Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
202
security advisoryimportantnetworkopenSUSE 15.2: 2021:1403-1 Important: VirtualBox Security Fix
An update that fixes 5 vulnerabilities is now available. . openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1403-1 Rating: important References: #1191104 #1191526 #1191869 Cross-References: CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVSS scores: CVE-2021-2475 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-35538 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35540 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-35542 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-35545 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for virtualbox fixes the following issues: Version bump to 6.1.28 (released October 19 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed guru meditation while booting nested-guests accessing debug registers under certain conditions - UI: Bug fixes for touchpad-based scrolling - VMSVGA: Fixed VM black screen issue on first resize after restoring from saved state (bug #20067) - VMSVGA: Fixed display corruption on Linux Mint (bug #20513) - Storage: Fixed a possible write error under certain circumstances when using VHD images (bug #20512) - Network: Multiple updates in virtio-net device support - Network: Disconnecting cable in saved VM state now is handled properly by virtio-net - Network: More administrative control over network ranges, see user manual - NAT: Fixed not rejecting TFTPrequests with absolute pathnames (bug #20589) - Audio: Fixed VM session aborting after PC hibernation (bug #20516) - Audio: Fixed setting the line-in volume of the HDA emulation on modern Linux guests - Audio: Fixed resuming playback of the AC'97 emulation while a snapshot has been taken - API: Added bindings support for Python 3.9 (bug #20252) - API: Fixed rare hang of VM when changing settings at runtime - Linux host: Improved kernel modules installation detection which prevents unnecessary modules rebuild - Host Services: Shared Clipboard: Prevent guest clipboard reset when clipboard sharing is disabled (bug #20487) - Host Services: Shared Clipboard over VRDP: Fixed to continue working when guest service reconnects to host (bug #20366) - Host Services: Shared Clipboard over VRDP: Fixed preventing remote RDP client to hang when guest has no clipboard data to report - Linux Host and Guest: Introduced initial support for kernels 5.14 and 5.15 - Linux Host and Guest: Introduced initial support for RHEL 8.5 kernel - Windows Guest: Introduced Windows 11 guest support, including unattended installation - Fixes CVE-2021-35538, CVE-2021-35545, CVE-2021-35540, CVE-2021-35542, and CVE-2021-2475 (boo#1191869) - Use kernel_module_directory macro for kernel modules (boo#1191526) - Finish UsrMerge for VirtualBox components (boo#1191104). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1403=1 Package List: - openSUSE Leap 15.2 (noarch): virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1 virtualbox-guest-source-6.1.28-lp152.2.38.1 virtualbox-host-source-6.1.28-lp152.2.38.1 - openSUSE Leap 15.2 (x86_64): python3-virtualbox-6.1.28-lp152.2.38.1 python3-virtualbox-debuginfo-6.1.28-lp152.2.38.1 virtualbox-6.1.28-lp152.2.38.1 virtualbox-debuginfo-6.1.28-lp152.2.38.1 virtualbox-debugsource-6.1.28-lp152.2.38.1 virtualbox-devel-6.1.28-lp152.2.38.1 virtualbox-guest-tools-6.1.28-lp152.2.38.1 virtualbox-guest-tools-debuginfo-6.1.28-lp152.2.38.1 virtualbox-guest-x11-6.1.28-lp152.2.38.1 virtualbox-guest-x11-debuginfo-6.1.28-lp152.2.38.1 virtualbox-kmp-debugsource-6.1.28-lp152.2.38.1 virtualbox-kmp-default-6.1.28_k5.3.18_lp152.95-lp152.2.38.1 virtualbox-kmp-default-debuginfo-6.1.28_k5.3.18_lp152.95-lp152.2.38.1 virtualbox-kmp-preempt-6.1.28_k5.3.18_lp152.95-lp152.2.38.1 virtualbox-kmp-preempt-debuginfo-6.1.28_k5.3.18_lp152.95-lp152.2.38.1 virtualbox-qt-6.1.28-lp152.2.38.1 virtualbox-qt-debuginfo-6.1.28-lp152.2.38.1 virtualbox-vnc-6.1.28-lp152.2.38.1 virtualbox-websrv-6.1.28-lp152.2.38.1 virtualbox-websrv-debuginfo-6.1.28-lp152.2.38.1 References: https://www.suse.com/security/cve/CVE-2021-2475.html https://www.suse.com/security/cve/CVE-2021-35538.html https://www.suse.com/security/cve/CVE-2021-35540.html https://www.suse.com/security/cve/CVE-2021-35542.html https://www.suse.com/security/cve/CVE-2021-35545.html https://bugzilla.suse.com/1191104 https://bugzilla.suse.com/1191526 https://bugzilla.suse.com/1191869 . This significant Fedora upgrade for KVM tackles various vulnerabilities, promoting system performance and safeguarding user data.. openSUSE virtualbox update, security patch, VM stability issues. . Severity: Important. LinuxSecurity.com Team
Oct 31, 2021
•Important
OpenSUSE
89
security advisoryfedoraupdateFedora 32: FEDORA-2020-17149a4f3d Moderate: Multiple Chromium Issues
Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-17149a4f3d 2020-03-27 07:58:57.670570 --------------------------------------------------------------------------------Name : chromium Product : Fedora 32 Version : 80.0.3987.149 Release : 1.fc32 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio * CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read in usersctplib. * CVE-2020-6449: Use after free in audio --------------------------------------------------------------------------------ChangeLog: * Wed Mar 18 2020 Tom Callaway - 80.0.3987.149-1 - update to 80.0.3987.149 * Thu Feb 27 2020 Tom Callaway - 80.0.3987.132-1 - update to 80.0.3987.132 - disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately) * Thu Feb 27 2020 Tom Callaway - 80.0.3987.122-1 - update to 80.0.3987.122 * Mon Feb 17 2020 Tom Callaway - 80.0.3987.106-1 - update to 80.0.3987.106 * Wed Feb 52020 Tom Callaway - 80.0.3987.87-1 - update to 80.0.3987.87 * Tue Jan 28 2020 Fedora Release Engineering - 79.0.3945.130-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1815241 [ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1815242 [ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1815243 [ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815244 [ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815245 [ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815247 [ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815248 [ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL https://bugzilla.redhat.com/show_bug.cgi?id=1815259 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-17149a4f3d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 27, 2020
Fedora
89
security advisoryfedoraupdateFedora 27 LAME Update: 2017-2e2dc86bc6 Critical Security Fixes
Update to 3.100 (#1470202, #1505107). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-2e2dc86bc6 2017-11-11 13:29:22.448255 --------------------------------------------------------------------------------Name : lame Product : Fedora 27 Version : 3.100 Release : 1.fc27 URL : https://lame.sourceforge.io/ Summary : Free MP3 audio compressor Description : LAME is an open source MP3 encoder whose quality and speed matches commercial encoders. LAME handles MPEG1,2 and 2.5 layer III encoding with both constant and variable bitrates. --------------------------------------------------------------------------------Update Information: Update to 3.100 (#1470202, #1505107) --------------------------------------------------------------------------------References: [ 1 ] Bug #1470202 - CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1470202 [ 2 ] Bug #1505107 - LAME 3.100 update with security fixes https://bugzilla.redhat.com/show_bug.cgi?id=1505107 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade lame' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 11, 2017
•Critical
Fedora
172
security advisorymoderatecode executionUbuntu: USN-749-1 Moderate: libsndfile Code Execution Threat
It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. [More...]. ==========================================================Ubuntu Security Notice USN-749-1 March 30, 2009 libsndfile vulnerability CVE-2009-0186 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsndfile1 1.0.12-3ubuntu1.1 Ubuntu 7.10: libsndfile1 1.0.17-4ubuntu0.7.10.1 Ubuntu 8.04 LTS: libsndfile1 1.0.17-4ubuntu0.8.04.1 Ubuntu 8.10: libsndfile1 1.0.17-4ubuntu0.8.10.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 5749 89e5a304266bb6a29a47e1b9ebae31a8 Size/MD5: 651 2fbd2934afd83f1c3ab6b4258a269881 Size/MD5: 798471 03718b7b225b298f41c19620b8906108 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 308302 74265d5248f39ad6d8c97576067c30ca Size/MD5: 179406 0014dc31d5b53d643c2ecbce36b4b5c3 Size/MD5: 63950 609ed2d20822109f2d6d0098d7618ddb i386 architecture (x86 compatible Intel/AMD): Size/MD5: 300372 2874cf5301cb2e076337bd9e5f2f0302 Size/MD5: 182560 61b33c31ed3f4838ae43deb2285af54c Size/MD5: 63840 02c9da91983dd14f3e7112f1a454482d powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 331956 fc4744c453f92382096fe1095637a0a9 Size/MD5: 196006 a7bfb57e3aa4e304607bd362e90d2654 Size/MD5: 69426 8130044b011566cde96f8e1bd9885f26 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 323784 a28aa32c141e121b7df3640da3a458c5 Size/MD5: 197884 565658beff769c2fdaa3c2da2b43cc68 Size/MD5: 64316 084607cd611593dd47a92d1dacc4e564 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 10204 26d89a562b90f5148023bacd3ce51e65 Size/MD5: 824 40af011aba04502d6c67851224a60d7b Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 334950 4f76034f136dc4c5fcbb9e70bd4f6c14 Size/MD5: 190798 78f8525d14ea7d3029515ed3366b736b Size/MD5: 73042 5e32ad10957a80656227990cf62ba58c i386 architecture (x86 compatible Intel/AMD): Size/MD5: 326206 773cd34c6c7aa9763077dc89234c3807 Size/MD5: 198010 646b1a82e269a0b540cc21836299228d Size/MD5: 73082 bfcacb225ef0a20eb0ba0552d43d4395 lpia architecture (Low Power Intel Architecture): Size/MD5: 324588 198d74f38c0bfb834c530a949233b291 Size/MD5: 195562 08820d83bc9ab34c75d1af411a19ad8e Size/MD5: 73190 47df865379c3e4c77c95f74d149cacc4 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 359880 ab2f98bff652541c4779958fe6b8d888 Size/MD5: 212254 693582ab87c124aafcfdc75a72d4900d Size/MD5: 81016 fef73edefd3d195f91b6b773c5e98a98 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 347748389eaee81f55ae9e4cbf57c824fad9f4 Size/MD5: 211030 c6bc38a625257f23c8d89d23d198c08a Size/MD5: 73704 4f97ea9fb3655bdfce7b9b612dc9845b Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 10204 6bc4313cdd84ecfaab4e9bd6ef8a5512 Size/MD5: 824 15f0740faee7bcdcdcb5cc18b0baa3e4 Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 332910 ec4134faee04f9f0837aaf5f6e7328b7 Size/MD5: 191128 63640e6095d6795c24fb9d548d3a9233 Size/MD5: 72998 e5154c7ff1d17d55c553cc91e72f53e3 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 324578 4c4c3cf62645e7fbb62f932690f0e6b1 Size/MD5: 198012 fa6255c0e74d83fb002a20a6cea1e745 Size/MD5: 73060 a596fb7e520ce178c9cc57a44350a5d2 lpia architecture (Low Power Intel Architecture): Size/MD5: 324316 c508aee72883b91502473eb449a17ebe Size/MD5: 195434 4ba5a1a36a0b0165c6d371e4b4d7f16b Size/MD5: 73174 ac440be0fce23a2c4bbdc65da2594cc3 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 358328 ccaef905c034bc0180cd6f788e3e51fe Size/MD5: 211176 d956eabc911e7a762820b5425f93b778 Size/MD5: 81256 27d20c9322c5a173fa6e081bd25fdfbd sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 344700 0db66235d1da30b20d6b8442e9dda4d0 Size/MD5: 207526 bdd10965df1be4733c0836a0ebe0f2d7 Size/MD5: 73724 66075286b40045b01d12bbfd8ff1d159 Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 10163 7a97269e0d3539e3ba97a0d2180d548f Size/MD5: 1246 0a4610351cb26ef8a6fe9928f79a47fe Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 333414 f2c8be1a441fc05417d7565f9263f7f8 Size/MD5: 1917905f07d746d33ddc7b6c54e624bafb9b20 Size/MD5: 73206 bfff044c1433b601043dfaa4dbd32a2e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 325804 44a34d93aa28c3e81549dc9405e6997f Size/MD5: 197810 bd5ad51ab6b31d917b016a6097857b95 Size/MD5: 72856 1001a6456c39d93805f9fb2eebb7f728 lpia architecture (Low Power Intel Architecture): Size/MD5: 326384 00fa39d8d58a742ee4a79afdb7f843b7 Size/MD5: 195390 46c9f63cc2f1b251e53cd070a8cc6947 Size/MD5: 72898 8a17cd0af180290cfd476b39f262c822 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 362670 bd7517006ec2c4707b1bf42ccc47a9ba Size/MD5: 213816 bc209aacd8644b4259569f9ae1d15720 Size/MD5: 79556 9f2fbdebf0f4c9920c425d65982b09cc sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 343436 da15fe706c292c838f772c52ff8273ed Size/MD5: 207042 8eb0c549c8d02a9ab0c699b385422237 Size/MD5: 74180 87379dae900f75991d796ea8d6fcd841 . Uncover the libsndfile security flaw in Ubuntu influencing various releases and methods to resolve it promptly.. libsndfile Vulnerability, Ubuntu Security Update, Audio File Exploit. . LinuxSecurity.com Team
Mar 30, 2009
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!