Vulnerability-Lookup

CVE-2017-1000251 (GCVE-0-2017-1000251)

Vulnerability from cvelistv5 – Published: 2017-09-12 17:00 – Updated: 2024-08-05 22:00

Summary

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

21 references

URL	Tags
https://access.redhat.com/errata/RHSA-2017:2732	vendor-advisoryx_refsource_REDHAT
https://www.exploit-db.com/exploits/42762/	exploitx_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2017:2705	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2683	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2682	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/vulnerabilitie…	x_refsource_CONFIRM
https://www.armis.com/blueborne	x_refsource_MISC
http://www.securitytracker.com/id/1039373	vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:2731	vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3981	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2706	vendor-advisoryx_refsource_REDHAT
https://www.synology.com/support/security/Synolog…	x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/f2fcfcd6…	x_refsource_MISC
http://nvidia.custhelp.com/app/answers/detail/a_id/4561	x_refsource_CONFIRM
http://www.securityfocus.com/bid/100809	vdb-entryx_refsource_BID
https://www.kb.cert.org/vuls/id/240311	third-party-advisoryx_refsource_CERT-VN
https://access.redhat.com/errata/RHSA-2017:2681	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2679	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2680	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2707	vendor-advisoryx_refsource_REDHAT

Date Public

2017-09-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:00:39.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2732",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2732"
          },
          {
            "name": "42762",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42762/"
          },
          {
            "name": "RHSA-2017:2705",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2705"
          },
          {
            "name": "RHSA-2017:2683",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2683"
          },
          {
            "name": "RHSA-2017:2704",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2704"
          },
          {
            "name": "RHSA-2017:2682",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2682"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.armis.com/blueborne"
          },
          {
            "name": "1039373",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039373"
          },
          {
            "name": "RHSA-2017:2731",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2731"
          },
          {
            "name": "DSA-3981",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3981"
          },
          {
            "name": "RHSA-2017:2706",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2706"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
          },
          {
            "name": "100809",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100809"
          },
          {
            "name": "VU#240311",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/240311"
          },
          {
            "name": "RHSA-2017:2681",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2681"
          },
          {
            "name": "RHSA-2017:2679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2679"
          },
          {
            "name": "RHSA-2017:2680",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2680"
          },
          {
            "name": "RHSA-2017:2707",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2707"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-09-08T00:00:00.000Z",
      "datePublic": "2017-09-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-16T10:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2017:2732",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2732"
        },
        {
          "name": "42762",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42762/"
        },
        {
          "name": "RHSA-2017:2705",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2705"
        },
        {
          "name": "RHSA-2017:2683",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2683"
        },
        {
          "name": "RHSA-2017:2704",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2704"
        },
        {
          "name": "RHSA-2017:2682",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2682"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.armis.com/blueborne"
        },
        {
          "name": "1039373",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039373"
        },
        {
          "name": "RHSA-2017:2731",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2731"
        },
        {
          "name": "DSA-3981",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3981"
        },
        {
          "name": "RHSA-2017:2706",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2706"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
        },
        {
          "name": "100809",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100809"
        },
        {
          "name": "VU#240311",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/240311"
        },
        {
          "name": "RHSA-2017:2681",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2681"
        },
        {
          "name": "RHSA-2017:2679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2679"
        },
        {
          "name": "RHSA-2017:2680",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2680"
        },
        {
          "name": "RHSA-2017:2707",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2707"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-09-08",
          "ID": "CVE-2017-1000251",
          "REQUESTER": "security@armis.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2732",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2732"
            },
            {
              "name": "42762",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42762/"
            },
            {
              "name": "RHSA-2017:2705",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2705"
            },
            {
              "name": "RHSA-2017:2683",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2683"
            },
            {
              "name": "RHSA-2017:2704",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2704"
            },
            {
              "name": "RHSA-2017:2682",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2682"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/blueborne",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
            },
            {
              "name": "https://www.armis.com/blueborne",
              "refsource": "MISC",
              "url": "https://www.armis.com/blueborne"
            },
            {
              "name": "1039373",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039373"
            },
            {
              "name": "RHSA-2017:2731",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2731"
            },
            {
              "name": "DSA-3981",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3981"
            },
            {
              "name": "RHSA-2017:2706",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2706"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            },
            {
              "name": "100809",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100809"
            },
            {
              "name": "VU#240311",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/240311"
            },
            {
              "name": "RHSA-2017:2681",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2681"
            },
            {
              "name": "RHSA-2017:2679",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2679"
            },
            {
              "name": "RHSA-2017:2680",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2680"
            },
            {
              "name": "RHSA-2017:2707",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2707"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000251",
    "datePublished": "2017-09-12T17:00:00.000Z",
    "dateReserved": "2017-09-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:00:39.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-1000251",
      "date": "2026-05-27",
      "epss": "0.03033",
      "percentile": "0.86848"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1000251\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-12T17:29:00.227\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.\"},{\"lang\":\"es\",\"value\":\"La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versi\u00f3n 2.6.32 del kernel de Linux y hasta, e incluyendo, la versi\u00f3n 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas de configuraci\u00f3n L2CAP, lo que desemboca en la ejecuci\u00f3n remota de c\u00f3digo en el espacio del kernel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":7.7,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":5.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.32\",\"versionEndExcluding\":\"3.2.94\",\"matchCriteriaId\":\"6085F01E-A338-4BD7-84E5-A0D347E18EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3\",\"versionEndExcluding\":\"3.16.49\",\"matchCriteriaId\":\"6D2B2AB6-A208-4834-8CF4-03EF0774B915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.17\",\"versionEndExcluding\":\"3.18.71\",\"matchCriteriaId\":\"DCD26AC7-E8BD-470E-9B64-EC9974B7DFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.19\",\"versionEndExcluding\":\"4.1.45\",\"matchCriteriaId\":\"AEF05B4A-F2FD-4E86-9798-F55AAD1C1C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndExcluding\":\"4.4.88\",\"matchCriteriaId\":\"7B9D9F07-3E93-4948-8810-AA3D7F5ACE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.9.50\",\"matchCriteriaId\":\"311D0EBE-84B3-4494-97BA-BBF5ADEC1D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.12.13\",\"matchCriteriaId\":\"75C09DA2-9A56-432C-91E8-779AE07084A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.13\",\"versionEndExcluding\":\"4.13.2\",\"matchCriteriaId\":\"84B83CE7-CB2C-4FA6-B05A-BAAABD64C797\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:jetson_tk1:r21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1302746-9142-4546-B47A-7C78BD4A59AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:jetson_tk1:r24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C577191-AB9A-4E68-92D3-FCF567F191F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A8F5385-9C27-4DB0-88F6-3B41FEC6C170\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC78F5C-FC3E-403A-94C6-ED43D4E66D3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6D0378-F0F4-4AAA-80AF-8287C790EC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF83BB87-B203-48F9-9D06-48A5FE399050\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E6D998-B41D-4B49-9E00-8336D2E40A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C8D871B-AEA1-4407-AEE3-47EC782250FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C81647C-9A53-481D-A54C-36770A093F90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B067C7-735E-43C9-9188-7E1522A02491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8442C20-41F9-47FD-9A12-E724D3A31FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21690BAC-2129-4A33-9B48-1F3BF30072A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"835AE071-CEAE-49E5-8F0C-E5F50FB85EFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E02156-E748-4820-B76F-7074793837E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6755B6AD-0422-467B-8115-34A60B1D1A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://nvidia.custhelp.com/app/answers/detail/a_id/4561\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3981\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100809\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039373\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2680\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2681\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2682\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2683\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2705\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2706\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2707\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2731\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/blueborne\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.armis.com/blueborne\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42762/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/240311\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://nvidia.custhelp.com/app/answers/detail/a_id/4561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039373\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2707\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/blueborne\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.armis.com/blueborne\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42762/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/240311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2017:2548-1

Vulnerability from csaf_suse - Published: 2017-09-21 15:14 - Updated: 2017-09-21 15:14

Summary

Security update for the Linux Kernel

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel

Description of the patch: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote code execution vulnerability. [bnc#1057389]

Patchnames: sdksp4-kernel-source-13286,slessp4-kernel-source-13286,slexsp3-kernel-source-13286

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 125 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-pae-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:kernel-docs-3.0.101-108.10.2.noarch	—	Vendor Fix

Threats

Impact moderate

References

13 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1057389	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes:\n\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was\n  vulnerable to a stack overflow while processing L2CAP configuration\n  responses, resulting in a potential remote code execution vulnerability.\n  [bnc#1057389]\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-kernel-source-13286,slessp4-kernel-source-13286,slexsp3-kernel-source-13286",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2548-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2548-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172548-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2548-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003256.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057389",
        "url": "https://bugzilla.suse.com/1057389"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2017-09-21T15:14:16Z",
      "generator": {
        "date": "2017-09-21T15:14:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2548-1",
      "initial_release_date": "2017-09-21T15:14:16Z",
      "revision_history": [
        {
          "date": "2017-09-21T15:14:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-default-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-default-3.0.101-108.10.1.i586",
                  "product_id": "kernel-default-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-base-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-default-base-3.0.101-108.10.1.i586",
                  "product_id": "kernel-default-base-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-devel-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-default-devel-3.0.101-108.10.1.i586",
                  "product_id": "kernel-default-devel-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-ec2-3.0.101-108.10.1.i586",
                  "product_id": "kernel-ec2-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-base-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-ec2-base-3.0.101-108.10.1.i586",
                  "product_id": "kernel-ec2-base-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-devel-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-ec2-devel-3.0.101-108.10.1.i586",
                  "product_id": "kernel-ec2-devel-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-pae-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-pae-3.0.101-108.10.1.i586",
                  "product_id": "kernel-pae-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-pae-base-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-pae-base-3.0.101-108.10.1.i586",
                  "product_id": "kernel-pae-base-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-pae-devel-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-pae-devel-3.0.101-108.10.1.i586",
                  "product_id": "kernel-pae-devel-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-source-3.0.101-108.10.1.i586",
                  "product_id": "kernel-source-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-syms-3.0.101-108.10.1.i586",
                  "product_id": "kernel-syms-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-trace-3.0.101-108.10.1.i586",
                  "product_id": "kernel-trace-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-base-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-trace-base-3.0.101-108.10.1.i586",
                  "product_id": "kernel-trace-base-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-devel-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-trace-devel-3.0.101-108.10.1.i586",
                  "product_id": "kernel-trace-devel-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-xen-3.0.101-108.10.1.i586",
                  "product_id": "kernel-xen-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-base-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-xen-base-3.0.101-108.10.1.i586",
                  "product_id": "kernel-xen-base-3.0.101-108.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-devel-3.0.101-108.10.1.i586",
                "product": {
                  "name": "kernel-xen-devel-3.0.101-108.10.1.i586",
                  "product_id": "kernel-xen-devel-3.0.101-108.10.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-default-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-default-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-default-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-base-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-default-base-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-default-base-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-devel-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-default-devel-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-default-devel-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-source-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-source-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-syms-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-syms-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-trace-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-trace-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-base-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-trace-base-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-trace-base-3.0.101-108.10.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-devel-3.0.101-108.10.1.ia64",
                "product": {
                  "name": "kernel-trace-devel-3.0.101-108.10.1.ia64",
                  "product_id": "kernel-trace-devel-3.0.101-108.10.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-docs-3.0.101-108.10.2.noarch",
                "product": {
                  "name": "kernel-docs-3.0.101-108.10.2.noarch",
                  "product_id": "kernel-docs-3.0.101-108.10.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-bigmem-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-bigmem-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-bigmem-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-bigmem-base-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-bigmem-base-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-bigmem-base-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-default-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-default-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-base-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-default-base-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-default-base-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-devel-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-default-devel-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-default-devel-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ppc64-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-ppc64-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-ppc64-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ppc64-base-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-ppc64-base-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-ppc64-base-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-source-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-source-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-syms-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-syms-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-trace-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-trace-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-base-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-trace-base-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-trace-base-3.0.101-108.10.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-devel-3.0.101-108.10.1.ppc64",
                "product": {
                  "name": "kernel-trace-devel-3.0.101-108.10.1.ppc64",
                  "product_id": "kernel-trace-devel-3.0.101-108.10.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-default-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-default-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-default-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-base-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-default-base-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-default-base-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-devel-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-default-devel-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-default-devel-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-man-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-default-man-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-default-man-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-source-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-source-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-syms-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-syms-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-trace-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-trace-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-base-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-trace-base-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-trace-base-3.0.101-108.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-devel-3.0.101-108.10.1.s390x",
                "product": {
                  "name": "kernel-trace-devel-3.0.101-108.10.1.s390x",
                  "product_id": "kernel-trace-devel-3.0.101-108.10.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-default-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-default-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-default-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-base-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-default-base-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-default-base-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-devel-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-default-devel-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-default-devel-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-ec2-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-ec2-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-base-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-ec2-base-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-ec2-base-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-devel-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-ec2-devel-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-ec2-devel-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-source-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-source-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-syms-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-syms-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-trace-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-trace-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-base-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-trace-base-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-trace-base-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-devel-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-trace-devel-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-trace-devel-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-xen-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-xen-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-base-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-xen-base-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-xen-base-3.0.101-108.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-devel-3.0.101-108.10.1.x86_64",
                "product": {
                  "name": "kernel-xen-devel-3.0.101-108.10.1.x86_64",
                  "product_id": "kernel-xen-devel-3.0.101-108.10.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-docs-3.0.101-108.10.2.noarch as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:kernel-docs-3.0.101-108.10.2.noarch"
        },
        "product_reference": "kernel-docs-3.0.101-108.10.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-bigmem-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-bigmem-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-bigmem-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-bigmem-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-man-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-man-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-ec2-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-ec2-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-ec2-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-ec2-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-ec2-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-ec2-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-pae-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-pae-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-pae-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-pae-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-pae-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-pae-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-pae-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ppc64-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-ppc64-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ppc64-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-ppc64-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-xen-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-xen-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-xen-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-xen-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-xen-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-xen-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-bigmem-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-bigmem-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-bigmem-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-bigmem-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-default-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-man-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-default-man-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-ec2-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-ec2-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-ec2-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-ec2-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-ec2-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-ec2-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-pae-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-pae-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-pae-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-pae-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-pae-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-pae-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ppc64-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-ppc64-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ppc64-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-ppc64-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-source-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-syms-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-trace-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-xen-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-xen-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-base-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-xen-base-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-base-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-xen-base-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-devel-3.0.101-108.10.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586"
        },
        "product_reference": "kernel-xen-devel-3.0.101-108.10.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-devel-3.0.101-108.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64"
        },
        "product_reference": "kernel-xen-devel-3.0.101-108.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-pae-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:kernel-docs-3.0.101-108.10.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-pae-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:kernel-docs-3.0.101-108.10.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-pae-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-source-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-bigmem-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-default-man-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ec2-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-pae-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-ppc64-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-source-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-syms-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-trace-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-base-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kernel-xen-devel-3.0.101-108.10.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:kernel-docs-3.0.101-108.10.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-21T15:14:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    }
  ]
}

SUSE-SU-2017:2694-1

Vulnerability from csaf_suse - Published: 2017-10-10 12:16 - Updated: 2017-10-10 12:16

Summary

Security update for the Linux Kernel

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel

Description of the patch: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). - CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access.(bnc#1052311). The following non-security bugs were fixed: - ALSA: Fix Lewisburg audio issue - Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680) - Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358) - NFS: Cache aggressively when file is open for writing (bsc#1053933). - NFS: Do drop directory dentry when error clearly requires it (bsc#1051932). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933). - NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933). - NFS: invalidate file size when taking a lock (bsc#1053933). - PCI: fix hotplug related issues (bnc#1054247). - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093). - avoid deadlock in xenbus (bnc#1047523). - blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - cx231xx-audio: fix NULL-deref at probe (bsc#1050431). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - fuse: do not use iocb after it may have been freed (bsc#1054706). - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706). - fuse: fsync() did not return IO errors (bsc#1054076). - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706). - gspca: konica: add missing endpoint sanity check (bsc#1050431). - kabi/severities: Ignore zpci symbol changes (bsc#1054247) - lib/mpi: mpi_read_raw_data(): fix nbits calculation - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431). - net: Fix RCU splat in af_key (bsc#1054093). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667). - powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370). - powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070). - reiserfs: fix race in readdir (bsc#1039803). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247). - s390/pci: fix handling of PEC 306 (bnc#1054247). - s390/pci: improve error handling during fmb (de)registration (bnc#1054247). - s390/pci: improve error handling during interrupt deregistration (bnc#1054247). - s390/pci: improve pci hotplug (bnc#1054247). - s390/pci: improve unreg_ioat error handling (bnc#1054247). - s390/pci: introduce clp_get_state (bnc#1054247). - s390/pci: provide more debug information (bnc#1054247). - scsi: avoid system stall due to host_busy race (bsc#1031358). - scsi: close race when updating blocked counters (bsc#1031358). - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381). - uwb: fix device quirk on big-endian hosts (bsc#1036629). - xfs: fix inobt inode allocation search optimization (bsc#1013018).

Patchnames: slertesp4-linux-kernel-rt-13307

CVE-2017-1000112

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-10661

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-12762

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-14051

6.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-14140

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2017-14340

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-8831

6.7 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

80 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1013018	self
https://bugzilla.suse.com/1024450	self
https://bugzilla.suse.com/1031358	self
https://bugzilla.suse.com/1036629	self
https://bugzilla.suse.com/1037441	self
https://bugzilla.suse.com/1037667	self
https://bugzilla.suse.com/1037669	self
https://bugzilla.suse.com/1037994	self
https://bugzilla.suse.com/1039803	self
https://bugzilla.suse.com/1040609	self
https://bugzilla.suse.com/1042863	self
https://bugzilla.suse.com/1045154	self
https://bugzilla.suse.com/1047523	self
https://bugzilla.suse.com/1050381	self
https://bugzilla.suse.com/1050431	self
https://bugzilla.suse.com/1051932	self
https://bugzilla.suse.com/1052311	self
https://bugzilla.suse.com/1052370	self
https://bugzilla.suse.com/1053148	self
https://bugzilla.suse.com/1053152	self
https://bugzilla.suse.com/1053802	self
https://bugzilla.suse.com/1053933	self
https://bugzilla.suse.com/1054070	self
https://bugzilla.suse.com/1054076	self
https://bugzilla.suse.com/1054093	self
https://bugzilla.suse.com/1054247	self
https://bugzilla.suse.com/1054706	self
https://bugzilla.suse.com/1055680	self
https://bugzilla.suse.com/1056588	self
https://bugzilla.suse.com/1057179	self
https://bugzilla.suse.com/1057389	self
https://bugzilla.suse.com/1058524	self
https://bugzilla.suse.com/984530	self
https://www.suse.com/security/cve/CVE-2017-1000112/	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-10661/	self
https://www.suse.com/security/cve/CVE-2017-12762/	self
https://www.suse.com/security/cve/CVE-2017-14051/	self
https://www.suse.com/security/cve/CVE-2017-14140/	self
https://www.suse.com/security/cve/CVE-2017-14340/	self
https://www.suse.com/security/cve/CVE-2017-8831/	self
https://www.suse.com/security/cve/CVE-2017-1000112	external
https://bugzilla.suse.com/1052311	external
https://bugzilla.suse.com/1052365	external
https://bugzilla.suse.com/1052368	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-10661	external
https://bugzilla.suse.com/1053152	external
https://bugzilla.suse.com/1053153	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-12762	external
https://bugzilla.suse.com/1053148	external
https://bugzilla.suse.com/1053150	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-14051	external
https://bugzilla.suse.com/1056588	external
https://www.suse.com/security/cve/CVE-2017-14140	external
https://bugzilla.suse.com/1057179	external
https://www.suse.com/security/cve/CVE-2017-14340	external
https://bugzilla.suse.com/1058524	external
https://www.suse.com/security/cve/CVE-2017-8831	external
https://bugzilla.suse.com/1037994	external
https://bugzilla.suse.com/1061936	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1115893	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack\n  overflow vulnerability in the processing of L2CAP configuration responses\n  resulting in remote code execution in kernel space (bnc#1057389).\n- CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not\n  verify that a filesystem has a realtime device, which allowed local users to\n  cause a denial of service (NULL pointer dereference and OOPS) via vectors\n  related to setting an RHINHERIT flag on a directory (bnc#1058524).\n- CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the\n  effective uid of the target process, enabling a local attacker to learn the\n  memory layout of a setuid executable despite ASLR (bnc#1057179).\n- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl\n  function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a\n  denial of service (memory corruption and system crash) by leveraging root\n  access (bnc#1056588).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain\n  privileges or cause a denial of service (list corruption or use-after-free) via\n  simultaneous file-descriptor operations that leverage improper might_cancel\n  queueing (bnc#1053152).\n- CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was\n  copied into a local buffer of constant size using strcpy without a length check\n  which can cause a buffer overflow (bnc#1053148).\n- CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a\n  denial of service (out-of-bounds array access) or possibly have unspecified\n  other impact by changing a certain sequence-number value, aka a \u0027double fetch\u0027\n  vulnerability (bnc#1037994).\n- CVE-2017-1000112: Prevent race condition in net-packet code that could have\n  been exploited by unprivileged users to gain root access.(bnc#1052311).\n\nThe following non-security bugs were fixed:\n\n- ALSA: Fix Lewisburg audio issue\n- Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680)\n- Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)\n- NFS: Cache aggressively when file is open for writing (bsc#1053933).\n- NFS: Do drop directory dentry when error clearly requires it (bsc#1051932).\n- NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933).\n- NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).\n- NFS: invalidate file size when taking a lock (bsc#1053933).\n- PCI: fix hotplug related issues (bnc#1054247).\n- af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).\n- avoid deadlock in xenbus (bnc#1047523).\n- blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction\n- blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216).\n- cx231xx-audio: fix NULL-deref at probe (bsc#1050431).\n- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n- fuse: do not use iocb after it may have been freed (bsc#1054706).\n- fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).\n- fuse: fsync() did not return IO errors (bsc#1054076).\n- fuse: fuse_flush must check mapping-\u003eflags for errors (bsc#1054706).\n- gspca: konica: add missing endpoint sanity check (bsc#1050431).\n- kabi/severities: Ignore zpci symbol changes (bsc#1054247)\n- lib/mpi: mpi_read_raw_data(): fix nbits calculation\n- media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431).\n- net: Fix RCU splat in af_key (bsc#1054093).\n- powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450).\n- powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667).\n- powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667).\n- powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370).\n- powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070).\n- reiserfs: fix race in readdir (bsc#1039803).\n- s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).\n- s390/pci: fix handling of PEC 306 (bnc#1054247).\n- s390/pci: improve error handling during fmb (de)registration (bnc#1054247).\n- s390/pci: improve error handling during interrupt deregistration (bnc#1054247).\n- s390/pci: improve pci hotplug (bnc#1054247).\n- s390/pci: improve unreg_ioat error handling (bnc#1054247).\n- s390/pci: introduce clp_get_state (bnc#1054247).\n- s390/pci: provide more debug information (bnc#1054247).\n- scsi: avoid system stall due to host_busy race (bsc#1031358).\n- scsi: close race when updating blocked counters (bsc#1031358).\n- ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).\n- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).\n- tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).\n- uwb: fix device quirk on big-endian hosts (bsc#1036629).\n- xfs: fix inobt inode allocation search optimization (bsc#1013018).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slertesp4-linux-kernel-rt-13307",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2694-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2694-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172694-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2694-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003284.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1013018",
        "url": "https://bugzilla.suse.com/1013018"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1024450",
        "url": "https://bugzilla.suse.com/1024450"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1031358",
        "url": "https://bugzilla.suse.com/1031358"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1036629",
        "url": "https://bugzilla.suse.com/1036629"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037441",
        "url": "https://bugzilla.suse.com/1037441"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037667",
        "url": "https://bugzilla.suse.com/1037667"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037669",
        "url": "https://bugzilla.suse.com/1037669"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037994",
        "url": "https://bugzilla.suse.com/1037994"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1039803",
        "url": "https://bugzilla.suse.com/1039803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1040609",
        "url": "https://bugzilla.suse.com/1040609"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042863",
        "url": "https://bugzilla.suse.com/1042863"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045154",
        "url": "https://bugzilla.suse.com/1045154"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1047523",
        "url": "https://bugzilla.suse.com/1047523"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050381",
        "url": "https://bugzilla.suse.com/1050381"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050431",
        "url": "https://bugzilla.suse.com/1050431"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1051932",
        "url": "https://bugzilla.suse.com/1051932"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1052311",
        "url": "https://bugzilla.suse.com/1052311"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1052370",
        "url": "https://bugzilla.suse.com/1052370"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1053148",
        "url": "https://bugzilla.suse.com/1053148"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1053152",
        "url": "https://bugzilla.suse.com/1053152"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1053802",
        "url": "https://bugzilla.suse.com/1053802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1053933",
        "url": "https://bugzilla.suse.com/1053933"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054070",
        "url": "https://bugzilla.suse.com/1054070"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054076",
        "url": "https://bugzilla.suse.com/1054076"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054093",
        "url": "https://bugzilla.suse.com/1054093"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054247",
        "url": "https://bugzilla.suse.com/1054247"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054706",
        "url": "https://bugzilla.suse.com/1054706"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1055680",
        "url": "https://bugzilla.suse.com/1055680"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1056588",
        "url": "https://bugzilla.suse.com/1056588"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057179",
        "url": "https://bugzilla.suse.com/1057179"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057389",
        "url": "https://bugzilla.suse.com/1057389"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1058524",
        "url": "https://bugzilla.suse.com/1058524"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 984530",
        "url": "https://bugzilla.suse.com/984530"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000112 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000112/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-10661 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-10661/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12762 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12762/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14051 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14051/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14140 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14140/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14340 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14340/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8831 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8831/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2017-10-10T12:16:47Z",
      "generator": {
        "date": "2017-10-10T12:16:47Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2694-1",
      "initial_release_date": "2017-10-10T12:16:47Z",
      "revision_history": [
        {
          "date": "2017-10-10T12:16:47Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-rt-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-rt-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64",
                  "product_id": "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Real Time 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Real Time 11 SP4",
                  "product_id": "SUSE Linux Enterprise Real Time 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-rt-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        },
        "product_reference": "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000112",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000112"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb-\u003elen becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev-\u003elen - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (\"[IPv4/IPv6]: UFO Scatter-gather approach\") on Oct 18 2005.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000112",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000112"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052311 for CVE-2017-1000112",
          "url": "https://bugzilla.suse.com/1052311"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052365 for CVE-2017-1000112",
          "url": "https://bugzilla.suse.com/1052365"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052368 for CVE-2017-1000112",
          "url": "https://bugzilla.suse.com/1052368"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000112",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000112",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-1000112",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-1000112"
    },
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-10661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-10661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-10661",
          "url": "https://www.suse.com/security/cve/CVE-2017-10661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053152 for CVE-2017-10661",
          "url": "https://bugzilla.suse.com/1053152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053153 for CVE-2017-10661",
          "url": "https://bugzilla.suse.com/1053153"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-10661",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-10661"
    },
    {
      "cve": "CVE-2017-12762",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12762"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12762",
          "url": "https://www.suse.com/security/cve/CVE-2017-12762"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053148 for CVE-2017-12762",
          "url": "https://bugzilla.suse.com/1053148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053150 for CVE-2017-12762",
          "url": "https://bugzilla.suse.com/1053150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-12762",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-12762",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-12762",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-12762"
    },
    {
      "cve": "CVE-2017-14051",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14051"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14051",
          "url": "https://www.suse.com/security/cve/CVE-2017-14051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056588 for CVE-2017-14051",
          "url": "https://bugzilla.suse.com/1056588"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-14051"
    },
    {
      "cve": "CVE-2017-14140",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14140"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn\u0027t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14140",
          "url": "https://www.suse.com/security/cve/CVE-2017-14140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057179 for CVE-2017-14140",
          "url": "https://bugzilla.suse.com/1057179"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-14140"
    },
    {
      "cve": "CVE-2017-14340",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14340"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14340",
          "url": "https://www.suse.com/security/cve/CVE-2017-14340"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1058524 for CVE-2017-14340",
          "url": "https://bugzilla.suse.com/1058524"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-14340"
    },
    {
      "cve": "CVE-2017-8831",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8831"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8831",
          "url": "https://www.suse.com/security/cve/CVE-2017-8831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037994 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1037994"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1061936 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1061936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-10T12:16:47Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-8831"
    }
  ]
}

SUSE-SU-2017:2769-1

Vulnerability from csaf_suse - Published: 2017-10-19 05:28 - Updated: 2017-10-19 05:28

Summary

Security update for Linux Kernel Live Patch 20 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 20 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_69 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1714

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 20 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_69 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1714",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2769-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2769-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172769-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2769-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003306.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 20 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T05:28:12Z",
      "generator": {
        "date": "2017-10-19T05:28:12Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2769-1",
      "initial_release_date": "2017-10-19T05:28:12Z",
      "revision_history": [
        {
          "date": "2017-10-19T05:28:12Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:12Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-default-6-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_69-xen-6-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:12Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2770-1

Vulnerability from csaf_suse - Published: 2017-10-19 05:28 - Updated: 2017-10-19 05:28

Summary

Security update for Linux Kernel Live Patch 23 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 23 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_80 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1712

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 23 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_80 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1712",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2770-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2770-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172770-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2770-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003307.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 23 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T05:28:01Z",
      "generator": {
        "date": "2017-10-19T05:28:01Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2770-1",
      "initial_release_date": "2017-10-19T05:28:01Z",
      "revision_history": [
        {
          "date": "2017-10-19T05:28:01Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:01Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-4-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-4-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:01Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2771-1

Vulnerability from csaf_suse - Published: 2017-10-19 05:28 - Updated: 2017-10-19 05:28

Summary

Security update for Linux Kernel Live Patch 19 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 19 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1715

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 19 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_66 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1715",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2771-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2771-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172771-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2771-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003308.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 19 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T05:28:18Z",
      "generator": {
        "date": "2017-10-19T05:28:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2771-1",
      "initial_release_date": "2017-10-19T05:28:18Z",
      "revision_history": [
        {
          "date": "2017-10-19T05:28:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-8-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-8-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2772-1

Vulnerability from csaf_suse - Published: 2017-10-19 05:28 - Updated: 2017-10-19 05:28

Summary

Security update for Linux Kernel Live Patch 22 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 22 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_77 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1713

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 22 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_77 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1713",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2772-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2772-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172772-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2772-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003309.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 22 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T05:28:07Z",
      "generator": {
        "date": "2017-10-19T05:28:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2772-1",
      "initial_release_date": "2017-10-19T05:28:07Z",
      "revision_history": [
        {
          "date": "2017-10-19T05:28:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-default-5-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_77-xen-5-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:28:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2773-1

Vulnerability from csaf_suse - Published: 2017-10-19 05:27 - Updated: 2017-10-19 05:27

Summary

Security update for Linux Kernel Live Patch 26 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 26 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_89 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1710

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 26 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_89 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1710",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2773-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2773-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172773-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2773-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003310.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 26 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T05:27:49Z",
      "generator": {
        "date": "2017-10-19T05:27:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2773-1",
      "initial_release_date": "2017-10-19T05:27:49Z",
      "revision_history": [
        {
          "date": "2017-10-19T05:27:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:27:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_89-xen-3-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:27:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2774-1

Vulnerability from csaf_suse - Published: 2017-10-19 05:27 - Updated: 2017-10-19 05:27

Summary

Security update for Linux Kernel Live Patch 25 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 25 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_86 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1711

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 25 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_86 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1711",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2774-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2774-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172774-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2774-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003311.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 25 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T05:27:55Z",
      "generator": {
        "date": "2017-10-19T05:27:55Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2774-1",
      "initial_release_date": "2017-10-19T05:27:55Z",
      "revision_history": [
        {
          "date": "2017-10-19T05:27:55Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:27:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-default-3-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_86-xen-3-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T05:27:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2776-1

Vulnerability from csaf_suse - Published: 2017-10-19 09:01 - Updated: 2017-10-19 09:01

Summary

Security update for Linux Kernel Live Patch 16 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 16 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.60-52_57 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1717

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 16 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.60-52_57 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1717",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2776-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2776-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172776-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2776-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003313.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 16 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T09:01:33Z",
      "generator": {
        "date": "2017-10-19T09:01:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2776-1",
      "initial_release_date": "2017-10-19T09:01:33Z",
      "revision_history": [
        {
          "date": "2017-10-19T09:01:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T09:01:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-default-10-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_57-xen-10-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T09:01:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

SUSE-SU-2017:2777-1

Vulnerability from csaf_suse - Published: 2017-10-19 09:14 - Updated: 2017-10-19 09:14

Summary

Security update for Linux Kernel Live Patch 17 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 17 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.60-52_60 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).

Patchnames: SUSE-SLE-SERVER-12-2017-1718

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2017-15274

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1045327	self
https://bugzilla.suse.com/1057950	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-15274/	self
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-15274	external
https://bugzilla.suse.com/1045327	external
https://bugzilla.suse.com/1062471	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 17 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.60-52_60 fixes one issue.\n\nThe following security bugs were fixed:\n\n- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).\n- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2017-1718",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2777-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2777-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172777-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2777-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003314.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045327",
        "url": "https://bugzilla.suse.com/1045327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057950",
        "url": "https://bugzilla.suse.com/1057950"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15274 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15274/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 17 for SLE 12",
    "tracking": {
      "current_release_date": "2017-10-19T09:14:34Z",
      "generator": {
        "date": "2017-10-19T09:14:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2777-1",
      "initial_release_date": "2017-10-19T09:14:34Z",
      "revision_history": [
        {
          "date": "2017-10-19T09:14:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T09:14:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-15274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15274",
          "url": "https://www.suse.com/security/cve/CVE-2017-15274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045327 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1045327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062471 for CVE-2017-15274",
          "url": "https://bugzilla.suse.com/1062471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-9-4.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-9-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-10-19T09:14:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15274"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1000251 (GCVE-0-2017-1000251)

Tags

Sightings

Nomenclature