Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorydenial of servicekernel updateUbuntu 16.04 LTS Advisory USN-6865-1 Critical: Kernel Denial of Service
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6865-1 July 03, 2024 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-33631) It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a racecondition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Hardware random number generator core; - Memory management; - Netfilter; (CVE-2024-26898, CVE-2023-52615, CVE-2024-26642, CVE-2024-26720) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS linux-image-4.4.0-1134-kvm 4.4.0-1134.144 Available with Ubuntu Pro linux-image-4.4.0-1171-aws 4.4.0-1171.186 Available with Ubuntu Pro linux-image-4.4.0-256-generic 4.4.0-256.290 Available with Ubuntu Pro linux-image-4.4.0-256-lowlatency 4.4.0-256.290 Available with Ubuntu Pro linux-image-aws 4.4.0.1171.175 Available with Ubuntu Pro linux-image-generic 4.4.0.256.262 Available with Ubuntu Pro linux-image-generic-lts-xenial 4.4.0.256.262 Available with Ubuntu Pro linux-image-kvm 4.4.0.1134.131 Available with Ubuntu Pro linux-image-lowlatency 4.4.0.256.262 Available with Ubuntu Pro linux-image-lowlatency-lts-xenial 4.4.0.256.262 Available with Ubuntu Pro linux-image-virtual 4.4.0.256.262 Available with Ubuntu Pro linux-image-virtual-lts-xenial 4.4.0.256.262 Available with Ubuntu Pro Ubuntu 14.04 LTS linux-image-4.4.0-1133-aws 4.4.0-1133.139 Available with Ubuntu Pro linux-image-4.4.0-256-generic 4.4.0-256.290~14.04.1 Available with Ubuntu Pro linux-image-4.4.0-256-lowlatency 4.4.0-256.290~14.04.1 Available with Ubuntu Pro linux-image-aws 4.4.0.1133.130 Available with Ubuntu Pro linux-image-generic-lts-xenial 4.4.0.256.290~14.04.1 Available with Ubuntu Pro linux-image-lowlatency-lts-xenial 4.4.0.256.290~14.04.1 Available with Ubuntu Pro linux-image-virtual-lts-xenial 4.4.0.256.290~14.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6865-1 CVE-2021-33631, CVE-2023-52615, CVE-2023-6270, CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26720, CVE-2024-26898 . Multiple vulnerabilities resolved in Ubuntu kernel patch 6865-1. Keep your systems current to avert potential threats.. Ubuntu Kernel Security Advisory, Linux Kernel Update, Denial of Service Fix. . Severity: Critical. LinuxSecurity.com Team
Jul 03, 2024
•Critical
Ubuntu
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 9 RHSA-2022-8361-01: Moderate E2fsprogs Fix
An update for e2fsprogs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: e2fsprogs security update Advisory ID: RHSA-2022:8361-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8361 Issue date: 2022-11-15 CVE Names: CVE-2022-1304 ==================================================================== 1. Summary: An update for e2fsprogs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes describedin this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2069726 - CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: e2fsprogs-debuginfo-1.46.5-3.el9.aarch64.rpm e2fsprogs-debugsource-1.46.5-3.el9.aarch64.rpm e2fsprogs-devel-1.46.5-3.el9.aarch64.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.aarch64.rpm libcom_err-debuginfo-1.46.5-3.el9.aarch64.rpm libcom_err-devel-1.46.5-3.el9.aarch64.rpm libss-debuginfo-1.46.5-3.el9.aarch64.rpm ppc64le: e2fsprogs-debuginfo-1.46.5-3.el9.ppc64le.rpm e2fsprogs-debugsource-1.46.5-3.el9.ppc64le.rpm e2fsprogs-devel-1.46.5-3.el9.ppc64le.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.ppc64le.rpm libcom_err-debuginfo-1.46.5-3.el9.ppc64le.rpm libcom_err-devel-1.46.5-3.el9.ppc64le.rpm libss-debuginfo-1.46.5-3.el9.ppc64le.rpm s390x: e2fsprogs-debuginfo-1.46.5-3.el9.s390x.rpm e2fsprogs-debugsource-1.46.5-3.el9.s390x.rpm e2fsprogs-devel-1.46.5-3.el9.s390x.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.s390x.rpm libcom_err-debuginfo-1.46.5-3.el9.s390x.rpm libcom_err-devel-1.46.5-3.el9.s390x.rpm libss-debuginfo-1.46.5-3.el9.s390x.rpm x86_64: e2fsprogs-debuginfo-1.46.5-3.el9.i686.rpm e2fsprogs-debuginfo-1.46.5-3.el9.x86_64.rpm e2fsprogs-debugsource-1.46.5-3.el9.i686.rpm e2fsprogs-debugsource-1.46.5-3.el9.x86_64.rpm e2fsprogs-devel-1.46.5-3.el9.i686.rpm e2fsprogs-devel-1.46.5-3.el9.x86_64.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.i686.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.x86_64.rpm libcom_err-debuginfo-1.46.5-3.el9.i686.rpm libcom_err-debuginfo-1.46.5-3.el9.x86_64.rpm libcom_err-devel-1.46.5-3.el9.i686.rpm libcom_err-devel-1.46.5-3.el9.x86_64.rpm libss-debuginfo-1.46.5-3.el9.i686.rpm libss-debuginfo-1.46.5-3.el9.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.9): Source: e2fsprogs-1.46.5-3.el9.src.rpm aarch64: e2fsprogs-1.46.5-3.el9.aarch64.rpm e2fsprogs-debuginfo-1.46.5-3.el9.aarch64.rpm e2fsprogs-debugsource-1.46.5-3.el9.aarch64.rpm e2fsprogs-libs-1.46.5-3.el9.aarch64.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.aarch64.rpm libcom_err-1.46.5-3.el9.aarch64.rpm libcom_err-debuginfo-1.46.5-3.el9.aarch64.rpm libss-1.46.5-3.el9.aarch64.rpm libss-debuginfo-1.46.5-3.el9.aarch64.rpm ppc64le: e2fsprogs-1.46.5-3.el9.ppc64le.rpm e2fsprogs-debuginfo-1.46.5-3.el9.ppc64le.rpm e2fsprogs-debugsource-1.46.5-3.el9.ppc64le.rpm e2fsprogs-libs-1.46.5-3.el9.ppc64le.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.ppc64le.rpm libcom_err-1.46.5-3.el9.ppc64le.rpm libcom_err-debuginfo-1.46.5-3.el9.ppc64le.rpm libss-1.46.5-3.el9.ppc64le.rpm libss-debuginfo-1.46.5-3.el9.ppc64le.rpm s390x: e2fsprogs-1.46.5-3.el9.s390x.rpm e2fsprogs-debuginfo-1.46.5-3.el9.s390x.rpm e2fsprogs-debugsource-1.46.5-3.el9.s390x.rpm e2fsprogs-libs-1.46.5-3.el9.s390x.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.s390x.rpm libcom_err-1.46.5-3.el9.s390x.rpm libcom_err-debuginfo-1.46.5-3.el9.s390x.rpm libss-1.46.5-3.el9.s390x.rpm libss-debuginfo-1.46.5-3.el9.s390x.rpm x86_64: e2fsprogs-1.46.5-3.el9.x86_64.rpm e2fsprogs-debuginfo-1.46.5-3.el9.i686.rpm e2fsprogs-debuginfo-1.46.5-3.el9.x86_64.rpm e2fsprogs-debugsource-1.46.5-3.el9.i686.rpm e2fsprogs-debugsource-1.46.5-3.el9.x86_64.rpm e2fsprogs-libs-1.46.5-3.el9.i686.rpm e2fsprogs-libs-1.46.5-3.el9.x86_64.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.i686.rpm e2fsprogs-libs-debuginfo-1.46.5-3.el9.x86_64.rpm libcom_err-1.46.5-3.el9.i686.rpm libcom_err-1.46.5-3.el9.x86_64.rpm libcom_err-debuginfo-1.46.5-3.el9.i686.rpm libcom_err-debuginfo-1.46.5-3.el9.x86_64.rpm libss-1.46.5-3.el9.i686.rpm libss-1.46.5-3.el9.x86_64.rpm libss-debuginfo-1.46.5-3.el9.i686.rpm libss-debuginfo-1.46.5-3.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3Pgx9zjgjWX9erEAQjBiRAAnhbmPK+5uv3RYwuKJqWNaaUDRpXdp7/7 qk/y6OYmOJPCa+xxDiYjhGG/doJuET0JgOMYeyGUNCRYG8vpv71nysEr2e360TI5 TDdTVatVkQT6QVcZlFKWpptY+/h+7FbECnbv+o6VZ0smnwdkRwAM1cFgOSJzlIbA EzCtJJok4l0VOJwvrPq/MlxblmvScOZB5XMGChLC/L1U3JFPTebjAMmr/QVyHITa o9dth0718G3PZTadnYKnLvXwy/++1Gr2SrMCNxRBRLSBoWsdq2eOPyvNaxaHWzBr 3o+q39oIaGt1/u0SMLBPn7AXlYi9grT5K9HqvfljNhxRhteem4/Tv5WRbJM6u31I 9LZfJd6LheJwsWO8rxCwVP5b0U8w4jgFuoIdn0WuBfRfoQM2AZaqJknXtEwKuwea xwykqENfOc2TiVl1QKvNLyOkGpVIzQO72Dor6tBv9dkYFTAZ2p+bBJe/t5hoJqdv PVonjhX7af6lUaiPTq4CRzu88AFufSZppIuvlOeYG+2gzSYvGXt62BGQLxb+tenT rK6okHmIm+gZr8b46myOTqnp4GgzifrjJ8+YXpczTerjhspSyo5JXOzYkV7Zk16o 6Z3QkgPZRDKBKeChZ9rK9ecrfib2ivzSTyYNL/1mjT4DM2x640cpRe6z3ayEy7SB W8Ss55hcEiY=TGFc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 15, 2022
Red Hat
100
security advisorymoderateSUSESUSE: 2019:2474-1 Moderate: u-boot Stack Overflow and Data Overwrite
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2474-1 Rating: moderate References: #1144656 #1144675 Cross-References: CVE-2019-13104 CVE-2019-13106 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). - CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2474=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): u-boot-tools-2018.03-4.3.1 u-boot-tools-debuginfo-2018.03-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): u-boot-rpi3-2018.03-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-13104.html https://www.suse.com/security/cve/CVE-2019-13106.html https://bugzilla.suse.com/1144656 https://bugzilla.suse.com/1144675 _______________________________________________ sle-security-updates mailing list
Sep 26, 2019
•Important
SuSE
172
security advisorydenial of servicememory leakUbuntu 16.04 LTS USN-3676-1 Severe Kernel Threats Resolved
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-3676-1 June 11, 2018 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092, CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1027-kvm 4.4.0-1027.32 linux-image-4.4.0-1061-aws 4.4.0-1061.70 linux-image-4.4.0-1091-raspi2 4.4.0-1091.99 linux-image-4.4.0-1094-snapdragon 4.4.0-1094.99 linux-image-4.4.0-128-generic 4.4.0-128.154 linux-image-4.4.0-128-generic-lpae 4.4.0-128.154 linux-image-4.4.0-128-lowlatency 4.4.0-128.154 linux-image-4.4.0-128-powerpc-e500mc 4.4.0-128.154 linux-image-4.4.0-128-powerpc-smp 4.4.0-128.154 linux-image-4.4.0-128-powerpc64-emb 4.4.0-128.154 linux-image-4.4.0-128-powerpc64-smp 4.4.0-128.154 linux-image-aws 4.4.0.1061.63 linux-image-generic 4.4.0.128.134 linux-image-generic-lpae 4.4.0.128.134 linux-image-kvm 4.4.0.1027.26 linux-image-lowlatency 4.4.0.128.134 linux-image-powerpc-e500mc 4.4.0.128.134 linux-image-powerpc-smp 4.4.0.128.134 linux-image-powerpc64-emb 4.4.0.128.134 linux-image-powerpc64-smp 4.4.0.128.134 linux-image-raspi2 4.4.0.1091.91 linux-image-snapdragon 4.4.0.1094.86 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-3676-1 CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087 Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-128.154 https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1061.70 https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1027.32 https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1091.99 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1094.99 . Vulnerabilities within the Linux core addressed with Ubuntu security patch USN-3677-1 to enhance system protection.. Ubuntu Kernel Update, Kernel Security Update, Linux Kernel Threats. . Severity: Critical. LinuxSecurity.com Team
Jun 12, 2018
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!