Bug 1105025 - (CVE-2018-18690) VUL-0: CVE-2018-18690: kernel-source: xfs: xfstests generic/486 fail in xfs could be used by local users to disable filesystems
(CVE-2018-18690)
VUL-0: CVE-2018-18690: kernel-source: xfs: xfstests generic/486 fail in xfs c...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All SLES 12
: P2 - High : Normal
: ---
Assigned To: Marcus Meissner
Security Team bot
https://smash.suse.de/issue/217987/
CVSSv3:SUSE:CVE-2018-18690:5.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-16 08:21 UTC by Yong Sun
Modified: 2020-10-23 14:43 UTC (History)
9 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
486.full (8.38 KB, text/plain)
2018-08-16 08:21 UTC, Yong Sun
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yong Sun 2018-08-16 08:21:46 UTC
Created attachment 779874 [details]
486.full

generic/486 fails in all platforms and it's OK in btrfs, only fail in xfs. Tested in SLE12SP4 build0339.
https://openqa.suse.de/tests/1938597#step/1_/13


[What's it test]
# FS QA Test No. 486
#
# Ensure that we can XATTR_REPLACE a tiny attr into a large attr.
# Kanda Motohiro <kanda.motohiro@gmail.com> reports that XATTR_REPLACE'ing
# a single-byte attr with a 2048-byte attr causes a fs shutdown because we
# remove the shortform attr, convert the attr fork to long format, and then
# try to re-add the attr having not cleared ATTR_REPLACE.
#
# Commit 7b38460dc8e4 ("xfs: don't fail when converting shortform attr to long
# form during ATTR_REPLACE") fixed the xfs bug.

[Out put]
FSTYP         -- xfs (non-debug)
PLATFORM      -- Linux/x86_64 localhost 4.12.14-94.33-default
MKFS_OPTIONS  -- -f -bsize=4096 /dev/vda6
MOUNT_OPTIONS -- /dev/vda6 /mnt/scratch

generic/486	QA output created by 486
No data available
error at line 63
_check_xfs_filesystem: filesystem on /dev/vda6 has dirty log
(see /opt/xfstests/results//generic/486.full for details)
_check_xfs_filesystem: filesystem on /dev/vda6 is inconsistent (c)
(see /opt/xfstests/results//generic/486.full for details)
_check_xfs_filesystem: filesystem on /dev/vda6 is inconsistent (r)
(see /opt/xfstests/results//generic/486.full for details)
- output mismatch (see /opt/xfstests/results//generic/486.out.bad)
    --- tests/generic/486.out	2018-08-13 06:25:31.408232333 -0400
    +++ /opt/xfstests/results//generic/486.out.bad	2018-08-13 06:42:20.780232333 -0400
    @@ -1,2 +1,3 @@
     QA output created by 486
    -Attribute "world" has a NNNN byte value for SCRATCH_MNT/hello
    +No data available
    +error at line 63
    ...
    (Run 'diff -u tests/generic/486.out /opt/xfstests/results//generic/486.out.bad'  to see the entire diff)
Ran: generic/486
Failures: generic/486
Failed 1 of 1 tests


[.out.bad log]
QA output created by 486
No data available
error at line 63

[.full log]
Attached
Comment 7 Marcus Meissner 2018-10-26 16:02:46 UTC
cve requested
Comment 8 Marcus Meissner 2018-10-27 07:32:47 UTC
CVE-2018-18690 assigned
Comment 10 Swamp Workflow Management 2018-10-31 17:14:06 UTC
SUSE-SU-2018:3589-1: An update that solves four vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.25.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-25.25.1, kernel-docs-4.12.14-25.25.1, kernel-obs-qa-4.12.14-25.25.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.25.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.25.1, kernel-obs-build-4.12.14-25.25.1, kernel-source-4.12.14-25.25.1, kernel-syms-4.12.14-25.25.1, kernel-vanilla-4.12.14-25.25.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.25.1, kernel-source-4.12.14-25.25.1, kernel-zfcpdump-4.12.14-25.25.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.25.1
Comment 11 Swamp Workflow Management 2018-10-31 17:36:49 UTC
SUSE-SU-2018:3593-1: An update that solves four vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.25.1, kernel-livepatch-SLE15_Update_7-1-1.3.1
Comment 12 Swamp Workflow Management 2018-11-01 19:42:06 UTC
This is an autogenerated message for OBS integration:
This bug (1105025) was mentioned in
https://build.opensuse.org/request/show/645932 15.0 / kernel-source
Comment 15 Swamp Workflow Management 2018-11-06 15:43:08 UTC
This is an autogenerated message for OBS integration:
This bug (1105025) was mentioned in
https://build.opensuse.org/request/show/646686 42.3 / kernel-source
Comment 17 Swamp Workflow Management 2018-11-07 20:15:30 UTC
openSUSE-SU-2018:3658-1: An update that solves 5 vulnerabilities and has 86 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1065600,1066674,1067906,1076830,1079524,1083647,1084760,1084831,1091800,1094825,1095805,1100132,1103356,1103543,1104124,1104731,1105025,1105428,1105536,1106110,1106237,1106240,1108377,1109330,1109739,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1111040,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113972
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.25.1, kernel-default-4.12.14-lp150.12.25.1, kernel-docs-4.12.14-lp150.12.25.1, kernel-kvmsmall-4.12.14-lp150.12.25.1, kernel-obs-build-4.12.14-lp150.12.25.1, kernel-obs-qa-4.12.14-lp150.12.25.1, kernel-source-4.12.14-lp150.12.25.1, kernel-syms-4.12.14-lp150.12.25.1, kernel-vanilla-4.12.14-lp150.12.25.1
Comment 19 Swamp Workflow Management 2018-11-09 20:33:31 UTC
SUSE-SU-2018:3688-1: An update that solves 6 vulnerabilities and has 100 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1050549,1053043,1054239,1057199,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1082519,1083215,1083527,1084760,1089343,1091158,1093118,1094244,1094825,1095805,1096052,1098050,1098996,1099597,1101555,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106105,1106110,1106240,1106293,1106359,1106434,1106594,1106913,1106929,1107060,1107299,1107318,1107535,1107829,1107870,1108315,1108377,1108498,1109158,1109333,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,981083,997172
CVE References: CVE-2018-14633,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_21-1-4.5.2
Comment 20 Swamp Workflow Management 2018-11-09 20:54:22 UTC
SUSE-SU-2018:3689-1: An update that solves 6 vulnerabilities and has 100 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1050549,1053043,1054239,1057199,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1082519,1083215,1083527,1084760,1089343,1091158,1093118,1094244,1094825,1095805,1096052,1098050,1098996,1099597,1101555,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106105,1106110,1106240,1106293,1106359,1106434,1106594,1106913,1106929,1107060,1107299,1107318,1107535,1107829,1107870,1108315,1108377,1108498,1109158,1109333,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,981083,997172
CVE References: CVE-2018-14633,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.162-94.69.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.162-94.69.2, kernel-obs-build-4.4.162-94.69.2
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.162-94.69.2, kernel-source-4.4.162-94.69.2, kernel-syms-4.4.162-94.69.2, lttng-modules-2.7.1-8.6.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.162-94.69.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.162-94.69.2, kernel-source-4.4.162-94.69.2, kernel-syms-4.4.162-94.69.2
SUSE CaaS Platform ALL (src):    kernel-default-4.4.162-94.69.2
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.162-94.69.2
Comment 21 Swamp Workflow Management 2018-11-12 22:03:26 UTC
This is an autogenerated message for OBS integration:
This bug (1105025) was mentioned in
https://build.opensuse.org/request/show/648620 42.3 / kernel-source
Comment 23 Swamp Workflow Management 2018-11-20 20:14:49 UTC
openSUSE-SU-2018:3817-1: An update that solves 5 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1053043,1054239,1057199,1062303,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1083215,1083527,1084760,1091158,1093118,1094825,1095805,1098050,1098996,1101555,1104124,1105025,1105931,1106110,1106359,1106594,1106913,1106929,1107060,1107299,1107535,1107870,1108377,1108498,1109158,1109772,1109784,1109818,1109907,1109919,1109923,1110006,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,1115587,981083,997172
CVE References: CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.162-78.1, kernel-default-4.4.162-78.1, kernel-docs-4.4.162-78.1, kernel-obs-build-4.4.162-78.1, kernel-obs-qa-4.4.162-78.1, kernel-source-4.4.162-78.1, kernel-syms-4.4.162-78.1, kernel-vanilla-4.4.162-78.1
Comment 26 Swamp Workflow Management 2018-11-28 14:16:36 UTC
SUSE-SU-2018:3934-1: An update that solves 5 vulnerabilities and has 101 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1066674,1067906,1076830,1079524,1083647,1084760,1084831,1086196,1091800,1094825,1095805,1100132,1101138,1103356,1103543,1103925,1104124,1104731,1105025,1105428,1105536,1106110,1106237,1106240,1106287,1106359,1106838,1108377,1108468,1108870,1109330,1109739,1109772,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1111040,1111076,1111506,1111806,1111811,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.3.1, kernel-source-azure-4.12.14-6.3.1, kernel-syms-azure-4.12.14-6.3.1
Comment 27 Swamp Workflow Management 2018-11-30 20:30:39 UTC
SUSE-SU-2018:3961-1: An update that solves 22 vulnerabilities and has 286 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.16.1, kernel-source-azure-4.12.14-5.16.1, kernel-syms-azure-4.12.14-5.16.1
Comment 29 Swamp Workflow Management 2018-12-11 14:15:29 UTC
SUSE-SU-2018:4069-1: An update that solves 7 vulnerabilities and has 184 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.3.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.3.1, kernel-obs-build-4.12.14-95.3.2
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.3.1, kernel-source-4.12.14-95.3.1, kernel-syms-4.12.14-95.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.3.1, kernel-source-4.12.14-95.3.1, kernel-syms-4.12.14-95.3.1
Comment 30 Swamp Workflow Management 2018-12-12 08:19:09 UTC
SUSE-SU-2018:4072-1: An update that solves 7 vulnerabilities and has 184 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_1-1-7.1
Comment 33 Swamp Workflow Management 2019-01-16 07:24:18 UTC
SUSE-SU-2019:0095-1: An update that solves 13 vulnerabilities and has 140 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1044189,1048129,1050431,1050549,1053043,1054239,1057199,1062303,1063026,1065600,1065726,1066223,1067906,1073579,1076393,1078788,1079524,1082519,1082863,1082979,1083215,1083527,1084427,1084536,1084760,1087209,1088087,1089343,1090535,1091158,1093118,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1098050,1098996,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107870,1107924,1108096,1108170,1108240,1108281,1108315,1108377,1108399,1108498,1108803,1108823,1109038,1109158,1109333,1109336,1109337,1109441,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113766,1113769,1114178,1114229,1114648,1115593,981083,997172
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.162-4.19.2, kernel-source-azure-4.4.162-4.19.1, kernel-syms-azure-4.4.162-4.19.1
Comment 35 Swamp Workflow Management 2019-02-19 20:15:49 UTC
SUSE-SU-2019:0439-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1012382,1023175,1042286,1065600,1065726,1070805,1084721,1086095,1086535,1091158,1091171,1091197,1094825,1095344,1098996,1099523,1099597,1100105,1101555,1103624,1104731,1105025,1105931,1106293,1107256,1107299,1107385,1107866,1108145,1108498,1109330,1110286,1110837,1111062,1113192,1113751,1113769,1114190,1114648,1114763,1115433,1115440,1116027,1116183,1116345,1117186,1117187,1118152,1118319,1119714,1119946,1119947,1120743,1120758,1121621,1123161
CVE References: CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.101.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.101.1, kernel-source-4.4.121-92.101.1, kernel-syms-4.4.121-92.101.1, kgraft-patch-SLE12-SP2_Update_27-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.101.1
Comment 38 Swamp Workflow Management 2019-05-17 19:18:53 UTC
SUSE-SU-2019:1289-1: An update that solves 33 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1031240,1034862,1066674,1071021,1086535,1091171,1094825,1100001,1102517,1103097,1104475,1105025,1105296,1106913,1107829,1108498,1110768,1111331,1111516,1113751,1113769,1114648,1114920,1115007,1115038,1116345,1116841,1118152,1118319,1119714,1119946,1120743,1120758,1121621,1122015,1123161,1124010,1124728,1124732,1124735,1126890,1128166,1131416,1131427,1132828,1133188
CVE References: CVE-2016-10741,CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2017-7472,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-14633,CVE-2018-15572,CVE-2018-16884,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-5391,CVE-2018-9516,CVE-2018-9568,CVE-2019-11091,CVE-2019-11486,CVE-2019-3459,CVE-2019-3460,CVE-2019-3882,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-8564,CVE-2019-9213,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.110.1, kernel-source-3.12.74-60.64.110.1, kernel-syms-3.12.74-60.64.110.1, kernel-xen-3.12.74-60.64.110.1, lttng-modules-2.7.0-4.4.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.110.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Marcus Meissner 2020-10-23 14:43:20 UTC
released