Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
219
security advisorykernel updatesecurity fixRocky Linux 9 RLSA-2024:4928 Moderate Threat Kernel Security Update
Moderate: kernel security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:4928", "synopsis": "Moderate: kernel security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for kernel.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458)\n\n* kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773)\n\n* kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737)\n\n* kernel: dm: call the resume method on internal suspend (CVE-2024-26880)\n\n* kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)\n\n* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)\n\n* kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046)\n\n* kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030)\n\n* kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857)\n\n* kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907)\n\n* kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885)\n\n* kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809)\n\n* kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459)\n\n* kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924)\n\n* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)\n\n* kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)\n\n* kernel:epoll: be better about file lifetimes (CVE-2024-38580)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2265794", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2265794", "description": ""}, {"ticket": "2273236", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "description": ""}, {"ticket": "2273274", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2273274", "description": ""}, {"ticket": "2275690", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "description": ""}, {"ticket": "2275761", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "description": ""}, {"ticket": "2278337", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2278337", "description": ""}, {"ticket": "2278435", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2278435", "description": ""}, {"ticket": "2278473", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2278473", "description": ""}, {"ticket": "2281247", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2281247", "description": ""}, {"ticket": "2281647", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2281647", "description": ""}, {"ticket": "2281700", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2281700", "description": ""}, {"ticket": "2282669", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "description": ""}, {"ticket": "2282898", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2282898","description": ""}, {"ticket": "2284506", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2284506", "description": ""}, {"ticket": "2284598", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2284598", "description": ""}, {"ticket": "2293316", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "description": ""}, {"ticket": "2293412", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2293412", "description": ""}], "cves": [{"name": "CVE-2021-47459", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2021-47459", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2022-48743", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2022-48743", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-52458", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-52458", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-52809", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-52809", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-26737", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-26737", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-26773", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-26773", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-26852", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-26852", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-26880", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-26880","cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-26982", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-26982", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-27030", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-27030", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-27046", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-27046", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-35857", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-35857", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-35885", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-35885", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-35907", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-35907", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-36924", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-36924", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-36952", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-36952", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-38580", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-38580", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-08-01T01:29:12.010642Z", "rpms": {"Rocky Linux 9": {"nvras": ["bpftool-debuginfo-0:7.3.0-427.28.1.el9_4.x86_64.rpm", "bpftool-0:7.3.0-427.28.1.el9_4.aarch64.rpm","bpftool-0:7.3.0-427.28.1.el9_4.ppc64le.rpm", "bpftool-0:7.3.0-427.28.1.el9_4.s390x.rpm", "bpftool-0:7.3.0-427.28.1.el9_4.x86_64.rpm", "bpftool-debuginfo-0:7.3.0-427.28.1.el9_4.aarch64.rpm", "bpftool-debuginfo-0:7.3.0-427.28.1.el9_4.ppc64le.rpm", "bpftool-debuginfo-0:7.3.0-427.28.1.el9_4.s390x.rpm", "kernel-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-0:5.14.0-427.28.1.el9_4.src.rpm", "kernel-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-64k-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-devel-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-devel-matched-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-modules-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-modules-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-debug-modules-extra-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-devel-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-devel-matched-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-modules-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-modules-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-64k-modules-extra-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-abi-stablelists-0:5.14.0-427.28.1.el9_4.noarch.rpm", "kernel-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-core-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-core-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-cross-headers-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-cross-headers-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-cross-headers-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-cross-headers-0:5.14.0-427.28.1.el9_4.x86_64.rpm","kernel-debug-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-core-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-core-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-debuginfo-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-devel-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-devel-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-devel-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-devel-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-devel-matched-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-devel-matched-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-devel-matched-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-devel-matched-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debuginfo-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-modules-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-modules-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-modules-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-modules-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-modules-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-modules-core-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-debug-modules-core-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-modules-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-modules-extra-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-debug-modules-extra-0:5.14.0-427.28.1.el9_4.ppc64le.rpm","kernel-debug-modules-extra-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-debug-modules-extra-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-debug-uki-virt-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-devel-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-devel-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-devel-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-devel-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-devel-matched-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-devel-matched-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-devel-matched-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-devel-matched-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-doc-0:5.14.0-427.28.1.el9_4.noarch.rpm", "kernel-headers-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-headers-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-headers-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-headers-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-modules-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-modules-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-modules-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-modules-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-modules-core-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-modules-core-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-modules-core-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-modules-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-modules-extra-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-modules-extra-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-modules-extra-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-modules-extra-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-devel-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-kvm-0:5.14.0-427.28.1.el9_4.x86_64.rpm","kernel-rt-debug-modules-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-modules-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-debug-modules-extra-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-devel-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-kvm-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-modules-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-modules-core-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-rt-modules-extra-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-tools-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-tools-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-tools-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-tools-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-tools-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-tools-debuginfo-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-tools-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-tools-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-tools-libs-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-tools-libs-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-tools-libs-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-tools-libs-devel-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "kernel-tools-libs-devel-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "kernel-tools-libs-devel-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-uki-virt-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "kernel-zfcpdump-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-core-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-devel-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-devel-matched-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-modules-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-modules-core-0:5.14.0-427.28.1.el9_4.s390x.rpm", "kernel-zfcpdump-modules-extra-0:5.14.0-427.28.1.el9_4.s390x.rpm", "libperf-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "libperf-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "libperf-0:5.14.0-427.28.1.el9_4.s390x.rpm", "libperf-0:5.14.0-427.28.1.el9_4.x86_64.rpm","libperf-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "libperf-debuginfo-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "libperf-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "libperf-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "perf-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "perf-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "perf-0:5.14.0-427.28.1.el9_4.s390x.rpm", "perf-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "perf-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "perf-debuginfo-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "perf-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "perf-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "python3-perf-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "python3-perf-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "python3-perf-0:5.14.0-427.28.1.el9_4.s390x.rpm", "python3-perf-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "python3-perf-debuginfo-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "python3-perf-debuginfo-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "python3-perf-debuginfo-0:5.14.0-427.28.1.el9_4.s390x.rpm", "python3-perf-debuginfo-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "rtla-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "rtla-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "rtla-0:5.14.0-427.28.1.el9_4.s390x.rpm", "rtla-0:5.14.0-427.28.1.el9_4.x86_64.rpm", "rv-0:5.14.0-427.28.1.el9_4.aarch64.rpm", "rv-0:5.14.0-427.28.1.el9_4.ppc64le.rpm", "rv-0:5.14.0-427.28.1.el9_4.s390x.rpm", "rv-0:5.14.0-427.28.1.el9_4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. New patch released for Rocky Linux 9 targeting security vulnerabilities within the kernel, implementing various corrections rated as moderate severity.. Rocky Linux Kernel Update, Security Fixes, Kernel Security, Linux Updates. . LinuxSecurity.com Team
Aug 01, 2024
Rocky Linux
99
security advisorycritical updateSlackwareSlackware 14.1 SSA:2017-180-01 Critical: Stack Clash Threat Update
New kernel packages are available for Slackware 14.1 to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.1 kernel (SSA:2017-180-01) New kernel packages are available for Slackware 14.1 to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/linux-3.10.107/*: Upgraded. This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys. The first issue may allow attackers to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions. The second issue can be exploited to bypass certain security restrictions and perform unauthorized actions. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt https://www.cve.org/CVERecord?id=CVE-2017-1000364 https://www.cve.org/CVERecord?id=CVE-2017-1000365 (* Security fix *) In addition, a patch is included and preapplied to guard against other == sk in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls. Thanks to Ben Stern for the bug report. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated packages for Slackware 14.1: Updated packages for Slackware x86_64 14.1: MD5 signatures: +-------------+ Slackware 14.1 packages: 7a3dc2cd4c1067984d0cbc5e257eb0f8 kernel-generic-3.10.107-i486-1.txz 1ec7b64fec890841337dcb0b85c4189e kernel-generic-smp-3.10.107_smp-i686-1.txz 42be9d29509261878e11ee142ddc5835 kernel-headers-3.10.107_smp-x86-1.txz c68758ab09860d8d9585eff27aa7b341 kernel-huge-3.10.107-i486-1.txz 1f27891b34076dfe3b1f1aa56c820017 kernel-huge-smp-3.10.107_smp-i686-1.txz 9b2f9044654c44b7fdaaf1dfa86c1f2b kernel-modules-3.10.107-i486-1.txz 68835ec8daffd1c101651cb1213917ea kernel-modules-smp-3.10.107_smp-i686-1.txz c6b18ccd52ef37879f4791557b1350d1 kernel-source-3.10.107_smp-noarch-1.txz Slackware x86_64 14.1 packages: c363284f807203eb8fedfc0db35ab9c3 kernel-generic-3.10.107-x86_64-1.txz 7101db4ec1cbeb294f41fb65709fb030 kernel-headers-3.10.107-x86-1.txz fef8c622ea91dcaeae915bf11de54aa1 kernel-huge-3.10.107-x86_64-1.txz 4985fb9284200278dd57f8ce14bc1670 kernel-modules-3.10.107-x86_64-1.txz fdced05a099ab697bd91e75118163320 kernel-source-3.10.107-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 3.10.107-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 3.10.107 as the version. If you are using lilo or eliloto boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ . Slackware 14.1 kernel undergoes vital updates addressing stack overflow vulnerabilities and enhancing security measures for improved safeguarding.. Kernel Update, Slackware Security, Stack Clash Fix, Security Patch, Kernel Packages. . Severity: Critical. LinuxSecurity.com Team
Jun 29, 2017
•Critical
Slackware
98
security advisorycritical issueRed HatRed Hat Enterprise Linux 6 RHSA-2014:0924-01 Critical: Kernel Escalation
Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:0924-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0924.html Issue date: 2014-07-23 CVE Names: CVE-2014-4699 CVE-2014-4943 ==================================================================== 1. Summary: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. Alocal, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4699, Important) Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. * A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1115927 - CVE-2014-4699 kernel: x86_64: ptrace: sysret to non-canonical address 1119458 - CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt() 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: kernel-2.6.32-431.20.5.el6.src.rpm i386: kernel-2.6.32-431.20.5.el6.i686.rpm kernel-debug-2.6.32-431.20.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debug-devel-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.20.5.el6.i686.rpm kernel-devel-2.6.32-431.20.5.el6.i686.rpm kernel-headers-2.6.32-431.20.5.el6.i686.rpm perf-2.6.32-431.20.5.el6.i686.rpm perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.20.5.el6.noarch.rpm kernel-doc-2.6.32-431.20.5.el6.noarch.rpm kernel-firmware-2.6.32-431.20.5.el6.noarch.rpm x86_64: kernel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm kernel-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-headers-2.6.32-431.20.5.el6.x86_64.rpm perf-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: kernel-2.6.32-431.20.5.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.20.5.el6.i686.rpm perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm python-perf-2.6.32-431.20.5.el6.i686.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: kernel-2.6.32-431.20.5.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.20.5.el6.noarch.rpm kernel-doc-2.6.32-431.20.5.el6.noarch.rpm kernel-firmware-2.6.32-431.20.5.el6.noarch.rpm x86_64: kernel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm kernel-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-headers-2.6.32-431.20.5.el6.x86_64.rpm perf-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: kernel-2.6.32-431.20.5.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: kernel-2.6.32-431.20.5.el6.src.rpm i386: kernel-2.6.32-431.20.5.el6.i686.rpm kernel-debug-2.6.32-431.20.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debug-devel-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.20.5.el6.i686.rpm kernel-devel-2.6.32-431.20.5.el6.i686.rpm kernel-headers-2.6.32-431.20.5.el6.i686.rpm perf-2.6.32-431.20.5.el6.i686.rpm perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.20.5.el6.noarch.rpm kernel-doc-2.6.32-431.20.5.el6.noarch.rpm kernel-firmware-2.6.32-431.20.5.el6.noarch.rpm ppc64: kernel-2.6.32-431.20.5.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.20.5.el6.ppc64.rpm kernel-debug-2.6.32-431.20.5.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.20.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.20.5.el6.ppc64.rpm kernel-devel-2.6.32-431.20.5.el6.ppc64.rpm kernel-headers-2.6.32-431.20.5.el6.ppc64.rpm perf-2.6.32-431.20.5.el6.ppc64.rpm perf-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm s390x: kernel-2.6.32-431.20.5.el6.s390x.rpm kernel-debug-2.6.32-431.20.5.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.s390x.rpm kernel-debug-devel-2.6.32-431.20.5.el6.s390x.rpm kernel-debuginfo-2.6.32-431.20.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.20.5.el6.s390x.rpm kernel-devel-2.6.32-431.20.5.el6.s390x.rpm kernel-headers-2.6.32-431.20.5.el6.s390x.rpm kernel-kdump-2.6.32-431.20.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.20.5.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.20.5.el6.s390x.rpm perf-2.6.32-431.20.5.el6.s390x.rpm perf-debuginfo-2.6.32-431.20.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.s390x.rpm x86_64: kernel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm kernel-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-headers-2.6.32-431.20.5.el6.x86_64.rpm perf-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: kernel-2.6.32-431.20.5.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.20.5.el6.i686.rpm perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm python-perf-2.6.32-431.20.5.el6.i686.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.20.5.el6.ppc64.rpm perf-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm python-perf-2.6.32-431.20.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.20.5.el6.s390x.rpm kernel-debuginfo-2.6.32-431.20.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.20.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.20.5.el6.s390x.rpm perf-debuginfo-2.6.32-431.20.5.el6.s390x.rpm python-perf-2.6.32-431.20.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: kernel-2.6.32-431.20.5.el6.src.rpm i386: kernel-2.6.32-431.20.5.el6.i686.rpm kernel-debug-2.6.32-431.20.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debug-devel-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.20.5.el6.i686.rpm kernel-devel-2.6.32-431.20.5.el6.i686.rpm kernel-headers-2.6.32-431.20.5.el6.i686.rpm perf-2.6.32-431.20.5.el6.i686.rpm perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.20.5.el6.noarch.rpm kernel-doc-2.6.32-431.20.5.el6.noarch.rpm kernel-firmware-2.6.32-431.20.5.el6.noarch.rpm x86_64: kernel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm kernel-devel-2.6.32-431.20.5.el6.x86_64.rpm kernel-headers-2.6.32-431.20.5.el6.x86_64.rpm perf-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: kernel-2.6.32-431.20.5.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-2.6.32-431.20.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.20.5.el6.i686.rpm perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm python-perf-2.6.32-431.20.5.el6.i686.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.20.5.el6.x86_64.rpm perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm python-perf-2.6.32-431.20.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.20.5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify thesignature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-4699 https://access.redhat.com/security/cve/CVE-2014-4943 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTz/D4XlSAg2UNWIIRAk3AAKCY8n5qeLBMA9x9vkVcwUNAu4iAmQCcDXQM R2iBqbe55B9yfppjZqBOHDQ=yxns -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 23, 2014
•Important
Red Hat
98
security advisorydenial of serviceprivilege escalationRed Hat OpenStack 3.0 RHSA-2013:1080 Moderate Kernel Update: DoS Risk
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:1080-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2013:1080.html Issue date: 2013-07-16 CVE Names: CVE-2012-6548 CVE-2013-0914 CVE-2013-1848 CVE-2013-2128 CVE-2013-2634 CVE-2013-2635 CVE-2013-2852 CVE-2013-3222 CVE-2013-3224 CVE-2013-3225 CVE-2013-3301 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. This update fixes the following security issues: * A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb) were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service. (CVE-2013-2128, Moderate) *Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, Low) * An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2013-0914, Low) * A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the "fwpostfix" b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low) * A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low) Red Hat would like to thank Kees Cook for reporting CVE-2013-2852. More information on the Red Hat Enterprise Linux 6.4 kernel packages upon which these custom kernel packages are based is available in RHSA-2013:1051: https://access.redhat.com/errata/RHSA-2013:1051.html All Red Hat OpenStack 3.0 users deploying the OpenStack Networking service are advised to install these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 This Red Hat OpenStack 3.0 kernel may be installed by running this command while logged in as the root user on a system that hasthe required entitlements and subscriptions attached: # yum install "kernel-2.6.*.openstack.el6.x86_64" Documentation for both stable and preview releases of Red Hat OpenStack is available at: In particular it is highly recommended that all users read the Release Notes document for the relevant Red Hat OpenStack release prior to installation. 5. Bugs fixed (http://bugzilla.redhat.com/): 920499 - CVE-2013-0914 Kernel: sa_restorer information leak 920783 - CVE-2013-1848 kernel: ext3: format string issues 922353 - CVE-2012-6548 Kernel: udf: information leak on export 924689 - CVE-2013-2634 kernel: Information leak in the Data Center Bridging (DCB) component 924690 - CVE-2013-2635 kernel: Information leak in the RTNETLINK component 952197 - CVE-2013-3301 Kernel: tracing: NULL pointer dereference 955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg() 955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg() 955649 - CVE-2013-3225 Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg 968484 - CVE-2013-2128 Kernel: net: oops from tcp_collapse() when using splice(2) 969518 - CVE-2013-2852 kernel: b43: format string leaking into error msgs 6. Package List: OpenStack3: Source: noarch: kernel-doc-2.6.32-358.114.1.openstack.el6.noarch.rpm kernel-firmware-2.6.32-358.114.1.openstack.el6.noarch.rpm x86_64: kernel-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debug-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-devel-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-headers-2.6.32-358.114.1.openstack.el6.x86_64.rpm perf-2.6.32-358.114.1.openstack.el6.x86_64.rpm perf-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm python-perf-2.6.32-358.114.1.openstack.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-6548 https://access.redhat.com/security/cve/CVE-2013-0914 https://access.redhat.com/security/cve/CVE-2013-1848 https://access.redhat.com/security/cve/CVE-2013-2128 https://access.redhat.com/security/cve/CVE-2013-2634 https://access.redhat.com/security/cve/CVE-2013-2635 https://access.redhat.com/security/cve/CVE-2013-2852 https://access.redhat.com/security/cve/CVE-2013-3222 https://access.redhat.com/security/cve/CVE-2013-3224 https://access.redhat.com/security/cve/CVE-2013-3225 https://access.redhat.com/security/cve/CVE-2013-3301 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/errata/RHSA-2013:1051.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFR5ZELXlSAg2UNWIIRAnyEAKCQmfo77gOX4PyGDEpf7KbN4VmvGACgp/ZQ wRA1/svGVSCxEBsM1o9XQeQ=MQ/x -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 16, 2013
Red Hat
98
security advisorysecurity issuekernel updateCentOS 7.5 CESA-2021:0823-02 High Kernel Vulnerability Patches
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:0928-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0928.html Issue date: 2013-06-11 CVE Names: CVE-2012-4542 CVE-2013-0311 CVE-2013-1767 CVE-2013-1773 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the vhost kernel module handled descriptorsthat spanned multiple regions. A privileged guest user in a KVM (Kernel-based Virtual Machine) guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() functionof the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A format string flaw was foundin the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) Red Hat would like to thank Andrew Honig of Google for reporting the CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798 issues. The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes 912905 - CVE-2013-0311 kernel: vhost: fix length for cross region descriptor 915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object 916115 - CVE-2013-1773 kernel: VFAT slab-based buffer overflow 917012 - CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME 917013 - CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME 917017 - CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads 920783 - CVE-2013-1848 kernel: ext3:format string issues 6. Package List: Red Hat Enterprise Linux Server EUS (v.6.3): Source: kernel-2.6.32-279.31.1.el6.src.rpm i386: kernel-2.6.32-279.31.1.el6.i686.rpm kernel-debug-2.6.32-279.31.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.31.1.el6.i686.rpm kernel-devel-2.6.32-279.31.1.el6.i686.rpm kernel-headers-2.6.32-279.31.1.el6.i686.rpm perf-2.6.32-279.31.1.el6.i686.rpm perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.31.1.el6.noarch.rpm kernel-firmware-2.6.32-279.31.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.31.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.31.1.el6.ppc64.rpm kernel-debug-2.6.32-279.31.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.31.1.el6.ppc64.rpm kernel-devel-2.6.32-279.31.1.el6.ppc64.rpm kernel-headers-2.6.32-279.31.1.el6.ppc64.rpm perf-2.6.32-279.31.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.31.1.el6.s390x.rpm kernel-debug-2.6.32-279.31.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.31.1.el6.s390x.rpm kernel-devel-2.6.32-279.31.1.el6.s390x.rpm kernel-headers-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.31.1.el6.s390x.rpm perf-2.6.32-279.31.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.31.1.el6.x86_64.rpm kernel-debug-2.6.32-279.31.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.31.1.el6.x86_64.rpm kernel-devel-2.6.32-279.31.1.el6.x86_64.rpm kernel-headers-2.6.32-279.31.1.el6.x86_64.rpm perf-2.6.32-279.31.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: kernel-2.6.32-279.31.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.31.1.el6.i686.rpm perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm python-perf-2.6.32-279.31.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.31.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm python-perf-2.6.32-279.31.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.31.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm python-perf-2.6.32-279.31.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.31.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm python-perf-2.6.32-279.31.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2012-4542 https://access.redhat.com/security/cve/CVE-2013-0311 https://access.redhat.com/security/cve/CVE-2013-1767 https://access.redhat.com/security/cve/CVE-2013-1773 https://access.redhat.com/security/cve/CVE-2013-1796 https://access.redhat.com/security/cve/CVE-2013-1797 https://access.redhat.com/security/cve/CVE-2013-1798 https://access.redhat.com/security/cve/CVE-2013-1848 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Ubuntu unveils significant software patch correcting various vulnerabilities and errors for its LTS 20.04.. kernel update, Red Hat Enterprise, security advisory. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2013
•Important
Red Hat
200
security advisorykernel updatekernel patchScientific Linux: Kernel Update for SL 40,41,42 - Important Security Issues
Updated kernel packages that fix several security issues in . Date: Tue, 24 Jan 2006 16:34:46 -0600 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for "kernel" on SL 40,41,42 i386,x86_64 now available Comments: To:
Jan 24, 2006
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!