Bug 1157173 - (CVE-2019-19049) VUL-1: DISPUTED: CVE-2019-19049: kernel-source: memory leak in the unittest_data_add() function in drivers/of/unittest.c
(CVE-2019-19049)
VUL-1: DISPUTED: CVE-2019-19049: kernel-source: memory leak in the unittest_d...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/247487/
CVSSv2:NVD:CVE-2019-19049:7.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-19 12:52 UTC by Robert Frohl
Modified: 2022-07-21 17:43 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2019-11-19 12:52:23 UTC
CVE-2019-19049

A memory leak in the unittest_data_add() function in drivers/of/unittest.c in
the Linux kernel before 5.3.10 allows attackers to cause a denial of service
(memory consumption) by triggering of_fdt_unflatten_tree() failures, aka
CID-e13de8fe0d6a.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19049
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19049.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19049
https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10
Comment 1 Robert Frohl 2019-11-19 13:00:29 UTC
Introduced with 3.17, but I am a bit unsure if this is relevant for us.
Comment 2 Michal Hocko 2019-11-19 13:00:47 UTC
I am not an expert in this area but from a very quick look at the patch the security relevance is not really clear to me. Not only unittest_data_add is a late_initcall which means it is executed early boot, which implies that a memory failure is _highly_ unlikely, it is also a unit test code which is only executed in the testing environment only.

So unless I am missing something this looks like a CVE abuse to me.
Comment 3 Takashi Iwai 2019-11-19 13:02:17 UTC
Basically CONFIG_OF_UNITTEST is disabled on all SLE and openSUSE kernels, so we're unaffected.

But I'll backport it to the active branches (SLE15 and later) just as a proactive fix for the other configurations.
Comment 4 Takashi Iwai 2019-11-19 13:05:52 UTC
... actually SLE15-SP2 had already the fix via stable update.  I updated the patch reference.

And the fix was backported to SLE15 branch now.

As our shipped kernels are unaffected, reassigned back to security team.
Comment 5 Robert Frohl 2019-11-19 13:08:32 UTC
(In reply to Michal Hocko from comment #2)
> [..]
> So unless I am missing something this looks like a CVE abuse to me.

We have been talking about this too, but we weren't sure if the selftest is called somewhere during normal execution or if this is only relevant for testing environments. 

Basically the question for us is if we should dispute this CVE?
Comment 6 Takashi Iwai 2019-11-19 13:14:17 UTC
Agreed with rejecting the CVE.  The unittest stuff is basically a one-off operation, hence the amount of memory leaks is limited and utterly negligible.

Of course, a bug is a bug and we should fix, but it has nothing to do with security.
Comment 8 Marcus Meissner 2019-11-20 05:34:14 UTC
https://nvd.nist.gov/vuln/detail/CVE-2019-19049

now reads:
"** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot."
Comment 15 Swamp Workflow Management 2019-12-05 09:53:23 UTC
This is an autogenerated message for OBS integration:
This bug (1157173) was mentioned in
https://build.opensuse.org/request/show/754294 15.0 / kernel-source
Comment 18 Swamp Workflow Management 2019-12-06 15:25:30 UTC
This is an autogenerated message for OBS integration:
This bug (1157173) was mentioned in
https://build.opensuse.org/request/show/754695 15.1 / kernel-source
Comment 19 Swamp Workflow Management 2019-12-06 23:45:30 UTC
SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2019-12-07 00:22:52 UTC
SUSE-SU-2019:3200-1: An update that solves 44 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113994,1114279,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120902,1122363,1123034,1123080,1123105,1126390,1127155,1127354,1127371,1127988,1131107,1131304,1131489,1133140,1134476,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1138539,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141340,1141543,1141600,1142076,1142635,1142667,1142924,1143706,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149651,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150457,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152325,1152457,1152460,1152466,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155689,1155692,1155836,1155897,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068
CVE References: CVE-2017-18595,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-15030,CVE-2019-15031,CVE-2019-15916,CVE-2019-16231,CVE-2019-16233,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.7.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.7.1, kernel-obs-build-4.12.14-122.7.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kernel-source-4.12.14-122.7.1, kernel-syms-4.12.14-122.7.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.7.1, kgraft-patch-SLE12-SP5_Update_1-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2019-12-12 14:21:58 UTC
openSUSE-SU-2019:2675-1: An update that solves 38 vulnerabilities and has 92 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1078248,1089644,1091041,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1117169,1118661,1119113,1120853,1126390,1127354,1127371,1129770,1131107,1134983,1137223,1137236,1138039,1140948,1141054,1142095,1142635,1142924,1144333,1146519,1146544,1149448,1151067,1151548,1151900,1153628,1153811,1154043,1154058,1154355,1154601,1155689,1155897,1155921,1156258,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652
CVE References: CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-18660,CVE-2019-18683,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.36.1, kernel-default-4.12.14-lp151.28.36.1, kernel-docs-4.12.14-lp151.28.36.1, kernel-kvmsmall-4.12.14-lp151.28.36.1, kernel-obs-build-4.12.14-lp151.28.36.1, kernel-obs-qa-4.12.14-lp151.28.36.1, kernel-source-4.12.14-lp151.28.36.1, kernel-syms-4.12.14-lp151.28.36.1, kernel-vanilla-4.12.14-lp151.28.36.1
Comment 24 Swamp Workflow Management 2019-12-12 20:20:35 UTC
SUSE-SU-2019:3289-1: An update that solves 34 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1071995,1078248,1082635,1089644,1091041,1108043,1113722,1114279,1117169,1120853,1131107,1135966,1135967,1138039,1140948,1141054,1142095,1143706,1144333,1149448,1150466,1151548,1151900,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1155021,1155689,1155897,1155921,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445
CVE References: CVE-2019-0154,CVE-2019-0155,CVE-2019-14895,CVE-2019-14901,CVE-2019-15916,CVE-2019-16231,CVE-2019-18660,CVE-2019-18683,CVE-2019-18809,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.47.1, kernel-source-azure-4.12.14-5.47.1, kernel-syms-azure-4.12.14-5.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2019-12-17 17:23:59 UTC
SUSE-SU-2019:3317-1: An update that solves 41 vulnerabilities and has 88 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1071995,1078248,1082635,1089644,1091041,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1117169,1118661,1119113,1120853,1126390,1127354,1127371,1129770,1131107,1134983,1135966,1135967,1137223,1137236,1138039,1140948,1142095,1142635,1142924,1143706,1144333,1149448,1150466,1151067,1151548,1151900,1152782,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1154601,1155021,1155689,1155692,1155836,1155897,1155921,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445
CVE References: CVE-2019-0154,CVE-2019-14895,CVE-2019-14901,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.29.1, kernel-livepatch-SLE15-SP1_Update_8-1-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2019-12-17 17:36:22 UTC
SUSE-SU-2019:3316-1: An update that solves 44 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1071995,1078248,1082635,1083647,1089644,1090888,1091041,1108043,1113722,1114279,1115026,1117169,1120853,1131107,1135966,1138039,1140948,1142095,1143706,1144333,1146519,1146544,1149448,1150466,1151548,1151900,1152631,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1155021,1155689,1155897,1155921,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024
CVE References: CVE-2019-0154,CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-18660,CVE-2019-18683,CVE-2019-18809,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.34.1, kernel-source-azure-4.12.14-6.34.1, kernel-syms-azure-4.12.14-6.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2019-12-17 18:03:33 UTC
SUSE-SU-2019:3317-1: An update that solves 41 vulnerabilities and has 88 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1071995,1078248,1082635,1089644,1091041,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1117169,1118661,1119113,1120853,1126390,1127354,1127371,1129770,1131107,1134983,1135966,1135967,1137223,1137236,1138039,1140948,1142095,1142635,1142924,1143706,1144333,1149448,1150466,1151067,1151548,1151900,1152782,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1154601,1155021,1155689,1155692,1155836,1155897,1155921,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445
CVE References: CVE-2019-0154,CVE-2019-14895,CVE-2019-14901,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.29.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-debug-4.12.14-197.29.1, kernel-default-4.12.14-197.29.1, kernel-docs-4.12.14-197.29.2, kernel-kvmsmall-4.12.14-197.29.1, kernel-obs-qa-4.12.14-197.29.1, kernel-source-4.12.14-197.29.1, kernel-vanilla-4.12.14-197.29.1, kernel-zfcpdump-4.12.14-197.29.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.29.1, kernel-livepatch-SLE15-SP1_Update_8-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.29.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.29.2, kernel-obs-build-4.12.14-197.29.1, kernel-source-4.12.14-197.29.1, kernel-syms-4.12.14-197.29.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.29.1, kernel-source-4.12.14-197.29.1, kernel-zfcpdump-4.12.14-197.29.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2019-12-20 11:18:55 UTC
SUSE-SU-2019:3371-1: An update that solves 24 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1078248,1082635,1089644,1091041,1108043,1113722,1114279,1117169,1131107,1138039,1140948,1143706,1144333,1149448,1150466,1151548,1151900,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155689,1155692,1155836,1155897,1155921,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082
CVE References: CVE-2019-14895,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.45.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.45.1, kernel-obs-build-4.12.14-95.45.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.45.1, kernel-source-4.12.14-95.45.1, kernel-syms-4.12.14-95.45.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.45.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.45.1, kernel-source-4.12.14-95.45.1, kernel-syms-4.12.14-95.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2019-12-20 11:29:03 UTC
SUSE-SU-2019:3371-1: An update that solves 24 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1078248,1082635,1089644,1091041,1108043,1113722,1114279,1117169,1131107,1138039,1140948,1143706,1144333,1149448,1150466,1151548,1151900,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155689,1155692,1155836,1155897,1155921,1155982,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082
CVE References: CVE-2019-14895,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.45.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.45.1, kernel-obs-build-4.12.14-95.45.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.45.1, kernel-source-4.12.14-95.45.1, kernel-syms-4.12.14-95.45.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.45.1, kgraft-patch-SLE12-SP4_Update_11-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.45.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.45.1, kernel-source-4.12.14-95.45.1, kernel-syms-4.12.14-95.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2019-12-20 11:43:01 UTC
SUSE-SU-2019:3372-1: An update that solves 42 vulnerabilities and has 100 fixes is now available.

Category: security (important)
Bug References: 1048942,1051510,1071995,1078248,1082635,1089644,1091041,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1117169,1118661,1119113,1120853,1126390,1127354,1127371,1129770,1131107,1134983,1135966,1135967,1137223,1137236,1138039,1140948,1142095,1142635,1142924,1143706,1144333,1146544,1149448,1150466,1151067,1151548,1151900,1152782,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1154601,1155021,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652
CVE References: CVE-2019-0154,CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.22.1, kernel-source-azure-4.12.14-8.22.1, kernel-syms-azure-4.12.14-8.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2019-12-23 14:21:41 UTC
SUSE-SU-2019:3381-1: An update that solves 48 vulnerabilities and has 90 fixes is now available.

Category: security (important)
Bug References: 1046303,1048942,1051510,1065600,1071995,1078248,1082635,1083647,1089644,1090888,1091041,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1131107,1138039,1140948,1142095,1143706,1143959,1144333,1146519,1146544,1149448,1150466,1151548,1151900,1152631,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155331,1155334,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156259,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159297
CVE References: CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.47.1, kernel-docs-4.12.14-150.47.1, kernel-obs-qa-4.12.14-150.47.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.47.1, kernel-obs-build-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-syms-4.12.14-150.47.1, kernel-vanilla-4.12.14-150.47.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-zfcpdump-4.12.14-150.47.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2019-12-23 14:38:20 UTC
SUSE-SU-2019:3381-1: An update that solves 48 vulnerabilities and has 90 fixes is now available.

Category: security (important)
Bug References: 1046303,1048942,1051510,1065600,1071995,1078248,1082635,1083647,1089644,1090888,1091041,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1131107,1138039,1140948,1142095,1143706,1143959,1144333,1146519,1146544,1149448,1150466,1151548,1151900,1152631,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155331,1155334,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156259,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159297
CVE References: CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.47.1, kernel-docs-4.12.14-150.47.1, kernel-obs-qa-4.12.14-150.47.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.47.1, kernel-livepatch-SLE15_Update_17-1-1.3.2
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.47.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.47.1, kernel-obs-build-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-syms-4.12.14-150.47.1, kernel-vanilla-4.12.14-150.47.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.47.1, kernel-source-4.12.14-150.47.1, kernel-zfcpdump-4.12.14-150.47.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2020-01-14 14:50:50 UTC
SUSE-SU-2020:0093-1: An update that solves 80 vulnerabilities and has 310 fixes is now available.

Category: security (important)
Bug References: 1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1078248,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1090888,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1103989,1103990,1103991,1104353,1104427,1104745,1104967,1106434,1108043,1108382,1109158,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1115026,1117169,1117665,1118661,1119086,1119113,1119461,1119465,1120853,1120902,1122363,1123034,1123080,1123105,1126206,1126390,1127155,1127354,1127371,1127611,1127988,1129770,1131107,1131304,1131489,1133140,1134476,1134973,1134983,1135642,1135854,1135873,1135966,1135967,1136261,1137040,1137069,1137223,1137236,1137799,1137861,1137865,1137959,1137982,1138039,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1140948,1141013,1141340,1141543,1142076,1142095,1142635,1142667,1142924,1143706,1143959,1144333,1144338,1144375,1144449,1144653,1144903,1145099,1145661,1146042,1146519,1146544,1146612,1146664,1148133,1148410,1148712,1148859,1148868,1149083,1149119,1149224,1149446,1149448,1149555,1149652,1149713,1149853,1149940,1149959,1149963,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150562,1150727,1150846,1150860,1150861,1150875,1150933,1151021,1151067,1151192,1151225,1151350,1151508,1151548,1151610,1151661,1151662,1151667,1151671,1151680,1151807,1151891,1151900,1151910,1151955,1152024,1152025,1152026,1152033,1152107,1152161,1152187,1152325,1152446,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152631,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152885,1152972,1152974,1152975,1153108,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153628,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154043,1154048,1154058,1154108,1154124,1154189,1154242,1154244,1154268,1154354,1154355,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154768,1154848,1154858,1154905,1154916,1154956,1154959,1155021,1155061,1155178,1155179,1155184,1155186,1155331,1155334,1155671,1155689,1155692,1155812,1155817,1155836,1155897,1155921,1155945,1156187,1156258,1156259,1156286,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157895,1157908,1158021,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159096,1159297,1159483,1159484,1159500,1159569,1159841,1159908,1159909,1159910,972655
CVE References: CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-14895,CVE-2019-14901,CVE-2019-15030,CVE-2019-15031,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16746,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.7.1, kernel-source-azure-4.12.14-16.7.1, kernel-syms-azure-4.12.14-16.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2020-03-05 20:24:38 UTC
SUSE-SU-2020:0599-1: An update that solves 60 vulnerabilities and has 119 fixes is now available.

Category: security (moderate)
Bug References: 1046303,1050244,1051510,1051858,1065600,1065729,1071995,1078248,1083647,1085030,1086301,1086313,1086314,1089644,1090888,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1134973,1138039,1140948,1141054,1142095,1143959,1144333,1146519,1146544,1151548,1151900,1151910,1151927,1152631,1153811,1153917,1154043,1154058,1154355,1155331,1155334,1155689,1155897,1155921,1156258,1156259,1156286,1156462,1156471,1157038,1157042,1157070,1157143,1157145,1157155,1157157,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157692,1157698,1157778,1157853,1157908,1158013,1158021,1158026,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159297,1159394,1159483,1159484,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160195,1160210,1160211,1160433,1160442,1160476,1160560,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1161087,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161875,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067
CVE References: CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-16994,CVE-2019-18660,CVE-2019-18683,CVE-2019-18808,CVE-2019-18809,CVE-2019-19036,CVE-2019-19045,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19054,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.12.1, kernel-rt_debug-4.12.14-8.12.1, kernel-source-rt-4.12.14-8.12.1, kernel-syms-rt-4.12.14-8.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2020-03-09 14:31:25 UTC
SUSE-SU-2020:0613-1: An update that solves 69 vulnerabilities and has 168 fixes is now available.

Category: security (moderate)
Bug References: 1046303,1050244,1051510,1051858,1061840,1065600,1065729,1071995,1078248,1083647,1085030,1086301,1086313,1086314,1089644,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1114685,1115026,1117169,1118661,1119113,1120853,1123328,1126206,1126390,1127354,1127371,1127611,1127682,1129551,1129770,1134973,1134983,1137223,1137236,1138039,1140948,1141054,1142095,1142635,1142924,1143959,1144333,1146519,1146544,1151067,1151548,1151900,1151910,1151927,1152107,1152631,1153535,1153628,1153811,1153917,1154043,1154058,1154243,1154355,1154601,1154768,1154916,1155331,1155334,1155689,1155897,1155921,1156258,1156259,1156286,1156462,1156471,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157155,1157157,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157692,1157698,1157778,1157853,1157895,1157908,1158013,1158021,1158026,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1161087,1161243,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139
CVE References: CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18660,CVE-2019-18683,CVE-2019-18808,CVE-2019-18809,CVE-2019-19036,CVE-2019-19045,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19054,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053,CVE-2020-8428
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.17.1, kernel-rt_debug-4.12.14-14.17.1, kernel-source-rt-4.12.14-14.17.1, kernel-syms-rt-4.12.14-14.17.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.17.1, kernel-rt_debug-4.12.14-14.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Alexandros Toptsoglou 2020-04-29 14:18:50 UTC
Done