Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
202
security advisorymoderatebug fixopenSUSE: Dovecot24 Moderate Cache Issue Fix CVE-2025-30189 2025-20113-1
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for dovecot24 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20113-1 Rating: moderate References: * bsc#1252839 Cross-References: * CVE-2025-30189 CVSS scores: * CVE-2025-30189 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2025-30189 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for dovecot24 fixes the following issues: - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled (bsc#1252839) - Changes - auth: Remove proxy_always field. - config: Change settings history parsing to use python3. - doveadm: Print table formatter - Print empty values as "-". - imapc: Propagate remote error codes properly. - lda: Default mail_home=$HOME environment if not using userdb lookup - lib-dcrypt: Salt for new version 2 keys has been increased to 16 bytes. - lib-dregex: Add libpcre2 based regular expression support to Dovecot, if the library is missing, disable all regular expressions. This adds libpcre2-32 as build dependency. - lib-oauth2: jwt - Allow nbf and iat to point 1 second into future. - lib: Replace libicu with our own unicode library. Removes libicu as build dependency. - login-common: If proxying fails due to remote having invalid SSL cert, don't reconnect. - New features - auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields - config: Add support for $SET:filter/path/setting. - config: Improve @group includes to work with overwriting their settings. - doveadm kick: Addsupport for kicking multiple usernames - doveadm mailbox status: Add support for deleted status item. - imap, imap-client: Add experimental partial IMAP4rev2 support. - imap: Implement support for UTF8=ACCEPT for APPEND - lib-oauth2, oauth2: Add oauth2_token_expire_grace setting. - lmtp: lmtp-client - Support command pipelining. - login-common: Support local/remote blocks better. - master: accept() unix/inet connections before creating child process to handle it. This reduces timeouts when child processes are slow to spawn themselves. - Bug fixes - SMTPUTF8 was accepted even when it wasn't enabled. - auth, *-login: Direct logging with -L parameter was not working. - auth: Crash occured when OAUTH token validation failed with oauth2_use_worker_with_mech=yes. - auth: Invalid field handling crashes were fixed. - auth: ldap - Potential crash could happen at deinit. - auth: mech-gssapi - Server sending empty initial response would cause errors. - auth: mech-winbind - GSS-SPNEGO mechanism was erroneously marked as - not accepting NUL. - config: Multiple issues with $SET handling has been fixed. - configure: Building without LDAP didn't work. - doveadm: If source user didn't exist, a crash would occur. - imap, pop3, submission, imap-urlauth: USER environment usage was broken when running standalone. - imap-hibernate: Statistics would get truncated on unhibernation. - imap: "SEARCH MIMEPART FILENAME ENDS" command could have accessed memory outside allocated buffer, resulting in a crash. - imapc: Fetching partial headers would cause other cached headers to be cached empty, breaking e.g. imap envelope responses when caching to disk. - imapc: Shared namespace's INBOX mailbox was not always uppercased. - imapc: imapc_features=guid-forced GUID generation was not working correctly. - lda: USER environment was not accepted if -d hasn'tbeen specified. - lib-http: http-url - Significant path percent encoding through parse and create was not preserved. This is mainly important for Dovecot's Lua bindings for lib-http. - lib-settings: Crash would occur when using %variables in SET_FILE type settings. - lib-storage: Attachment flags were attempted to be added for readonly mailboxes with mail_attachment_flags=add-flags. - lib-storage: Root directory for unusable shared namespaces was unnecessarily attempted to be created. - lib: Crash would occur when config was reloaded and logging to syslog. - login-common: Crash might have occured when login proxy was destroyed. - sqlite: The sqlite_journal_mode=wal setting didn't actually do anything. - Many other bugs have been fixed. - Update pigeonhole to 2.4.2 - Changes - lib-sieve: Use new regular expression library in core. - managesieve: Add default service_extra_groups=$SET:default_internal_group. - New features - lib-sieve: Add support for "extlists" extension. - lib-sieve: regex - Allow unicode comparator. - Bug fixes - lib-sieve-tool: sieve-tool - All sieve_script settings were overriden. - lib-sieve: storage: dict: sieve_script_dict filter was missing from settings. - sieve-ldap-storage: Fix compile without LDAP. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-79=1 Package List: - openSUSE Leap 16.0: dovecot24-2.4.2-160000.1.1 dovecot24-backend-mysql-2.4.2-160000.1.1 dovecot24-backend-pgsql-2.4.2-160000.1.1 dovecot24-backend-sqlite-2.4.2-160000.1.1 dovecot24-devel-2.4.2-160000.1.1 dovecot24-fts-2.4.2-160000.1.1 dovecot24-fts-flatcurve-2.4.2-160000.1.1 dovecot24-fts-solr-2.4.2-160000.1.1 References: *https://www.suse.com/security/cve/CVE-2025-30189.html . An important security update for openSUSE to fix a cache issue in dovecot24 with moderate severity rating.. openSUSE dovecot24 update security. . LinuxSecurity.com Team
Nov 28, 2025
OpenSUSE
89
security advisoryFedoracurlFedora 41: FEDORA-2024-a94430d221 critical: curl HSTS cache issue
fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a94430d221 2025-01-09 02:02:18.477813+00:00 -------------------------------------------------------------------------------- Name : curl Product : Fedora 41 Version : 8.9.1 Release : 3.fc41 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. -------------------------------------------------------------------------------- Update Information: fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681) -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2024 Jan Macku - 8.9.1-3 - fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2326407 - CVE-2024-9681 curl: HSTS subdomain overwrites parent cache entry [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2326407 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a94430d221' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 09, 2025
•Critical
Fedora
203
security advisoryDoScurlMageia 9 MGASA-2024-0360 critical: curl HSTS cache issue
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the . MGASA-2024-0360 - Updated curl packages fix security vulnerability Publication date: 12 Nov 2024 URL: https://advisories.mageia.org/MGASA-2024-0360.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-9681 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. This flaw also affects the curl command line tool. When triggered, this is a potential minor DoS security problem when trying to use HTTPS when that no longer works or a cleartext transmission of data that was otherwise intended to possibly be protected. This update fixes the issue so subdomains cannot affect the HSTS cache of a parent domain. References: - https://bugs.mageia.org/show_bug.cgi?id=33730 - https://curl.se/docs/CVE-2024-9681.html - https://www.cve.org/CVERecord?id=CVE-2024-9681 SRPMS: - 9/core/curl-7.88.1-4.4.mga9 . Mageia 2024-0361 indicates a resolution for curl's subdomain caching problem that affects HSTS, recorded on Nov 15, 2024.. curl security update, Mageia advisory, HSTS vulnerability, DoS threat. . Severity: Critical. LinuxSecurity.com Team
Nov 12, 2024
•Critical
Mageia
202
security advisorymoderateupdateopenSUSE: 2024:0319-1 moderate: coredns performance enhancement
An update that fixes 6 vulnerabilities is now available. . openSUSE Security Update: Security update for coredns ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0319-1 Rating: moderate References: Cross-References: CVE-2022-27191 CVE-2022-28948 CVE-2023-28452 CVE-2023-30464 CVE-2024-0874 CVE-2024-22189 CVSS scores: CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28948 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2024-22189 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for coredns fixes the following issues: Update to version 1.11.3: * optimize the performance for high qps (#6767) * bump deps * Fix zone parser error handling (#6680) * Add alternate option to forward plugin (#6681) * fix: plugin/file: return error when parsing the file fails (#6699) * [fix:documentation] Clarify autopath README (#6750) * Fix outdated test (#6747) * Bump go version from 1.21.8 to 1.21.11 (#6755) * Generate zplugin.go correctly with third-party plugins (#6692) * dnstap: uses pointer receiver for small response writer (#6644) * chore: fix function name in comment (#6608) * [plugin/forward] Strip local zone from IPV6 nameservers (#6635) - fixes CVE-2023-30464 - fixes CVE-2023-28452 Update to upstream head (git commit #5a52707): * bump deps to address security issue CVE-2024-22189 * Return RcodeServerFailure when DNS64 has no next plugin (#6590) * add plusserver to adopters (#6565) * Change the log flags to be a variable that can be set prior tocalling Run (#6546) * Enable Prometheus native histograms (#6524) * forward: respect context (#6483) * add client labels to k8s plugin metadata (#6475) * fix broken link in webpage (#6488) * Repo controlled Go version (#6526) * removed the mutex locks with atomic bool (#6525) Update to version 1.11.2: * rewrite: fix multi request concurrency issue in cname rewrite (#6407) * plugin/tls: respect the path specified by root plugin (#6138) * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333) * fix: make the codeowners link relative (#6397) * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351) * plugin/cache: key cache on Checking Disabled (CD) bit (#6354) * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395) * Add PITS Global Data Recovery Services as an adopter (#6304) * Handle UDP responses that overflow with TC bit with test case (#6277) * plugin/rewrite: add rcode as a rewrite option (#6204) - CVE-2024-0874: coredns: CD bit response is cached and served later - Update to version 1.11.1: * Revert âplugin/forward: Continue waiting after receiving malformed responses * plugin/dnstap: add support for âextraâ field in payload * plugin/cache: fix keepttl parsing - Update to version 1.11.0: * Adds support for accepting DNS connections over QUIC (doq). * Adds CNAME target rewrites to the rewrite plugin. * Plus many bug fixes, and some security improvements. * This release introduces the following backward incompatible changes: + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice. + The bufsize plugin changed its default size limit value to 1232 + Some changes to forward plugin metrics. - Update to version 1.10.1: * Corrected architecture labels in multi-arch image manifest * A new plugin timeouts that allows configuration of server listener timeout durations * acl can drop queries as an action * template supports creating responses with extended DNS errors * New weighted policy in loadbalance * Option to serve original record TTLs from cache - Update to version 1.10.0: * core: add log listeners for k8s_event plugin (#5451) * core: log DoH HTTP server error logs in CoreDNS format (#5457) * core: warn when domain names are not in RFC1035 preferred syntax (#5414) * plugin/acl: add support for extended DNS errors (#5532) * plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602) * plugin/cache: add cache disable option (#5540) * plugin/cache: add metadata for wildcard record responses (#5308) * plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320) * plugin/cache: correct responses to Authenticated Data requests (#5191) * plugin/dnstap: add identity and version support for the dnstap plugin (#5555) * plugin/file: add metadata for wildcard record responses (#5308) * plugin/forward: enable multiple forward declarations (#5127) * plugin/forward: health_check needs to normalize a specified domain name (#5543) * plugin/forward: remove unused coredns_forward_sockets_open metric (#5431) * plugin/header: add support for query modification (#5556) * plugin/health: bypass proxy in self health check (#5401) * plugin/health: don't go lameduck when reloading (#5472) * plugin/k8s_external: add support for PTR requests (#5435) * plugin/k8s_external: resolve headless services (#5505) * plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461) * plugin/ready: reset list of readiness plugins on startup (#5492) * plugin/rewrite: add PTR records to supported types (#5565) * plugin/rewrite: fix a crash in rewrite plugin when ruletype is missing (#5459) * plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462) * plugin/rewrite: support min and max TTL values (#5508) * plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460) * plugin/trace: read trace context info from headers for DOH (#5439) * plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957) * core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 * core: update golang.org/x/crypto to fix CVE-2022-27191 * plugin/acl: adding a check to parse out zone info * plugin/dnstap: support FQDN TCP endpoint * plugin/errors: add stacktrace option to log a stacktrace during panic recovery * plugin/template: return SERVFAIL for zone-match regex-no-match case Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-319=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 x86_64): coredns-1.11.3-bp156.4.3.1 - openSUSE Backports SLE-15-SP6 (noarch): coredns-extras-1.11.3-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-27191.html https://www.suse.com/security/cve/CVE-2022-28948.html https://www.suse.com/security/cve/CVE-2023-28452.html https://www.suse.com/security/cve/CVE-2023-30464.html https://www.suse.com/security/cve/CVE-2024-0874.html https://www.suse.com/security/cve/CVE-2024-22189.html . This patch fixes various bugs in dnsmasq, improving efficiency and tackling identified vulnerabilities in Fedora.. coredns update, openSUSE security, coredns vulnerabilities, moderate advisory, DNS performance fix. . LinuxSecurity.com Team
Sep 27, 2024
OpenSUSE
100
security advisorymoderateupdateSUSE: 2024:3163-1 Moderate: Gradle Cache Issue Security Advisory
* bsc#1212930 Cross-References: * CVE-2023-35946 . # Security update for gradle Announcement ID: SUSE-SU-2024:3163-1 Rating: moderate References: * bsc#1212930 Cross-References: * CVE-2023-35946 CVSS scores: * CVE-2023-35946 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L * CVE-2023-35946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for gradle fixes the following issues: * CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location. (bsc#1212930) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3163=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3163=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3163=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3163=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.24.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.24.1 * Development ToolsModule 15-SP6 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35946.html * https://bugzilla.suse.com/show_bug.cgi?id=1212930 . SUSE published a security notice regarding gradle that tackles a moderate caching vulnerability associated with updates. Access complete information.. gradle security update, SUSE advisory, cache vulnerability, software patching. . LinuxSecurity.com Team
Sep 06, 2024
SuSE
89
security advisorycriticalFedoraFedora 38: 2024-4b2cf8c375 Critical: Xen Cache and Context Fixes
arm32: The cache may not be properly cleaned/invalidated (take two) [XSA-447, CVE-2023-46837] pci: phantom functions assigned to incorrect contexts [XSA-449, CVE-2023-46839] VT-d: Failure to quarantine devices in !HVM build [XSA-450,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-4b2cf8c375 2024-02-15 01:41:57.775532 -------------------------------------------------------------------------------- Name : xen Product : Fedora 38 Version : 4.17.2 Release : 6.fc38 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: arm32: The cache may not be properly cleaned/invalidated (take two) [XSA-447, CVE-2023-46837] pci: phantom functions assigned to incorrect contexts [XSA-449, CVE-2023-46839] VT-d: Failure to quarantine devices in !HVM build [XSA-450, CVE-2023-46840] -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 30 2024 Michael Young - 4.17.2-6 - arm32: The cache may not be properly cleaned/invalidated (take two) [XSA-447, CVE-2023-46837] - pci: phantom functions assigned to incorrect contexts [XSA-449, CVE-2023-46839] - VT-d: Failure to quarantine devices in !HVM build [XSA-450, CVE-2023-46840] -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4b2cf8c375' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can befound at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 15, 2024
•Critical
Fedora
89
security advisoryFedoramoderate severityFedora 39: 2024-e527e6fd08 Medium: Xen Device Isolation Concerns
arm32: The cache may not be properly cleaned/invalidated (take two) [XSA-447, CVE-2023-46837] pci: phantom functions assigned to incorrect contexts [XSA-449, CVE-2023-46839] VT-d: Failure to quarantine devices in !HVM build [XSA-450,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-e527e6fd08 2024-02-15 00:59:01.165416 -------------------------------------------------------------------------------- Name : xen Product : Fedora 39 Version : 4.17.2 Release : 6.fc39 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: arm32: The cache may not be properly cleaned/invalidated (take two) [XSA-447, CVE-2023-46837] pci: phantom functions assigned to incorrect contexts [XSA-449, CVE-2023-46839] VT-d: Failure to quarantine devices in !HVM build [XSA-450, CVE-2023-46840] -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 30 2024 Michael Young - 4.17.2-6 - arm32: The cache may not be properly cleaned/invalidated (take two) [XSA-447, CVE-2023-46837] - pci: phantom functions assigned to incorrect contexts [XSA-449, CVE-2023-46839] - VT-d: Failure to quarantine devices in !HVM build [XSA-450, CVE-2023-46840] -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-e527e6fd08' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can befound at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 15, 2024
•Medium
Fedora
89
security advisoryinformation leakFedoraFedora 37 FEDORA-2023-948136565a Critical: Xen Cache Issues
arm32: The cache may not be properly cleaned/invalidated [XSA-437, CVE-2023-34321] top-level shadow reference dropped too early for 64-bit PV guests [XSA-438, CVE-2023-34322] x86/AMD: Divide speculative information leak [XSA-439, CVE-2023-20588]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-948136565a 2023-10-12 01:17:21.640559 -------------------------------------------------------------------------------- Name : xen Product : Fedora 37 Version : 4.16.5 Release : 2.fc37 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: arm32: The cache may not be properly cleaned/invalidated [XSA-437, CVE-2023-34321] top-level shadow reference dropped too early for 64-bit PV guests [XSA-438, CVE-2023-34322] x86/AMD: Divide speculative information leak [XSA-439, CVE-2023-20588] -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 26 2023 Michael Young - 4.16.5-2 - arm32: The cache may not be properly cleaned/invalidated [XSA-437, CVE-2023-34321] - top-level shadow reference dropped too early for 64-bit PV guests [XSA-438, CVE-2023-34322] - x86/AMD: Divide speculative information leak [XSA-439, CVE-2023-20588] -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-948136565a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can befound at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 12, 2023
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!