Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorymoderatesoftware updateSUSE: 2022:3796-1 Critical: QEMU Memory Leak & Denial of Service Risk
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3795-1 Rating: moderate References: #1192115 #1198038 #1201367 Cross-References: CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3795=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3795=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3795=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3795=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qemu-6.2.0-150400.37.8.2 qemu-accel-qtest-6.2.0-150400.37.8.2 qemu-accel-qtest-debuginfo-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2 qemu-arm-6.2.0-150400.37.8.2 qemu-arm-debuginfo-6.2.0-150400.37.8.2 qemu-audio-alsa-6.2.0-150400.37.8.2 qemu-audio-alsa-debuginfo-6.2.0-150400.37.8.2 qemu-audio-jack-6.2.0-150400.37.8.2 qemu-audio-jack-debuginfo-6.2.0-150400.37.8.2 qemu-audio-oss-debuginfo-6.2.0-150400.37.8.2 qemu-audio-pa-6.2.0-150400.37.8.2 qemu-audio-pa-debuginfo-6.2.0-150400.37.8.2 qemu-audio-spice-6.2.0-150400.37.8.2 qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2 qemu-block-curl-6.2.0-150400.37.8.2 qemu-block-curl-debuginfo-6.2.0-150400.37.8.2 qemu-block-dmg-6.2.0-150400.37.8.2 qemu-block-dmg-debuginfo-6.2.0-150400.37.8.2 qemu-block-gluster-6.2.0-150400.37.8.2 qemu-block-gluster-debuginfo-6.2.0-150400.37.8.2 qemu-block-iscsi-6.2.0-150400.37.8.2 qemu-block-iscsi-debuginfo-6.2.0-150400.37.8.2 qemu-block-nfs-6.2.0-150400.37.8.2 qemu-block-nfs-debuginfo-6.2.0-150400.37.8.2 qemu-block-rbd-6.2.0-150400.37.8.2 qemu-block-rbd-debuginfo-6.2.0-150400.37.8.2 qemu-block-ssh-6.2.0-150400.37.8.2 qemu-block-ssh-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-baum-6.2.0-150400.37.8.2 qemu-chardev-baum-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-spice-6.2.0-150400.37.8.2 qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2 qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-extra-6.2.0-150400.37.8.2 qemu-extra-debuginfo-6.2.0-150400.37.8.2 qemu-guest-agent-6.2.0-150400.37.8.2 qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-qxl-6.2.0-150400.37.8.2 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2 qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.8.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-host-6.2.0-150400.37.8.2 qemu-hw-usb-host-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-smartcard-6.2.0-150400.37.8.2 qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.8.2 qemu-ivshmem-tools-6.2.0-150400.37.8.2 qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.8.2 qemu-ksm-6.2.0-150400.37.8.2 qemu-lang-6.2.0-150400.37.8.2 qemu-linux-user-6.2.0-150400.37.8.1 qemu-linux-user-debuginfo-6.2.0-150400.37.8.1 qemu-linux-user-debugsource-6.2.0-150400.37.8.1 qemu-ppc-6.2.0-150400.37.8.2 qemu-ppc-debuginfo-6.2.0-150400.37.8.2 qemu-s390x-6.2.0-150400.37.8.2 qemu-s390x-debuginfo-6.2.0-150400.37.8.2 qemu-testsuite-6.2.0-150400.37.8.4 qemu-tools-6.2.0-150400.37.8.2 qemu-tools-debuginfo-6.2.0-150400.37.8.2 qemu-ui-curses-6.2.0-150400.37.8.2 qemu-ui-curses-debuginfo-6.2.0-150400.37.8.2 qemu-ui-gtk-6.2.0-150400.37.8.2 qemu-ui-gtk-debuginfo-6.2.0-150400.37.8.2 qemu-ui-opengl-6.2.0-150400.37.8.2 qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-app-6.2.0-150400.37.8.2 qemu-ui-spice-app-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-core-6.2.0-150400.37.8.2 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2 qemu-vhost-user-gpu-6.2.0-150400.37.8.2 qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-x86-6.2.0-150400.37.8.2 qemu-x86-debuginfo-6.2.0-150400.37.8.2 - openSUSE Leap 15.4 (s390x x86_64): qemu-kvm-6.2.0-150400.37.8.2 - openSUSE Leap 15.4 (noarch): qemu-SLOF-6.2.0-150400.37.8.2 qemu-ipxe-1.0.0+-150400.37.8.2 qemu-microvm-6.2.0-150400.37.8.2 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2 qemu-sgabios-8-150400.37.8.2 qemu-skiboot-6.2.0-150400.37.8.2 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): qemu-6.2.0-150400.37.8.2 qemu-block-curl-6.2.0-150400.37.8.2 qemu-block-curl-debuginfo-6.2.0-150400.37.8.2 qemu-block-iscsi-6.2.0-150400.37.8.2 qemu-block-iscsi-debuginfo-6.2.0-150400.37.8.2 qemu-block-rbd-6.2.0-150400.37.8.2 qemu-block-rbd-debuginfo-6.2.0-150400.37.8.2 qemu-block-ssh-6.2.0-150400.37.8.2 qemu-block-ssh-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-baum-6.2.0-150400.37.8.2 qemu-chardev-baum-debuginfo-6.2.0-150400.37.8.2 qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-guest-agent-6.2.0-150400.37.8.2 qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-host-6.2.0-150400.37.8.2 qemu-hw-usb-host-debuginfo-6.2.0-150400.37.8.2 qemu-ksm-6.2.0-150400.37.8.2 qemu-lang-6.2.0-150400.37.8.2 qemu-ui-curses-6.2.0-150400.37.8.2 qemu-ui-curses-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64lex86_64): qemu-audio-spice-6.2.0-150400.37.8.2 qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-spice-6.2.0-150400.37.8.2 qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-qxl-6.2.0-150400.37.8.2 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2 qemu-ui-gtk-6.2.0-150400.37.8.2 qemu-ui-gtk-debuginfo-6.2.0-150400.37.8.2 qemu-ui-opengl-6.2.0-150400.37.8.2 qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-app-6.2.0-150400.37.8.2 qemu-ui-spice-app-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-core-6.2.0-150400.37.8.2 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x x86_64): qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.8.2 qemu-kvm-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le): qemu-ppc-6.2.0-150400.37.8.2 qemu-ppc-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64): qemu-arm-6.2.0-150400.37.8.2 qemu-arm-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): qemu-SLOF-6.2.0-150400.37.8.2 qemu-ipxe-1.0.0+-150400.37.8.2 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2 qemu-sgabios-8-150400.37.8.2 qemu-skiboot-6.2.0-150400.37.8.2 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): qemu-accel-tcg-x86-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2 qemu-audio-alsa-6.2.0-150400.37.8.2 qemu-audio-alsa-debuginfo-6.2.0-150400.37.8.2 qemu-audio-pa-6.2.0-150400.37.8.2 qemu-audio-pa-debuginfo-6.2.0-150400.37.8.2 qemu-x86-6.2.0-150400.37.8.2 qemu-x86-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x): qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.8.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.8.2 qemu-s390x-6.2.0-150400.37.8.2 qemu-s390x-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-tools-6.2.0-150400.37.8.2 qemu-tools-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): qemu-6.2.0-150400.37.8.2 qemu-audio-spice-6.2.0-150400.37.8.2 qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-spice-6.2.0-150400.37.8.2 qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2 qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-guest-agent-6.2.0-150400.37.8.2 qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-qxl-6.2.0-150400.37.8.2 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2 qemu-tools-6.2.0-150400.37.8.2 qemu-tools-debuginfo-6.2.0-150400.37.8.2 qemu-ui-opengl-6.2.0-150400.37.8.2 qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-core-6.2.0-150400.37.8.2 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2 - SUSELinux Enterprise Micro 5.3 (aarch64): qemu-arm-6.2.0-150400.37.8.2 qemu-arm-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (x86_64): qemu-accel-tcg-x86-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2 qemu-x86-6.2.0-150400.37.8.2 qemu-x86-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (noarch): qemu-ipxe-1.0.0+-150400.37.8.2 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2 qemu-sgabios-8-150400.37.8.2 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (s390x): qemu-s390x-6.2.0-150400.37.8.2 qemu-s390x-debuginfo-6.2.0-150400.37.8.2 References: https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198038 https://bugzilla.suse.com/1201367 . A moderate SUSE update addresses security issues with qemu, including memory leaks and DoS risks. Discover details!. SUSE Security Update,qemu vulnerabilities,SUSE Linux Patch Administration,security advisory,qemu software patch. . Severity: Important. LinuxSecurity.com Team
Oct 27, 2022
•Important
SuSE
172
security advisoryUbuntuDenial of ServiceUbuntu 20.04 LTS USN-5554-1 Critical: GDK-PixBuf Crash Threat
GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5554-1 August 08, 2022 gdk-pixbuf vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - gdk-pixbuf: GDK Pixbuf library Details: Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. References: CVE-2021-46829 Package Information: https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.40.0+dfsg-3ubuntu0.3 . A security flaw in GDK-PixBuf enables crashing or unauthorized program execution through specially crafted PNG files in Ubuntu 22.04 LTS.. gdk-pixbuf, Ubuntu security, denial of service, crash threat. . Severity: Critical. LinuxSecurity.com Team
Aug 08, 2022
•Critical
Ubuntu
172
security advisorycriticalsoftware updateUbuntu: USN-4682-1 Critical: WavPack Crash And Code Execution Issue
WavPack could be made to execute arbitrary code or crash if it received a specially crafted WAV file.. =========================================================================Ubuntu Security Notice USN-4682-1 January 06, 2021 wavpack vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: WavPack could be made to execute arbitrary code or crash if it received a specially crafted WAV file. Software Description: - wavpack: audio codec (lossy and lossless) - encoder and decoder Details: It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: wavpack 5.3.0-1ubuntu0.1 Ubuntu 20.04 LTS: wavpack 5.2.0-1ubuntu0.1 Ubuntu 18.04 LTS: wavpack 5.1.0-2ubuntu1.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4682-1 CVE-2020-35738 Package Information: https://launchpad.net/ubuntu/+source/wavpack/5.3.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/wavpack/5.2.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/wavpack/5.1.0-2ubuntu1.5 . The WavPack security flaw might enable code execution or cause system failures through specially designed WAV files on Ubuntu platforms.. WavPack Security, Ubuntu Updates, Code Execution Threat. . Severity: Critical. LinuxSecurity.com Team
Jan 06, 2021
•Critical
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 15.04 USN-2638-1 Moderate: Kernel Vulnerability Risks
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-2638-1 June 10, 2015 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-0275) Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636) A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). (CVE-2015-4036) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: linux-image-3.19.0-20-generic 3.19.0-20.20 linux-image-3.19.0-20-generic-lpae 3.19.0-20.20 linux-image-3.19.0-20-lowlatency 3.19.0-20.20 linux-image-3.19.0-20-powerpc-e500mc 3.19.0-20.20 linux-image-3.19.0-20-powerpc-smp 3.19.0-20.20 linux-image-3.19.0-20-powerpc64-emb 3.19.0-20.20 linux-image-3.19.0-20-powerpc64-smp 3.19.0-20.20 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to updatethat package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-2638-1 CVE-2015-0275, CVE-2015-3636, CVE-2015-4036 Package Information: https://launchpad.net/ubuntu/+source/linux/3.19.0-20.20 . =========================================================================Ubuntu Security Notice USN-. security, kernel, ==================================================. . LinuxSecurity.com Team
Jun 10, 2015
Ubuntu
172
security advisorycode executionubuntuUbuntu 15.04: 2605-2 Critical: OpenSSL Vulnerability and Remote Exploit
ICU could be made to crash or run programs as your login if it processed specially crafted data.. =========================================================================Ubuntu Security Notice USN-2605-1 May 11, 2015 icu vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: ICU could be made to crash or run programs as your login if it processed specially crafted data. Software Description: - icu: International Components for Unicode library Details: Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libicu52 52.1-8ubuntu0.1 Ubuntu 14.10: libicu52 52.1-6ubuntu0.3 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2605-1 CVE-2014-8146, CVE-2014-8147 Package Information: https://launchpad.net/ubuntu/+source/icu/52.1-8ubuntu0.1 https://launchpad.net/ubuntu/+source/icu/52.1-6ubuntu0.3 https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.3 . Recent weaknesses identified in ICU on Ubuntu may lead to system crashes or permit unintended code execution. Ensure your software is updated to safeguard against these issues.. Ubuntu Security, ICU Flaw, Crash Threat, Privilege Escalation. . Severity: Critical. LinuxSecurity.com Team
May 11, 2015
•Critical
Ubuntu
98
security advisoryimportantred hat enterpriseRed Hat Enterprise Linux 5 RHSA-2015:0869-01 Important KVM Flaws
Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2015:0869-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0869.html Issue date: 2015-04-22 CVE Names: CVE-2014-3610 CVE-2014-3611 ==================================================================== 1. Summary: Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users areadvised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (https://bugzilla.redhat.com/): 1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition 1144883 - CVE-2014-3610 kernel: kvm: noncanonical MSR writes 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: kvm-83-270.el5_11.src.rpm x86_64: kmod-kvm-83-270.el5_11.x86_64.rpm kmod-kvm-debug-83-270.el5_11.x86_64.rpm kvm-83-270.el5_11.x86_64.rpm kvm-debuginfo-83-270.el5_11.x86_64.rpm kvm-qemu-img-83-270.el5_11.x86_64.rpm kvm-tools-83-270.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: kvm-83-270.el5_11.src.rpm x86_64: kmod-kvm-83-270.el5_11.x86_64.rpm kmod-kvm-debug-83-270.el5_11.x86_64.rpm kvm-83-270.el5_11.x86_64.rpm kvm-debuginfo-83-270.el5_11.x86_64.rpm kvm-qemu-img-83-270.el5_11.x86_64.rpm kvm-tools-83-270.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-3610 https://access.redhat.com/security/cve/CVE-2014-3611 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . Critical KVM security update for Red Hat Enterprise Linux addressing important issues and vulnerabilities.. KVM Security Flaws, Red Hat Enterprise Linux, Linux Kernel. . Severity: Important. LinuxSecurity.com Team
Apr 22, 2015
•Important
Red Hat
87
security advisorysecurity issuedebianDebian: DSA-3068-1 Moderate: Konversation FiSH Encryption Crash Threat
It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption. For the stable distribution (wheezy), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3068-1
Nov 07, 2014
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!