Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
217
security advisorycritical issuekernel updateOracle Linux 6 ELSA-2023-12842 Critical Kernel Update for Security
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12842 https://linux.oracle.com/errata/ELSA-2023-12842.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.79.2.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.79.2.el6uek.noarch.rpm kernel-uek-4.1.12-124.79.2.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.79.2.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.79.2.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.79.2.el6uek.x86_64.rpm Related CVEs: CVE-2022-34918 CVE-2023-2513 CVE-2023-4387 CVE-2023-22024 CVE-2023-3772 CVE-2023-35001 CVE-2023-4206 CVE-2023-3611 CVE-2023-4459 CVE-2023-3776 Description of changes: [4.1.12-124.79.2] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814273] {CVE-2023-4206} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636291] {CVE-2023-3611} - rds: Fix lack of reentrancy for connection reset with dst addr zero (HÃ¥kon Bugge) [Orabug: 35741584] [Orabug: 35818110] {CVE-2023-22024} [4.1.12-124.79.1] - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754509] {CVE-2023-3772} - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) [Orabug: 35732892] {CVE-2023-4459} - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) [Orabug: 35732764] {CVE-2023-4387} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636313] {CVE-2023-3776} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609787] {CVE-2023-35001} - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) [Orabug: 35382025] {CVE-2023-2513} - ext4: addEXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) [Orabug: 35382025] {CVE-2023-2513} - netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) [Orabug: 34362008] {CVE-2022-34918} _______________________________________________ El-errata mailing list
Oct 03, 2023
•Critical
Oracle
217
security advisorykernel updatekernel patchOracle Linux 6 ELSA-2023-12800 Critical Update: Kernel Security Fix
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12800 https://linux.oracle.com/errata/ELSA-2023-12800.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.78.4.1.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.78.4.1.el6uek.noarch.rpm kernel-uek-4.1.12-124.78.4.1.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.78.4.1.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.78.4.1.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.78.4.1.el6uek.x86_64.rpm Related CVEs: CVE-2023-22024 Description of changes: [4.1.12-124.78.4.1.el6uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero (HÃ¥kon Bugge) [Orabug: 35741584] {CVE-2023-22024} _______________________________________________ El-errata mailing list
Sep 16, 2023
•Critical
Oracle
217
security advisorycritical issuekernel updateOracle Linux 6 ELSA-2023-12759 Critical: Kernel Update and Fixes
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12759 https://linux.oracle.com/errata/ELSA-2023-12759.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.78.2.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.78.2.el6uek.noarch.rpm kernel-uek-4.1.12-124.78.2.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.78.2.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.78.2.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.78.2.el6uek.x86_64.rpm Related CVEs: CVE-2022-1015 CVE-2023-3106 CVE-2023-3567 Description of changes: [4.1.12-124.78.2.el6uek] - xfrm: fix crash in XFRM_MSG_GETSA netlink handler (Vegard Nossum) [Orabug: 35598955] {CVE-2023-3106} - netfilter: nf_tables: validate registers coming from userspace (Harshvardhan Jha) [Orabug: 34012909] {CVE-2022-1015} [4.1.12-124.78.1.el6uek] - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649493] {CVE-2023-3567} _______________________________________________ El-errata mailing list
Sep 05, 2023
•Critical
Oracle
217
security advisorysecurity patchcritical securityOracle Linux 6 ELSA-2023-12238 Critical NSS Security Update
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12238 https://linux.oracle.com/errata/ELSA-2023-12238.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: nss-3.44.0-7.0.3.el6_10.i686.rpm nss-devel-3.44.0-7.0.3.el6_10.i686.rpm nss-pkcs11-devel-3.44.0-7.0.3.el6_10.i686.rpm nss-sysinit-3.44.0-7.0.3.el6_10.i686.rpm nss-tools-3.44.0-7.0.3.el6_10.i686.rpm x86_64: nss-3.44.0-7.0.3.el6_10.i686.rpm nss-3.44.0-7.0.3.el6_10.x86_64.rpm nss-devel-3.44.0-7.0.3.el6_10.i686.rpm nss-devel-3.44.0-7.0.3.el6_10.x86_64.rpm nss-pkcs11-devel-3.44.0-7.0.3.el6_10.i686.rpm nss-pkcs11-devel-3.44.0-7.0.3.el6_10.x86_64.rpm nss-sysinit-3.44.0-7.0.3.el6_10.x86_64.rpm nss-tools-3.44.0-7.0.3.el6_10.x86_64.rpm Related CVEs: CVE-2023-0767 Description of changes: [3.44.0-7.0.3] - Back port nss security update CVE-2023-0767 [Orabug: 35205543] _______________________________________________ El-errata mailing list
Apr 06, 2023
•Critical
Oracle
217
security advisorysecurity issuekernel updateOracle Linux 6: ELSA-2023-12109 Critical Kernel Update and Fixes
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12109 https://linux.oracle.com/errata/ELSA-2023-12109.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.71.3.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.71.3.el6uek.noarch.rpm kernel-uek-4.1.12-124.71.3.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.71.3.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.71.3.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.71.3.el6uek.x86_64.rpm Related CVEs: CVE-2022-3524 CVE-2022-3564 CVE-2022-3628 CVE-2022-42895 CVE-2022-42896 CVE-2022-4662 Description of changes: [4.1.12-124.71.3.el6uek] - USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896} - Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307] - ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035] [4.1.12-124.71.2.el6uek] - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763] - check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865] - KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865] - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564} - Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564} [4.1.12-124.71.1.el6uek] - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895} - wifi: brcmfmac: Fix potential buffer overflow inbrcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628} - tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524} _______________________________________________ El-errata mailing list
Feb 07, 2023
•Critical
Oracle
98
security advisoryRed Hatremote code executionRed Hat 8.4: RHSA-2023-0596-01 Critical: Git Remote Code Execution
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: git security update Advisory ID: RHSA-2023:0596-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0596 Issue date: 2023-02-06 CVE Names: CVE-2022-23521 CVE-2022-41903 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: gitattributes parsing integer overflow (CVE-2022-23521) * git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, andother related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.4): Source: git-2.27.0-3.el8_4.src.rpm aarch64: git-2.27.0-3.el8_4.aarch64.rpm git-core-2.27.0-3.el8_4.aarch64.rpm git-core-debuginfo-2.27.0-3.el8_4.aarch64.rpm git-credential-libsecret-2.27.0-3.el8_4.aarch64.rpm git-credential-libsecret-debuginfo-2.27.0-3.el8_4.aarch64.rpm git-daemon-2.27.0-3.el8_4.aarch64.rpm git-daemon-debuginfo-2.27.0-3.el8_4.aarch64.rpm git-debuginfo-2.27.0-3.el8_4.aarch64.rpm git-debugsource-2.27.0-3.el8_4.aarch64.rpm git-subtree-2.27.0-3.el8_4.aarch64.rpm noarch: git-all-2.27.0-3.el8_4.noarch.rpm git-core-doc-2.27.0-3.el8_4.noarch.rpm git-email-2.27.0-3.el8_4.noarch.rpm git-gui-2.27.0-3.el8_4.noarch.rpm git-instaweb-2.27.0-3.el8_4.noarch.rpm git-svn-2.27.0-3.el8_4.noarch.rpm gitk-2.27.0-3.el8_4.noarch.rpm gitweb-2.27.0-3.el8_4.noarch.rpm perl-Git-2.27.0-3.el8_4.noarch.rpm perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm ppc64le: git-2.27.0-3.el8_4.ppc64le.rpm git-core-2.27.0-3.el8_4.ppc64le.rpm git-core-debuginfo-2.27.0-3.el8_4.ppc64le.rpm git-credential-libsecret-2.27.0-3.el8_4.ppc64le.rpm git-credential-libsecret-debuginfo-2.27.0-3.el8_4.ppc64le.rpm git-daemon-2.27.0-3.el8_4.ppc64le.rpm git-daemon-debuginfo-2.27.0-3.el8_4.ppc64le.rpm git-debuginfo-2.27.0-3.el8_4.ppc64le.rpm git-debugsource-2.27.0-3.el8_4.ppc64le.rpm git-subtree-2.27.0-3.el8_4.ppc64le.rpm s390x: git-2.27.0-3.el8_4.s390x.rpm git-core-2.27.0-3.el8_4.s390x.rpm git-core-debuginfo-2.27.0-3.el8_4.s390x.rpm git-credential-libsecret-2.27.0-3.el8_4.s390x.rpm git-credential-libsecret-debuginfo-2.27.0-3.el8_4.s390x.rpm git-daemon-2.27.0-3.el8_4.s390x.rpm git-daemon-debuginfo-2.27.0-3.el8_4.s390x.rpm git-debuginfo-2.27.0-3.el8_4.s390x.rpm git-debugsource-2.27.0-3.el8_4.s390x.rpm git-subtree-2.27.0-3.el8_4.s390x.rpm x86_64: git-2.27.0-3.el8_4.x86_64.rpm git-core-2.27.0-3.el8_4.x86_64.rpm git-core-debuginfo-2.27.0-3.el8_4.x86_64.rpm git-credential-libsecret-2.27.0-3.el8_4.x86_64.rpm git-credential-libsecret-debuginfo-2.27.0-3.el8_4.x86_64.rpm git-daemon-2.27.0-3.el8_4.x86_64.rpm git-daemon-debuginfo-2.27.0-3.el8_4.x86_64.rpm git-debuginfo-2.27.0-3.el8_4.x86_64.rpm git-debugsource-2.27.0-3.el8_4.x86_64.rpm git-subtree-2.27.0-3.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23521 https://access.redhat.com/security/cve/CVE-2022-41903 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY+FwddzjgjWX9erEAQhv2w/9FnUh9lRmSYMqtpn0WrpPAfNOb58ImZKy 2dSzQjy8xnSVSTkFT6Fq2KQNGWmwW/0UFVl8L+9FDZY3Xkl+/zkr1dyHueFevRpG 1+TB1C6l0F0vyYBz+bBiixzr9eoS2uzFVRKu+i2lwpf3ppwWyc+qkDojDPrsgA78 f4esuOu0xgqFfdVFHQkorUm6CPQc8UycJoFJh3t+xtZ1Kt9eOCwZFk4joXOysw9h sOmGMQ9fSpg6/yNc0TeBfPnYEMr1qlpbXmZ5SQasAUkIRL86m2YMCTndtu1gR5Rp tW97/rpjOxVOLLp9T1sRcmypJ6ruDECv1ATcJjRmUa4CMOHh6nfR/PwVKmcrwmL4 C2RPBd/gH+7t3LxzRV4OX85wEFN+PtyYfyweAYtg7nd/6yvwweBVuqN/dCBk8ITs euLfpHgkFwoJT2jValgSSq5fasfPhwx/DZFM5RWcIhcqQ8o2A0CMWP6hjBnPi1sA CxAPcjCa84e5Inctg8/y/rXflFbijtj6NiQcXD/gSgqm6bbb1acVVULijYszj0D+ 95+z1Heu5mWtD1NW50MAsbZbc6187Mk2Lw3ewOLk3qOwvI0IhsDoSw/h2rcWL/AN paLqjvC/t7SWXkv5o2q2ZGaO5f84f/PLNq01RcQTdqlC1ZufpteqY5caQMaSHcgI GymNhsegj7o=2YIK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 06, 2023
•Important
Red Hat
217
security advisorykernel updatesecurity patchOracle Linux 6 ELSA-2022-9260 Critical: Kernel Security Updates
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9260 https://linux.oracle.com/errata/ELSA-2022-9260.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.61.2.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.61.2.el6uek.noarch.rpm kernel-uek-4.1.12-124.61.2.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.61.2.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.61.2.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.61.2.el6uek.x86_64.rpm Related CVEs: CVE-2020-36516 CVE-2021-20322 CVE-2021-3772 CVE-2022-0330 CVE-2022-26966 Description of changes: [4.1.12-124.61.2.el6uek] - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34023956] [4.1.12-124.61.1.el6uek] - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835812] {CVE-2022-0330} - drm/i915: Reduce locking in execlist command submission (Chris Wilson) [Orabug: 33835812] {CVE-2022-0330} - ipv4: make exception cache less predictible (Eric Dumazet) [Orabug: 33894531] {CVE-2021-20322} - route: also update fnhe_genid when updating a route cache (Xin Long) [Orabug: 33894531] {CVE-2021-20322} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - sctp: add vtag check in sctp_sf_violation (Xin Long) [Orabug: 33924717] {CVE-2021-3772} - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) [Orabug: 33924717] {CVE-2021-3772} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962995] {CVE-2022-26966} _______________________________________________ El-errata mailing list
Apr 05, 2022
•Critical
Oracle
217
security advisorysecurity fixkernel patchOracle Linux 6 ELSA-2022-9014 Critical Kernel Security Fix
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9014 https://linux.oracle.com/errata/ELSA-2022-9014.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.59.1.2.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.59.1.2.el6uek.noarch.rpm kernel-uek-4.1.12-124.59.1.2.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.59.1.2.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.59.1.2.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.59.1.2.el6uek.x86_64.rpm Related CVEs: CVE-2021-0920 CVE-2021-1048 CVE-2021-4155 Description of changes: [4.1.12-124.59.1.2.el6uek] - fix regression in "epoll: Keep a reference on files added to the check list" (Al Viro) [Orabug: 33679854] {CVE-2021-1048} - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679806] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) [Orabug: 33679806] {CVE-2021-0920} - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 33679806] [4.1.12-124.59.1.1.el6uek] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33703630] {CVE-2021-4155} _______________________________________________ El-errata mailing list
Jan 10, 2022
•Critical
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!