Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisorycriticalFedoraFedora 39: FEDORA-2024-900dc7f6ff Critical: runc File Descriptor Leak
security fix for CVE-2024-21626. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-900dc7f6ff 2024-02-06 01:17:01.499262 -------------------------------------------------------------------------------- Name : runc Product : Fedora 39 Version : 1.1.12 Release : 1.fc39 URL : https://github.com/opencontainers/runc Summary : CLI for running Open Containers Description : The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -------------------------------------------------------------------------------- Update Information: security fix for CVE-2024-21626 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 1 2024 Lokesh Mandvekar - 2:1.1.12-1 - bump to v1.1.12 * Thu Feb 1 2024 Davanum Srinivas - 2:1.1.9-1 - Update to runc 1.1.9 version -------------------------------------------------------------------------------- References: [ 1 ] Bug #2258725 - CVE-2024-21626 runc: file descriptor leak https://bugzilla.redhat.com/show_bug.cgi?id=2258725 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-900dc7f6ff' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 06, 2024
•Critical
Fedora
87
security advisorycriticalsoftware updateDebian DSA-5615-1 Critical: Runc Container Breakout Issue Remediated
It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was suspectible to multiple container breakouts due to an internal file descriptor leak. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5615-1
Feb 04, 2024
•Critical
Debian
89
security advisorymoderateFedoraFedora 34 FEDORA-2022-5e6d5fe680 Moderate Polkit File Leak
Security fix for CVE-2021-4115. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5e6d5fe680 2022-03-03 15:50:19.518051 --------------------------------------------------------------------------------Name : polkit Product : Fedora 34 Version : 0.117 Release : 3.fc34.3 URL : https://gitlab.freedesktop.org/polkit/polkit/ Summary : An authorization framework Description : polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-4115 --------------------------------------------------------------------------------ChangeLog: * Wed Feb 16 2022 Jan Rybar - 0.117-3.3 - file descriptor exhaustion (GHSL-2021-077) - Resolves: CVE-2021-4115 --------------------------------------------------------------------------------References: [ 1 ] Bug #2007534 - CVE-2021-4115 polkit: file descriptor leak allows an unprivileged user to cause a crash https://bugzilla.redhat.com/show_bug.cgi?id=2007534 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5e6d5fe680' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 03, 2022
Fedora
203
security advisorycritical issuefile descriptor leakMageia 8: 2022-0080 Critical: Polkit File Descriptor Leak Issue
There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion. (CVE-2021-4115) References: . MGASA-2022-0080 - Updated polkit packages fix security vulnerability Publication date: 22 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0080.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-4115 There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion. (CVE-2021-4115) References: - https://bugs.mageia.org/show_bug.cgi?id=30066 - https://www.openwall.com/lists/oss-security/2022/02/18/1 - https://bugzilla.redhat.com/show_bug.cgi?id=2007534 - https://securitylab.github.com/advisories/GHSL-2021-077-polkit/ - - https://lists.fedoraproject.org/archives/list/
Feb 22, 2022
•Critical
Mageia
89
security advisoryFedorafile descriptor leakFedora 30: FEDORA-2019-b6d3c8b0a8 critical: pam-u2f file leak
New upstream release Fixes Debug file descriptor leak CVE-2019-1221 Fixes insecure debug file handling CVE-2019-1220. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-b6d3c8b0a8 2019-06-19 22:44:22.998271 --------------------------------------------------------------------------------Name : pam-u2f Product : Fedora 30 Version : 1.0.8 Release : 1.fc30 URL : https://developers.yubico.com/pam-u2f/ Summary : Implements PAM authentication over U2F Description : The PAM U2F module provides an easy way to integrate the Yubikey (or other U2F-compliant authenticators) into your existing user authentication infrastructure. --------------------------------------------------------------------------------Update Information: New upstream release Fixes Debug file descriptor leak CVE-2019-1221 Fixes insecure debug file handling CVE-2019-1220 --------------------------------------------------------------------------------ChangeLog: * Wed Jun 5 2019 Seth Jennings - 1.0.8-1 - New upstream release - Fixes Debug file descriptor leak CVE-2019-1221 - Fixes insecure debug file handling CVE-2019-1220 - resolves: #1717326 --------------------------------------------------------------------------------References: [ 1 ] Bug #1717326 - Debug file descriptor leak CVE-2019-1221 and insecure debug file handling CVE-2019-12209 https://bugzilla.redhat.com/show_bug.cgi?id=1717326 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-b6d3c8b0a8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 19, 2019
•Critical
Fedora
89
security advisorymoderatedenial of serviceFedora 29: 2018-061502de84 High: libc Memory Corruption Vulnerability
This update for the `glibc` package addresses one moderate security vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in `if_nametoindex` can lead to a denial of service due to resource exhaustion when processing `getaddrinfo` calls with crafted host names. Reported by Guido Vranken. (RHBZ#1654000) * Failure to create the helper thread for. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-060302dc83 2018-12-04 02:22:12.111599 --------------------------------------------------------------------------------Name : glibc Product : Fedora 28 Version : 2.27 Release : 35.fc28 URL : https://www.gnu.org/software/libc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. --------------------------------------------------------------------------------Update Information: This update for the `glibc` package addresses one moderate security vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in `if_nametoindex` can lead to a denial of service due to resource exhaustion when processing `getaddrinfo` calls with crafted host names. Reported by Guido Vranken. (RHBZ#1654000) * Failure to create the helper thread for `getaddrinfo_a`/`libanl` could result in a crash. (RHBZ#1646381) * On certain Haswell-class Intel CPUs, string function feature flags could be set incorrectly, leading to a suboptimal choice of string functions. (RHBZ#1641980) * Parallel building of locales led to nondeterminism in the RPM buildprocess. (RHBZ#1652228) * Various minor bug fixes from the upstream 2.27 release branch were imported as part of this update ([swbz#17630](https://sourceware.org/bugzilla/show_bug.cgi?id=17630), [swbz#22753](https://sourceware.org/bugzilla/show_bug.cgi?id=22753), [swbz#23275](https://sourceware.org/bugzilla/show_bug.cgi?id=23275), [swbz#23562](https://sourceware.org/bugzilla/show_bug.cgi?id=23562), [swbz#23579](https://sourceware.org/bugzilla/show_bug.cgi?id=23579), [swbz#23822](https://sourceware.org/bugzilla/show_bug.cgi?id=23822)). --------------------------------------------------------------------------------ChangeLog: * Wed Nov 28 2018 Florian Weimer - 2.27-35 - Auto-sync with upstream branch release/2.27/master, commit 9f433fc791ca4f9d678903ff45b504b524c886fb: - CVE-2018-19591: if_nametoindex: Fix descriptor leak (#1654000) - libanl: proper cleanup if first helper thread creation failed (#1646381) - x86: Fix Haswell CPU string flags (#1641980) - resolv/tst-resolv-network.c: Additional test case (swbz#17630) - ia64: fix missing exp2f, log2f and powf symbols in libm.a (swbz#23822) - conform: XFAIL siginfo_t si_band test on sparc64 - signal: Use correct type for si_band in siginfo_t (swbz#23562) - pthread_mutex_lock: Fix race while promoting to PTHREAD_MUTEX_ELISION_NP (swbz#23275) - preadv2/pwritev2: Fix misreported errno (swbz#23579) - preadv2/pwritev2: Handle offset == -1 (swbz#22753) - posix_spawn: Fix potential segmentation fault * Mon Nov 26 2018 Florian Weimer - 2.27-34 - Do not use parallel make for building locales (#1652228) * Thu Aug 30 2018 Florian Weimer - 2.27-33 - Revert glibc_make_flags setting which is not needed in Fedora 28 (#1600034) * Wed Aug 29 2018 Florian Weimer - 2.27-32 - Auto-sync with upstream branch release/2.27/master, commit 2b47bb9cba048e778a7d832f284feccb14a40483: - nptl: Fix waiters-after-spinning case in pthread_cond_broadcast (#1622669) - x86: Correct index_cpu_LZCNT (swbz#23456) - x86: Populate COMMON_CPUID_INDEX_80000001for Intel CPUs (swbz#23459) * Mon Aug 13 2018 Carlos O'Donell - 2.27-31 - Remove abort() warning in manual (#1615608) * Wed Jul 11 2018 Florian Weimer - 2.27-30 - Auto-sync with upstream branch release/2.27/master, commit 68c1bf80978594388157c62fd2edd467d4e8dfb2: - regexec: Fix off-by-one bug in weight comparison (#1582229) - es_BO locale: Change LC_PAPER to en_US (swbz#22996) - conform/conformtest.pl: Escape literal braces in regular expressions * Wed Jul 11 2018 Florian Weimer - 2.27-29 - Add POWER9 multilib (downstream only) * Wed Jul 11 2018 Florian Weimer - 2.27-28 - Work around valgrind issue on i686 (#1600034) * Fri Jul 6 2018 Florian Weimer - 2.27-27 - Build additional files with stack protector * Fri Jul 6 2018 Florian Weimer - 2.27-26 - Enable build flags inheritance for nonshared flags * Fri Jul 6 2018 Florian Weimer - 2.27-25 - Inherit further build flags (downstream only) * Wed Jul 4 2018 Florian Weimer - 2.27-24 - Add annobin annotations to assembler code (downstream only) (#1548438) * Wed Jul 4 2018 Florian Weimer - 2.27-23 - Enable -D_FORTIFY_SOURCE=2 for nonshared code * Wed Jul 4 2018 Florian Weimer - 2.27-22 - Auto-sync with upstream branch release/2.27/master, commit 5fab7fe1dc9cab9a46cf5c8840aa9b7ea3a26296: - math: Set 387 and SSE2 rounding mode for tgamma on i386 (swbz#23253) * Wed Jul 4 2018 Florian Weimer - 2.27-21 - Switch to upstream implementation of --disable-crypt (#1566464) * Tue Jul 3 2018 Florian Weimer - 2.27-20 - Auto-sync with upstream branch release/2.27/master, commit 7602b9e48c30c146d52df91dd83e518b8d0d343b: - math: Fix parameter type in C++ version of iseqsig (swbz#23171) - Use _STRUCT_TIMESPEC as guard in (swbz#23349) - getifaddrs: Don't return ifa entries with NULL names (swbz#21812) - libio: Disable vtable validation in case of interposition (swbz#23313) - stdio-common/tst-printf.c: Remove part under a non-free license (swbz#23363) * Wed Jun 20 2018 Florian Weimer - 2.27-19 - Modernisensswitch.conf defaults (#1581809) * Mon Jun 18 2018 Florian Weimer - 2.27-18 - iconv: Make IBM273 equivalent to ISO-8859-1 (#1592270) * Mon Jun 18 2018 Florian Weimer - 2.27-17 - Align build flags inheritance with master (downstream only) * Mon Jun 18 2018 Florian Weimer - 2.27-16 - Auto-sync with upstream branch release/2.27/master, commit 80c83e91140d429c73f79092fdb75eed0fb71da0: - libio: Avoid _allocate_buffer, _free_buffer function pointers (swbz#23236) - posix: Fix posix_spawnp to not execute invalid binaries in non compat mode (swbz#23264) - elf: Improve DST handling (swbz#23102, swbz#21942, swbz#18018, swbz#23259) * Thu May 24 2018 Florian Weimer - 2.27-15 - Rebuild to add back .symtab section in ld.so (#1570246) - Switch to upstream version of libidn2 removal (#1452750) - Auto-sync with upstream branch release/2.27/master, commit 50df56ca86a281c8fd99a8100aac75539813788d: - CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275) * Thu May 17 2018 Florian Weimer - 2.27-14 - Do not run telinit u on upgrades (#1579225) * Tue May 15 2018 Florian Weimer - 2.27-13 - Auto-sync with upstream branch release/2.27/master, commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606: - sunrpc: Remove stray exports (#1577210) - gd_GB: Fix typo in abbreviated "May" (swbz#23152) - CVE-2018-11236: realpath: Fix path length overflow (#1581270, swbz#22786) - elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419) - resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037) - manual: Various fixes to the mbstouwcs example, and mbrtowc update - getlogin_r: return early when linux sentinel value is set - resolv: Fix crash in resolver on memory allocation failure (swbz#23005) - Fix signed integer overflow in random_r (swbz#17343) - RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069) * Fri May 11 2018 Florian Weimer - 2.27-12 - Unconditionally build downstream with -mstackrealign for now * Fri May 11 2018 Florian Weimer - 2.27-11 -Inherit compiler flags in the original order * Fri May 11 2018 Florian Weimer - 2.27-10 - Inherit the -mstackrealign flag if it is set * Fri May 11 2018 Florian Weimer - 2.27-9 - Use /usr/bin/python3 for benchmarks scripts (#1577223) --------------------------------------------------------------------------------References: [ 1 ] Bug #1653993 - CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c https://bugzilla.redhat.com/show_bug.cgi?id=1653993 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-060302dc83' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 04, 2018
•Medium
Fedora
200
security advisorymoderatebug fixScientific Linux: SLSA-2013:0831-1 Moderate: Libvirt File Descriptor Leak
Moderate: libvirt security and bug fix update. Date: Thu, 16 May 2013 18:05:25 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: libvirt on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: libvirt security and bug fix update Advisory ID: SLSA-2013:0831-1 Issue Date: 2013-05-16 CVE Numbers: CVE-2013-1962 -- It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read- only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services (such as starting a new guest) until libvirtd is restarted. (CVE-2013-1962) This update also fixes the following bugs: * Previously, libvirt made control group (cgroup) requests on files that it should not have. With older kernels, such nonsensical cgroup requests were ignored; however, newer kernels are stricter, resulting in libvirt logging spurious warnings and failures to the libvirtd and audit logs. The audit log failures displayed by the ausearch tool were similar to the following: root [date] - failed cgroup allow path rw /dev/kqemu With this update, libvirt no longer attempts the nonsensical cgroup actions, leaving only valid attempts in the libvirtd and audit logs (making it easier to search for real cases of failure). * Previously, libvirt used the wrong variable when constructing audit messages. This led to invalid audit messages, causing ausearch to format certain entries as having "path=(null)" instead of the correct path. This could prevent ausearch from locating events related to cgroup device ACL modifications for guests managed by libvirt. With this update, the audit messages are generated correctly, preventing loss of audit coverage. After installing the updated packages, libvirtd will be restarted automatically. -- SL6 x86_64 libvirt-0.10.2-18.el6_4.5.x86_64.rpm libvirt-client-0.10.2-18.el6_4.5.i686.rpm libvirt-client-0.10.2-18.el6_4.5.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm libvirt-python-0.10.2-18.el6_4.5.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.5.i686.rpm libvirt-devel-0.10.2-18.el6_4.5.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.5.x86_64.rpm i386 libvirt-0.10.2-18.el6_4.5.i686.rpm libvirt-client-0.10.2-18.el6_4.5.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm libvirt-python-0.10.2-18.el6_4.5.i686.rpm libvirt-devel-0.10.2-18.el6_4.5.i686.rpm - Scientific Linux Development Team . A recent libvirt update for Scientific Linux has rectified a file descriptor leakage and resolved audit messaging concerns, thereby improving overall security.. Scientific Linux, libvirt, bug fixes, security updates, file descriptor leak. . Severity: Important. LinuxSecurity.com Team
May 16, 2013
•Important
Scientific Linux
87
security advisorydebianremote threatDebian: DSA-1282-1 Critical: OpenSSL Memory Management Vulnerability Fix
On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny). This problem has been fixed in version 0.90.1-3etch2 for Debian 4.0 (etch). . - ------------------------------------------------------------------------Debian Security Advisory DSA-1281-2
May 21, 2007
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!