Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:14051-1 Final 1 1 2019-05-16T13:04:49Z current 2019-05-16T13:04:49Z 2019-05-16T13:04:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2013-0216: The Xen netback functionality allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption (bnc#800280). - CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (bnc#801178). - CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket (bnc#773383). - CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value (bnc#774523). - CVE-2013-0160: The kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device (bnc#797175). - CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application (bnc#816708). The following non-security bugs were fixed: - Add opcodes from net: filter: BPF 'JIT' compiler for PPC64 (bsc#1131107). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129439). - USB: Add new USB LPM helpers (bsc#1129770). - USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename 'reclaim' (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - drm: Fix error handling in drm_legacy_addctx (bsc#1106886) - ext3: Set bitmap tails when growing filesystem (bsc#1128383). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106886) - iommu/vt-d: Check capability before disabling protected memory (bsc#1130353). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129248). - kernel/watchdog.c: control hard lockup detection default (bsc#1110436). - kvm: ensure hard lockup detection is disabled by default (bsc#1110436). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129437). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/mmap)). - mpt2sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bsc#1130384). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/qeth: cancel close_dev work before removing a card (LTC#175048, bsc#1127376). - s390/qeth: fix use-after-free in error path (LTC#175048, bsc#1127376, bsc#1127534). - s390/qeth: handle failure on workqueue creation (LTC#175048, bsc#1127376). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1111331). - sched/smt: Make sched_smt_present track topology (bsc#1111331). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: qla2xxx: do not disable a not previously enabled PCI device (bsc#1127738). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-kernel-20190508-14051,slexsp3-kernel-20190508-14051 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ Link for SUSE-SU-2019:14051-1 https://lists.suse.com/pipermail/sle-security-updates/2019-May/005470.html E-Mail link for SUSE-SU-2019:14051-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1082943 SUSE Bug 1082943 https://bugzilla.suse.com/1094244 SUSE Bug 1094244 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1106886 SUSE Bug 1106886 https://bugzilla.suse.com/1110436 SUSE Bug 1110436 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1112178 SUSE Bug 1112178 https://bugzilla.suse.com/1117515 SUSE Bug 1117515 https://bugzilla.suse.com/1119019 SUSE Bug 1119019 https://bugzilla.suse.com/1127082 SUSE Bug 1127082 https://bugzilla.suse.com/1127376 SUSE Bug 1127376 https://bugzilla.suse.com/1127445 SUSE Bug 1127445 https://bugzilla.suse.com/1127534 SUSE Bug 1127534 https://bugzilla.suse.com/1127738 SUSE Bug 1127738 https://bugzilla.suse.com/1128166 SUSE Bug 1128166 https://bugzilla.suse.com/1128383 SUSE Bug 1128383 https://bugzilla.suse.com/1129248 SUSE Bug 1129248 https://bugzilla.suse.com/1129437 SUSE Bug 1129437 https://bugzilla.suse.com/1129439 SUSE Bug 1129439 https://bugzilla.suse.com/1129770 SUSE Bug 1129770 https://bugzilla.suse.com/1130353 SUSE Bug 1130353 https://bugzilla.suse.com/1130384 SUSE Bug 1130384 https://bugzilla.suse.com/1131107 SUSE Bug 1131107 https://bugzilla.suse.com/1131587 SUSE Bug 1131587 https://bugzilla.suse.com/1132589 SUSE Bug 1132589 https://bugzilla.suse.com/773383 SUSE Bug 773383 https://bugzilla.suse.com/774523 SUSE Bug 774523 https://bugzilla.suse.com/797175 SUSE Bug 797175 https://bugzilla.suse.com/800280 SUSE Bug 800280 https://bugzilla.suse.com/801178 SUSE Bug 801178 https://bugzilla.suse.com/816708 SUSE Bug 816708 https://www.suse.com/security/cve/CVE-2012-3412/ SUSE CVE CVE-2012-3412 page https://www.suse.com/security/cve/CVE-2012-3430/ SUSE CVE CVE-2012-3430 page https://www.suse.com/security/cve/CVE-2013-0160/ SUSE CVE CVE-2013-0160 page https://www.suse.com/security/cve/CVE-2013-0216/ SUSE CVE CVE-2013-0216 page https://www.suse.com/security/cve/CVE-2013-0231/ SUSE CVE CVE-2013-0231 page https://www.suse.com/security/cve/CVE-2013-1979/ SUSE CVE CVE-2013-1979 page https://www.suse.com/security/cve/CVE-2018-12126/ SUSE CVE CVE-2018-12126 page https://www.suse.com/security/cve/CVE-2018-12127/ SUSE CVE CVE-2018-12127 page https://www.suse.com/security/cve/CVE-2018-12130/ SUSE CVE CVE-2018-12130 page https://www.suse.com/security/cve/CVE-2019-11091/ SUSE CVE CVE-2019-11091 page https://www.suse.com/security/cve/CVE-2019-9213/ SUSE CVE CVE-2019-9213 page SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-3.0.101-108.90.1 kernel-bigmem-base-3.0.101-108.90.1 kernel-bigmem-devel-3.0.101-108.90.1 kernel-default-3.0.101-108.90.1 kernel-default-base-3.0.101-108.90.1 kernel-default-devel-3.0.101-108.90.1 kernel-default-man-3.0.101-108.90.1 kernel-ec2-3.0.101-108.90.1 kernel-ec2-base-3.0.101-108.90.1 kernel-ec2-devel-3.0.101-108.90.1 kernel-pae-3.0.101-108.90.1 kernel-pae-base-3.0.101-108.90.1 kernel-pae-devel-3.0.101-108.90.1 kernel-ppc64-3.0.101-108.90.1 kernel-ppc64-base-3.0.101-108.90.1 kernel-ppc64-devel-3.0.101-108.90.1 kernel-source-3.0.101-108.90.1 kernel-syms-3.0.101-108.90.1 kernel-trace-3.0.101-108.90.1 kernel-trace-base-3.0.101-108.90.1 kernel-trace-devel-3.0.101-108.90.1 kernel-xen-3.0.101-108.90.1 kernel-xen-base-3.0.101-108.90.1 kernel-xen-devel-3.0.101-108.90.1 kernel-bigmem-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-man-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-source-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-syms-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-base-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-devel-3.0.101-108.90.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. CVE-2012-3412 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2012-3412.html CVE-2012-3412 https://bugzilla.suse.com/774523 SUSE Bug 774523 The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. CVE-2012-3430 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2012-3430.html CVE-2012-3430 https://bugzilla.suse.com/773383 SUSE Bug 773383 https://bugzilla.suse.com/795039 SUSE Bug 795039 The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. CVE-2013-0160 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2013-0160.html CVE-2013-0160 https://bugzilla.suse.com/797175 SUSE Bug 797175 https://bugzilla.suse.com/841063 SUSE Bug 841063 https://bugzilla.suse.com/871595 SUSE Bug 871595 The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. CVE-2013-0216 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2013-0216.html CVE-2013-0216 https://bugzilla.suse.com/800280 SUSE Bug 800280 https://bugzilla.suse.com/800801 SUSE Bug 800801 https://bugzilla.suse.com/801178 SUSE Bug 801178 https://bugzilla.suse.com/841063 SUSE Bug 841063 https://bugzilla.suse.com/871595 SUSE Bug 871595 The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. CVE-2013-0231 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2013-0231.html CVE-2013-0231 https://bugzilla.suse.com/801178 SUSE Bug 801178 https://bugzilla.suse.com/841063 SUSE Bug 841063 https://bugzilla.suse.com/871595 SUSE Bug 871595 The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. CVE-2013-1979 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 low 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2013-1979.html CVE-2013-1979 https://bugzilla.suse.com/816708 SUSE Bug 816708 Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12126 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2018-12126.html CVE-2018-12126 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1135409 SUSE Bug 1135409 https://bugzilla.suse.com/1135524 SUSE Bug 1135524 https://bugzilla.suse.com/1137916 SUSE Bug 1137916 https://bugzilla.suse.com/1138534 SUSE Bug 1138534 https://bugzilla.suse.com/1141977 SUSE Bug 1141977 https://bugzilla.suse.com/1149725 SUSE Bug 1149725 https://bugzilla.suse.com/1149726 SUSE Bug 1149726 https://bugzilla.suse.com/1149729 SUSE Bug 1149729 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12127 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2018-12127.html CVE-2018-12127 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1135409 SUSE Bug 1135409 https://bugzilla.suse.com/1138534 SUSE Bug 1138534 https://bugzilla.suse.com/1141977 SUSE Bug 1141977 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12130 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2018-12130.html CVE-2018-12130 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1135409 SUSE Bug 1135409 https://bugzilla.suse.com/1137916 SUSE Bug 1137916 https://bugzilla.suse.com/1138534 SUSE Bug 1138534 https://bugzilla.suse.com/1141977 SUSE Bug 1141977 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2019-11091 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2019-11091.html CVE-2019-11091 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1133319 SUSE Bug 1133319 https://bugzilla.suse.com/1135394 SUSE Bug 1135394 https://bugzilla.suse.com/1138043 SUSE Bug 1138043 https://bugzilla.suse.com/1138534 SUSE Bug 1138534 https://bugzilla.suse.com/1141977 SUSE Bug 1141977 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. CVE-2019-9213 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.90.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.90.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/ https://www.suse.com/security/cve/CVE-2019-9213.html CVE-2019-9213 https://bugzilla.suse.com/1128166 SUSE Bug 1128166 https://bugzilla.suse.com/1128378 SUSE Bug 1128378 https://bugzilla.suse.com/1129016 SUSE Bug 1129016