Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
172
security advisorycriticalnetwork controlUbuntu 20.04 18.04 Linux Kernel Critical Security Update USN-8200-3
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8200-3 May 11, 2026 linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; (CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1140-raspi 5.4.0-1140.153 Available with Ubuntu Pro linux-image-raspi 5.4.0.1140.171 Available with Ubuntu Pro linux-image-raspi-5.4 5.4.0.1140.171 Available with Ubuntu Pro linux-image-raspi2 5.4.0.1140.171 Available with Ubuntu Pro Ubuntu 18.04 LTS linux-image-5.4.0-1140-raspi 5.4.0-1140.153~18.04.1 Available with Ubuntu Pro linux-image-raspi-5.4 5.4.0.1140.153~18.04.1 Available with Ubuntu Pro linux-image-raspi-hwe-18.04 5.4.0.1140.153~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Dueto an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8200-3 https://ubuntu.com/security/notices/USN-8200-2 https://ubuntu.com/security/notices/USN-8200-1 CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074 . Several security issues fixed in the Linux kernel for Raspberry Pi users, ensuring enhanced system security.. Linux kernel security, Raspberry Pi updates, Ubuntu security advisories. . Severity: Critical. LinuxSecurity.com Team
May 11, 2026
•Critical
Ubuntu
172
security advisorysecurity issueUbuntuUbuntu 25.04: Linux Kernel Security Fix USN-7789-2 for Raspberry Pi
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7789-2 October 08, 2025 linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - NVMEM (Non Volatile Memory) drivers; - PCI subsystem; - Amlogic Meson DDR PMU; - NI-700 PMU driver; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - SCSI subsystem; - ASPEED SoC drivers; - SPI subsystem; - TCM subsystem; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C Port Controller Manager driver; - VFIO drivers; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - Virtio drivers; - BTRFS file system; - EROFS file system; - F2FS file system; - File systems infrastructure; - Network file systems library; - NTFS3 file system; - SMB network file system; - Codetag library; - BPF subsystem; - LZO compression library; - Mellanox drivers; - IPv4 networking; - Bluetooth subsystem; - Network sockets; - XFRM subsystem; - Digital Audio (PCM) driver; - Tracing infrastructure; - io_uring subsystem; - Padata parallel execution mechanism; - DVFS energy model driver; - Restartable seuqences system call mechanism; - Timer subsystem; - Memory management; - KASAN memory debugging framework; - CAN network layer; - Networking core; - IPv6 networking; - Netfilter; - NetLabel subsystem; - Open vSwitch; - Network traffic control; - TIPC protocol; - TLS protocol; - ALSA framework; - sma1307 audio codecs; - Intel ASoC drivers; - MediaTek ASoC drivers; - USB sound devices; (CVE-2025-38081, CVE-2025-38142, CVE-2025-38157, CVE-2025-38174, CVE-2025-38156, CVE-2025-38044, CVE-2025-38414, CVE-2025-38041, CVE-2025-38124, CVE-2025-38122, CVE-2025-38285, CVE-2025-38317, CVE-2025-38159, CVE-2025-38352, CVE-2025-38117, CVE-2025-38040, CVE-2025-38292, CVE-2025-38301, CVE-2025-38149, CVE-2025-38299, CVE-2025-38116, CVE-2025-38100, CVE-2025-38107, CVE-2025-38063, CVE-2025-38069, CVE-2025-38130, CVE-2025-38032, CVE-2025-38113, CVE-2025-38287, CVE-2025-38138, CVE-2025-38004, CVE-2025-38097, CVE-2025-38270, CVE-2025-38311, CVE-2025-38499, CVE-2025-38050, CVE-2025-38064, CVE-2025-38278, CVE-2025-38297, CVE-2025-38091, CVE-2025-38065, CVE-2025-38114, CVE-2025-38048, CVE-2025-38096, CVE-2025-38112, CVE-2025-38148, CVE-2025-38101, CVE-2025-38062, CVE-2025-38057, CVE-2025-38029, CVE-2025-38105, CVE-2025-38277, CVE-2025-38053, CVE-2025-38302, CVE-2025-38169, CVE-2025-38307, CVE-2025-38153, CVE-2025-38106, CVE-2025-38293, CVE-2025-38267, CVE-2025-38314,CVE-2025-38291, CVE-2025-38284, CVE-2025-38141, CVE-2025-38052, CVE-2025-38079, CVE-2025-38088, CVE-2025-38164, CVE-2025-38288, CVE-2025-38289, CVE-2025-38074, CVE-2025-38073, CVE-2025-38274, CVE-2025-38167, CVE-2025-38129, CVE-2025-38082, CVE-2025-38109, CVE-2025-38003, CVE-2025-38042, CVE-2025-38319, CVE-2025-38165, CVE-2025-38102, CVE-2025-38045, CVE-2025-38154, CVE-2025-38127, CVE-2025-38034, CVE-2025-38051, CVE-2025-38143, CVE-2025-38061, CVE-2025-38119, CVE-2025-38077, CVE-2025-38115, CVE-2025-38175, CVE-2025-38147, CVE-2025-38172, CVE-2025-38176, CVE-2025-38269, CVE-2025-38126, CVE-2025-38131, CVE-2025-38296, CVE-2025-38170, CVE-2025-38110, CVE-2025-38111, CVE-2025-38295, CVE-2025-38072, CVE-2025-38168, CVE-2025-38098, CVE-2025-38160, CVE-2025-38125, CVE-2025-38054, CVE-2025-38286, CVE-2025-38310, CVE-2025-38162, CVE-2025-38135, CVE-2025-38161, CVE-2025-38055, CVE-2025-38066, CVE-2025-38318, CVE-2025-38173, CVE-2025-38033, CVE-2025-38281, CVE-2025-38140, CVE-2025-38146, CVE-2025-38305, CVE-2025-38103, CVE-2025-38080, CVE-2025-38068, CVE-2025-38037, CVE-2025-38043, CVE-2025-38272, CVE-2025-38137, CVE-2025-38279, CVE-2025-38275, CVE-2025-38151, CVE-2025-38123, CVE-2025-38158, CVE-2025-38268, CVE-2025-38136, CVE-2025-38132, CVE-2025-38120, CVE-2025-38047, CVE-2025-38304, CVE-2025-38298, CVE-2025-38265, CVE-2025-38134, CVE-2025-38128, CVE-2025-38118, CVE-2025-38058, CVE-2025-38303, CVE-2025-38316, CVE-2025-38092, CVE-2025-38163, CVE-2025-38155, CVE-2025-38145, CVE-2025-38280, CVE-2025-38076, CVE-2025-38031, CVE-2025-38306, CVE-2025-38078, CVE-2025-38035, CVE-2025-38315, CVE-2025-38300, CVE-2025-38283, CVE-2025-38059, CVE-2025-38312, CVE-2025-38071, CVE-2025-38294, CVE-2025-38036, CVE-2025-38498, CVE-2025-38099, CVE-2025-38070, CVE-2025-38166, CVE-2025-38060, CVE-2025-38282, CVE-2025-38313, CVE-2025-38038, CVE-2025-38290, CVE-2025-39890, CVE-2025-38415, CVE-2025-38039, CVE-2025-38067, CVE-2025-38075, CVE-2025-38108, CVE-2025-38139) Update instructions: The problem can be corrected by updating your system tothe following package versions: Ubuntu 25.04 linux-image-6.14.0-1014-raspi 6.14.0-1014.14 linux-image-raspi 6.14.0-1014.14 linux-image-raspi-6.14 6.14.0-1014.14 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7789-2 https://ubuntu.com/security/notices/USN-7789-1 CVE-2025-38003, CVE-2025-38004, CVE-2025-38029, CVE-2025-38031, CVE-2025-38032, CVE-2025-38033, CVE-2025-38034, CVE-2025-38035, CVE-2025-38036, CVE-2025-38037, CVE-2025-38038, CVE-2025-38039, CVE-2025-38040, CVE-2025-38041, CVE-2025-38042, CVE-2025-38043, CVE-2025-38044, CVE-2025-38045, CVE-2025-38047, CVE-2025-38048, CVE-2025-38050, CVE-2025-38051, CVE-2025-38052, CVE-2025-38053, CVE-2025-38054, CVE-2025-38055, CVE-2025-38057, CVE-2025-38058, CVE-2025-38059, CVE-2025-38060, CVE-2025-38061, CVE-2025-38062, CVE-2025-38063, CVE-2025-38064, CVE-2025-38065, CVE-2025-38066, CVE-2025-38067, CVE-2025-38068, CVE-2025-38069, CVE-2025-38070, CVE-2025-38071, CVE-2025-38072, CVE-2025-38073, CVE-2025-38074, CVE-2025-38075, CVE-2025-38076, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38080, CVE-2025-38081, CVE-2025-38082, CVE-2025-38088, CVE-2025-38091, CVE-2025-38092, CVE-2025-38096, CVE-2025-38097, CVE-2025-38098, CVE-2025-38099, CVE-2025-38100, CVE-2025-38101, CVE-2025-38102, CVE-2025-38103, CVE-2025-38105, CVE-2025-38106, CVE-2025-38107, CVE-2025-38108, CVE-2025-38109, CVE-2025-38110, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113, CVE-2025-38114, CVE-2025-38115,CVE-2025-38116, CVE-2025-38117, CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122, CVE-2025-38123, CVE-2025-38124, CVE-2025-38125, CVE-2025-38126, CVE-2025-38127, CVE-2025-38128, CVE-2025-38129, CVE-2025-38130, CVE-2025-38131, CVE-2025-38132, CVE-2025-38134, CVE-2025-38135, CVE-2025-38136, CVE-2025-38137, CVE-2025-38138, CVE-2025-38139, CVE-2025-38140, CVE-2025-38141, CVE-2025-38142, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148, CVE-2025-38149, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154, CVE-2025-38155, CVE-2025-38156, CVE-2025-38157, CVE-2025-38158, CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38162, CVE-2025-38163, CVE-2025-38164, CVE-2025-38165, CVE-2025-38166, CVE-2025-38167, CVE-2025-38168, CVE-2025-38169, CVE-2025-38170, CVE-2025-38172, CVE-2025-38173, CVE-2025-38174, CVE-2025-38175, CVE-2025-38176, CVE-2025-38265, CVE-2025-38267, CVE-2025-38268, CVE-2025-38269, CVE-2025-38270, CVE-2025-38272, CVE-2025-38274, CVE-2025-38275, CVE-2025-38277, CVE-2025-38278, CVE-2025-38279, CVE-2025-38280, CVE-2025-38281, CVE-2025-38282, CVE-2025-38283, CVE-2025-38284, CVE-2025-38285, CVE-2025-38286, CVE-2025-38287, CVE-2025-38288, CVE-2025-38289, CVE-2025-38290, CVE-2025-38291, CVE-2025-38292, CVE-2025-38293, CVE-2025-38294, CVE-2025-38295, CVE-2025-38296, CVE-2025-38297, CVE-2025-38298, CVE-2025-38299, CVE-2025-38300, CVE-2025-38301, CVE-2025-38302, CVE-2025-38303, CVE-2025-38304, CVE-2025-38305, CVE-2025-38306, CVE-2025-38307, CVE-2025-38310, CVE-2025-38311, CVE-2025-38312, CVE-2025-38313, CVE-2025-38314, CVE-2025-38315, CVE-2025-38316, CVE-2025-38317, CVE-2025-38318, CVE-2025-38319, CVE-2025-38352, CVE-2025-38414, CVE-2025-38415, CVE-2025-38498, CVE-2025-38499, CVE-2025-39890 Package Information: https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1014.14 . Discover recent security fixes for the Linux kernel on Ubuntu 25.04, addressing several critical issues for Raspberry Pi systems.. Ubuntuupdates, Linux kernel patch, Raspberry Pi security, ARM architecture fixes, system vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Oct 08, 2025
•Important
Ubuntu
172
security advisoryUbuntuimportantUbuntu 22.04: Important Security Vulnerabilities in Linux Kernel USN-7774-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7774-1 September 25, 2025 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-riscv-5.15, linux-xilinx-zynqmp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-intel-iotg: Linux kernel for Intel IoT platforms - linux-lowlatency: Linux low latency kernel - linux-nvidia: Linux kernel for NVIDIA systems - linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors - linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe-5.15: Linux hardware enablement (HWE) kernel - linux-ibm-5.15: Linux kernel for IBM cloud systems - linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms - linux-lowlatency-hwe-5.15: Linux low latency kernel - linux-nvidia-tegra-5.15: Linux kernel for NVIDIA Tegra systems - linux-riscv-5.15: Linux kernel for RISC-V systems Details: Severalsecurity issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - ASPEED SoC drivers; - TCM subsystem; - Thermal drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C support driver; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - DRM display driver; - Memory Management; - Mellanox drivers; - Memory management; - Netfilter; - Network sockets; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - Restartable seuqences system call mechanism; - Timer subsystem; - Tracing infrastructure; - Appletalk network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - NetLabel subsystem; - Netlink; - NFC subsystem; - Open vSwitch; - Rose network layer; - RxRPC session sockets; - Network traffic control; - TIPC protocol; - VMware vSockets driver; - USB sound devices; (CVE-2025-38465, CVE-2025-38386, CVE-2025-38273, CVE-2025-38227, CVE-2025-38107, CVE-2025-37958, CVE-2025-38371, CVE-2025-38328, CVE-2025-38348, CVE-2025-38100, CVE-2025-38336, CVE-2025-38420, CVE-2025-38154, CVE-2025-38542, CVE-2025-38222, CVE-2025-38406, CVE-2025-37948, CVE-2025-38112, CVE-2025-38145, CVE-2025-38163, CVE-2025-38464, CVE-2025-38085, CVE-2025-38342, CVE-2025-38310, CVE-2025-38326, CVE-2025-38418, CVE-2025-38362, CVE-2025-38412, CVE-2025-38219, CVE-2025-38332, CVE-2025-38387, CVE-2025-38262, CVE-2025-38157, CVE-2025-38514, CVE-2025-38466, CVE-2025-38313, CVE-2025-38159, CVE-2024-44939, CVE-2025-38352, CVE-2025-38459, CVE-2025-38419, CVE-2025-38086, CVE-2025-38298, CVE-2025-38146, CVE-2025-38181, CVE-2025-38448, CVE-2025-38231, CVE-2025-38461, CVE-2025-38251, CVE-2025-38391, CVE-2025-38515, CVE-2024-26726, CVE-2025-38462, CVE-2025-38416, CVE-2025-38280, CVE-2025-38226, CVE-2025-38211, CVE-2025-38120, CVE-2025-38377, CVE-2025-38147, CVE-2025-38204, CVE-2025-38345, CVE-2025-38424, CVE-2025-38203, CVE-2025-38443, CVE-2025-38197, CVE-2025-38067, CVE-2025-38400, CVE-2025-38229, CVE-2025-38108, CVE-2025-38319, CVE-2025-38445, CVE-2025-38212, CVE-2025-38184, CVE-2025-38363, CVE-2025-38160, CVE-2024-57883, CVE-2025-38441, CVE-2025-38320, CVE-2025-38393, CVE-2025-38200, CVE-2025-38467, CVE-2025-38444, CVE-2025-38194, CVE-2025-38460, CVE-2025-38167, CVE-2025-38428, CVE-2025-38312, CVE-2025-38111, CVE-2025-38498, CVE-2025-38135, CVE-2025-38237, CVE-2025-38457, CVE-2025-38401, CVE-2025-38206, CVE-2025-38293, CVE-2025-38143, CVE-2025-38161, CVE-2025-38136, CVE-2022-48703, CVE-2025-38513, CVE-2025-38430, CVE-2025-38384, CVE-2025-38346, CVE-2025-38337, CVE-2025-38088, CVE-2025-38257, CVE-2025-38395, CVE-2025-38153, CVE-2025-38263, CVE-2025-38218, CVE-2024-26775, CVE-2025-38305, CVE-2025-38119, CVE-2025-38389,CVE-2025-38102, CVE-2025-38074, CVE-2025-38173, CVE-2025-38138, CVE-2025-38103, CVE-2025-38286, CVE-2025-38458, CVE-2025-38174, CVE-2025-38245, CVE-2025-38084, CVE-2025-38415, CVE-2025-38516, CVE-2025-38090, CVE-2025-38439, CVE-2025-38403, CVE-2025-38115, CVE-2025-38344, CVE-2025-38410, CVE-2025-38375, CVE-2025-37963, CVE-2025-38249, CVE-2025-38324, CVE-2025-38122, CVE-2025-38540, CVE-2025-38399, CVE-2025-21888, CVE-2025-38285) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1045-nvidia-tegra 5.15.0-1045.45 linux-image-5.15.0-1045-nvidia-tegra-rt 5.15.0-1045.45 linux-image-5.15.0-1056-xilinx-zynqmp 5.15.0-1056.60 linux-image-5.15.0-1075-gkeop 5.15.0-1075.83 linux-image-5.15.0-1086-ibm 5.15.0-1086.89 linux-image-5.15.0-1086-raspi 5.15.0-1086.89 linux-image-5.15.0-1087-intel-iotg 5.15.0-1087.93 linux-image-5.15.0-1087-nvidia 5.15.0-1087.88 linux-image-5.15.0-1087-nvidia-lowlatency 5.15.0-1087.88 linux-image-5.15.0-1089-gke 5.15.0-1089.95 linux-image-5.15.0-1090-oracle 5.15.0-1090.96 linux-image-5.15.0-1092-aws 5.15.0-1092.99 linux-image-5.15.0-1092-aws-64k 5.15.0-1092.99 linux-image-5.15.0-1092-gcp 5.15.0-1092.101 linux-image-5.15.0-156-generic 5.15.0-156.166 linux-image-5.15.0-156-generic-64k 5.15.0-156.166 linux-image-5.15.0-156-generic-lpae 5.15.0-156.166 linux-image-5.15.0-156-lowlatency 5.15.0-156.166 linux-image-5.15.0-156-lowlatency-64k 5.15.0-156.166 linux-image-aws-5.15 5.15.0.1092.95 linux-image-aws-64k-5.15 5.15.0.1092.95 linux-image-aws-64k-lts-22.04 5.15.0.1092.95 linux-image-aws-lts-22.04 5.15.0.1092.95 linux-image-gcp-5.15 5.15.0.1092.88 linux-image-gcp-lts-22.04 5.15.0.1092.88 linux-image-generic 5.15.0.156.154 linux-image-generic-5.15 5.15.0.156.154 linux-image-generic-64k 5.15.0.156.154 linux-image-generic-64k-5.15 5.15.0.156.154 linux-image-generic-lpae 5.15.0.156.154 linux-image-generic-lpae-5.15 5.15.0.156.154 linux-image-gke 5.15.0.1089.88 linux-image-gke-5.15 5.15.0.1089.88 linux-image-gkeop 5.15.0.1075.74 linux-image-gkeop-5.15 5.15.0.1075.74 linux-image-ibm 5.15.0.1086.82 linux-image-ibm-5.15 5.15.0.1086.82 linux-image-intel-iotg 5.15.0.1087.87 linux-image-intel-iotg-5.15 5.15.0.1087.87 linux-image-lowlatency 5.15.0.156.135 linux-image-lowlatency-5.15 5.15.0.156.135 linux-image-lowlatency-64k 5.15.0.156.135 linux-image-lowlatency-64k-5.15 5.15.0.156.135 linux-image-nvidia 5.15.0.1087.87 linux-image-nvidia-5.15 5.15.0.1087.87 linux-image-nvidia-lowlatency 5.15.0.1087.87 linux-image-nvidia-lowlatency-5.15 5.15.0.1087.87 linux-image-nvidia-tegra 5.15.0.1045.45 linux-image-nvidia-tegra-5.15 5.15.0.1045.45 linux-image-nvidia-tegra-rt 5.15.0.1045.45 linux-image-nvidia-tegra-rt-5.15 5.15.0.1045.45 linux-image-oracle-5.15 5.15.0.1090.86 linux-image-oracle-lts-22.04 5.15.0.1090.86 linux-image-raspi 5.15.0.1086.84 linux-image-raspi-5.15 5.15.0.1086.84 linux-image-raspi-nolpae 5.15.0.1086.84 linux-image-virtual 5.15.0.156.154 linux-image-virtual-5.15 5.15.0.156.154 linux-image-xilinx-zynqmp 5.15.0.1056.59 linux-image-xilinx-zynqmp-5.15 5.15.0.1056.59 Ubuntu 20.04 LTS linux-image-5.15.0-1045-nvidia-tegra 5.15.0-1045.45~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1045-nvidia-tegra-rt 5.15.0-1045.45~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1086-ibm 5.15.0-1086.89~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1087-generic 5.15.0-1087.91~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1087-intel-iotg 5.15.0-1087.93~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1092-aws 5.15.0-1092.99~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1092-gcp 5.15.0-1092.101~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-156-generic 5.15.0-156.166~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-156-generic-64k 5.15.0-156.166~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-156-generic-lpae 5.15.0-156.166~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-156-lowlatency 5.15.0-156.166~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-156-lowlatency-64k 5.15.0-156.166~20.04.1 Available with Ubuntu Pro linux-image-aws 5.15.0.1092.99~20.04.1 Available with Ubuntu Pro linux-image-aws-5.15 5.15.0.1092.99~20.04.1 Available with Ubuntu Pro linux-image-gcp 5.15.0.1092.101~20.04.1 Available with Ubuntu Pro linux-image-gcp-5.15 5.15.0.1092.101~20.04.1 Available with Ubuntu Pro linux-image-generic 5.15.0.1087.91~20.04.1 Available with Ubuntu Pro linux-image-generic-5.15 5.15.0.1087.91~20.04.1 Available with Ubuntu Pro linux-image-generic-64k-5.15 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-generic-64k-hwe-20.04 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-generic-hwe-20.04 5.15.0.1087.91~20.04.1 Available with Ubuntu Pro linux-image-generic-lpae-5.15 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-generic-lpae-hwe-20.04 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-ibm 5.15.0.1086.89~20.04.1 Available with Ubuntu Pro linux-image-ibm-5.15 5.15.0.1086.89~20.04.1 Available with Ubuntu Pro linux-image-intel 5.15.0.1087.93~20.04.1 Available with Ubuntu Pro linux-image-intel-iotg 5.15.0.1087.93~20.04.1 Available with Ubuntu Pro linux-image-intel-iotg-5.15 5.15.0.1087.93~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-5.15 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-64k-5.15 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-64k-hwe-20.04 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-hwe-20.04 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra 5.15.0.1045.45~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra-5.15 5.15.0.1045.45~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra-rt 5.15.0.1045.45~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra-rt-5.15 5.15.0.1045.45~20.04.1 Available with Ubuntu Pro linux-image-oem-20.04 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-oem-20.04b 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-oem-20.04c 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-oem-20.04d 5.15.0.156.166~20.04.1 Available with Ubuntu Pro linux-image-virtual 5.15.0.1087.91~20.04.1 Available with Ubuntu Pro linux-image-virtual-5.15 5.15.0.1087.91~20.04.1 Available with Ubuntu Pro linux-image-virtual-hwe-20.04 5.15.0.1087.91~20.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7774-1 CVE-2022-48703, CVE-2024-26726, CVE-2024-26775, CVE-2024-44939, CVE-2024-57883, CVE-2025-21888, CVE-2025-37948, CVE-2025-37958, CVE-2025-37963, CVE-2025-38067, CVE-2025-38074, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38088, CVE-2025-38090, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103, CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38115, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38153, CVE-2025-38154, CVE-2025-38157, CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38163, CVE-2025-38167, CVE-2025-38173, CVE-2025-38174, CVE-2025-38181, CVE-2025-38184, CVE-2025-38194, CVE-2025-38197, CVE-2025-38200, CVE-2025-38203, CVE-2025-38204, CVE-2025-38206, CVE-2025-38211, CVE-2025-38212, CVE-2025-38218, CVE-2025-38219, CVE-2025-38222, CVE-2025-38226,CVE-2025-38227, CVE-2025-38229, CVE-2025-38231, CVE-2025-38237, CVE-2025-38245, CVE-2025-38249, CVE-2025-38251, CVE-2025-38257, CVE-2025-38262, CVE-2025-38263, CVE-2025-38273, CVE-2025-38280, CVE-2025-38285, CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38305, CVE-2025-38310, CVE-2025-38312, CVE-2025-38313, CVE-2025-38319, CVE-2025-38320, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348, CVE-2025-38352, CVE-2025-38362, CVE-2025-38363, CVE-2025-38371, CVE-2025-38375, CVE-2025-38377, CVE-2025-38384, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393, CVE-2025-38395, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38406, CVE-2025-38410, CVE-2025-38412, CVE-2025-38415, CVE-2025-38416, CVE-2025-38418, CVE-2025-38419, CVE-2025-38420, CVE-2025-38424, CVE-2025-38428, CVE-2025-38430, CVE-2025-38439, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38498, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515, CVE-2025-38516, CVE-2025-38540, CVE-2025-38542 Package Information: https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1092.99 https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1075.83 https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1086.89 https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1087.93 https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1087.88 https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1045.45 https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1090.96 https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1056.60 . Urgent vulnerabilities within the Ubuntu Linux kernel necessitate promptpatches to prevent potential breaches.. Ubuntu Kernel Security, System Compromise, Linux Kernel Flaws. . Severity: Important. LinuxSecurity.com Team
Sep 25, 2025
•Important
Ubuntu
172
security advisorysecurity issuecriticalUbuntu 22.04 LTS USN-7308-1 Critical: Linux kernel flaws resolved
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7308-1 February 27, 2025 linux-aws vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; - I2C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Media drivers; - Network drivers; - STMicroelectronics network drivers; - Parport drivers; - Pin controllers subsystem; - Direct Digital Synthesis drivers; - TCM subsystem; - TTY drivers; - USB Dual Role (OTG-ready) Controller drivers; - USB Serial drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - BTRFS file system; - File systems infrastructure; - Network file system (NFS) client; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - User-space API (UAPI); - io_uring subsystem; - BPF subsystem; - Timer substystem drivers; - Tracing infrastructure; - Closures library; - Memory management; - Amateur Radio drivers; - Bluetooth subsystem; - Networking core; - IPv4 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - VMware vSockets driver; - XFRM subsystem; - Key management; - FireWire sound drivers; - HD-audio driver; - QCOMASoC drivers; - STMicroelectronics SoC drivers; - KVM core; (CVE-2024-50141, CVE-2024-53101, CVE-2024-50301, CVE-2024-50082, CVE-2024-39497, CVE-2024-50245, CVE-2024-50302, CVE-2024-35887, CVE-2024-50205, CVE-2024-50153, CVE-2024-50154, CVE-2024-50279, CVE-2024-50074, CVE-2024-50168, CVE-2024-50128, CVE-2024-53141, CVE-2024-50290, CVE-2024-50292, CVE-2024-50218, CVE-2024-50193, CVE-2024-50209, CVE-2024-53088, CVE-2024-50058, CVE-2024-50116, CVE-2024-50199, CVE-2024-50083, CVE-2024-50265, CVE-2024-53058, CVE-2024-50244, CVE-2024-50195, CVE-2024-41066, CVE-2024-50151, CVE-2024-50229, CVE-2024-42291, CVE-2024-40965, CVE-2024-50160, CVE-2024-53097, CVE-2024-50134, CVE-2024-53164, CVE-2024-50295, CVE-2024-50267, CVE-2024-50251, CVE-2024-50198, CVE-2024-53042, CVE-2024-40953, CVE-2024-50167, CVE-2024-50010, CVE-2024-42252, CVE-2024-53055, CVE-2024-50259, CVE-2024-50110, CVE-2024-50208, CVE-2024-50249, CVE-2024-50148, CVE-2024-50269, CVE-2024-50182, CVE-2024-50115, CVE-2024-50287, CVE-2024-50142, CVE-2024-53103, CVE-2024-50099, CVE-2024-50234, CVE-2024-50282, CVE-2024-50185, CVE-2024-50247, CVE-2024-50257, CVE-2024-50036, CVE-2024-50268, CVE-2024-50127, CVE-2024-50230, CVE-2024-50278, CVE-2024-50273, CVE-2024-26718, CVE-2024-50086, CVE-2024-50262, CVE-2024-50236, CVE-2024-50117, CVE-2024-50237, CVE-2024-53104, CVE-2024-50194, CVE-2024-50192, CVE-2024-53061, CVE-2024-53052, CVE-2024-50202, CVE-2024-41080, CVE-2024-50143, CVE-2023-52913, CVE-2024-50296, CVE-2024-50085, CVE-2024-50196, CVE-2024-50072, CVE-2024-50171, CVE-2024-50103, CVE-2024-50101, CVE-2024-50156, CVE-2024-50201, CVE-2024-50233, CVE-2024-53059, CVE-2024-53066, CVE-2024-53063, CVE-2024-50150, CVE-2024-50131, CVE-2024-50163, CVE-2024-50162, CVE-2024-50299, CVE-2024-50232) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1078-aws 5.15.0-1078.85 linux-image-aws-lts-22.04 5.15.0.1078.80 After a standard system update you need to reboot yourcomputer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7308-1 CVE-2023-52913, CVE-2024-26718, CVE-2024-35887, CVE-2024-39497, CVE-2024-40953, CVE-2024-40965, CVE-2024-41066, CVE-2024-41080, CVE-2024-42252, CVE-2024-42291, CVE-2024-50010, CVE-2024-50036, CVE-2024-50058, CVE-2024-50072, CVE-2024-50074, CVE-2024-50082, CVE-2024-50083, CVE-2024-50085, CVE-2024-50086, CVE-2024-50099, CVE-2024-50101, CVE-2024-50103, CVE-2024-50110, CVE-2024-50115, CVE-2024-50116, CVE-2024-50117, CVE-2024-50127, CVE-2024-50128, CVE-2024-50131, CVE-2024-50134, CVE-2024-50141, CVE-2024-50142, CVE-2024-50143, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151, CVE-2024-50153, CVE-2024-50154, CVE-2024-50156, CVE-2024-50160, CVE-2024-50162, CVE-2024-50163, CVE-2024-50167, CVE-2024-50168, CVE-2024-50171, CVE-2024-50182, CVE-2024-50185, CVE-2024-50192, CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50196, CVE-2024-50198, CVE-2024-50199, CVE-2024-50201, CVE-2024-50202, CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50218, CVE-2024-50229, CVE-2024-50230, CVE-2024-50232, CVE-2024-50233, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50244, CVE-2024-50245, CVE-2024-50247, CVE-2024-50249, CVE-2024-50251, CVE-2024-50257, CVE-2024-50259, CVE-2024-50262, CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287, CVE-2024-50290, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296, CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-53042, CVE-2024-53052, CVE-2024-53055, CVE-2024-53058, CVE-2024-53059, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53088, CVE-2024-53097, CVE-2024-53101, CVE-2024-53103, CVE-2024-53104, CVE-2024-53141, CVE-2024-53164 Package Information: https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1078.85 . Debian 11.5 updates tackle various system vulnerabilities and improve overall stability. A restart is required following this update.. Linux Kernel Update, Ubuntu Security Advisory, AWS Kernel Improvements. . Severity: Critical. LinuxSecurity.com Team
Feb 27, 2025
•Critical
Ubuntu
100
security advisorysecurity issuecriticalSUSE: 2023:338-1 Critical: SLES 15 SP4 Arm64 Security Update
The container sles-15-sp4-chost-byos-v20230606-arm64 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230606-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:338-1 Image Tags : sles-15-sp4-chost-byos-v20230606-arm64:20230606 Image Release : Severity : critical Type : security References : 1027519 1127591 1186870 1195633 1199282 1200441 1203141 1204478 1204563 1207410 1208329 1208581 1209094 1209131 1209140 1209237 1209245 1209406 1209550 1209669 1209905 1210089 1210105 1210164 1210298 1210593 1210640 1210649 1210702 1210870 1211144 1211230 1211231 1211232 1211233 1211430 1211604 1211605 1211606 1211607 1211643 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230606-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packagingfixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2276-1 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1204563,1208581 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2279-1 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204478,1210640 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update forlibrelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2363-1 Released: Mon Jun 5 09:21:36 2023 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1209131,1209550,1209669,1209905,1210089,1210105 This update for libnvme, nvme-cli fixes the following issues: - Fix GC in Python binding (bsc#1209905 bsc#1209131) - Fix crash when printing json output for supported log pages (bsc#1209550) - Add coverity reported fixes (bsc#1209669) - Update host_traddr when using config.json file (bsc#1210089) - Fix compiler warning (git-fixes) - Fix condition in autoconnect service (bsc#1210105) - Set version-tag so that version are correctly reported ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2366-1 Released: Mon Jun 5 09:23:08 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519,1209237,1209245 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated -containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-8.0.1-150400.5.23.1 updated - dracut-055+suse.342.g2e6dce8e-150400.3.22.1 updated - grub2-i386-pc-2.06-150400.11.33.1 updated - grub2-x86_64-efi-2.06-150400.11.33.1 updated - grub2-2.06-150400.11.33.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libuuid1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150400.3.25.2 updated - nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-setuptools-44.1.1-150400.9.3.3 updated - runc-1.1.5-150000.43.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-sysvinit-249.16-150400.8.28.3 updated - systemd-249.16-150400.8.28.3 updated - udev-249.16-150400.8.28.3 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.16.4_02-150400.4.28.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150400.3.21.2 updated . SUSE has released an important security patch for sles-15-sp4-chost-byos-v20230606-arm64 that resolves several vulnerabilities associated with affected software components.. SLES 15 SP4, critical update, arm64 security issues, security patch, SUSEupdates. . Severity: Critical. LinuxSecurity.com Team
Jun 12, 2023
•Critical
SuSE
100
security advisorysecurity issueupdateSUSE: 2022:1149-1 Important: Container Security for sles-15-sp4
The container sles-15-sp4-chost-byos-v20221215-arm64 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20221215-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1149-1 Image Tags : sles-15-sp4-chost-byos-v20221215-arm64:20221215 Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20221215-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID:SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file namesto prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefileto use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352:Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) -systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated -openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated . Important security enhancements and system fixes released for the SUSE platform sles-15-sp4-chost-byos-v20221215-arm64.. SUSE Container Image Update, Security Patches, Recommended Updates, ARM Architecture. . Severity: Important. LinuxSecurity.com Team
Dec 20, 2022
•Important
SuSE
217
security advisorysecurity issuekernel updateOracle Linux 7 ELSA-2022-9199 Important Kernel Update Notice
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9199 https://linux.oracle.com/errata/ELSA-2022-9199.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.304.4.4.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.304.4.4.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.304.4.4.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.304.4.4.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.304.4.4.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.304.4.4.el7uek.x86_64.rpm aarch64: kernel-uek-5.4.17-2136.304.4.4.el7uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.304.4.4.el7uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.304.4.4.el7uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.304.4.4.el7uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.304.4.4.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.304.4.4.el7uek.aarch64.rpm kernel-uek-tools-libs-5.4.17-2136.304.4.4.el7uek.aarch64.rpm perf-5.4.17-2136.304.4.4.el7uek.aarch64.rpm python-perf-5.4.17-2136.304.4.4.el7uek.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.304.4.4.el7uek.src.rpm Related CVEs: CVE-2021-26341 Description of changes: [5.4.17-2136.304.4.4.el7uek] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646] - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646] - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646] - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646] - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646] - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646] - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646] - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646] -arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646] - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646] - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646] - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646] - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646] - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646] - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646] - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646] - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646] - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646] - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646] - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646] - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646] - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: Add initial retpoline support" (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline." (Russell King) [Orabug: 33921646] - Revert "Arm64: add retpoline to cpu_show_spectre_v2" (Russell King) [Orabug: 33921646] - Revert "arm64: retpoline: Don't use retpoline in KVM's HYP part." (Russell King) [Orabug: 33921646] - Revert "uek-rpm: aarch64 config enable RETPOLINE" (Russell King) [Orabug: 33921646] - Revert "uek-rpm: aarch64 config enable RETPOLINE OL8" (Russell King) [Orabug: 33921646] - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with `spectre_v2=none` (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314] _______________________________________________ El-errata mailing list
Mar 09, 2022
•Important
Oracle
217
security advisorysecurity issuekernel updateOracle Linux 8 ELSA-2022-9199 Important: Kernel Update Critical Threat
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9199 https://linux.oracle.com/errata/ELSA-2022-9199.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.304.4.4.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.304.4.4.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.304.4.4.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.304.4.4.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.304.4.4.el8uek.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.304.4.4.el8uek.src.rpm Related CVEs: CVE-2021-26341 Description of changes: [5.4.17-2136.304.4.4.el8uek] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646] - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646] - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646] - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646] - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646] - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646] - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646] - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646] - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646] - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646] - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646] - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646] - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646] - arm64: entry: Allow the trampoline text to occupymultiple pages (James Morse) [Orabug: 33921646] - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646] - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646] - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646] - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646] - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646] - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646] - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646] - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: Add initial retpoline support" (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block." (Russell King) [Orabug: 33921646] - Revert "BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline." (Russell King) [Orabug: 33921646] - Revert "Arm64: add retpoline to cpu_show_spectre_v2" (Russell King) [Orabug: 33921646] - Revert "arm64: retpoline: Don't use retpoline in KVM's HYP part." (Russell King) [Orabug: 33921646] - Revert "uek-rpm: aarch64 config enable RETPOLINE" (Russell King) [Orabug: 33921646] - Revert "uek-rpm: aarch64 config enable RETPOLINE OL8" (Russell King) [Orabug: 33921646] - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Extend our code to properlysupport eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with `spectre_v2=none` (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314] _______________________________________________ El-errata mailing list
Mar 09, 2022
•Important
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!