Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisorydenial of serviceubuntuUbuntu 20.04 LTS: USN-5577-1 Critical Driver Issues and Fixes
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5577-1 August 24, 2022 linux-oem-5.14 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.14: Linux kernel for OEM systems Details: Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.14.0-1049-oem 5.14.0-1049.56 linux-image-oem-20.04 5.14.0.1049.45 linux-image-oem-20.04b 5.14.0.1049.45 linux-image-oem-20.04c 5.14.0.1049.45 linux-image-oem-20.04d 5.14.0.1049.45 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5577-1 CVE-2021-33061,CVE-2021-33655 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1049.56 . Multiple vulnerabilities have been addressed in the Ubuntu kernel, affecting local users and posing risks of service disruption.. linux kernel vulnerabilities, ubuntu security update, driver issues. . Severity: Critical. LinuxSecurity.com Team
Aug 24, 2022
•Critical
Ubuntu
200
security advisorykernel updatebug fixSciLinux 7 SLSA-2021-4777-1 Critical: Kernel Use-After-Free Fixes
kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after- free (CVE-2020-36385) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * scsi: ibmvfc: Avoid link down on FS9100 canister reboot * crash in qla2x00_status_entry() because of corrupt srb * qedf driver: race c [More...]. Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:4777-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2020-36385 -- Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after- free (CVE-2020-36385) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * scsi: ibmvfc: Avoid link down on FS9100 canister reboot * crash in qla2x00_status_entry() because of corrupt srb * qedf driver: race condition between qedf's completion work task and another work item tearing down an fcport with qedf_cleanup_fcport * The kernel crashes in hv_pci_remove_slots() upon hv device removal. A possible race between hv_pci_remove_slots() and pci_devices_present_work(). * I/O delays incorrectly handled in the NVMe stack * Data corruption in NFS client reusing slotid/seqid due to an interrupted slot -- SL7 x86_64 bpftool-3.10.0-1160.49.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.49.1.el7.x86_64.rpm kernel-3.10.0-1160.49.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.49.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.49.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.49.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.49.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.49.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.49.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.49.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.49.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.49.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.49.1.el7.x86_64.rpm perf-3.10.0-1160.49.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.49.1.el7.x86_64.rpm python-perf-3.10.0-1160.49.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.49.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.49.1.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-1160.49.1.el7.noarch.rpm kernel-doc-3.10.0-1160.49.1.el7.noarch.rpm - Scientific Linux Development Team . Critical kernel vulnerability alert regarding use-after-free issues and vital patches with advisory ID SLSA-2021:4777-2.. Kernel Fixes, SciLinux Security, UseAfterFree Issue, Advisory Updates. . Severity: Critical. LinuxSecurity.com Team
Nov 24, 2021
•Critical
Scientific Linux
172
security advisorydenial of serviceubuntuUbuntu 16.04 LTS: USN-3173-1 Critical: NVIDIA Drivers Denial Of Service
NVIDIA graphics drivers could be made to crash under certain conditions.. =========================================================================Ubuntu Security Notice USN-3173-1 January 18, 2017 nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: NVIDIA graphics drivers could be made to crash under certain conditions. Software Description: - nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver Details: It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: nvidia-304 304.134-0ubuntu0.16.10.1 nvidia-304-updates 304.134-0ubuntu0.16.10.1 nvidia-331 340.101-0ubuntu0.16.10.1 nvidia-331-updates 340.101-0ubuntu0.16.10.1 nvidia-340 340.101-0ubuntu0.16.10.1 nvidia-340-updates 340.101-0ubuntu0.16.10.1 nvidia-current 304.134-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: nvidia-304 304.134-0ubuntu0.16.04.1 nvidia-304-updates 304.134-0ubuntu0.16.04.1 nvidia-331 340.101-0ubuntu0.16.04.1 nvidia-331-updates 340.101-0ubuntu0.16.04.1 nvidia-340 340.101-0ubuntu0.16.04.1 nvidia-340-updates 340.101-0ubuntu0.16.04.1 nvidia-current 304.134-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: nvidia-304 304.134-0ubuntu0.14.04.1 nvidia-304-updates 304.134-0ubuntu0.14.04.1 nvidia-331 340.101-0ubuntu0.14.04.1 nvidia-331-updates 340.101-0ubuntu0.14.04.1 nvidia-340 340.101-0ubuntu0.14.04.1 nvidia-340-updates 340.101-0ubuntu0.14.04.1 nvidia-current 304.134-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: nvidia-304 304.134-0ubuntu0.12.04.1 nvidia-304-updates 304.134-0ubuntu0.12.04.1 nvidia-331 340.101-0ubuntu0.12.04.1 nvidia-331-updates 340.101-0ubuntu0.12.04.1 nvidia-340 340.101-0ubuntu0.12.04.1 nvidia-340-updates 340.101-0ubuntu0.12.04.1 nvidia-current 304.134-0ubuntu0.12.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3173-1 CVE-2016-8826 Package Information: https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.134-0ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.101-0ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.134-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.101-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.134-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.101-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.134-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.101-0ubuntu0.12.04.1 . NVIDIA graphics card users on Ubuntu are facing major instability, causing system crashes during certain tasks. Updated drivers are urgently needed to resolve these issues. nvidia graphics drivers, ubuntu update, denial of service, driver fix, nvidia vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jan 18, 2017
•Critical
Ubuntu
172
security advisorycriticalubuntuUbuntu 12.10: USN-1918-1 Critical: OMAP4 Driver Crash Risk
The system could be made to crash or run programs as an administrator.. =========================================================================Ubuntu Security Notice USN-1918-1 July 29, 2013 linux-ti-omap4 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: linux-image-3.5.0-229-omap4 3.5.0-229.42 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-1918-1 CVE-2013-2852 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-229.42 . =========================================================================Ubuntu Security Notice USN-. system, crash, programs, administrator, =============================. . Severity: Critical. LinuxSecurity.com Team
Jul 29, 2013
•Critical
Ubuntu
98
security advisoryRed Hatbug fixRed Hat Security Alert: RHSA-2012-1589-01 - Low Kernel Security Flaw
Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: kernel security and bug fix update Advisory ID: RHSA-2012:1589-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1589.html Issue date: 2012-12-18 CVE Names: CVE-2012-2313 ==================================================================== 1. Summary: Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Stephan Mueller for reporting this issue. This update also fixes the following bug: * The kernel allows high priority real time tasks, such as tasks scheduled with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks were scheduled as high priority real time tasks and could be thusthrottled accordingly. However, the replenishment timer, which is responsible for clearing a throttle flag on tasks, could be pending on the just disabled CPU. This could lead to the situation that the throttled tasks were never scheduled to run. Consequently, if any of such tasks was needed to complete the CPU disabling, the system became unresponsive. This update introduces a new scheduler class, which gives a task the highest possible system priority and such a task cannot be throttled. The stop-task scheduling class is now used for the CPU stop tasks, and the system shutdown completes as expected in the scenario described. (BZ#876077) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users 6. Package List: Red Hat Enterprise Linux Server EUS (v.6.1): Source: kernel-2.6.32-131.36.1.el6.src.rpm i386: kernel-2.6.32-131.36.1.el6.i686.rpm kernel-debug-2.6.32-131.36.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.36.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.36.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.36.1.el6.i686.rpm kernel-devel-2.6.32-131.36.1.el6.i686.rpm kernel-headers-2.6.32-131.36.1.el6.i686.rpm perf-2.6.32-131.36.1.el6.i686.rpm perf-debuginfo-2.6.32-131.36.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.36.1.el6.noarch.rpm kernel-firmware-2.6.32-131.36.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.36.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.36.1.el6.ppc64.rpm kernel-debug-2.6.32-131.36.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.36.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.36.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.36.1.el6.ppc64.rpm kernel-devel-2.6.32-131.36.1.el6.ppc64.rpm kernel-headers-2.6.32-131.36.1.el6.ppc64.rpm perf-2.6.32-131.36.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.36.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.36.1.el6.s390x.rpm kernel-debug-2.6.32-131.36.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.36.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.36.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.36.1.el6.s390x.rpm kernel-devel-2.6.32-131.36.1.el6.s390x.rpm kernel-headers-2.6.32-131.36.1.el6.s390x.rpm kernel-kdump-2.6.32-131.36.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.36.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.36.1.el6.s390x.rpm perf-2.6.32-131.36.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.36.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.36.1.el6.x86_64.rpm kernel-debug-2.6.32-131.36.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.36.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.36.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.36.1.el6.x86_64.rpm kernel-devel-2.6.32-131.36.1.el6.x86_64.rpm kernel-headers-2.6.32-131.36.1.el6.x86_64.rpm perf-2.6.32-131.36.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.36.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2313 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. . System patch addresses vulnerability and issue for CentOS users, with minimal risk involved. Immediate update recommended.. Red Hat Enterprise Linux, Kernel Security Update, Bug Fix, Network Security. . Severity: Low. LinuxSecurity.com Team
Dec 18, 2012
•Low
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2010:0825-01 moderate: mysql service disruption
Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security update Advisory ID: RHSA-2010:0825-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0825.html Issue date: 2010-11-03 CVE Names: CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 ==================================================================== 1. Summary: Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially-crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash.(CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue onlycaused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 628040 - CVE-2010-3677 MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575) 628192 - CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044) 628328 - CVE-2010-3682 MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711) 628680 - CVE-2010-3681 MySQL:mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007) 640751 - CVE-2010-3833 MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826) 640819 - CVE-2010-3835 MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564) 640845 - CVE-2010-3836 MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568) 640856 - CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476) 640858 - CVE-2010-3838 MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461) 640861 - CVE-2010-3839 MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544) 640865 - CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm x86_64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.x86_64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: mysql-bench-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-server-5.0.77-4.el5_5.4.i386.rpm mysql-test-5.0.77-4.el5_5.4.i386.rpm x86_64: mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.x86_64.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm mysql-server-5.0.77-4.el5_5.4.x86_64.rpm mysql-test-5.0.77-4.el5_5.4.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-bench-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-server-5.0.77-4.el5_5.4.i386.rpm mysql-test-5.0.77-4.el5_5.4.i386.rpm ia64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.ia64.rpm mysql-bench-5.0.77-4.el5_5.4.ia64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.ia64.rpm mysql-devel-5.0.77-4.el5_5.4.ia64.rpm mysql-server-5.0.77-4.el5_5.4.ia64.rpm mysql-test-5.0.77-4.el5_5.4.ia64.rpm ppc: mysql-5.0.77-4.el5_5.4.ppc.rpm mysql-5.0.77-4.el5_5.4.ppc64.rpm mysql-bench-5.0.77-4.el5_5.4.ppc.rpm mysql-debuginfo-5.0.77-4.el5_5.4.ppc.rpm mysql-debuginfo-5.0.77-4.el5_5.4.ppc64.rpm mysql-devel-5.0.77-4.el5_5.4.ppc.rpm mysql-devel-5.0.77-4.el5_5.4.ppc64.rpm mysql-server-5.0.77-4.el5_5.4.ppc.rpm mysql-server-5.0.77-4.el5_5.4.ppc64.rpm mysql-test-5.0.77-4.el5_5.4.ppc.rpm s390x: mysql-5.0.77-4.el5_5.4.s390.rpm mysql-5.0.77-4.el5_5.4.s390x.rpm mysql-bench-5.0.77-4.el5_5.4.s390x.rpm mysql-debuginfo-5.0.77-4.el5_5.4.s390.rpm mysql-debuginfo-5.0.77-4.el5_5.4.s390x.rpm mysql-devel-5.0.77-4.el5_5.4.s390.rpm mysql-devel-5.0.77-4.el5_5.4.s390x.rpm mysql-server-5.0.77-4.el5_5.4.s390x.rpm mysql-test-5.0.77-4.el5_5.4.s390x.rpm x86_64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.x86_64.rpm mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.x86_64.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm mysql-server-5.0.77-4.el5_5.4.x86_64.rpm mysql-test-5.0.77-4.el5_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2010-3677 https://access.redhat.com/security/cve/CVE-2010-3680 https://access.redhat.com/security/cve/CVE-2010-3681 https://access.redhat.com/security/cve/CVE-2010-3682 https://access.redhat.com/security/cve/CVE-2010-3833 https://access.redhat.com/security/cve/CVE-2010-3835 https://access.redhat.com/security/cve/CVE-2010-3836 https://access.redhat.com/security/cve/CVE-2010-3837 https://access.redhat.com/security/cve/CVE-2010-3838 https://access.redhat.com/security/cve/CVE-2010-3839 https://access.redhat.com/security/cve/CVE-2010-3840 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM0cVeXlSAg2UNWIIRAo2wAJ9El7FssRd8ARHXSNUF/tRwiLmHgwCfczvp GlADjy9lPl4R9Kp2zumFuuU=z1hX -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 03, 2010
Red Hat
89
security advisoryFedora Core 5update notificationFedora Core 5: Wireless Connectivity Fix for wpa_supplicant Driver Issues
This update works around older and 3rd-party drivers that report wireless network names incorrectly, causing wpa_supplicant to prematurely terminate a wireless connection.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-264 2006-04-03 ---------------------------------------------------------------------Product : Fedora Core 5 Name : wpa_supplicant Version : 0.4.8 Release : 7.fc5 Summary : WPA/WPA2/IEEE 802.1X Supplicant Description : wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ---------------------------------------------------------------------Update Information: This update works around older and 3rd-party drivers that report wireless network names incorrectly, causing wpa_supplicant to prematurely terminate a wireless connection. ---------------------------------------------------------------------* Sun Apr 2 2006 Dan Williams - 0.4.8-7 - Work around older & incorrect drivers that return null-terminated SSIDs ---------------------------------------------------------------------This update can be downloaded from: 2c44fd857138c0274904925cbf98f908bf8be403 SRPMS/wpa_supplicant-0.4.8-7.fc5.src.rpm d6ee34e13d647000b58876d5038a3cd819fb84b7 ppc/wpa_supplicant-0.4.8-7.fc5.ppc.rpm 09dd66eea2868cf8a3bcf6a97db6c95acf135ab4 ppc/wpa_supplicant-gui-0.4.8-7.fc5.ppc.rpm 5f24b38d407bdbd8ea24919055d1b1d74038222e ppc/debug/wpa_supplicant-debuginfo-0.4.8-7.fc5.ppc.rpm 6e10a585572c1441ef50d00ada4bb04c32e0328f x86_64/wpa_supplicant-0.4.8-7.fc5.x86_64.rpm b31cd1cc517fd498ae2bef6d1471eafb97790d49 x86_64/wpa_supplicant-gui-0.4.8-7.fc5.x86_64.rpm e97025c608ad4bd3dbf268c6dd032639e984040c x86_64/debug/wpa_supplicant-debuginfo-0.4.8-7.fc5.x86_64.rpm 68b4011d34e5575cf7362ab93c05e2061fd759b4 i386/wpa_supplicant-0.4.8-7.fc5.i386.rpm d6e5d53f85f7098375ef17087a28f1fe12b61fdc i386/wpa_supplicant-gui-0.4.8-7.fc5.i386.rpm 6b3437edbe7a889c2edaa945f37cbc491e7eb655 i386/debug/wpa_supplicant-debuginfo-0.4.8-7.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Apr 03, 2006
•Important
Fedora
91
security advisorygentooprivilege escalationGentoo: GLSA 200411-04 High: Speedtouch USB Driver Escalation
A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Speedtouch USB driver: Privilege escalation vulnerability Date: November 02, 2004 Bugs: #68436 ID: 200411-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges. Background ========= The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dialup/speedtouch < 1.3.1 > = 1.3.1 Description ========== The Speedtouch USB driver contains multiple format string vulnerabilities in modem_run, pppoa2 and pppoa3. This flaw is due to an improperly made syslog() system call. Impact ===== A malicious local user could exploit this vulnerability by causing a buffer overflow, and potentially allowing the execution of arbitrary code with escalated privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All Speedtouch USB driver users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dialup/speedtouch-1.3.1" References ========= [ 1 ] CAN-2004-0834 https://www.cve.org/CVERecord?id=CAN-2004-0834 [ 2 ]Speedtouch Project News Announcements Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 02, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!