Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 22.04 LTS USN-6461-1: Critical Kernel Flaws Fixed
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6461-1 October 31, 2023 linux-oem-6.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-6.1: Linux kernel for OEM systems Details: Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the Quick Fair Queueing scheduler implementationin the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-6.1.0-1025-oem 6.1.0-1025.25 linux-image-oem-22.04 6.1.0.1025.26 linux-image-oem-22.04a 6.1.0.1025.26 linux-image-oem-22.04b 6.1.0.1025.26 linux-image-oem-22.04c 6.1.0.1025.26 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6461-1 CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-4244, CVE-2023-42754, CVE-2023-4921, CVE-2023-5345 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1025.25 . Upgrades for Ubuntu 22.04 LTS address several kernel vulnerabilities, improving system reliability and safeguarding against potential threats.. Ubuntu Security, Kernel Issues, OEM Security Notice. . Severity: Critical. LinuxSecurity.com Team
Oct 31, 2023
•Critical
Ubuntu
203
security advisorysecurity fixdnsmasqMageia: 2023-0153 High: Dnsmasq EDNS Packet Size Security Update
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. (CVE-2023-28450) References: . MGASA-2023-0153 - Updated dnsmasq packages fix security vulnerability Publication date: 24 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0153.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-28450 A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. (CVE-2023-28450) References: - https://bugs.mageia.org/show_bug.cgi?id=31770 - http://www.dnsflagday.net/2020/ - https://www.cve.org/CVERecord?id=CVE-2023-28450 SRPMS: - 8/core/dnsmasq-2.85-6.mga8 . Revamped dnsmasq versions address vulnerability linked to standard EDNS.0 UDP size. Solutions can be accessed through Mageia.. Dnsmasq Security Update, Mageia 2023, EDNS 0 Configuration Fix, DNS Vulnerability Management. . LinuxSecurity.com Team
Apr 24, 2023
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!