Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisorykernel updatecritical flawsopenSUSE 15 SP4: SUSE-SU-2025:0261-1 important: Kernel Live Patch Issues
An update that solves 34 vulnerabilities and has one security fix can now be installed.. # Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:0261-1 Release Date: 2025-01-27T14:03:51Z Rating: important References: * bsc#1219296 * bsc#1220145 * bsc#1220211 * bsc#1220828 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225733 * bsc#1225739 * bsc#1225819 * bsc#1226324 * bsc#1226325 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1229553 * bsc#1231353 * bsc#1232637 * bsc#1233712 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2022-48956 * CVE-2023-52340 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26585 * CVE-2024-26610 * CVE-2024-26622 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36904 * CVE-2024-36964 * CVE-2024-36971 * CVE-2024-40954 * CVE-2024-41059 * CVE-2024-43861 * CVE-2024-50264 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 34 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_108 fixes several issues. The following security issues were fixed: * CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324). * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637). * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev-> mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha-> vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-> mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220211). * CVE-2023-6546: Fixed a racecondition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828). * CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big' packets (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-261=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-261=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-13-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-13-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_108-default-13-150400.9.8.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-13-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-13-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_108-default-13-150400.9.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2022-48956.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26610.html *https://www.suse.com/security/cve/CVE-2024-26622.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-36971.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220828 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 *https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226324 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 * https://bugzilla.suse.com/show_bug.cgi?id=1232637 * https://bugzilla.suse.com/show_bug.cgi?id=1233712 . Fedora releases an urgent update for the Linux Kernel, patching several vulnerabilities with a comprehensive security enhancement.. Linux Kernel Update, openSUSE Security, Live Patching, SLE Advisory. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2025
•Important
OpenSUSE
203
security advisorydenial of servicekernel updateMageia 8 MGASA-2022-0379 Critical: Kernel Denial of Service Threat
This kernel update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to . MGASA-2022-0379 - Updated kernel packages fix security vulnerabilities Publication date: 23 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0379.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-0171, CVE-2022-2308, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303, CVE-2022-3586, CVE-2022-20421, CVE-2022-39842, CVE-2022-40307, CVE-2022-40768, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-41674 This kernel update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV) (CVE-2022-0171). A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers (CVE-2022-2308). An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (CVE-2022-2663). A flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of'pixclock', so it may cause a divide by zero error (CVE-2022-3061). A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303). A flaw was found in the Linux kernel networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service (CVE-2022-3586). In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (CVE-2022-20421). An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur (CVE-2022-39842). An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free (CVE-2022-40307). drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local usersto obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case (CVE-2022-40768). A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code (CVE-2022-42719). Various refcounting bugs in themulti-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code (CVE-2022-42720). A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers(able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code (CVE-2022-42721). In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackersable to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices (CVE-2022-42722). An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c (CVE-2022-41674). For other upstream fixes in this update, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=30969 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.66 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.67 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.69 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.70 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.71 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.72 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.73 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.74 - https://www.cve.org/CVERecord?id=CVE-2022-0171 - https://www.cve.org/CVERecord?id=CVE-2022-2308 - https://www.cve.org/CVERecord?id=CVE-2022-2663 - https://www.cve.org/CVERecord?id=CVE-2022-3061 - https://www.cve.org/CVERecord?id=CVE-2022-3303 - https://www.cve.org/CVERecord?id=CVE-2022-3586 - https://www.cve.org/CVERecord?id=CVE-2022-20421 -https://www.cve.org/CVERecord?id=CVE-2022-39842 - https://www.cve.org/CVERecord?id=CVE-2022-40307 - https://www.cve.org/CVERecord?id=CVE-2022-40768 - https://www.cve.org/CVERecord?id=CVE-2022-42719 - https://www.cve.org/CVERecord?id=CVE-2022-42720 - https://www.cve.org/CVERecord?id=CVE-2022-42721 - https://www.cve.org/CVERecord?id=CVE-2022-42722 - https://www.cve.org/CVERecord?id=CVE-2022-41674 SRPMS: - 8/core/kernel-5.15.74-1.mga8 - 8/core/kmod-virtualbox-6.1.38-1.6.mga8 - 8/core/kmod-xtables-addons-3.21-1.6.mga8 . Kernel patch MGASA-2022-0379 tackles urgent security vulnerabilities within Mageia. Check issued updates for important details.. Mageia Security Advisory, Kernel Update, Critical Security Fixes, System Crash, Kernel Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Oct 23, 2022
•Critical
Mageia
89
security advisorysoftware updateFedoraFedora 36: CRITICAL ADVISORY FEDORA-2022-ea8f4e232d for golang-jwt
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-jwt Product : Fedora 36 Version : 3.2.2 Release : 4.fc36 URL : https://github.com/golang-jwt/jwt Summary : A go implementation of JSON Web Tokens Description : A go implementation of JSON Web Tokens. Supports the parsing and verification, as well as the generation and signing of JWTs. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 3.2.2-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jul 29, 2022
•Critical
Fedora
199
security advisorykernel updatesecurity patchCentOS 7 CESA-2021-2314 Critical: Kernel Update For Security Issues
Upstream details at : https://access.redhat.com/errata/RHSA-2021:2314. CentOS Errata and Security Advisory 2021:2314 Important Upstream details at : https://access.redhat.com/errata/RHSA-2021:2314 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8b60c6a9194e57ad101ad2a28015f644b915aa5c958a5f8b0e68def14394fa13 bpftool-3.10.0-1160.31.1.el7.x86_64.rpm 3db35ae4792e6efe04cf89e50aeb71e9794589152c92cc1de54f2c92dc956b40 kernel-3.10.0-1160.31.1.el7.x86_64.rpm af4714a643e3d4a5fe7d6877aeec7cfc2047da0866e0c7feb3defa34e1c54b14 kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm 315bb4f6a8cd60a7becf60b599198a41a19465d28cc706d98dfa3b927f357dad kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm 7d9fd10906d65ff1e5f7dc8aed453f9fa04ddb34ca3a6622b45b15bbf2b7dc66 kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm 506818895cd30b93e3417b8379f3afc7f80a2a69c7739886bc58648f153fb9e6 kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm d561b43042ddb9d02a31ae81d1c4935a05988542719e259b277dfcc2995339cf kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm e8c1f68569cc209cc9fa2df02ad4b7b0845192e6e74e5167c8cf3400acdc4c2b kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm b3587c7ba2e0d12bead8a84ad8d8aad31b6a2da64b0de946850e55afd3787193 kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm 73ae0d5fb6285b4b0077f98e47a68f4b9fece79c2d81f4ee0718940d27177616 kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm 349059abdcb4206de241619b0a997e70897934335a8863a2070dccf45c49f019 kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm 135902f9e5faac7a0682e6189f5cfddf652759007d300d8dd5ccb7d527fec1f4 perf-3.10.0-1160.31.1.el7.x86_64.rpm f01aa14c280b18ae6d80cc559938fa75c648eb1537499db7841129684e2be5d9 python-perf-3.10.0-1160.31.1.el7.x86_64.rpm Source: dbe4fc96373df45d53ae338c86552a51119943045d930d6bb32b4b29ec3fc9c8 kernel-3.10.0-1160.31.1.el7.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Jun 14, 2021
•Critical
CentOS
89
security advisorysecurity issuesoftware updateFedora 30: FEDORA-2019-fbe83d0e32 Critical: Libarchive Flaws
Security fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-fbe83d0e32 2019-03-29 19:07:28.735753 --------------------------------------------------------------------------------Name : libarchive Product : Fedora 30 Version : 3.3.3 Release : 6.fc30 URL : http://www.libarchive.org/ Summary : A library for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. --------------------------------------------------------------------------------Update Information: Security fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam --------------------------------------------------------------------------------References: [ 1 ] Bug #1663893 - CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 libarchive: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1663893 [ 2 ] Bug #1672900 - CVE-2019-1000019 CVE-2019-1000020 libarchive: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672900 [ 3 ] Bug #1690071 - Two not applied CVE patches https://bugzilla.redhat.com/show_bug.cgi?id=1690071 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-fbe83d0e32' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 29, 2019
•Critical
Fedora
100
security advisorydenial of servicekernel updateSUSE Linux 12-SP2: 2017:3267-1 Important: Kernel Critical Flaws Resolved
An update that solves 5 vulnerabilities and has 56 fixes is An update that solves 5 vulnerabilities and has 56 fixes is An update that solves 5 vulnerabilities and has 56 fixes is now available. now available.. SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3267-1 Rating: important References: #1012382 #1017461 #1020645 #1022595 #1022600 #1022914 #1022967 #1025461 #1028971 #1030061 #1034048 #1037890 #1052593 #1053919 #1055493 #1055567 #1055755 #1055896 #1056427 #1058135 #1058410 #1058624 #1059051 #1059465 #1059863 #1060197 #1060985 #1061017 #1061046 #1061064 #1061067 #1061172 #1061451 #1061831 #1061872 #1062520 #1062962 #1063460 #1063475 #1063501 #1063509 #1063520 #1063667 #1063695 #1064206 #1064388 #1064701 #964944 #966170 #966172 #966186 #966191 #966316 #966318 #969474 #969475 #969476 #969477 #971975 #974590 #996376 Cross-References: CVE-2017-12153 CVE-2017-13080 CVE-2017-14489 CVE-2017-15265 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 56 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.95 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a userwith the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410 1058624). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: caiaq: Fix stray URB at probe error path (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: hda: Remove superfluous '-' added by printk conversion (bnc#1012382). - alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382). - alsa: seq: Enable 'use' locking in all configurations (bnc#1012382). - alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382). - alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corruptedbuffer descriptor (bnc#1012382). - alsa: usb-audio: Kill stray URB at exiting (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arc: Re-enable MMU upon Machine Check exception (bnc#1012382). - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382). - arm64: Make sure SPsel is always set (bnc#1012382). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm: pxa: add the number of DMA requestor lines (bnc#1012382). - arm: pxa: fix the number of DMA requestor lines (bnc#1012382). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - audit: log 32-bit socketcalls (bnc#1012382). - bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382). - bcache: Correct return value for sysfs attach errors (bnc#1012382). - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382). - bcache: fix bch_hprint crash and improve output (bnc#1012382). - bcache: fix for gc and write-back race (bnc#1012382). - bcache: Fix leak of bdev reference (bnc#1012382). - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382). - blacklist.conf: blacklisted 16af97dc5a89 (bnc#1053919) - block: Relax a check in blk_start_queue() (bnc#1012382). - bpf: one perf event close won't free bpf program attached by another perf event (bnc#1012382). - bpf/verifier: reject BPF_ALU64|BPF_END (bnc#1012382). - brcmfmac: add length check in brcmf_cfg80211_escan_handler() (bnc#1012382). - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - brcmsmac: make some local variables 'static const' to reduce stack size (bnc#1012382). - bridge: netlink: register netdevice before executingchangelink (bnc#1012382). - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382). - btrfs: add a node counter to each of the rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: add cond_resched() calls when resolving backrefs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: allow backref search checks for shared extents (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, add tracepoints for prelim_ref insertion and merging (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, add unode_aux_to_inode_list helper (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, cleanup __ namespace abuse (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, constify some arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: btrfs_check_shared should manage its own transaction (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: change how we decide to commit transactions during flushing (bsc#1060197). - btrfs: clean up extraneous computations in add_delayed_refs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: constify tracepoint arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: convert prelimary reference tracking to use rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: fix leak and use-after-free in resolve_indirect_refs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382). - btrfs: prevent to set invalid default subvolid (bnc#1012382). - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382). - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755). - btrfs: remove ref_tree implementation from backref.c (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: struct-funcs, constify readers (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - bus: mbus: fix window size calculation for 4GB windows (bnc#1012382). - can: esd_usb2: Fix can_dlc value for received RTR, frames (bnc#1012382). - can: gs_usb: fix busy loop if no more TX context is available (bnc#1012382). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - ceph: clean up unsafe d_parent accesses in build_dentry_path (bnc#1012382). - cifs: fix circular locking dependency (bsc#1064701). - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382). - cifs: Reconnect expired SMB sessions (bnc#1012382). - cifs: release auth_key.response for reconnect (bnc#1012382). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bnc#1012382). - cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382). - crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382). - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382). - crypto: talitos - fix sha224 (bnc#1012382). - crypto: xts - Add ECB dependency (bnc#1012382). - cxl: Fix driver use count (bnc#1012382). - direct-io: Prevent NULL pointer access in submit_page_section (bnc#1012382). - dmaengine: edma: Align the memcpy acnt array size with the transfer (bnc#1012382). - dmaengine: mmp-pdma: add number of requestors (bnc#1012382). - driver core: platform: Do not read past the end of "driver_override" buffer (bnc#1012382). - drivers: firmware: psci: drop duplicate const from psci_of_match (bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drm: Add driver-private objects to atomic state (bsc#1055493). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). -drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - drm/nouveau/bsp/g92: disable by default (bnc#1012382). - drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382). - ext4: do not allow encrypted operations without keys (bnc#1012382). - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382). - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382). - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets (bnc#1012382). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - f2fs: check hot_data for roll-forward recovery (bnc#1012382). - f2fs crypto: add missing locking for keyring_key access (bnc#1012382). - f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382). - f2fs: do not wait for writeback in write_begin (bnc#1012382). - fix unbalanced page refcounting in bio_map_user_iov (bnc#1012382). - fix whitespace according to upstream commit - fix xen_swiotlb_dma_mmap prototype (bnc#1012382). - fs-cache: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypto: require write access to mount to set encryption policy (bnc#1012382). - fs/epoll: cache leftmost node (bsc#1056427). - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382). - ftrace: Fix selftest goto location on error (bnc#1012382). - genirq: Fix for_each_action_of_desc() macro (bsc#1061064). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gfs2: Fix debugfs glocks dump (bnc#1012382). - gfs2: Fixreference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - gianfar: Fix Tx flow control deactivation (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - hid: usbhid: fix out-of-bounds bug (bnc#1012382). - hpsa: correct lun data caching bitmap definition (bsc#1028971). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: at91: ensure state is restored after suspending (bnc#1012382). - i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382). - ib/ipoib: Replace list_del of the neigh-> list with list_del_init (bnc#1012382). - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DTbinding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: xilinx: Fix error handling (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067). - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header (bnc#1012382). - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382). - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382). - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382). - ipv6: fix sparse warning on rt6i_node (bnc#1012382). - ipv6: fix typo in fib6_net_exit() (bnc#1012382). - irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382). - isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD (bnc#1012382). - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct l2tp_tunnel (kabi). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - keys: do not let add_key() update an uninstantiated key (bnc#1012382). - keys: encrypted: fix dereferenceof NULL user_key_payload (bnc#1012382). - keys: Fix race between updating and finding a negative key (bnc#1012382). - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382). - keys: prevent creating a different user's keyrings (bnc#1012382). - keys: prevent KEYCTL_READ on negative key (bnc#1012382). - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously (bsc#1061017). - kvm: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (bnc#1012382). - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017). - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017). - kvm: VMX: use cmpxchg64 (bnc#1012382). - l2tp: Avoid schedule while atomic in exit_net (bnc#1012382). - l2tp: fix race condition in l2tp_tunnel_delete (bnc#1012382). - libata: transport: Remove circular dependency at free time (bnc#1012382). - lib/digsig: fix dereference of NULL user_key_payload (bnc#1012382). - locking/lockdep: Add nest_lock integrity test (bnc#1012382). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - mac80211: fix power saving clients handling in iwlwifi (bnc#1012382). - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382). - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length (bnc#1012382). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172). - md/linear: shutup lockdep warnning (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382). - md/raid5: release/flush io in raid5_do_work() (bnc#1012382). - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382). - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: math-emu: . : Fix cases of both infinite inputs (bnc#1012382). - mips: math-emu: . : Fix cases of input values with opposite signs (bnc#1012382). - mips: math-emu: . : Fix cases of both inputs zero (bnc#1012382). - mips: math-emu: . : Fix quiet NaN propagation (bnc#1012382). - mips: math-emu: . : Fix cases of both inputs negative (bnc#1012382). - mips: math-emu: MINA. : Fix some cases of infinity and zero inputs (bnc#1012382). - mips: math-emu: Remove pr_err() calls from fpu_emu() (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - net: emac: Fix napi poll list corruption (bnc#1012382). -netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper-> expect_class_max (bnc#1012382). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bnc#1012382). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bnc#1012382). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvpp2: release reference to txq_cpu[] entry after unmapping (bnc#1012382). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - net: Set sk_prot_creator when cloning sockets to the right proto (bnc#1012382). - nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382). - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382). - nl80211: Define policy for packet pattern attributes (bnc#1012382). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - packet: only test po-> has_vnet_hdr once in packet_snd (bnc#1012382). - parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382). - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels (bnc#1012382). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (bnc#1012382). - pci: Allow PCI express root ports to find themselves (bsc#1061046). - pci: fix oops when tryto find Root Port for a PCI device (bsc#1061046). - pci: Fix race condition with driver_override (bnc#1012382). - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bnc#1012382). - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831). - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831). - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set (bnc#1012382). - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382). - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382). - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qlge: avoid memcpy buffer overflow (bnc#1012382). - rcu: Allow for page faults in NMI handlers (bnc#1012382). - rds: ib: add error handle (bnc#1012382). - rds: RDMA: Fix the composite message user notification (bnc#1012382). - Revert "bsg-lib: do not free job in bsg_prepare_job" (bnc#1012382). - Revert "net: fix percpu memory leaks" (bnc#1012382). - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" (bnc#1012382). - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" (bnc#1012382). - Revert "tty: goldfish: Fix a parameter of a call to free_irq" (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382). - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() (bnc#1012382). - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971). - scsi: hpsa: bump driver version (bsc#1022600 fate#321928). - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Check for null device pointers (bsc#1028971). - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971). - scsi: hpsa: Checkfor vpd support before sending (bsc#1028971). - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928). - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971). - scsi: hpsa: correct logical resets (bsc#1028971). - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928). - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928). - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971). - scsi: hpsa: Determine device external status earlier (bsc#1028971). - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600 fate#321928). - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928). - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971). - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971). - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928). - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971). - scsi: hpsa: remove memory allocate failure message (bsc#1028971). - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971). - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928). - scsi: hpsa: send ioaccel requests with 0 length down raid path (bsc#1022600 fate#321928). - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600 fate#321928). - scsi: hpsa: update check for logical volume status (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update identify physical device structure (bsc#1022600 fate#321928). - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update reset handler (bsc#1022600 fate#321928). - scsi: hpsa: use designated initializers (bsc#1028971). - scsi:hpsa: use %phN for short hex dumps (bsc#1028971). - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382). - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382). - scsi: reset wait for IO completion (bsc#996376). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bnc#1012382). - scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: do not return bogus Sg_requests (bsc#1064206). - scsi: sg: factor out sg_fill_request_table() (bnc#1012382). - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382). - scsi: sg: off by one in sg_ioctl() (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206). - scsi: sg: remove 'save_scat_len' (bnc#1012382). - scsi: sg: use standard lists for sg_requests (bnc#1012382). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382). - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382). - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() (bnc#1012382). - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382). - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382). - slub: do not merge cache if slub_debug contains a never-merge flag (bnc#1012382). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382). - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382). - sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: mark hid-multitouch as supported (FATE#323670) - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382). - target/iscsi: Fix unsolicited data seq_end_offset calculation (bnc#1012382). - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382). - tipc: use only positive error codes in messages (bnc#1012382). - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048). - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382). - tracing: Erase irqsoff trace with empty write (bnc#1012382). - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382). - ttpci: address stringop overflow warning (bnc#1012382). - tty: fix__tty_insert_flip_char regression (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - tty: improve tty_insert_flip_char() fast path (bnc#1012382). - tty: improve tty_insert_flip_char() slow path (bnc#1012382). - tun: bail out from tun_get_user() if the skb is empty (bnc#1012382). - uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382). - uapi: fix linux/rds.h userspace compilation errors (bnc#1012382). - udpv6: Fix the checksum computation when HW checksum does not apply (bnc#1012382). - usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: devio: Revert "USB: devio: Do not corrupt user memory" (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix deadlock caused by disconnect detection (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: hub: Allow reset retry for USB2 devices on connect bounce (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: musb: Check for host-mode using is_host_active() on reset interrupt (bnc#1012382). - usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382). - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: console: fix use-after-free after failed setup (bnc#1012382). - usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382). - usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382). - usb: serial: metro-usb: add MS7820 device id (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb: serial: option: add support for TP-Link LTE module (bnc#1012382). - usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382). - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bnc#1012382). - watchdog: kempld: fix gcc-4.3 build (bnc#1012382). - x86/alternatives: Fix alt_max_short macro to really be a max() (bnc#1012382). - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382). - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382). - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872). - xfs/dmapi: fix incorrect file-> f_path.dentry-> d_inode usage (bsc#1055896). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP2: zypper in -t patch SUSE-SLE-RT-12-SP2-2017-2034=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP2 (noarch): kernel-devel-rt-4.4.95-21.1 kernel-source-rt-4.4.95-21.1 - SUSE Linux Enterprise Real Time Extension 12-SP2 (x86_64): cluster-md-kmp-rt-4.4.95-21.1 cluster-md-kmp-rt-debuginfo-4.4.95-21.1 cluster-network-kmp-rt-4.4.95-21.1 cluster-network-kmp-rt-debuginfo-4.4.95-21.1 dlm-kmp-rt-4.4.95-21.1 dlm-kmp-rt-debuginfo-4.4.95-21.1 gfs2-kmp-rt-4.4.95-21.1 gfs2-kmp-rt-debuginfo-4.4.95-21.1 kernel-rt-4.4.95-21.1 kernel-rt-base-4.4.95-21.1 kernel-rt-base-debuginfo-4.4.95-21.1 kernel-rt-debuginfo-4.4.95-21.1 kernel-rt-debugsource-4.4.95-21.1 kernel-rt-devel-4.4.95-21.1 kernel-rt_debug-debuginfo-4.4.95-21.1 kernel-rt_debug-debugsource-4.4.95-21.1 kernel-rt_debug-devel-4.4.95-21.1 kernel-rt_debug-devel-debuginfo-4.4.95-21.1 kernel-syms-rt-4.4.95-21.1 ocfs2-kmp-rt-4.4.95-21.1 ocfs2-kmp-rt-debuginfo-4.4.95-21.1 References: https://www.suse.com/security/cve/CVE-2017-12153.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-14489.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1017461 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022600 https://bugzilla.suse.com/1022914 https://bugzilla.suse.com/1022967 https://bugzilla.suse.com/1025461 https://bugzilla.suse.com/1028971 https://bugzilla.suse.com/1030061 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1037890 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1053919 https://bugzilla.suse.com/1055493 https://bugzilla.suse.com/1055567 https://bugzilla.suse.com/1055755 https://bugzilla.suse.com/1055896 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1058135 https://bugzilla.suse.com/1058410 https://bugzilla.suse.com/1058624 https://bugzilla.suse.com/1059051 https://bugzilla.suse.com/1059465 https://bugzilla.suse.com/1059863 https://bugzilla.suse.com/1060197 https://bugzilla.suse.com/1060985 https://bugzilla.suse.com/1061017 https://bugzilla.suse.com/1061046 https://bugzilla.suse.com/1061064 https://bugzilla.suse.com/1061067 https://bugzilla.suse.com/1061172 https://bugzilla.suse.com/1061451 https://bugzilla.suse.com/1061831 https://bugzilla.suse.com/1061872 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1062962 https://bugzilla.suse.com/1063460 https://bugzilla.suse.com/1063475 https://bugzilla.suse.com/1063501 https://bugzilla.suse.com/1063509 https://bugzilla.suse.com/1063520 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1063695 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/969474 https://bugzilla.suse.com/969475 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/974590 https://bugzilla.suse.com/996376 . Important SUSE Linux Kernel upgrade addressing security vulnerabilities and enhancing system reliability following various incidents.. SUSE Kernel Update, Linux Security, Kernel Fixes. . Severity: Important. LinuxSecurity.com Team
Dec 12, 2017
•Important
SuSE
89
security advisorysoftware updateFedoraFedora 25 ImageMagick Security Advisory: Fixes for Critical Issues
6.9.9-15 ---- Rebuilt for ImageMagick 6.9.9-13. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-66d9113c7a 2017-10-10 19:22:46.015493 --------------------------------------------------------------------------------Name : ImageMagick Product : Fedora 25 Version : 6.9.9.15 Release : 1.fc25 URL : https://imagemagick.org/index.php Summary : An X application for displaying and manipulating images Description : ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. --------------------------------------------------------------------------------Update Information: 6.9.9-15 ---- Rebuilt for ImageMagick 6.9.9-13 --------------------------------------------------------------------------------References: [ 1 ] Bug #1496308 - [config/type-ghostscript.xml.in] using outdated hardcoded paths for (URW)++ fonts https://bugzilla.redhat.com/show_bug.cgi?id=1496308 [ 2 ] Bug #1496032 - convert: Ignoring invalid time value https://bugzilla.redhat.com/show_bug.cgi?id=1496032 [ 3 ] Bug #1487680 - CVE-2017-13768 ImageMagick: NULL pointer dereference in IdentifyImage function in MagickCore/identify.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487680 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ImageMagick' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 11, 2017
•Critical
Fedora
89
security advisoryFedorasecurity fixFedora 25: 2016-12-10 Critical: Mingw-Libarchive Security Fix
Security fixes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-dd2aa2b4a9 2016-12-10 20:56:57.153539 -------------------------------------------------------------------------------- Name : mingw-libarchive Product : Fedora 25 Version : 3.2.2 Release : 1.fc25 URL : http://www.libarchive.org/ Summary : MinGW package for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. -------------------------------------------------------------------------------- Update Information: Security fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385674 - CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 mingw-libarchive: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1385674 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mingw-libarchive' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 11, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!