Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisorykernel updateUbuntuUbuntu 24.04, 22.04 LTS: USN-7492-1 critical: Kernel admin privileges
The system could be made to crash or run programs as an administrator.. ========================================================================== Ubuntu Security Notice USN-7492-1 May 06, 2025 linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-lowlatency: Linux low latency kernel - linux-nvidia: Linux kernel for NVIDIA systems - linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems - linux-oem-6.8: Linux kernel for OEM systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe-6.8: Linux hardware enablement (HWE) kernel - linux-lowlatency-hwe-6.8: Linux low latency kernel - linux-nvidia-6.8: Linux kernel for NVIDIA systems - linux-oracle-6.8: Linux kernel for Oracle Cloud systems Details: A security issues was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; (CVE-2024-56653) Update instructions: The problem can be corrected by updating your system to the following packageversions: Ubuntu 24.04 LTS linux-image-6.8.0-1011-gkeop 6.8.0-1011.13 linux-image-6.8.0-1024-gke 6.8.0-1024.28 linux-image-6.8.0-1025-ibm 6.8.0-1025.25 linux-image-6.8.0-1025-oracle 6.8.0-1025.26 linux-image-6.8.0-1025-oracle-64k 6.8.0-1025.26 linux-image-6.8.0-1027-nvidia 6.8.0-1027.30 linux-image-6.8.0-1027-nvidia-64k 6.8.0-1027.30 linux-image-6.8.0-1027-nvidia-lowlatency 6.8.0-1027.30.1 linux-image-6.8.0-1027-nvidia-lowlatency-64k 6.8.0-1027.30.1 linux-image-6.8.0-1027-oem 6.8.0-1027.27 linux-image-6.8.0-1028-aws 6.8.0-1028.30 linux-image-6.8.0-1029-gcp 6.8.0-1029.31 linux-image-6.8.0-1029-gcp-64k 6.8.0-1029.31 linux-image-6.8.0-59-generic 6.8.0-59.61 linux-image-6.8.0-59-generic-64k 6.8.0-59.61 linux-image-6.8.0-59-lowlatency 6.8.0-59.61.1 linux-image-6.8.0-59-lowlatency-64k 6.8.0-59.61.1 linux-image-aws 6.8.0-1028.30 linux-image-aws-lts-24.04 6.8.0-1028.30 linux-image-gcp-64k-lts-24.04 6.8.0-1029.31 linux-image-gcp-lts-24.04 6.8.0-1029.31 linux-image-generic 6.8.0-59.61 linux-image-generic-64k 6.8.0-59.61 linux-image-generic-lpae 6.8.0-59.61 linux-image-gke 6.8.0-1024.28 linux-image-gkeop 6.8.0-1011.13 linux-image-gkeop-6.8 6.8.0-1011.13 linux-image-ibm 6.8.0-1025.25 linux-image-ibm-classic 6.8.0-1025.25 linux-image-ibm-lts-24.04 6.8.0-1025.25 linux-image-kvm 6.8.0-59.61 linux-image-lowlatency 6.8.0-59.61.1 linux-image-lowlatency-64k 6.8.0-59.61.1 linux-image-nvidia 6.8.0-1027.30 linux-image-nvidia-64k 6.8.0-1027.30 linux-image-nvidia-lowlatency 6.8.0-1027.30.1 linux-image-nvidia-lowlatency-64k 6.8.0-1027.30.1 linux-image-oem-24.04 6.8.0-1027.27 linux-image-oem-24.04a 6.8.0-1027.27 linux-image-oracle 6.8.0-1025.26 linux-image-oracle-64k 6.8.0-1025.26 linux-image-oracle-64k-lts-24.04 6.8.0-1025.26 linux-image-oracle-lts-24.04 6.8.0-1025.26 linux-image-virtual 6.8.0-59.61 Ubuntu 22.04 LTS linux-image-6.8.0-1025-oracle 6.8.0-1025.26~22.04.1 linux-image-6.8.0-1025-oracle-64k 6.8.0-1025.26~22.04.1 linux-image-6.8.0-1027-nvidia 6.8.0-1027.30~22.04.1 linux-image-6.8.0-1027-nvidia-64k 6.8.0-1027.30~22.04.1 linux-image-6.8.0-1028-aws 6.8.0-1028.30~22.04.1 linux-image-6.8.0-1029-gcp 6.8.0-1029.31~22.04.1 linux-image-6.8.0-1029-gcp-64k 6.8.0-1029.31~22.04.1 linux-image-6.8.0-59-generic 6.8.0-59.61~22.04.1 linux-image-6.8.0-59-generic-64k 6.8.0-59.61~22.04.1 linux-image-6.8.0-59-lowlatency 6.8.0-59.61.1~22.04.1 linux-image-6.8.0-59-lowlatency-64k 6.8.0-59.61.1~22.04.1 linux-image-aws 6.8.0-1028.30~22.04.1 linux-image-gcp 6.8.0-1029.31~22.04.1 linux-image-gcp-64k 6.8.0-1029.31~22.04.1 linux-image-generic-64k-hwe-22.04 6.8.0-59.61~22.04.1 linux-image-generic-hwe-22.04 6.8.0-59.61~22.04.1 linux-image-lowlatency-64k-hwe-22.04 6.8.0-59.61.1~22.04.1 linux-image-lowlatency-hwe-22.04 6.8.0-59.61.1~22.04.1 linux-image-nvidia-6.8 6.8.0-1027.30~22.04.1 linux-image-nvidia-64k-6.8 6.8.0-1027.30~22.04.1 linux-image-nvidia-64k-hwe-22.04 6.8.0-1027.30~22.04.1 linux-image-nvidia-hwe-22.04 6.8.0-1027.30~22.04.1 linux-image-oem-22.04 6.8.0-59.61~22.04.1 linux-image-oem-22.04a 6.8.0-59.61~22.04.1 linux-image-oem-22.04b 6.8.0-59.61~22.04.1 linux-image-oem-22.04c 6.8.0-59.61~22.04.1 linux-image-oem-22.04d 6.8.0-59.61~22.04.1 linux-image-oracle 6.8.0-1025.26~22.04.1 linux-image-oracle-64k 6.8.0-1025.26~22.04.1 linux-image-virtual-hwe-22.04 6.8.0-59.61~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new versionnumber, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7492-1 CVE-2024-56653 Package Information: https://launchpad.net/ubuntu/+source/linux/6.8.0-59.61 https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1028.30 https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1029.31 https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1024.28 https://launchpad.net/ubuntu/+source/linux-gkeop/6.8.0-1011.13 https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1025.25 https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-59.61.1 https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1027.30 https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1027.30.1 https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1027.27 https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1025.26 https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1028.30~22.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1029.31~22.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-59.61~22.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-59.61.1~22.04.1 https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1027.30~22.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1025.26~22.04.1 . Ensure your Ubuntu operating system is fully updated to address vulnerabilities in the Linux kernel that may grant unauthorized admin access and lead to system instability.. Ubuntu Security, Admin Privileges, System Crash, Kernel Update, Linux Security Advisory. . Severity: Critical. LinuxSecurity.com Team
May 06, 2025
•Critical
Ubuntu
172
security advisorycriticalprivilege escalationUbuntu 22.10 USN-5846-1 Critical: X.Org X Server Escalation Issue
X.Org X Server could be made to crash or run programs as the administrator if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-5846-1 February 07, 2023 xorg-server, xorg-server-hwe-18.04, xwayland vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: X.Org X Server could be made to crash or run programs as the administrator if it received specially crafted input. Software Description: - xorg-server: X.Org X11 server - xwayland: X server for running X clients under Wayland - xorg-server-hwe-18.04: X.Org X11 server Details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: xserver-xorg-core 2:21.1.4-2ubuntu1.5 xwayland 2:22.1.3-2ubuntu0.3 Ubuntu 22.04 LTS: xserver-xorg-core 2:21.1.3-2ubuntu2.7 xwayland 2:22.1.1-1ubuntu0.5 Ubuntu 20.04 LTS: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.6 xwayland 2:1.20.13-1ubuntu1~20.04.6 Ubuntu 18.04 LTS: xserver-xorg-core 2:1.19.6-1ubuntu4.14 xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.10 xwayland 2:1.19.6-1ubuntu4.14 xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.10 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5846-1 CVE-2023-0494 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.5 https://launchpad.net/ubuntu/+source/xwayland/2:22.1.3-2ubuntu0.3 https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.3-2ubuntu2.7 https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.5 https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.6 https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.6-1ubuntu4.14 https://launchpad.net/ubuntu/+source/xorg-server-hwe-18.04/2:1.20.8-2ubuntu2.2~18.04.10 . X.Org X Server vulnerability allows potential crashes or unauthorized commands with specially crafted input. Patches released.. XOrg Security, Privilege Escalation, X Server Fixes. . Severity: Critical. LinuxSecurity.com Team
Feb 07, 2023
•Critical
Ubuntu
172
security advisorydenial of servicesecurity issueUbuntu 20.04 LTS: USN-4489-1 Critical: Kernel Denial Of Service
The system could be made to crash or run programs as an administrator.. =========================================================================Ubuntu Security Notice USN-4489-1 September 08, 2020 linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-kvm, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2, linux-raspi2-5.3, linux-snapdragon vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi (V8) systems - linux-aws-5.3: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-oem: Linuxkernel for OEM systems - linux-oem-osp1: Linux kernel for OEM systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-raspi2-5.3: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems Details: Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1018-raspi 5.4.0-1018.20 linux-image-5.4.0-1024-aws 5.4.0-1024.24 linux-image-5.4.0-1024-gcp 5.4.0-1024.24 linux-image-5.4.0-1024-oracle 5.4.0-1024.24 linux-image-5.4.0-1025-azure 5.4.0-1025.25 linux-image-5.4.0-47-generic 5.4.0-47.51 linux-image-5.4.0-47-generic-lpae 5.4.0-47.51 linux-image-5.4.0-47-lowlatency 5.4.0-47.51 linux-image-aws 5.4.0.1024.25 linux-image-azure 5.4.0.1025.24 linux-image-gcp 5.4.0.1024.21 linux-image-generic 5.4.0.47.50 linux-image-generic-lpae 5.4.0.47.50 linux-image-gke 5.4.0.1024.21 linux-image-kvm 5.4.0.1023.21 linux-image-lowlatency 5.4.0.47.50 linux-image-oem 5.4.0.47.50 linux-image-oem-osp1 5.4.0.47.50 linux-image-oracle 5.4.0.1024.21 linux-image-raspi 5.4.0.1018.53 linux-image-raspi2 5.4.0.1018.53 linux-image-virtual 5.4.0.47.50 Ubuntu 18.04 LTS: linux-image-4.15.0-1053-oracle 4.15.0-1053.57 linux-image-4.15.0-1069-gke 4.15.0-1069.72 linux-image-4.15.0-1070-raspi2 4.15.0-1070.74 linux-image-4.15.0-1074-kvm 4.15.0-1074.75 linux-image-4.15.0-1082-aws 4.15.0-1082.86 linux-image-4.15.0-1083-gcp 4.15.0-1083.94 linux-image-4.15.0-1086-snapdragon 4.15.0-1086.94 linux-image-4.15.0-1095-azure 4.15.0-1095.105 linux-image-4.15.0-1096-oem 4.15.0-1096.106 linux-image-4.15.0-117-generic 4.15.0-117.118 linux-image-4.15.0-117-generic-lpae 4.15.0-117.118 linux-image-4.15.0-117-lowlatency 4.15.0-117.118 linux-image-5.0.0-1047-gke 5.0.0-1047.48 linux-image-5.0.0-1068-oem-osp1 5.0.0-1068.73 linux-image-5.3.0-1033-raspi2 5.3.0-1033.35 linux-image-5.3.0-1035-aws 5.3.0-1035.37 linux-image-5.3.0-1036-gke 5.3.0-1036.38 linux-image-5.3.0-67-generic 5.3.0-67.61 linux-image-5.3.0-67-lowlatency 5.3.0-67.61 linux-image-5.4.0-1018-raspi 5.4.0-1018.20~18.04.1 linux-image-5.4.0-1024-aws 5.4.0-1024.24~18.04.1 linux-image-5.4.0-1024-gcp 5.4.0-1024.24~18.04.1 linux-image-5.4.0-1024-oracle 5.4.0-1024.24~18.04.1 linux-image-5.4.0-1025-azure 5.4.0-1025.25~18.04.1 linux-image-5.4.0-47-generic 5.4.0-47.51~18.04.1 linux-image-5.4.0-47-generic-lpae 5.4.0-47.51~18.04.1 linux-image-5.4.0-47-lowlatency 5.4.0-47.51~18.04.1 linux-image-aws 5.3.0.1035.34 linux-image-aws-lts-18.04 4.15.0.1082.84 linux-image-azure 5.4.0.1025.8 linux-image-azure-lts-18.04 4.15.0.1095.68 linux-image-gcp 5.4.0.1024.11 linux-image-gcp-lts-18.04 4.15.0.1083.101 linux-image-generic 4.15.0.117.104 linux-image-generic-hwe-18.04 5.4.0.47.51~18.04.40 linux-image-generic-lpae 4.15.0.117.104 linux-image-generic-lpae-hwe-18.04 5.4.0.47.51~18.04.40 linux-image-gke 4.15.0.1069.73 linux-image-gke-4.15 4.15.0.1069.73 linux-image-gke-5.0 5.0.0.1047.32 linux-image-gke-5.3 5.3.0.1036.20 linux-image-gke-5.4 5.4.0.1024.11 linux-image-gkeop-5.3 5.3.0.67.124 linux-image-gkeop-5.4 5.4.0.47.51~18.04.40 linux-image-kvm 4.15.0.1074.70 linux-image-lowlatency 4.15.0.117.104 linux-image-lowlatency-hwe-18.04 5.4.0.47.51~18.04.40 linux-image-oem 4.15.0.1096.100 linux-image-oem-osp1 5.0.0.1068.66 linux-image-oracle 5.4.0.1024.8 linux-image-oracle-lts-18.04 4.15.0.1053.63 linux-image-powerpc-e500mc 4.15.0.117.104 linux-image-powerpc-smp 4.15.0.117.104 linux-image-powerpc64-emb 4.15.0.117.104 linux-image-powerpc64-smp 4.15.0.117.104 linux-image-raspi-hwe-18.04 5.4.0.1018.22 linux-image-raspi2 4.15.0.1070.67 linux-image-raspi2-hwe-18.04 5.3.0.1033.23 linux-image-snapdragon 4.15.0.1086.89 linux-image-snapdragon-hwe-18.04 5.4.0.47.51~18.04.40 linux-image-virtual 4.15.0.117.104 linux-image-virtual-hwe-18.04 5.4.0.47.51~18.04.40 Ubuntu 16.04 LTS: linux-image-4.15.0-1053-oracle 4.15.0-1053.57~16.04.1 linux-image-4.15.0-1082-aws 4.15.0-1082.86~16.04.1 linux-image-4.15.0-1083-gcp 4.15.0-1083.94~16.04.1 linux-image-4.15.0-1095-azure 4.15.0-1095.105~16.04.1 linux-image-4.15.0-117-generic 4.15.0-117.118~16.04.1 linux-image-4.15.0-117-generic-lpae 4.15.0-117.118~16.04.1 linux-image-4.15.0-117-lowlatency 4.15.0-117.118~16.04.1 linux-image-aws-hwe 4.15.0.1082.78 linux-image-azure 4.15.0.1095.89 linux-image-gcp 4.15.0.1083.84 linux-image-generic-hwe-16.04 4.15.0.117.118 linux-image-generic-lpae-hwe-16.04 4.15.0.117.118 linux-image-gke 4.15.0.1083.84 linux-image-lowlatency-hwe-16.04 4.15.0.117.118 linux-image-oem 4.15.0.117.118 linux-image-oracle 4.15.0.1053.43 linux-image-virtual-hwe-16.04 4.15.0.117.118 Ubuntu 14.04 ESM: linux-image-4.15.0-1095-azure 4.15.0-1095.105~14.04.1 linux-image-azure 4.15.0.1095.71 After a standard system update you need toreboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4489-1 CVE-2020-14386 Package Information: https://launchpad.net/ubuntu/+source/linux/5.4.0-47.51 https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1024.24 https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1025.25 https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1024.24 https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1023.23 https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1024.24 https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1018.20 https://launchpad.net/ubuntu/+source/linux/4.15.0-117.118 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1082.86 https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1024.24~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1095.105 https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1025.25~18.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1083.94 https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1024.24~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1069.72 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1047.48 https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1036.38 https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-67.61 https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-47.51~18.04.1 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1074.75 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1096.106 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1068.73 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1053.57 https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1024.24~18.04.1 https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1018.20~18.04.1 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1070.74 https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1033.35 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1086.94 https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1082.86~16.04.1 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1095.105~16.04.1 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1083.94~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-117.118~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1053.57~16.04.1 . Make sure your Ubuntu installation is protected in light of the urgent kernel flaw and implement necessary updates swiftly.. Linux Kernel Security, Ubuntu Kernel Update, Admin Privileges Risk. . Severity: Critical. LinuxSecurity.com Team
Sep 08, 2020
•Critical
Ubuntu
172
security advisorycriticalfile overwriteUbuntu 17.04 USN-3304-1 Critical: Sudo File Overwrite Issue
Sudo could be made to overwrite files as the administrator.. =========================================================================Ubuntu Security Notice USN-3304-1 May 30, 2017 sudo vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Sudo could be made to overwrite files as the administrator. Software Description: - sudo: Provide limited super user privileges to specific users Details: It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: sudo 1.8.19p1-1ubuntu1.1 sudo-ldap 1.8.19p1-1ubuntu1.1 Ubuntu 16.10: sudo 1.8.16-0ubuntu3.2 sudo-ldap 1.8.16-0ubuntu3.2 Ubuntu 16.04 LTS: sudo 1.8.16-0ubuntu1.4 sudo-ldap 1.8.16-0ubuntu1.4 Ubuntu 14.04 LTS: sudo 1.8.9p5-1ubuntu1.4 sudo-ldap 1.8.9p5-1ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3304-1 CVE-2017-1000367 Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.19p1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu3.2 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.4 https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu1.4 . A severe Sudo flaw permits local adversaries to modify files with admin privileges across various Ubuntu versions.. File Overwrite, Sudo Issue, UbuntuCritical Advisory. . Severity: Critical. LinuxSecurity.com Team
May 30, 2017
•Critical
Ubuntu
172
security advisorycriticalubuntuUbuntu 18.04 LTS: Critical Security Notice USN-3921-1 NVIDIA Driver
NVIDIA graphics drivers could be made to run programs as an administrator.. =========================================================================Ubuntu Security Notice USN-3122-1 November 03, 2016 nvidia-graphics-drivers-304, nvidia-graphics-drivers-340, nvidia-graphics-drivers-367 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: NVIDIA graphics drivers could be made to run programs as an administrator. Software Description: - nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-367: NVIDIA binary X.Org driver Details: It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: nvidia-304 304.132-0ubuntu0.16.04.2 nvidia-304-updates 304.132-0ubuntu0.16.04.2 nvidia-331 340.98-0ubuntu0.16.04.1 nvidia-331-updates 340.98-0ubuntu0.16.04.1 nvidia-340 340.98-0ubuntu0.16.04.1 nvidia-340-updates 340.98-0ubuntu0.16.04.1 nvidia-361 367.57-0ubuntu0.16.04.1 nvidia-367 367.57-0ubuntu0.16.04.1 nvidia-current 304.132-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nvidia-304 304.132-0ubuntu0.14.04.2 nvidia-304-updates 304.132-0ubuntu0.14.04.2 nvidia-331 340.98-0ubuntu0.14.04.1 nvidia-331-updates 340.98-0ubuntu0.14.04.1 nvidia-340 340.98-0ubuntu0.14.04.1 nvidia-340-updates 340.98-0ubuntu0.14.04.1 nvidia-352 367.57-0ubuntu0.14.04.1 nvidia-352-updates 367.57-0ubuntu0.14.04.1 nvidia-367 367.57-0ubuntu0.14.04.1 nvidia-current 304.132-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: nvidia-304 304.132-0ubuntu0.12.04.1 nvidia-304-updates 304.132-0ubuntu0.12.04.1 nvidia-331 340.98-0ubuntu0.12.04.1 nvidia-331-updates 340.98-0ubuntu0.12.04.1 nvidia-340 340.98-0ubuntu0.12.04.1 nvidia-340-updates 340.98-0ubuntu0.12.04.1 nvidia-current 304.132-0ubuntu0.12.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3122-1 CVE-2016-7382, CVE-2016-7389 Package Information: https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.132-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.98-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-367/367.57-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.132-0ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.98-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-367/367.57-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.132-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.98-0ubuntu0.12.04.1 . Recent vulnerabilities in NVIDIA graphics drivers on Ubuntu enable local applications to execute with elevated permissions. Immediate update needed.. NVIDIA Drivers, Ubuntu Security, Admin Privileges, Software Update. . Severity: Critical. LinuxSecurity.com Team
Nov 03, 2016
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 13.10 USN-2096-1 Critical: Kernel Denial Of Service
The system could be made to crash or run programs as an administrator.. =========================================================================Ubuntu Security Notice USN-2096-1 January 31, 2014 linux vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux: Linux kernel Details: Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: linux-image-3.11.0-15-generic 3.11.0-15.25 linux-image-3.11.0-15-generic-lpae 3.11.0-15.25 After a standard system update you need to reboot your computer to make all the necessary changes. References: CVE-2014-0038 Package Information: https://launchpad.net/ubuntu/+source/linux/3.11.0-15.25 . Debian 10's security advisory reveals a critical vulnerability in the network stack, risking unauthorized access and instability. Applying updates is essential. Ubuntu Kernel Security, Linux System Updates, Denial Of Service, Admin Privileges, System Crash Mitigation. . Severity: Critical. LinuxSecurity.com Team
Jan 31, 2014
•Critical
Ubuntu
98
security advisorycode executionbug fixRed Hat OpenStack 3: RHSA-2013:0995-01 Critical Foreman Issues
Updated Foreman packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Foreman security and bug fix update Advisory ID: RHSA-2013:0995-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2013:0995.html Issue date: 2013-06-27 CVE Names: CVE-2013-2113 CVE-2013-2121 ==================================================================== 1. Summary: Updated Foreman packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0 ("Grizzly") Preview. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview A flaw was found in the create method of the Foreman Bookmarks controller. A user with privileges to create a bookmark could use this flaw to execute arbitrary code with the privileges of the user running Foreman, giving them control of the system running Foreman (such as installing new packages) and all systems managed by Foreman. (CVE-2013-2121) A flaw was found in the way the Foreman UsersController controllerhandled user creation. A non-admin user with privileges to create non-admin accounts could use this flaw to create admin accounts, giving them control of the system running Foreman (such as installing new packages) and all systems managed by Foreman. (CVE-2013-2113) These issues were discovered by Ramon de C Valle of the Red Hat Product Security Team. This update also fixes the following bugs: * The cron job for Puppet had an incorrect path when installed via the Foreman installer. (BZ#969531) * This update removes provisioning templates and installation media for unsupported client operating systems. (BZ#971545) * Previously, the init script for Foreman was installed in the /opt/ directory, resulting in errors when attempting to use the "service" command to control Foreman, and errors when installing or upgrading the Foreman packages. As the Foreman service is not needed for Red Hat OpenStack, this update removes the init script. (BZ#972755) * Previously, after using Foreman to install controller and compute nodes, it was not possible to launch compute instances. (BZ#972780) * Previously, Foreman compiled assets for an incorrect path. The assets were configured for "[fully qualified domain name]/foreman", which is not where Foreman is served from in Red Hat OpenStack. (BZ#975068) * Previously, the Foreman installer used a reference to an OpenStack host's network interface instead of its own secondary interface when creating a subnet, which could cause subnet creation to fail and a "rake aborted!" message to be displayed. (BZ#976907) Users of Foreman are advised to upgrade to these updated packages, which correct these issues. In Red Hat OpenStack, Foreman runs on the Apache HTTP Server using mod_passenger. As such, after installing the updated packages, the httpd service must be restarted ("service httpd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available viathe Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 966804 - CVE-2013-2113 Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment 968166 - CVE-2013-2121 Foreman: app/controllers/bookmarks_controller.rb remote code execution 969531 - puppet cron installed with wrong path 971545 - Brand: remove non-RHEL templates and install media from Foreman 972780 - Unable to launch a compute instance (openstack-foreman) 975068 - Foreman asset compilation directory incorrect 976907 - Foreman installer ruby setup uses wrong nic 6. Package List: OpenStack 3: Source: noarch: ruby193-foreman-1.1.10009-3.el6ost.noarch.rpm ruby193-foreman-mysql-1.1.10009-3.el6ost.noarch.rpm ruby193-foreman-proxy-1.1.10001-4.el6ost.noarch.rpm ruby193-rubygem-ancestry-1.3.0-5.el6ost.noarch.rpm ruby193-rubygem-ancestry-doc-1.3.0-5.el6ost.noarch.rpm ruby193-rubygem-fog-1.10.1-11.el6ost.noarch.rpm ruby193-rubygem-fog-doc-1.10.1-11.el6ost.noarch.rpm ruby193-rubygem-safemode-1.2.0-9.el6ost.noarch.rpm ruby193-rubygem-safemode-doc-1.2.0-9.el6ost.noarch.rpm x86_64: ruby193-openstack-foreman-installer-0.0.18-1.el6ost.x86_64.rpm ruby193-openstack-foreman-installer-debuginfo-0.0.18-1.el6ost.x86_64.rpm ruby193-rubygem-mysql-2.8.1-4.el6ost.x86_64.rpm ruby193-rubygem-mysql-debuginfo-2.8.1-4.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-2113 https://access.redhat.com/security/cve/CVE-2013-2121 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/support/offerings/techpreview 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat,Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzIMBXlSAg2UNWIIRApRSAJ9gfedwYSR4ATSeJkRu4sa+pUcyZwCgmmXE rbU2+kw9Xxwnbgk1xxgmvDI=a6Yd -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jun 27, 2013
•Important
Red Hat
87
security advisoryhigh severitydebianDebian: DSA 572-1 High Severity Ecartis Remote Access Issue
A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.. -------------------------------------------------------------------------- Debian Security Advisory DSA 572-1
Oct 21, 2004
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!