Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryfedorasoftware updateFedora 32 2021-05-18: Moderate Elevation of Privilege Fix for Dotnet5.0
This is the May 2021 release for .NET 5. Release Notes are here: This includes a fix for CVE-2021-31204: NET Core Elevation of Privilege Vulnerability Please note this additional change needed to benefit from the CVE fix: > Additionally, if you've deployed self-contained applications targeting any of. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-a3c205f5b2 2021-05-18 01:06:10.569341 --------------------------------------------------------------------------------Name : dotnet5.0 Product : Fedora 32 Version : 5.0.203 Release : 1.fc32 URL : https://github.com/dotnet/ Summary : .NET Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. --------------------------------------------------------------------------------Update Information: This is the May 2021 release for .NET 5. Release Notes are here: https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.6/5.0.6.md. This includes a fix for CVE-2021-31204: NET Core Elevation of Privilege Vulnerability Please note this additional change needed to benefit from the CVE fix: > Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. --------------------------------------------------------------------------------ChangeLog: * Wed May 12 2021 Omair Majid - 5.0.203-1 - Update to .NET SDK 5.0.203 and Runtime 5.0.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2021-a3c205f5b2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 17, 2021
•Important
Fedora
100
security advisorykernel updatesoftware patchSUSE: 2022:3087-2 Critical: Security Update for Samba File Sharing Software
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1526-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc.that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1038=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_122-default-5-2.1 kgraft-patch-3_12_61-52_122-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 . SUSE's vital security update improves kernel stability and resolves threats to system integrity, addressing privilege escalation and denial of service issues.. SUSE Kernel Update, Elevation Privilege, Security Firmware Update. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2018
•Critical
SuSE
100
security advisorybuffer overflowcriticalSUSE: 2018:0998-1 Critical: Kernel Live Patching Flaw Fix
An update that fixes three vulnerabilities is now available.. SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0998-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-94_14 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-677=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_14-default-2-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 -- . SUSE announces a critical security patch for the Linux Kernel, targeting three significant issues related to Live Patching.. Linux Kernel Patch Security, SUSE Enterprise Live Patching, Elevation Privilege Fix. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2018
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!