Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorydenial of serviceimportantMageia 9: MGASA-2025-0271 Opencontainers-runc Important Denial of Service
MGASA-2025-0271 - Updated opencontainers-runc packages fix security vulnerabilities. MGASA-2025-0271 - Updated opencontainers-runc packages fix security vulnerabilities Publication date: 09 Nov 2025 URL: https://advisories.mageia.org/MGASA-2025-0271.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 Description: The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt (CVE-2025-31133) and a flaw in /dev/console bind-mounts can lead to container escape (CVE-2025-52565). Also, arbitrary write gadgets and procfs write redirects could be used to engineer container escape and denial of service (CVE-2025-52881). References: - https://bugs.mageia.org/show_bug.cgi?id=34719 - https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 - https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm - https://www.openwall.com/lists/oss-security/2025/11/05/3 - https://www.cve.org/CVERecord?id=CVE-2025-31133 - https://www.cve.org/CVERecord?id=CVE-2025-52565 - https://www.cve.org/CVERecord?id=CVE-2025-52881 SRPMS: - 9/core/opencontainers-runc-1.2.8-2.1.mga9 . Updated opencontainers-runc packages address vulnerabilities impacting Mageia 9, enhancing system security and stability.. opencontainers,runc,security advisory,mageia. . Severity: Important. LinuxSecurity.com Team
Nov 09, 2025
•Important
Mageia
203
security advisoryDoSkernelMageia: 2019-0217 Critical: Xen Memory Management DoS Attack
This kernel update is based on the upstream 5.1.20 and fixes atleast the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory . MGASA-2019-0217 - Updated kernel packages fix security vulnerability Publication date: 03 Aug 2019 URL: https://advisories.mageia.org/MGASA-2019-0217.html Type: security Affected Mageia releases: 7 This kernel update is based on the upstream 5.1.20 and fixes atleast the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory (either via grant mappings, or via the foreign mapping interface). For Linux to keep track of these mappings, it needs to have a page structure for each one. In PV dom0, a range of pfns are typically set aside at boot (“pre-ballooned”) for this purpose; for PVH and Arm dom0s, no memory is set aside to begin with. In either case, when more of this “foreign / grant map pfn space” is needed, dom0 will balloon out extra pages to use for this purpose. Unfortunately, in Linux, there are no limits, either on the total amount of memory which dom0 will attempt to balloon down to, nor on the amount of “foreign / grant map” memory which any individual guest can consume. As a result, a malicious guest may be able, with crafted requests to the backend, to cause dom0 to exhaust its own memory, leading to a host crash; and if this is not possible, it may be able to monopolize all of the foreign / grant map pfn space, starving out other guests (XSA-300). Other changes in this update: - kernel configs: * enable Full dynticks system (tickless) (NO_HZ_FULL) * enable CONFIG_RCU_NOCB_CPU (mga#24701) - add kernel side support for temperature monitoring on Amd Ryzen 3000 series (lm_sensors 3.5.0-2.1.mga7 or newer is also needed) For other upstream changes in this update, see the referenced changelogs. Note! This is the last update that isbased on the upstream 5.1 series. Next update will be based on the upstream 5.2 series. References: - https://bugs.mageia.org/show_bug.cgi?id=25185 - https://bugs.mageia.org/show_bug.cgi?id=24701 - https://xenbits.xen.org/xsa/advisory-300.html - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.19 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.20 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.21 SRPMS: - 7/core/kernel-5.1.20-2.mga7 - 7/core/kernel-userspace-headers-5.1.20-1.mga7 - 7/core/kmod-virtualbox-6.0.10-2.mga7 - 7/core/kmod-xtables-addons-3.3-56.mga7 . A kernel patch has been released to address a critical security flaw in Mageia, affecting memory handling and potentially leading to system failures.. Mageia Kernel Security Update, DoS Vulnerability, Xen Memory Management, Host Crash Fix. . Severity: Critical. LinuxSecurity.com Team
Aug 03, 2019
•Critical
Mageia
200
security advisoryimportantkvmScientific Linux SL5: SLSA-2015:0869-1 Important KVM Security Update
Important: kvm security update. Date: Wed, 22 Apr 2015 14:11:07 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: kvm on SL5.x x86_64 MIME-Version: 1.0 Synopsis: Important: kvm security update Advisory ID: SLSA-2015:0869-1 Issue Date: 2015-04-22 CVE Numbers: CVE-2014-3611 CVE-2014-3610 -- It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Note: The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. or you may restart your system. -- SL5 x86_64 kmod-kvm-83-270.el5_11.x86_64.rpm kmod-kvm-debug-83-270.el5_11.x86_64.rpm kvm-83-270.el5_11.x86_64.rpm kvm-debuginfo-83-270.el5_11.x86_64.rpm kvm-qemu-img-83-270.el5_11.x86_64.rpm kvm-tools-83-270.el5_11.x86_64.rpm - Scientific Linux Development Team . Significant KVM security patch released for Scientific Linux addresses severe vulnerabilities to avert potential host failures.. KVM Security Update, Scientific Linux, Host Crash Protection. . Severity: Important. LinuxSecurity.com Team
Apr 22, 2015
•Important
Scientific Linux
200
security advisorylocal privilege escalationmemory corruptionScientific Linux: SLSA-2023:0422-1 Critical KVM Security Patch
Important: kvm security update. Date: Wed, 12 Feb 2014 19:56:59 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: kvm on SL5.x x86_64 MIME-Version: 1.0 Synopsis: Important: kvm security update Advisory ID: SLSA-2014:0163-1 Issue Date: 2014-02-12 CVE Numbers: CVE-2013-6367 CVE-2013-6368 -- A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host. (CVE-2013-6367) A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6368) Note: The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. -- SL5 x86_64 kmod-kvm-83-266.el5_10.1.x86_64.rpm kmod-kvm-debug-83-266.el5_10.1.x86_64.rpm kvm-83-266.el5_10.1.x86_64.rpm kvm-debuginfo-83-266.el5_10.1.x86_64.rpm kvm-qemu-img-83-266.el5_10.1.x86_64.rpm kvm-tools-83-266.el5_10.1.x86_64.rpm - Scientific Linux Development Team . Crucial KVM security patch issued by Scientific Linux due to serious vulnerabilities undermining system integrity.. KVM Security Update, Scientific Linux, Important Advisory, Local Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Feb 12, 2014
•Important
Scientific Linux
100
security advisorydenial of servicecritical fixSUSE 10 SP3: 2011:1057-1 Critical: Xen Denial Of Service Fix
An update that solves three vulnerabilities and has three An update that solves three vulnerabilities and has three An update that solves three vulnerabilities and has three fixes is now available. fixes is now available.. SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1057-1 Rating: important References: #654798 #659070 #679344 #684297 #704380 #712038 Cross-References: CVE-2011-1166 CVE-2011-1936 CVE-2011-2901 Affected Products: SUSE Linux Enterprise Server 10 SP3 SLE SDK 10 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update fixes various bugs in XEN: The following security issues have been fixed: * A denial of service (Host Crash) in the XEN hypervisor. (CVE-2011-2901) * A bug was found in the way Xen handles CPUID instruction emulation during VM exits. An unprivileged guest user can potentially use this flaw to crash the guest. (CVE-2011-1936) * A 64-bit guest can get one of its vcpus into non-kernel mode without first providing a valid non-kernel pagetable. The observed failure mode was usually a hard lockup of the host (host denial of service). (CVE-2011-1166) It fixes also the following bugs: * bnc#654798 - SLES 10 SP3 XEN: Device /dev/xvdp is already connected error when starting multiple vm's * bnc#684297 - HVM taking too long to dump vmcore Security Issue references: * CVE-2011-2901 * CVE-2011-1166 * CVE-2011-1936 Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64): xen-3.2.3_17040_26-0.6.2.1 xen-devel-3.2.3_17040_26-0.6.2.1 xen-doc-html-3.2.3_17040_26-0.6.2.1 xen-doc-pdf-3.2.3_17040_26-0.6.2.1 xen-doc-ps-3.2.3_17040_26-0.6.2.1 xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-default-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-smp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-libs-3.2.3_17040_26-0.6.2.1 xen-tools-3.2.3_17040_26-0.6.2.1 xen-tools-domU-3.2.3_17040_26-0.6.2.1 xen-tools-ioemu-3.2.3_17040_26-0.6.2.1 - SUSE Linux Enterprise Server 10 SP3 (x86_64): xen-libs-32bit-3.2.3_17040_26-0.6.2.1 - SUSE Linux Enterprise Server 10 SP3 (i586): xen-kmp-bigsmp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-kdumppae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-vmi-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-vmipae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 - SLE SDK 10 SP3 (i586 x86_64): xen-3.2.3_17040_26-0.6.2.1 xen-devel-3.2.3_17040_26-0.6.2.1 xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-libs-3.2.3_17040_26-0.6.2.1 xen-tools-3.2.3_17040_26-0.6.2.1 xen-tools-ioemu-3.2.3_17040_26-0.6.2.1 - SLE SDK 10 SP3 (x86_64): xen-libs-32bit-3.2.3_17040_26-0.6.2.1 References: https://www.suse.com/security/cve/CVE-2011-1166.html https://www.suse.com/security/cve/CVE-2011-1936.html https://www.suse.com/security/cve/CVE-2011-2901.html . SUSE Security Patch for OpenSSL tackles severe vulnerabilities and boosts overall system safety with essential updates.. SUSE Linux,Xen Update,Security Advisory,Critical Issues,SUSE Maintenance. . Severity: Critical. LinuxSecurity.com Team
Sep 20, 2011
•Critical
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!