Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
217
security advisorymoderatememory accessOracle Linux 8 ELSA-2026-50249 Dtrace Moderate Memory Access Fix
The following updated rpms for have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50249 http://linux.oracle.com/errata/ELSA-2026-50249.html The following updated rpms for have been uploaded to the Unbreakable Linux Network: x86_64: dtrace-devel-2.0.7-4.el10.x86_64.rpm dtrace-testsuite-2.0.7-4.el10.x86_64.rpm dtrace-2.0.7-4.el10.x86_64.rpm aarch64: dtrace-devel-2.0.7-4.el10.aarch64.rpm dtrace-testsuite-2.0.7-4.el10.aarch64.rpm dtrace-2.0.7-4.el10.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/dtrace-2.0.7-4.el10.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
217
security advisorymoderatememory accessOracle Linux 9 ELSA-2026-50249 dtrace Moderate Memory Access and FPE Issues
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50249 http://linux.oracle.com/errata/ELSA-2026-50249.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: dtrace-2.0.7-4.el9.x86_64.rpm dtrace-devel-2.0.7-4.el9.x86_64.rpm dtrace-testsuite-2.0.7-4.el9.x86_64.rpm aarch64: dtrace-2.0.7-4.el9.aarch64.rpm dtrace-devel-2.0.7-4.el9.aarch64.rpm dtrace-testsuite-2.0.7-4.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.7-4.el9.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
217
security advisorymoderateDoSOracle Linux 9 ELSA-2026-50250 dtrace Moderate Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50250 http://linux.oracle.com/errata/ELSA-2026-50250.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: dtrace-2.0.7-4.el9.x86_64.rpm dtrace-devel-2.0.7-4.el9.x86_64.rpm dtrace-testsuite-2.0.7-4.el9.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.7-4.el9.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
217
security advisorymoderateDoSOracle Linux 9 dtrace Moderate Security Advisory ELSA-2026-50250
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50250 http://linux.oracle.com/errata/ELSA-2026-50250.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: dtrace-2.0.7-4.el9.aarch64.rpm dtrace-devel-2.0.7-4.el9.aarch64.rpm dtrace-testsuite-2.0.7-4.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.7-4.el9.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. [2.0.6-1] - Fix dtprobed unsafe probe description handling (CVE-2026-21991). [Orabug: 39054018] [2.0.5-1] - Implement PID-specific uprobes. (Kris Van Hees) - Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees) - Fix argument handling for multi-location user probes. (Kris Van Hees) [Orabug: 38922360] - Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers. [Orabug: 38776929] - Fix prvname so that both rawfbt and fbt probes are seen. [Orabug: 38842114] - Do not convert "__" to "-" for stapsdt provider names. - Fix printf formatting with non-monetary grouping chars. [Orabug: 30430270] - Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307] - Add the DTrace Tutorial to the git repo and install package. - Add missing documentation: trunc(), stapsdt, usdt.h include path. - Update LLM context files to forbid "if" statements. - Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock) [Orabug: 38064413] [2.0.4-1] - TCP, UDP, andstapsdt providers implemented. (Alan Maguire) - New learning materials: the User's Guide in Markdown format, example scripts, and a context file for LLMs. (Eugene Loh, Bruce McCulloch, Ruud van der Pas, Elena Zannoni). - Allow [u]stack() to be used as a variable value. (Kris Van Hees) [Orabug: 37950533] - Comments using // are now supported. (Kris Van Hees) - Scalability improvements. (Kris Van Hees) - Error injection via return() action. (Kris Van Hees) - Improved string handling. (Kris Van Hees) - Various bug fixes. (Eugene Loh, Kris Van Hees) - Fix dyn vars overwriting one another. [Orabug: 37994729] - Fix regression: list fbt probes by default. [Orabug: 38249511] - Various testsuite fixes and improvements. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees) - Add test for preprocessor definitions. [Orabug: 28763074] - Fix some stack tests. [Orabug: 37459289] [2.0.3-1] - This is only released on OL10. - Redesigned USDT support to work for LTO compilations. [Orabug: 38011704] - New builtin variable: execargs. - Offset probes in pid provider. (Eugene Loh) - Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees) - Various testsuite fixes and improvements. (Nick Alcock, Sam James, Eugene Loh, Kris Van Hees) [2.0.2-1] - Translators to support kernels 6.10 and later. - FBT return probe argument support. - The print() action is augmented with type information. (Alan Maguire) - Support to discover and trace USDT probes after a tracing session has started. (Eugene Loh, Nick Alcock) - USDT probe argument support (translated types, mapping). (Nick Alcock) - Installation locations are now configurable. (Nick Alcock) - Valgrind is no longer a required build dependency. (Nick Alcock) - Self-grabs have been improved. (Nick Alcock) - New provider: rawfbt. (Kris Van Hees) - Various bug fixes. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees) - Various testsuite fixes and improvements. (Nick Alcock, Sam James, Eugene Loh, Kris Van Hees) - Various code improvements. (NickAlcock, Eugene Loh, Kris Van Hees) [Orabug: 37274251] [2.0.1-1] - Implement FBT probes with fentry/fexit tracepoints - Provide argument info for FBT probes. - Provide pre-generated translator files sets. [Orabug: 36504847] _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
217
security advisorymoderatesoftware updateOracle Linux 8 ELSA-2026-50250 dtrace Moderate Memory Access Risk
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50250 http://linux.oracle.com/errata/ELSA-2026-50250.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dtrace-2.0.7-4.el8.x86_64.rpm dtrace-devel-2.0.7-4.el8.x86_64.rpm dtrace-testsuite-2.0.7-4.el8.x86_64.rpm aarch64: dtrace-2.0.7-4.el8.aarch64.rpm dtrace-devel-2.0.7-4.el8.aarch64.rpm dtrace-testsuite-2.0.7-4.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dtrace-2.0.7-4.el8.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
217
security advisorymoderatedenial of serviceOracle Linux 8 dtrace Moderate Advisory ELSA-2026-50251 CVE-2026-21996
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50251 http://linux.oracle.com/errata/ELSA-2026-50251.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dtrace-2.0.7-4.el8.x86_64.rpm dtrace-devel-2.0.7-4.el8.x86_64.rpm dtrace-testsuite-2.0.7-4.el8.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dtrace-2.0.7-4.el8.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
217
security advisorymoderateDoSOracle Linux 8 ELSA-2026-50251 dtrace Moderate DoS Threat
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50251 http://linux.oracle.com/errata/ELSA-2026-50251.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: dtrace-2.0.7-4.el8.aarch64.rpm dtrace-devel-2.0.7-4.el8.aarch64.rpm dtrace-testsuite-2.0.7-4.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dtrace-2.0.7-4.el8.src.rpm Related CVEs: CVE-2026-21996 CVE-2026-35233 Description of changes: [2.0.7-4] - Prevent out-of-buonds memory access during object symbol table construction (CVE-2026-35233). [Orabug: 39121881] - Prevent divide-by-zero (FPE trap) if section header data is corrupted. (CVE-2026-21996). [Orabug: 39121874] - Ensure safety checks are performed on program header data from ELF objects. - Ensure that the data of string table sections is proper terminated. - Ensure that the symbol table references a valid string table. [2.0.6-1] - Fix dtprobed unsafe probe description handling (CVE-2026-21991). [Orabug: 39054018] [2.0.5-1] - Implement PID-specific uprobes. (Kris Van Hees) - Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees) - Fix argument handling for multi-location user probes. (Kris Van Hees) [Orabug: 38922360] - Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers. [Orabug: 38776929] - Fix prvname so that both rawfbt and fbt probes are seen. [Orabug: 38842114] - Do not convert "__" to "-" for stapsdt provider names. - Fix printf formatting with non-monetary grouping chars. [Orabug: 30430270] - Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307] - Add the DTrace Tutorial to the git repo and install package. - Add missing documentation: trunc(), stapsdt, usdt.h include path. - Update LLM context files to forbid "if" statements. - Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock) [Orabug: 38064413] [2.0.4-1] - TCP, UDP, andstapsdt providers implemented. (Alan Maguire) - New learning materials: the User's Guide in Markdown format, example scripts, and a context file for LLMs. (Eugene Loh, Bruce McCulloch, Ruud van der Pas, Elena Zannoni). - Allow [u]stack() to be used as a variable value. (Kris Van Hees) [Orabug: 37950533] - Comments using // are now supported. (Kris Van Hees) - Scalability improvements. (Kris Van Hees) - Error injection via return() action. (Kris Van Hees) - Improved string handling. (Kris Van Hees) - Various bug fixes. (Eugene Loh, Kris Van Hees) - Fix dyn vars overwriting one another. [Orabug: 37994729] - Fix regression: list fbt probes by default. [Orabug: 38249511] - Various testsuite fixes and improvements. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees) - Add test for preprocessor definitions. [Orabug: 28763074] - Fix some stack tests. [Orabug: 37459289] [2.0.3-1] - This is only released on OL10. - Redesigned USDT support to work for LTO compilations. [Orabug: 38011704] - New builtin variable: execargs. - Offset probes in pid provider. (Eugene Loh) - Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees) - Various testsuite fixes and improvements. (Nick Alcock, Sam James, Eugene Loh, Kris Van Hees) [2.0.2-1] - Translators to support kernels 6.10 and later. - FBT return probe argument support. - The print() action is augmented with type information. (Alan Maguire) - Support to discover and trace USDT probes after a tracing session has started. (Eugene Loh, Nick Alcock) - USDT probe argument support (translated types, mapping). (Nick Alcock) - Installation locations are now configurable. (Nick Alcock) - Valgrind is no longer a required build dependency. (Nick Alcock) - Self-grabs have been improved. (Nick Alcock) - New provider: rawfbt. (Kris Van Hees) - Various bug fixes. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees) - Various testsuite fixes and improvements. (Nick Alcock, Sam James, Eugene Loh, Kris Van Hees) - Various code improvements. (NickAlcock, Eugene Loh, Kris Van Hees) [Orabug: 37274251] [2.0.1-1] - Implement FBT probes with fentry/fexit tracepoints - Provide argument info for FBT probes. - Provide pre-generated translator files sets. [Orabug: 36504847] [2.0.0-1.14] - Implement provider: io. (Eugene Loh, Kris Van Hees) - Implement actions: print(). (Alan Maguire) - Implement subroutines: link_ntop(), cleanpath(). (Eugene Loh) - Implement options: -xcpu, -xaggpercpu. (Eugene Loh) - Improve providers: pid (offset-based probes) and rawtp (arg info). - Improve options: -xlockmem (improve default). (Eugene Loh) - Ensure USDT probes can survive dtprobed restarts. (Nick Alcock) - Improve USDT probe creation/deletion. (Nick Alcock) - Improve support for DTrace with upstream kernels. (Nick Alcock) - Improve support for compiling DTrace in older environments. (Kris Van Hees) - Add support for aggregations of stacks. (Eugene Loh) - Improve lexer parsing (top-level wildcard ambiguities and numerals). (Nick Alcock) - Fix END probe execution with multiple tracers. (Nick Alcock) - Preemptive BPF program execution for DTrace probes is not allowed. - Buffer overrun fix for systems with non-sequential online CPU ids. (Kris Van Hees, Nick Alcock) [Orabug: 36356681] - Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees) - Various testsuite fixes and improvements. (Nick Alcock, Eugene Loh, Kris Van Hees) - Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees) [Orabug: 36329725] [2.0.0-1.13.2] - Support using DTrace with upstream kernels. - Implement provider: ip. - Implement actions: trunc(), pcap(). - Implement subroutines: inet_ntoa6(). - Implement subroutines: inet_ntop(). (Eugene Loh) - Support modules.builtin.ranges for builtin module-symbol association. - Provide a BTF-to-CTF convertor to provide (limited) kernel type information when CTF is not available. - Remove dependency on waitfd(). (Nick Alcock) - Various testsuite fixes and improvements. (Nick Alcock, Eugene Loh, Kris Van Hees) - Various codeimprovements. (Nick Alcock, Eugene Loh, Kris Van Hees) [2.0.0-1.13.1] - Restart dtprobed when upgrading DTrace. - Report and clean up orphaned tracing events after each test. _______________________________________________ El-errata mailing list
May 01, 2026
Oracle
91
security advisoryGentooarbitrary file creationGentoo DTrace Arbitrary File Creation Normal Risk 202604-04
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DTrace: Arbitrary file creation via dtprobed Date: April 17, 2026 Bugs: #971491 ID: 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. Background ========== DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-debug/dtrace < 2.0.6 > = 2.0.6 Description =========== A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Impact ====== The worst possible outcome is the ability for an attacker to run arbitrary code via the maliciously created file. Workaround ========== There is no known workaround at this time. Resolution ========== All DTrace users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-debug/dtrace-2.0.6" References ========== [ 1 ] CVE-2026-21991 https://nvd.nist.gov/vuln/detail/CVE-2026-21991 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202604-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Apr 17, 2026
•Medium
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!