Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
100
security advisorymoderateSuSEUNIX Platform Upgrade 2026-03-19 Announcement FILE-UNI-2026-20201-3
An update that solves two vulnerabilities and has three fixes can now be installed.. # Security update for ucode-intel Announcement ID: SUSE-SU-2026:20941-1 Release Date: 2026-03-19T09:31:38Z Rating: moderate References: * bsc#1229129 * bsc#1230400 * bsc#1249138 * bsc#1253319 * bsc#1258046 Cross-References: * CVE-2024-24853 * CVE-2025-31648 CVSS scores: * CVE-2024-24853 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-24853 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H * CVE-2025-31648 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31648 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2025-31648 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31648 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has three fixes can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20260210 release (bsc#1258046): * CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access (bsc#1229129). * CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege (bsc#1258046). * Intel CPU Microcode was updated to the 20251111 release (bsc#1253319): * Update for functional issues. * switch the supplements to usesupplements + kernel to allow moving a installation to Intel hardware (bsc#1249138) * Intel CPU Microcode was updated to the 20241029 release (bsc#1230400): * Update for functional issues. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-415=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * ucode-intel-20260210-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24853.html * https://www.suse.com/security/cve/CVE-2025-31648.html * https://bugzilla.suse.com/show_bug.cgi?id=1229129 * https://bugzilla.suse.com/show_bug.cgi?id=1230400 * https://bugzilla.suse.com/show_bug.cgi?id=1249138 * https://bugzilla.suse.com/show_bug.cgi?id=1253319 * https://bugzilla.suse.com/show_bug.cgi?id=1258046 . An SUSE security advisory addressing two Intel microcode vulnerabilities with moderate severity and fixes available.. SUSE Linux, Intel microcode, security advisory. . LinuxSecurity.com Team
Apr 01, 2026
SuSE
100
security advisorymoderatemoderate severitySUSE: 2024:3367-2 High: python-azure-identity elevation fix
* bsc#1230100 Cross-References: * CVE-2024-35255 . # Security update for python-azure-identity Announcement ID: SUSE-SU-2024:3345-1 Rating: moderate References: * bsc#1230100 Cross-References: * CVE-2024-35255 CVSS scores: * CVE-2024-35255 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-35255 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-azure-identity fixes the following issues: * CVE-2024-35255: Fixed an Azure identity libraries elevation of privilege vulnerability. (bsc#1230100) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3345=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3345=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3345=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3345=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-3345=1 *Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2024-3345=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-azure-identity-1.15.0-150400.11.6.1 * openSUSE Leap 15.5 (noarch) * python311-azure-identity-1.15.0-150400.11.6.1 * openSUSE Leap 15.6 (noarch) * python311-azure-identity-1.15.0-150400.11.6.1 * Public Cloud Module 15-SP4 (noarch) * python311-azure-identity-1.15.0-150400.11.6.1 * Public Cloud Module 15-SP5 (noarch) * python311-azure-identity-1.15.0-150400.11.6.1 * Public Cloud Module 15-SP6 (noarch) * python311-azure-identity-1.15.0-150400.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35255.html * https://bugzilla.suse.com/show_bug.cgi?id=1230100 . SUSE has released a security patch for python-azure-storage that mitigates a potential unauthorized access vulnerability rated as medium severity.. SUSE Security Advisory, python-azure-identity, elevation of privilege issue. . LinuxSecurity.com Team
Sep 19, 2024
SuSE
172
security advisorybuffer overflowcriticalUbuntu 22.04 LTS USN-6285-1 Critical: Kernel Elevation and DoS
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6285-1 August 11, 2023 linux-oem-6.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-6.1: Linux kernel for OEM systems Details: It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-48502) Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-2898) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31248) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) It was discovered thatthe netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3610) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate SMB request protocol IDs, leading to a out-of- bounds read vulnerability. A remote attackercould possibly use this to cause a denial of service (system crash). (CVE-2023-38430) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate command payload size, leading to a out-of-bounds read vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-38432) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-6.1.0-1019-oem 6.1.0-1019.19 linux-image-oem-22.04c 6.1.0.1019.19 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6285-1 CVE-2022-48502, CVE-2023-2640, CVE-2023-2898, CVE-2023-31248, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-38430, CVE-2023-38432, CVE-2023-3863 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1019.19 . Security flaws in the Ubuntu 20.04 LTS kernel have been resolved through USN-6285-1, tackling concerns related to privilege escalation and memory faults.. Ubuntu Kernel Security,Linux Privilege Escalation, OEM Kernel Issues. . Severity: Critical. LinuxSecurity.com Team
Aug 11, 2023
•Critical
Ubuntu
172
security advisorymoderateDoSUbuntu 16.04 ESM USN-4781-2 Moderate: Slurm Elevation and DoS
Several security issues were fixed in Slurm.. =========================================================================Ubuntu Security Notice USN-4781-2 February 01, 2023 slurm-llnl vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Slurm. Software Description: - slurm-llnl: Simple Linux Utility for Resource Management Details: USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM (CVE-2016-10030) and Ubuntu 16.04 ESM (CVE-2018-10995). Original advisory details: It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030) It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566) It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033) It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995) It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438) It was discovered that Slurm incorrectly handled certain inputs whenMessage Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693) It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745) Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746) It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libpam-slurm 15.08.7-1ubuntu0.1~esm5 libpmi0 15.08.7-1ubuntu0.1~esm5 libslurm-perl 15.08.7-1ubuntu0.1~esm5 libslurm29 15.08.7-1ubuntu0.1~esm5 libslurmdb-perl 15.08.7-1ubuntu0.1~esm5 libslurmdb29 15.08.7-1ubuntu0.1~esm5 slurm-client 15.08.7-1ubuntu0.1~esm5 slurm-client-emulator 15.08.7-1ubuntu0.1~esm5 slurm-llnl 15.08.7-1ubuntu0.1~esm5 slurm-llnl-slurmdbd 15.08.7-1ubuntu0.1~esm5 slurm-wlm 15.08.7-1ubuntu0.1~esm5 slurm-wlm-basic-plugins 15.08.7-1ubuntu0.1~esm5 slurm-wlm-emulator 15.08.7-1ubuntu0.1~esm5 slurm-wlm-torque 15.08.7-1ubuntu0.1~esm5 slurmctld 15.08.7-1ubuntu0.1~esm5 slurmd 15.08.7-1ubuntu0.1~esm5 slurmdbd 15.08.7-1ubuntu0.1~esm5 sview 15.08.7-1ubuntu0.1~esm5 Ubuntu 14.04 ESM: libpam-slurm 2.6.5-1ubuntu0.1~esm6 libpmi0 2.6.5-1ubuntu0.1~esm6 libslurm-perl 2.6.5-1ubuntu0.1~esm6 libslurm26 2.6.5-1ubuntu0.1~esm6 libslurmdb-perl 2.6.5-1ubuntu0.1~esm6 libslurmdb26 2.6.5-1ubuntu0.1~esm6 slurm-llnl 2.6.5-1ubuntu0.1~esm6 slurm-llnl-basic-plugins 2.6.5-1ubuntu0.1~esm6 slurm-llnl-slurmdbd 2.6.5-1ubuntu0.1~esm6 slurm-llnl-sview 2.6.5-1ubuntu0.1~esm6 slurm-llnl-torque 2.6.5-1ubuntu0.1~esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4781-1 CVE-2016-10030, CVE-2018-10995 . Several vulnerabilities resolved in Ubuntu Slurm update, enhancing the stability and safety of the resource allocation tool.. Slurm Security Update, Ubuntu Resource Management, Slurm Vulnerability Fixes. . LinuxSecurity.com Team
Feb 01, 2023
Ubuntu
89
security advisorycriticalFedoraFedora 36 Samba 2022-7f9021ead1 Critical: Elevation And Forgery Risks
Security fixes for CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-7f9021ead1 2022-12-21 01:17:10.825705 --------------------------------------------------------------------------------Name : samba Product : Fedora 36 Version : 4.16.8 Release : 0.fc36 URL : Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. --------------------------------------------------------------------------------Update Information: Security fixes for CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 --------------------------------------------------------------------------------ChangeLog: * Fri Dec 16 2022 Guenther Deschner - 4.16.8-0 - resolves: #2154303, #2154304 - Security fixes for CVE-2022-37966 - resolves: #2154320, #2154322 - Security fixes for CVE-2022-37967 - resolves: #2154362, #2154363 - Security fixes for CVE-2022-38023 --------------------------------------------------------------------------------References: [ 1 ] Bug #2154303 - CVE-2022-37966 samba: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. https://bugzilla.redhat.com/show_bug.cgi?id=2154303 [ 2 ] Bug #2154320 - CVE-2022-37967 samba: Kerberos constrained delegation ticket forgery possible against Samba AD DC https://bugzilla.redhat.com/show_bug.cgi?id=2154320 [ 3 ] Bug #2154362 - CVE-2022-38023 samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided https://bugzilla.redhat.com/show_bug.cgi?id=2154362 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7f9021ead1' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 21, 2022
•Critical
Fedora
89
security advisoryupdatecriticalFedora 33: 2021-d551431950 Critical: Dotnet 5 Elevation Fix
This is the May 2021 release for .NET 5. Release Notes are here: https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.6/5.0.6.md. This includes a fix for CVE-2021-31204: NET Core Elevation of Privilege Vulnerability Please note this additional change needed to benefit from the CVE fix: > Additionally, if you've deployed self-contained applications targeting any of. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-d551431950 2021-05-18 00:47:34.856739 --------------------------------------------------------------------------------Name : dotnet5.0 Product : Fedora 33 Version : 5.0.203 Release : 1.fc33 URL : https://github.com/dotnet/ Summary : .NET Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. --------------------------------------------------------------------------------Update Information: This is the May 2021 release for .NET 5. Release Notes are here: This includes a fix for CVE-2021-31204: NET Core Elevation of Privilege Vulnerability Please note this additional change needed to benefit from the CVE fix: > Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. --------------------------------------------------------------------------------ChangeLog: * Wed May 12 2021 Omair Majid - 5.0.203-1 - Update to .NET SDK 5.0.203 and Runtime 5.0.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2021-d551431950' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 17, 2021
•Critical
Fedora
200
security advisorymoderateupdateScientific Linux SL7 SLSA-2020-5439-1 Moderate: Samba Elevation Fix
samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) SL7 x86_64 libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9. [More...]. Synopsis: Moderate: samba security and bug fix update Advisory ID: SLSA-2020:5439-1 Issue Date: 2020-12-15 CVE Numbers: None -- Security Fix(es): * samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) -- SL7 x86_64 libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9.el7_9.x86_64.rpm samba-client-4.10.16-9.el7_9.x86_64.rpm samba-client-libs-4.10.16-9.el7_9.i686.rpm samba-client-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-libs-4.10.16-9.el7_9.i686.rpm samba-common-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-tools-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm samba-libs-4.10.16-9.el7_9.i686.rpm samba-libs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-4.10.16-9.el7_9.x86_64.rpm samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm samba-winbind-modules-4.10.16-9.el7_9.i686.rpm samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm libsmbclient-devel-4.10.16-9.el7_9.i686.rpm libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm libwbclient-devel-4.10.16-9.el7_9.i686.rpm libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm samba-4.10.16-9.el7_9.x86_64.rpm samba-dc-4.10.16-9.el7_9.x86_64.rpm samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm samba-devel-4.10.16-9.el7_9.i686.rpm samba-devel-4.10.16-9.el7_9.x86_64.rpm samba-python-4.10.16-9.el7_9.i686.rpm samba-python-4.10.16-9.el7_9.x86_64.rpm samba-python-test-4.10.16-9.el7_9.x86_64.rpm samba-test-4.10.16-9.el7_9.x86_64.rpm samba-test-libs-4.10.16-9.el7_9.i686.rpm samba-test-libs-4.10.16-9.el7_9.x86_64.rpm samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm noarch samba-common-4.10.16-9.el7_9.noarch.rpm samba-pidl-4.10.16-9.el7_9.noarch.rpm - Scientific Linux Development Team . Important samba revision tackling Netlogon privilege increase and refining access verification methods with critical corrections enumerated.. Samba Updates, Privilege Escalations, SL7 Security Fixes. . Severity: Important. LinuxSecurity.com Team
Dec 15, 2020
•Important
Scientific Linux
203
security advisorysecurity issuememory leakMageia: 2020-0335 Critical Update for x11-server Memory Leak
Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client (CVE-2020-14347). . MGASA-2020-0335 - Updated x11-server packages fix security vulnerability Publication date: 18 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0335.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-14347 Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client (CVE-2020-14347). References: - https://bugs.mageia.org/show_bug.cgi?id=27031 - https://lists.x.org/archives/xorg-announce/2020-July/003051.html - https://www.cve.org/CVERecord?id=CVE-2020-14347 SRPMS: - 7/core/x11-server-1.20.8-1.1.mga7 . A security notice for Mageia 2020-0335 concerning a memory initialization vulnerability in x11-server. Stay informed about potential threats and the latest patches.. memory leak, ASLR bypass, x11-server, Mageia security update, privilege elevation. . Severity: Critical. LinuxSecurity.com Team
Aug 18, 2020
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!