Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
91
security advisorygentooprivilege escalationGentoo: GLSA-202407-26 Normal: Dmidecode Privilege Escalation
A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dmidecode: Privilege Escalation Date: July 24, 2024 Bugs: #905093 ID: 202407-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Background ========== Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB). Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ sys-apps/dmidecode < 3.5 > = 3.5 Description =========== Dmidecode -dump-bin can overwrite a local file. This has security relevance because, for example, execution of Dmidecode via sudo is plausible. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Dmidecode users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-apps/dmidecode-3.5" References ========== [ 1 ] CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-26 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 24, 2024
Gentoo
217
security advisorymoderate severityCVE resolutionOracle Linux 8 ELSA-2023-5253 Moderate: Kernel Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-5252 https://linux.oracle.com/errata/ELSA-2023-5252.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dmidecode-3.3-4.el8_8.1.x86_64.rpm aarch64: dmidecode-3.3-4.el8_8.1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//dmidecode-3.3-4.el8_8.1.src.rpm Related CVEs: CVE-2023-30630 Description of changes: [1:3.3-4.1] - Resolves: CVE-2023-30630 _______________________________________________ El-errata mailing list
Sep 20, 2023
Oracle
98
security advisoryRed Hat Enterprise Linuxsecurity impactModerate Update: dmidecode Local File Overwrite in RHEL 8 RHSA-2023:5252-01
An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dmidecode security update Advisory ID: RHSA-2023:5252-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5252 Issue date: 2023-09-19 CVE Names: CVE-2023-30630 ===================================================================== 1. Summary: An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, x86_64 3. Description: The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface (EFI), depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer. Security Fix(es): * dmidecode: dump-bin to overwrite a local file (CVE-2023-30630) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2186669 - CVE-2023-30630 dmidecode: dump-bin to overwrite a local file 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: dmidecode-3.3-4.el8_8.1.src.rpm aarch64: dmidecode-3.3-4.el8_8.1.aarch64.rpm dmidecode-debuginfo-3.3-4.el8_8.1.aarch64.rpm dmidecode-debugsource-3.3-4.el8_8.1.aarch64.rpm x86_64: dmidecode-3.3-4.el8_8.1.x86_64.rpm dmidecode-debuginfo-3.3-4.el8_8.1.x86_64.rpm dmidecode-debugsource-3.3-4.el8_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCb3lAAoJENzjgjWX9erEvf8P/0Q5xme4wX46ceez/+txxBu1 yjx1WZK9JZvvOj8trsldeG6caztK9+cq2vBpYSy6LCqsxrv1vev5+X79q53M+D3e 4FLuLfvmv2+YU70Mw4gxui5inC4Vq9C3/74T3KrVDJAQmNRyxsjkRqFEHx3lrcI6 N/741+yZNQf2UhcJGfqXAXDXR3MJ6b6QKxPWlYDHc5h4tV6s9Y26LZdUE5qyPaU9 SAA7IRjaph92zy9+f/ndvPeQ2KTp/UgrxPoAav96+Lz0/Xuo+nahFLEVFEi+eCc3 J3mu/J/vViXd4h0Y5kgle74alPhcQyOxUbvs4kE5jCdGvJOM6Os7EZ6h0nVAn8dM y7NAAcwQ/IHL6/47wsapO5Q/GBzZymbYwWKZGcERJJxD8QRuOr+EeQ/AyC6ePScK n6KLbXyt+mBOH0+BzMAsaxJVvG5PaZMmiip7ECnqSeVv/zfPj8DZoiDp88AfzL+w +W2Zgk1gJH9u5jQlx/0IX5icOavxu2jnFT8F2K5rTg8dj5W30RGjYgainFzbt3on c/wBHlAY/3ipR+0GN28JfeWOqJ2yTFldpazczfBU4wSr4lHx9k395lH39pUo0yzR eWA1cdiCzUBRzbOvhofM89l8paghrfoasFI86Zc385TNSRu1nJ/LnjK5RUElZ5Wp qUolUpWxaMko2Dz+hYXX =QDC0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 19, 2023
Red Hat
217
security advisorymoderateupdateOracle Linux 9 ELSA-2023-5061 Moderate: Dmidecode CVE-2023-30630
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-5061 https://linux.oracle.com/errata/ELSA-2023-5061.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: dmidecode-3.3-7.el9_2.1.x86_64.rpm aarch64: dmidecode-3.3-7.el9_2.1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//dmidecode-3.3-7.el9_2.1.src.rpm Related CVEs: CVE-2023-30630 Description of changes: [1:3.3-7.1] - Resolves: CVE-2023-30630 _______________________________________________ El-errata mailing list
Sep 14, 2023
Oracle
98
security advisorymoderatesecurity fixRHEL 9 RHSA-2023-5061 Moderate: Dmidecode Local File Overwrite
An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dmidecode security update Advisory ID: RHSA-2023:5061-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5061 Issue date: 2023-09-12 CVE Names: CVE-2023-30630 ===================================================================== 1. Summary: An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, x86_64 3. Description: The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface (EFI), depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer. Security Fix(es): * dmidecode: dump-bin to overwrite a local file (CVE-2023-30630) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2186669 - CVE-2023-30630 dmidecode: dump-bin to overwrite a local file 6. Package List: Red Hat Enterprise Linux BaseOS (v. 9): Source: dmidecode-3.3-7.el9_2.1.src.rpm aarch64: dmidecode-3.3-7.el9_2.1.aarch64.rpm dmidecode-debuginfo-3.3-7.el9_2.1.aarch64.rpm dmidecode-debugsource-3.3-7.el9_2.1.aarch64.rpm x86_64: dmidecode-3.3-7.el9_2.1.x86_64.rpm dmidecode-debuginfo-3.3-7.el9_2.1.x86_64.rpm dmidecode-debugsource-3.3-7.el9_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlAINeAAoJENzjgjWX9erE1ggP/jpgP6tmujOEKsHNMmefIpfo h8Fs+hDUJxaD8BsFgKyVX3YEv4Gx/czFytIfiNmZAutM5B5kq6oVuojQv1/aUzq2 SQ4sbT3WJLcbz+Y8SgBnkiHvif7jCOCZ/KSe0J99Y7Oab54nx0ApA/Cjjj2CtHE6 U8UXNZh4S6mXn58AFM7Pstbk7bv+F9X2meKF+0uM6u5jEO87wXYR261DekaYS7uI ZEZ5R4tnQG3uZ6N4zrqf0GrDxamZfvFqRd1ENhN/lUa8GvTglDym1vnV49QBe0Ol L7BDDAx8Zd2rnD7+fHTxyIvFF5/rF7pp9IR+qvKtgci4Dtn/la+AYlZxnEv8RmHh b6SnSj2kxFPueAHBcMLeCF/ska7D2rEJflQcggEN0P+7cqIGnAXz5tRULBQ04dbc Zq3IZ56/vJ/djY2m7Lih34Z/Kq4pm61tNN0CO6g9GUZf4kF3LdWCmFflm0wzQHeH ZPx8rWXbH0Yeo5BL59p3stViYSQ4n1XlRscqPCWfisiAXS1zNWP1/lUli9Et3woA F0/cvMULK5jZtrA9hFMzuz/38EsbfOdinywVLMcS/DlylRIFul+yEfjgGMuGnfol X/YK4B0Zfdf2yd8tfRjQHy3LUK9tROYIgIj20GmNBoGA6J9Hs8ZiPFlytAb5nEQ7 zTNd47I4HgAeayIuwREi =9ZnK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 12, 2023
Red Hat
203
security advisorycriticallocal fileMageia 8: MGASA-2023-0180 Critical: Dmidecode Local File Overwrite
Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630) References: . MGASA-2023-0180 - Updated dmidecode packages fix security vulnerability Publication date: 21 May 2023 URL: https://advisories.mageia.org/MGASA-2023-0180.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-30630 Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630) References: - https://bugs.mageia.org/show_bug.cgi?id=31883 - https://lists.suse.com/pipermail/sle-security-updates/2023-April/014548.html - - https://www.cve.org/CVERecord?id=CVE-2023-30630 SRPMS: - 8/core/dmidecode-3.5-1.mga8 . DMGASA-2023-0192 enhances netstat to address a severe vulnerabilities linked to unauthorized access. Discover further details.. dmidecode update, mageia security, local file execution, overwrite vulnerability. . Severity: Critical. LinuxSecurity.com Team
May 21, 2023
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!