Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 36 articles for you...
89
security advisoryfedoraupdate informationFedora 44 kf6 Update Advisory 2026-fe3d8d4767 Frameworks 6.25.0
Frameworks 6.25.0 + KDE Plasma 6.6.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fe3d8d4767 2026-04-16 23:40:54.273526+00:00 -------------------------------------------------------------------------------- Name : kf6 Product : Fedora 44 Version : 6.25.0 Release : 1.fc44 URL : https://kde.org/ Summary : Filesystem and RPM macros for KDE Frameworks 6 Description : Filesystem and RPM macros for KDE Frameworks 6 -------------------------------------------------------------------------------- Update Information: Frameworks 6.25.0 + KDE Plasma 6.6.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2026 Steve Cossette - 6.25.0-1 - 6.25.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455469 - Configuring WifI network via Network pane appears to not work https://bugzilla.redhat.com/show_bug.cgi?id=2455469 [ 2 ] Bug #2457573 - FE: KDE Frameworks 6.25.0 + Plasma 6.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=2457573 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fe3d8d4767' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 16, 2026
•Informational
Fedora
172
security advisorycriticalaccess controlUbuntu 22.04 LTS: Addressing Critical Linux Kernel Security USN-7653-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7653-1 July 17, 2025 linux-hwe-6.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-hwe-6.8: Linux hardware enablement (HWE) kernel Details: It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Drivers core; - Network block device driver; - Character device driver; - TPM device driver; - Clock framework and drivers; - FireWire subsystem; - GPIO subsystem; - GPU drivers; - HID subsystem; - I3C subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Media drivers; - NVIDIA Tegra memory controller driver; - Fastrpc Driver; - Network drivers; - Mellanox network drivers; - Operating Performance Points (OPP) driver; - PCI subsystem; - x86 platform drivers; - i.MX PM domains; - PPS (Pulse Per Second) driver; - PTP clock framework; - Remote Processor subsystem; - Real Time Clock drivers; - SCSI subsystem; - QCOM SoC drivers; - Media staging drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - USB Host Controller drivers; - USB Serial drivers; - AFS file system; - File systems infrastructure; - BTRFS file system; - F2FS file system; - GFS2 file system; -NILFS2 file system; - File system notification infrastructure; - Overlay file system; - Proc file system; - SMB network file system; - UBI file system; - Timer subsystem; - KVM subsystem; - Networking core; - ptr_ring data structure definitions; - Networking subsytem; - Amateur Radio drivers; - XFRM subsystem; - Tracing infrastructure; - BPF subsystem; - Kernel CPU control infrastructure; - Padata parallel execution mechanism; - printk logging mechanism; - Memory management; - Bluetooth subsystem; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - IEEE 802.15.4 subsystem; - Multipath TCP; - Netfilter; - NFC subsystem; - Open vSwitch; - Rose network layer; - RxRPC session sockets; - Network traffic control; - VMware vSockets driver; - Landlock security; - Linux Security Modules (LSM) Framework; - Tomoyo security module; - SoC audio core drivers; (CVE-2025-21830, CVE-2025-21678, CVE-2025-21815, CVE-2024-57974, CVE-2025-21725, CVE-2025-21718, CVE-2025-21748, CVE-2025-21732, CVE-2024-57953, CVE-2025-21727, CVE-2025-21816, CVE-2025-21719, CVE-2024-53124, CVE-2024-58019, CVE-2025-38001, CVE-2025-21720, CVE-2025-21734, CVE-2025-21672, CVE-2025-21692, CVE-2024-58076, CVE-2025-21694, CVE-2024-58061, CVE-2025-21714, CVE-2025-21689, CVE-2024-49887, CVE-2024-57949, CVE-2025-38177, CVE-2025-21683, CVE-2025-21669, CVE-2025-21722, CVE-2024-57980, CVE-2025-38000, CVE-2025-37932, CVE-2024-58034, CVE-2024-58081, CVE-2025-21733, CVE-2025-21682, CVE-2024-57924, CVE-2025-21743, CVE-2024-57975, CVE-2025-37798, CVE-2024-58058, CVE-2025-21809, CVE-2025-21676, CVE-2024-57993, CVE-2025-21699, CVE-2024-58016, CVE-2025-21832, CVE-2025-21804, CVE-2024-58011, CVE-2024-58007, CVE-2025-21826, CVE-2024-58055, CVE-2025-21668, CVE-2025-21715, CVE-2024-58078, CVE-2025-21829, CVE-2025-21811, CVE-2025-21814, CVE-2024-58053, CVE-2025-21726, CVE-2025-21943, CVE-2025-37750, CVE-2025-21673, CVE-2024-57984, CVE-2025-37997,CVE-2025-21684, CVE-2025-21750, CVE-2024-58013, CVE-2025-21799, CVE-2024-58083, CVE-2025-21798, CVE-2025-21731, CVE-2025-21708, CVE-2024-57986, CVE-2025-21744, CVE-2024-58014, CVE-2025-21721, CVE-2024-58063, CVE-2024-57979, CVE-2024-58005, CVE-2025-21728, CVE-2025-21681, CVE-2025-21806, CVE-2024-57982, CVE-2024-58002, CVE-2024-58082, CVE-2025-21812, CVE-2025-21745, CVE-2024-58017, CVE-2025-21665, CVE-2025-21828, CVE-2025-37890, CVE-2024-57952, CVE-2024-57997, CVE-2025-21825, CVE-2025-21716, CVE-2024-57948, CVE-2025-21710, CVE-2025-21674, CVE-2025-21675, CVE-2024-50157, CVE-2025-21738, CVE-2025-22088, CVE-2024-58071, CVE-2024-58085, CVE-2025-21723, CVE-2025-21690, CVE-2025-21670, CVE-2025-21741, CVE-2024-57999, CVE-2025-21691, CVE-2024-58068, CVE-2024-58057, CVE-2024-57994, CVE-2024-58072, CVE-2025-21742, CVE-2024-58006, CVE-2024-58077, CVE-2024-58003, CVE-2025-21753, CVE-2024-57981, CVE-2024-57973, CVE-2024-58001, CVE-2025-21666, CVE-2025-21810, CVE-2025-21808, CVE-2024-57996, CVE-2024-58054, CVE-2024-57998, CVE-2025-21707, CVE-2025-21736, CVE-2025-21820, CVE-2025-21739, CVE-2024-57951, CVE-2025-21667, CVE-2024-58070, CVE-2025-21801, CVE-2024-58051, CVE-2024-58079, CVE-2025-21754, CVE-2024-58069, CVE-2025-37974, CVE-2025-21802, CVE-2025-21749, CVE-2024-57990, CVE-2024-58080, CVE-2025-21705, CVE-2025-21697, CVE-2024-58052, CVE-2025-21711, CVE-2024-58056, CVE-2025-21724, CVE-2024-58018, CVE-2025-21735, CVE-2024-58010, CVE-2025-21680) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-6.8.0-64-generic 6.8.0-64.67~22.04.1 linux-image-6.8.0-64-generic-64k 6.8.0-64.67~22.04.1 linux-image-generic-6.8 6.8.0-64.67~22.04.1 linux-image-generic-64k-6.8 6.8.0-64.67~22.04.1 linux-image-generic-64k-hwe-22.04 6.8.0-64.67~22.04.1 linux-image-generic-hwe-22.04 6.8.0-64.67~22.04.1 linux-image-oem-22.04 6.8.0-64.67~22.04.1 linux-image-oem-22.04a 6.8.0-64.67~22.04.1 linux-image-oem-22.04b 6.8.0-64.67~22.04.1 linux-image-oem-22.04c 6.8.0-64.67~22.04.1 linux-image-oem-22.04d 6.8.0-64.67~22.04.1 linux-image-virtual-6.8 6.8.0-64.67~22.04.1 linux-image-virtual-hwe-22.04 6.8.0-64.67~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7653-1 CVE-2024-49887, CVE-2024-50157, CVE-2024-53124, CVE-2024-57924, CVE-2024-57948, CVE-2024-57949, CVE-2024-57951, CVE-2024-57952, CVE-2024-57953, CVE-2024-57973, CVE-2024-57974, CVE-2024-57975, CVE-2024-57979, CVE-2024-57980, CVE-2024-57981, CVE-2024-57982, CVE-2024-57984, CVE-2024-57986, CVE-2024-57990, CVE-2024-57993, CVE-2024-57994, CVE-2024-57996, CVE-2024-57997, CVE-2024-57998, CVE-2024-57999, CVE-2024-58001, CVE-2024-58002, CVE-2024-58003, CVE-2024-58005, CVE-2024-58006, CVE-2024-58007, CVE-2024-58010, CVE-2024-58011, CVE-2024-58013, CVE-2024-58014, CVE-2024-58016, CVE-2024-58017, CVE-2024-58018, CVE-2024-58019, CVE-2024-58034, CVE-2024-58051, CVE-2024-58052, CVE-2024-58053, CVE-2024-58054, CVE-2024-58055, CVE-2024-58056, CVE-2024-58057, CVE-2024-58058, CVE-2024-58061, CVE-2024-58063, CVE-2024-58068, CVE-2024-58069, CVE-2024-58070, CVE-2024-58071, CVE-2024-58072, CVE-2024-58076, CVE-2024-58077, CVE-2024-58078, CVE-2024-58079, CVE-2024-58080, CVE-2024-58081, CVE-2024-58082, CVE-2024-58083, CVE-2024-58085, CVE-2025-21665, CVE-2025-21666, CVE-2025-21667, CVE-2025-21668, CVE-2025-21669, CVE-2025-21670, CVE-2025-21672, CVE-2025-21673, CVE-2025-21674, CVE-2025-21675,CVE-2025-21676, CVE-2025-21678, CVE-2025-21680, CVE-2025-21681, CVE-2025-21682, CVE-2025-21683, CVE-2025-21684, CVE-2025-21689, CVE-2025-21690, CVE-2025-21691, CVE-2025-21692, CVE-2025-21694, CVE-2025-21697, CVE-2025-21699, CVE-2025-21705, CVE-2025-21707, CVE-2025-21708, CVE-2025-21710, CVE-2025-21711, CVE-2025-21714, CVE-2025-21715, CVE-2025-21716, CVE-2025-21718, CVE-2025-21719, CVE-2025-21720, CVE-2025-21721, CVE-2025-21722, CVE-2025-21723, CVE-2025-21724, CVE-2025-21725, CVE-2025-21726, CVE-2025-21727, CVE-2025-21728, CVE-2025-21731, CVE-2025-21732, CVE-2025-21733, CVE-2025-21734, CVE-2025-21735, CVE-2025-21736, CVE-2025-21738, CVE-2025-21739, CVE-2025-21741, CVE-2025-21742, CVE-2025-21743, CVE-2025-21744, CVE-2025-21745, CVE-2025-21748, CVE-2025-21749, CVE-2025-21750, CVE-2025-21753, CVE-2025-21754, CVE-2025-21798, CVE-2025-21799, CVE-2025-21801, CVE-2025-21802, CVE-2025-21804, CVE-2025-21806, CVE-2025-21808, CVE-2025-21809, CVE-2025-21810, CVE-2025-21811, CVE-2025-21812, CVE-2025-21814, CVE-2025-21815, CVE-2025-21816, CVE-2025-21820, CVE-2025-21825, CVE-2025-21826, CVE-2025-21828, CVE-2025-21829, CVE-2025-21830, CVE-2025-21832, CVE-2025-21943, CVE-2025-22088, CVE-2025-2312, CVE-2025-37750, CVE-2025-37798, CVE-2025-37890, CVE-2025-37932, CVE-2025-37974, CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38177 Package Information: https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-64.67~22.04.1 . Recent enhancements to the Ubuntu kernel tackle vital vulnerabilities that jeopardize system stability and the privacy of user information.. Ubuntu kernel security, HWE updates, Linux kernel threats, system security alerts. . Severity: Critical. LinuxSecurity.com Team
Jul 17, 2025
•Critical
Ubuntu
89
security advisoryfedoraimportantFedora 41: 2025-785afc6856 important: rust-which I/O improvements
rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-785afc6856 2025-07-10 16:29:02.147541+00:00 -------------------------------------------------------------------------------- Name : rust-which Product : Fedora 41 Version : 8.0.0 Release : 1.fc41 URL : https://crates.io/crates/which Summary : Rust equivalent of Unix command "which" Description : A Rust equivalent of Unix command "which". Locate installed executable in cross platforms. -------------------------------------------------------------------------------- Update Information: rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors. Call the NonFatalHandler in more places to catch previously ignored I/O errors. Remove use of the either dependency. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 25 2025 Benjamin A. Beasley - 8.0.0-1 - Update to version 8.0.0; Fixes RHBZ#2370374 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2370374 - rust-which-8.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2370374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-785afc6856' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 10, 2025
•Important
Fedora
89
security advisoryfedoraimportantFedora 41: FEDORA-2025-785afc6856 important: rust-nu-command I/O errors
rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-785afc6856 2025-07-10 16:29:02.147541+00:00 -------------------------------------------------------------------------------- Name : rust-nu-command Product : Fedora 41 Version : 0.99.1 Release : 8.fc41 URL : https://crates.io/crates/nu-command Summary : Nushell's built-in commands Description : Nushell's built-in commands. -------------------------------------------------------------------------------- Update Information: rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors. Call the NonFatalHandler in more places to catch previously ignored I/O errors. Remove use of the either dependency. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 26 2025 Benjamin A. Beasley - 0.99.1-8 - Allow which 8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2370374 - rust-which-8.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2370374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-785afc6856' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 10, 2025
•Important
Fedora
89
security advisorymoderatefedoraFedora 42 FEDORA-2025-0cde7282be moderate: rust-which update
rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0cde7282be 2025-07-10 15:21:50.193768+00:00 -------------------------------------------------------------------------------- Name : rust-which Product : Fedora 42 Version : 8.0.0 Release : 1.fc42 URL : https://crates.io/crates/which Summary : Rust equivalent of Unix command "which" Description : A Rust equivalent of Unix command "which". Locate installed executable in cross platforms. -------------------------------------------------------------------------------- Update Information: rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors. Call the NonFatalHandler in more places to catch previously ignored I/O errors. Remove use of the either dependency. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 25 2025 Benjamin A. Beasley - 8.0.0-1 - Update to version 8.0.0; Fixes RHBZ#2370374 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2370374 - rust-which-8.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2370374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0cde7282be' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 10, 2025
Fedora
89
security advisoryfedoraimportantFedora 42: FEDORA-2025-0cde7282be important: rust-procs update
rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0cde7282be 2025-07-10 15:21:50.193768+00:00 -------------------------------------------------------------------------------- Name : rust-procs Product : Fedora 42 Version : 0.14.10 Release : 2.fc42 URL : https://crates.io/crates/procs Summary : Modern replacement for ps Description : A modern replacement for ps. -------------------------------------------------------------------------------- Update Information: rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors. Call the NonFatalHandler in more places to catch previously ignored I/O errors. Remove use of the either dependency. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 26 2025 Benjamin A. Beasley - 0.14.10-2 - Allow which 8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2370374 - rust-which-8.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2370374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0cde7282be' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 10, 2025
•Important
Fedora
89
security advisoryfedoracriticalFedora 43: FEDORA-2026-1def8733bf urgent: cargo-nu-task operation
rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0cde7282be 2025-07-10 15:21:50.193768+00:00 -------------------------------------------------------------------------------- Name : rust-nu-command Product : Fedora 42 Version : 0.99.1 Release : 8.fc42 URL : https://crates.io/crates/nu-command Summary : Nushell's built-in commands Description : Nushell's built-in commands. -------------------------------------------------------------------------------- Update Information: rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors. Call the NonFatalHandler in more places to catch previously ignored I/O errors. Remove use of the either dependency. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 26 2025 Benjamin A. Beasley - 0.99.1-8 - Allow which 8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2370374 - rust-which-8.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2370374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0cde7282be' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 10, 2025
•Critical
Fedora
203
security advisoryfilesystemcontainer securityMageia 9 MGASA-2025-0004: Critical runc Filesystem Issue Fixed
runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start . MGASA-2025-0004 - Updated opencontainers-runc packages fix security vulnerability Publication date: 10 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0004.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-45310 runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. References: - https://bugs.mageia.org/show_bug.cgi?id=33519 - https://www.openwall.com/lists/oss-security/2024/09/03/1 - https://www.cve.org/CVERecord?id=CVE-2024-45310 SRPMS: - 9/core/opencontainers-runc-1.1.14-1.mga9 . New patches for opencontainers-runc packages have been issued to mitigate severe filesystem security vulnerabilities in Mageia.. opencontainers-runc security, Mageia security updates, container filesystem issue, software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jan 10, 2025
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!