1102870,1103445,1104319,1104495,1104906,1105322,1105412,1106095,1106369,1106509,1106511,1107689,1108399,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.146.1, kernel-source-3.12.61-52.146.1, kernel-syms-3.12.61-52.146.1, kernel-xen-3.12.61-52.146.1, kgraft-patch-SLE12_Update_38-1-1.5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.146.1
Comment 33 Swamp Workflow Management 2018-10-09 16:20:38 UTC
SUSE-SU-2018:3084-1: An update that solves 28 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 1012382,1042286,1062604,1064232,1065364,1082519,1082863,1084536,1085042,1088810,1089066,1092903,1094466,1095344,1096547,1097104,1099597,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099993,1099999,1100000,1100001,1100152,1102517,1102715,1102870,1103445,1104319,1104495,1105292,1105296,1105322,1105348,1105396,1105536,1106016,1106095,1106369,1106509,1106511,1106512,1106594,1107689,1107735,1107966,1108239,1108399,1109333
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14617,CVE-2018-14678,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-7480,CVE-2018-7757,CVE-2018-9363
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.95.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.95.1
Comment 34 Swamp Workflow Management 2018-10-09 16:30:28 UTC
SUSE-SU-2018:3088-1: An update that solves 12 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1045538,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912
CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1, kernel-source-rt-3.0.101.rt130-69.36.1, kernel-syms-rt-3.0.101.rt130-69.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_debug-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1
Comment 36 Takashi Iwai 2018-10-13 06:42:17 UTC
Yeah, should be marked as done.
Comment 39 Swamp Workflow Management 2018-11-05 17:09:01 UTC
SUSE-SU-2018:3618-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1099922,1102870,1106095,1107829,1108227,1109967,1110247,1113337,905299
CVE References: CVE-2018-12896,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-source-3.0.101-0.47.106.56.1, kernel-syms-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-ppc64-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-source-3.0.101-0.47.106.56.1, kernel-syms-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
Comment 41 Swamp Workflow Management 2018-11-30 20:23:46 UTC
SUSE-SU-2018:3961-1: An update that solves 22 vulnerabilities and has 286 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.16.1, kernel-source-azure-4.12.14-5.16.1, kernel-syms-azure-4.12.14-5.16.1
Comment 46 Swamp Workflow Management 2019-04-27 22:22:21 UTC
SUSE-SU-2018:2908-2: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1, kgraft-patch-SLE12-SP1_Update_31-1-2.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Swamp Workflow Management 2019-06-11 10:53:00 UTC
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2019-06-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64297
Comment 53 Marcus Meissner 2019-07-11 05:57:32 UTC
done