Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
172
security advisorydenial of servicesecurity issueUbuntu 24.04 LTS USN-7269-2 critical: Intel Microcode DoS
Several security issues were fixed in Intel Microcode.. ========================================================================== Ubuntu Security Notice USN-7269-2 February 24, 2025 intel-microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: USN-7269-1 fixed vulnerabilities in Intel Microcode. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Ke Sun, Paul Grosen and Alyssa Milburn discovered that some Intel® Processors did not properly implement Finite State Machines (FSMs) in Hardware Logic. A local privileged attacker could use this issue to cause a denial of service. (CVE-2024-31068) It was discovered that some Intel® Processors with Intel® SGX did not properly restrict access to the EDECCSSA user leaf function. A local authenticated attacker could use this issue to cause a denial of service. (CVE-2024-36293) Ke Sun, Alyssa Milburn, Benoit Morgan, and Erik Bjorge discovered that the UEFI firmware for some Intel® processors did not properly restrict access. An authenticated local attacker could use this issue to cause a denial of service. (CVE-2024-39279) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS intel-microcode 3.20250211.0ubuntu0.24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7269-2 https://ubuntu.com/security/notices/USN-7269-1 CVE-2024-31068, CVE-2024-36293, CVE-2024-39279 Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.24.04.1 . Intel microcode enhancements for Ubuntu 24.04 LTS targeting various security vulnerabilities and denial of service threats.. Intel Microcode, Ubuntu Updates, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Feb 24, 2025
•Critical
Ubuntu
172
security advisorysecurity issuesoftware updateUbuntu 14.04 LTS USN-7122-1 critical: kernel crash issue
The system could be made to crash under certain conditions.. ========================================================================== Ubuntu Security Notice USN-7122-1 November 19, 2024 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: The system could be made to crash under certain conditions. Software Description: - linux: Linux kernel Details: A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS linux-image-3.13.0-200-generic 3.13.0-200.251 Available with Ubuntu Pro linux-image-3.13.0-200-lowlatency 3.13.0-200.251 Available with Ubuntu Pro linux-image-generic 3.13.0.200.210 Available with Ubuntu Pro linux-image-generic-lts-trusty 3.13.0.200.210 Available with Ubuntu Pro linux-image-lowlatency 3.13.0.200.210 Available with Ubuntu Pro linux-image-server 3.13.0.200.210 Available with Ubuntu Pro linux-image-virtual 3.13.0.200.210 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g.linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7122-1 CVE-2022-48943 . Ubuntu Security Notice USN-7123-1 highlights a significant vulnerability impacting the Linux kernel on Ubuntu 16.04 LTS platforms.. linux kernel security advisory, ubuntu update, system crash issue, linux security patch. . Severity: Critical. LinuxSecurity.com Team
Nov 20, 2024
•Critical
Ubuntu
100
security advisorymoderateserver compromiseSUSE Linux Enterprise Server 15 SP3 Moderate: MariaDB Server Compromise
* bsc#1225983 Cross-References: * CVE-2024-21096 . # Security update for mariadb Announcement ID: SUSE-SU-2024:3018-1 Rating: moderate References: * bsc#1225983 Cross-References: * CVE-2024-21096 CVSS scores: * CVE-2024-21096 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Galera for Ericsson 15 SP3 * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * Updated to 10.5.26 * Updated to 10.5.25: * CVE-2024-21096: Fixed a vulnerability that would allow unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. (bsc#1225983) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3018=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3018=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2024-3018=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3018=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3018=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3018=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) *mariadb-test-10.5.26-150300.3.46.1 * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-test-debuginfo-10.5.26-150300.3.46.1 * mariadb-rpm-macros-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * mariadb-bench-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * mariadb-bench-debuginfo-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * mariadb-galera-10.5.26-150300.3.46.1 * openSUSE Leap 15.3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 *mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21096.html * https://bugzilla.suse.com/show_bug.cgi?id=1225983 . Important security patch release for MySQL on various openSUSE editions to address severe vulnerabilities in database functionalities.. SUSE Linux, MariaDB Update, Security Advisory, Moderate Risk. . Severity: Important. LinuxSecurity.com Team
Aug 27, 2024
•Important
SuSE
172
security advisorydenial of servicekernel securityUbuntu 23.10 LTS: USN-6818-1 Critical Kernel Threats and Fixes
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6818-1 June 07, 2024 linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-lowlatency: Linux low latency kernel - linux-raspi: Linux kernel for Raspberry Pi systems - linux-gcp-6.5: Linux kernel for Google Cloud Platform (GCP) systems - linux-lowlatency-hwe-6.5: Linux low latency kernel Details: Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. (CVE-2024-21823) Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860) Several security issues were discovered in the Linux kernel. Anattacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Core kernel; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Drivers core; - Power management core; - Bus devices; - Device frequency scaling framework; - DMA engine subsystem; - EDAC drivers; - ARM SCMI message protocol; - GPU drivers; - IIO ADC drivers; - InfiniBand drivers; - IOMMU subsystem; - Media drivers; - Multifunction device drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - Device tree and open firmware driver; - PCI driver for MicroSemi Switchtec; - Power supply drivers; - RPMSG subsystem; - SCSI drivers; - QCOM SoC drivers; - SPMI drivers; - Thermal drivers; - TTY drivers; - VFIO drivers; - BTRFS file system; - Ceph distributed file system; - EFI Variable file system; - EROFS file system; - Ext4 file system; - F2FS file system; - GFS2 file system; - JFS file system; - Network file systems library; - Network file system server daemon; - File systems infrastructure; - Pstore file system; - ReiserFS file system; - SMB network file system; - BPF subsystem; - Memory management; - TLS protocol; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Logical Link layer; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NetLabel subsystem; - Network traffic control; - SMC sockets; - Sun RPC protocol; - AppArmor security module; - Intel ASoC drivers; - MediaTek ASoC drivers; - USB sound devices; (CVE-2023-52598, CVE-2023-52676, CVE-2023-52609, CVE-2024-26620, CVE-2023-52487, CVE-2023-52465, CVE-2023-52473,CVE-2023-52467, CVE-2024-26583, CVE-2023-52669, CVE-2023-52664, CVE-2023-52449, CVE-2023-52614, CVE-2024-26595, CVE-2023-52611, CVE-2023-52696, CVE-2023-52591, CVE-2023-52491, CVE-2024-35839, CVE-2023-52679, CVE-2024-26607, CVE-2023-52587, CVE-2023-52469, CVE-2023-52608, CVE-2023-52617, CVE-2023-52698, CVE-2024-26673, CVE-2024-35835, CVE-2024-26808, CVE-2024-26668, CVE-2023-52626, CVE-2023-52621, CVE-2024-35837, CVE-2023-52489, CVE-2023-52597, CVE-2024-26649, CVE-2024-26615, CVE-2024-35838, CVE-2023-52693, CVE-2023-52497, CVE-2024-35842, CVE-2024-26618, CVE-2024-26610, CVE-2024-26631, CVE-2024-26644, CVE-2024-26627, CVE-2023-52677, CVE-2023-52472, CVE-2023-52627, CVE-2023-52486, CVE-2023-52632, CVE-2023-52494, CVE-2023-52468, CVE-2024-26634, CVE-2023-52588, CVE-2024-26646, CVE-2024-26584, CVE-2023-52443, CVE-2023-52691, CVE-2024-26612, CVE-2023-52595, CVE-2024-26592, CVE-2024-26623, CVE-2023-52492, CVE-2024-26670, CVE-2023-52583, CVE-2023-52681, CVE-2023-52635, CVE-2023-52457, CVE-2023-52445, CVE-2024-26629, CVE-2024-26594, CVE-2023-52675, CVE-2023-52488, CVE-2023-52446, CVE-2024-26625, CVE-2023-52697, CVE-2023-52453, CVE-2023-52498, CVE-2023-52686, CVE-2023-52593, CVE-2023-52612, CVE-2023-52687, CVE-2023-52470, CVE-2023-52455, CVE-2023-52444, CVE-2024-26608, CVE-2024-26633, CVE-2024-26645, CVE-2023-52451, CVE-2023-52456, CVE-2024-26640, CVE-2023-52670, CVE-2023-52589, CVE-2024-26598, CVE-2024-35841, CVE-2024-26647, CVE-2024-26636, CVE-2023-52680, CVE-2023-52616, CVE-2023-52685, CVE-2024-26582, CVE-2024-26638, CVE-2023-52694, CVE-2024-35840, CVE-2023-52448, CVE-2023-52623, CVE-2023-52462, CVE-2023-52452, CVE-2024-26641, CVE-2023-52683, CVE-2023-52682, CVE-2023-52594, CVE-2023-52490, CVE-2023-52493, CVE-2023-52633, CVE-2023-52606, CVE-2024-26669, CVE-2023-52584, CVE-2024-26585, CVE-2023-52610, CVE-2023-52672, CVE-2023-52450, CVE-2023-52666, CVE-2023-52458, CVE-2023-52622, CVE-2023-52674, CVE-2023-52619, CVE-2024-26586, CVE-2023-52667, CVE-2024-26616, CVE-2023-52463, CVE-2024-26632,CVE-2023-52447, CVE-2023-52692, CVE-2023-52678, CVE-2023-52607, CVE-2023-52618, CVE-2023-52464, CVE-2024-26671, CVE-2023-52599, CVE-2023-52454, CVE-2023-52495, CVE-2023-52690) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 linux-image-6.5.0-1018-raspi 6.5.0-1018.21 linux-image-6.5.0-1022-gcp 6.5.0-1022.24 linux-image-6.5.0-41-generic 6.5.0-41.41 linux-image-6.5.0-41-generic-64k 6.5.0-41.41 linux-image-6.5.0-41-lowlatency 6.5.0-41.41.1 linux-image-6.5.0-41-lowlatency-64k 6.5.0-41.41.1 linux-image-gcp 6.5.0.1022.24 linux-image-generic 6.5.0.41.41 linux-image-generic-64k 6.5.0.41.41 linux-image-generic-lpae 6.5.0.41.41 linux-image-kvm 6.5.0.41.41 linux-image-lowlatency 6.5.0.41.41.1 linux-image-lowlatency-64k 6.5.0.41.41.1 linux-image-raspi 6.5.0.1018.19 linux-image-raspi-nolpae 6.5.0.1018.19 linux-image-virtual 6.5.0.41.41 Ubuntu 22.04 LTS linux-image-6.5.0-1022-gcp 6.5.0-1022.24~22.04.1 linux-image-6.5.0-41-lowlatency 6.5.0-41.41.1~22.04.1 linux-image-6.5.0-41-lowlatency-64k 6.5.0-41.41.1~22.04.1 linux-image-gcp 6.5.0.1022.24~22.04.1 linux-image-lowlatency-64k-hwe-22.04 6.5.0.41.41.1~22.04.1 linux-image-lowlatency-hwe-22.04 6.5.0.41.41.1~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6818-1 CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52446, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52450, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52454, CVE-2023-52455, CVE-2023-52456, CVE-2023-52457, CVE-2023-52458, CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52465, CVE-2023-52467, CVE-2023-52468, CVE-2023-52469, CVE-2023-52470, CVE-2023-52472, CVE-2023-52473, CVE-2023-52486, CVE-2023-52487, CVE-2023-52488, CVE-2023-52489, CVE-2023-52490, CVE-2023-52491, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52495, CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52584, CVE-2023-52587, CVE-2023-52588, CVE-2023-52589, CVE-2023-52591, CVE-2023-52593, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52609, CVE-2023-52610, CVE-2023-52611, CVE-2023-52612, CVE-2023-52614, CVE-2023-52616, CVE-2023-52617, CVE-2023-52618, CVE-2023-52619, CVE-2023-52621, CVE-2023-52622, CVE-2023-52623, CVE-2023-52626, CVE-2023-52627, CVE-2023-52632, CVE-2023-52633, CVE-2023-52635, CVE-2023-52664, CVE-2023-52666, CVE-2023-52667, CVE-2023-52669, CVE-2023-52670, CVE-2023-52672, CVE-2023-52674, CVE-2023-52675, CVE-2023-52676, CVE-2023-52677, CVE-2023-52678, CVE-2023-52679, CVE-2023-52680, CVE-2023-52681, CVE-2023-52682, CVE-2023-52683, CVE-2023-52685, CVE-2023-52686, CVE-2023-52687, CVE-2023-52690, CVE-2023-52691, CVE-2023-52692, CVE-2023-52693, CVE-2023-52694, CVE-2023-52696, CVE-2023-52697, CVE-2023-52698, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2024-23849, CVE-2024-24860, CVE-2024-26582, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26586, CVE-2024-26592, CVE-2024-26594, CVE-2024-26595, CVE-2024-26598, CVE-2024-26607, CVE-2024-26608, CVE-2024-26610, CVE-2024-26612, CVE-2024-26615,CVE-2024-26616, CVE-2024-26618, CVE-2024-26620, CVE-2024-26623, CVE-2024-26625, CVE-2024-26627, CVE-2024-26629, CVE-2024-26631, CVE-2024-26632, CVE-2024-26633, CVE-2024-26634, CVE-2024-26636, CVE-2024-26638, CVE-2024-26640, CVE-2024-26641, CVE-2024-26644, CVE-2024-26645, CVE-2024-26646, CVE-2024-26647, CVE-2024-26649, CVE-2024-26668, CVE-2024-26669, CVE-2024-26670, CVE-2024-26671, CVE-2024-26673, CVE-2024-26808, CVE-2024-35835, CVE-2024-35837, CVE-2024-35838, CVE-2024-35839, CVE-2024-35840, CVE-2024-35841, CVE-2024-35842 Package Information: https://launchpad.net/ubuntu/+source/linux/6.5.0-41.41 https://launchpad.net/ubuntu/+source/linux-gcp/6.5.0-1022.24 https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-41.41.1 https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1018.21 https://launchpad.net/ubuntu/+source/linux-gcp-6.5/6.5.0-1022.24~22.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.5/6.5.0-41.41.1~22.04.1 . Recent security patches for Ubuntu tackle significant vulnerabilities impacting the Linux kernel in multiple versions.. Ubuntu Security, Kernel Update, Linux Threats, System Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jun 07, 2024
•Critical
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 20.04 LTS: Severe DoS Vulnerability in Linux Kernel 6767-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6767-1 May 07, 2024 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-iot: Linux kernel for IoT platforms - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-ibm-5.4: Linux kernel for IBM cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) Several securityissues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Android drivers; - Hardware random number generator core; - GPU drivers; - Hardware monitoring drivers; - I2C subsystem; - IIO Magnetometer sensors drivers; - InfiniBand drivers; - Network drivers; - PCI driver for MicroSemi Switchtec; - PHY drivers; - Ceph distributed file system; - Ext4 file system; - JFS file system; - NILFS2 file system; - Pstore file system; - Core kernel; - Memory management; - CAN network layer; - Networking core; - IPv4 networking; - Logical Link layer; - Netfilter; - NFC subsystem; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - Realtek audio codecs; (CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615, CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704, CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435, CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619, CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486, CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604, CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671, CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722, CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623, CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606, CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615, CVE-2023-52595, CVE-2023-52607, CVE-2024-26636) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1036-iot 5.4.0-1036.37 linux-image-5.4.0-1043-xilinx-zynqmp 5.4.0-1043.47 linux-image-5.4.0-1071-ibm 5.4.0-1071.76 linux-image-5.4.0-1091-gkeop 5.4.0-1091.95 linux-image-5.4.0-1108-raspi 5.4.0-1108.120 linux-image-5.4.0-1112-kvm 5.4.0-1112.119 linux-image-5.4.0-1123-oracle 5.4.0-1123.132 linux-image-5.4.0-1124-aws 5.4.0-1124.134 linux-image-5.4.0-1128-gcp 5.4.0-1128.137 linux-image-5.4.0-1129-azure 5.4.0-1129.136 linux-image-5.4.0-181-generic 5.4.0-181.201 linux-image-5.4.0-181-generic-lpae 5.4.0-181.201 linux-image-5.4.0-181-lowlatency 5.4.0-181.201 linux-image-aws-lts-20.04 5.4.0.1124.121 linux-image-azure-lts-20.04 5.4.0.1129.123 linux-image-gcp-lts-20.04 5.4.0.1128.130 linux-image-generic 5.4.0.181.179 linux-image-generic-lpae 5.4.0.181.179 linux-image-gkeop 5.4.0.1091.89 linux-image-gkeop-5.4 5.4.0.1091.89 linux-image-ibm-lts-20.04 5.4.0.1071.100 linux-image-kvm 5.4.0.1112.108 linux-image-lowlatency 5.4.0.181.179 linux-image-oem 5.4.0.181.179 linux-image-oem-osp1 5.4.0.181.179 linux-image-oracle-lts-20.04 5.4.0.1123.116 linux-image-raspi 5.4.0.1108.138 linux-image-raspi2 5.4.0.1108.138 linux-image-virtual 5.4.0.181.179 linux-image-xilinx-zynqmp 5.4.0.1043.43 Ubuntu 18.04 LTS linux-image-5.4.0-1071-ibm 5.4.0-1071.76~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1108-raspi 5.4.0-1108.120~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1123-oracle 5.4.0-1123.132~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1124-aws 5.4.0-1124.134~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1128-gcp 5.4.0-1128.137~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1129-azure 5.4.0-1129.136~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-181-generic 5.4.0-181.201~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-181-lowlatency 5.4.0-181.201~18.04.1 Available with Ubuntu Pro linux-image-aws 5.4.0.1124.134~18.04.1 Available with Ubuntu Pro linux-image-azure 5.4.0.1129.136~18.04.1 Available with Ubuntu Pro linux-image-gcp 5.4.0.1128.137~18.04.1 Available with Ubuntu Pro linux-image-generic-hwe-18.04 5.4.0.181.201~18.04.1 Available with Ubuntu Pro linux-image-ibm 5.4.0.1071.76~18.04.1 Available with Ubuntu Pro linux-image-lowlatency-hwe-18.04 5.4.0.181.201~18.04.1 Available with Ubuntu Pro linux-image-oem 5.4.0.181.201~18.04.1 Available with Ubuntu Pro linux-image-oem-osp1 5.4.0.181.201~18.04.1 Available with Ubuntu Pro linux-image-oracle 5.4.0.1123.132~18.04.1 Available with Ubuntu Pro linux-image-raspi-hwe-18.04 5.4.0.1108.120~18.04.1 Available with Ubuntu Pro linux-image-snapdragon-hwe-18.04 5.4.0.181.201~18.04.1 Available with Ubuntu Pro linux-image-virtual-hwe-18.04 5.4.0.181.201~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third partykernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6767-1 CVE-2023-52435, CVE-2023-52486, CVE-2023-52583, CVE-2023-52587, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52601, CVE-2023-52602, CVE-2023-52604, CVE-2023-52606, CVE-2023-52607, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52622, CVE-2023-52623, CVE-2023-52637, CVE-2024-23849, CVE-2024-26593, CVE-2024-26598, CVE-2024-26600, CVE-2024-26602, CVE-2024-26606, CVE-2024-26615, CVE-2024-26625, CVE-2024-26635, CVE-2024-26636, CVE-2024-26645, CVE-2024-26663, CVE-2024-26664, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26696, CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26720, CVE-2024-26722, CVE-2024-26825, CVE-2024-26910, CVE-2024-26920 Package Information: https://launchpad.net/ubuntu/+source/linux/5.4.0-181.201 https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1124.134 https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1129.136 https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1128.137 https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1091.95 https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1071.76 https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1036.37 https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1112.119 https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1123.132 https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1108.120 https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1043.47 . The latest patches for Ubuntu tackle significant vulnerabilities within the Linux core that may result in unauthorized access to the system..Linux Kernel Update, Ubuntu Security, System Compromise. . Severity: Critical. LinuxSecurity.com Team
May 07, 2024
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 22.04/20.04 LTS USN-6339-1 Critical: Kernel Security Issues
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6339-1 September 05, 2023 linux, linux-gcp, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-nvidia: Linux kernel for NVIDIA systems - linux-hwe-5.15: Linux hardware enablement (HWE) kernel - linux-lowlatency-hwe-5.15: Linux low latency kernel Details: It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-48425) Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21255) It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-2898) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A localattacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the KSMBD implementation in the Linux kernel did not properly validate buffer sizes in certain operations, leading to an out-of- bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-38426, CVE-2023-38428) It was discovered that the KSMBD implementation in the Linux kernel did not properly calculate the size of certain buffers. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-38429) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1032-nvidia 5.15.0-1032.32 linux-image-5.15.0-1032-nvidia-lowlatency 5.15.0-1032.32 linux-image-5.15.0-1037-ibm 5.15.0-1037.40 linux-image-5.15.0-1041-gcp 5.15.0-1041.49 linux-image-5.15.0-1041-kvm 5.15.0-1041.46 linux-image-5.15.0-83-generic 5.15.0-83.92 linux-image-5.15.0-83-generic-64k 5.15.0-83.92 linux-image-5.15.0-83-generic-lpae 5.15.0-83.92 linux-image-5.15.0-83-lowlatency 5.15.0-83.92 linux-image-5.15.0-83-lowlatency-64k 5.15.0-83.92 linux-image-gcp-lts-22.04 5.15.0.1041.37 linux-image-generic 5.15.0.83.80 linux-image-generic-64k 5.15.0.83.80 linux-image-generic-lpae 5.15.0.83.80 linux-image-ibm 5.15.0.1037.33 linux-image-kvm 5.15.0.1041.37 linux-image-lowlatency 5.15.0.83.85 linux-image-lowlatency-64k 5.15.0.83.85 linux-image-nvidia 5.15.0.1032.32 linux-image-nvidia-lowlatency 5.15.0.1032.32 linux-image-virtual 5.15.0.83.80 Ubuntu 20.04 LTS: linux-image-5.15.0-83-generic 5.15.0-83.92~20.04.1 linux-image-5.15.0-83-generic-64k 5.15.0-83.92~20.04.1 linux-image-5.15.0-83-generic-lpae 5.15.0-83.92~20.04.1 linux-image-5.15.0-83-lowlatency 5.15.0-83.92~20.04.1 linux-image-5.15.0-83-lowlatency-64k 5.15.0-83.92~20.04.1 linux-image-generic-64k-hwe-20.04 5.15.0.83.92~20.04.41 linux-image-generic-hwe-20.04 5.15.0.83.92~20.04.41 linux-image-generic-lpae-hwe-20.04 5.15.0.83.92~20.04.41 linux-image-lowlatency-64k-hwe-20.04 5.15.0.83.92~20.04.38 linux-image-lowlatency-hwe-20.04 5.15.0.83.92~20.04.38 linux-image-oem-20.04 5.15.0.83.92~20.04.41 linux-image-oem-20.04b 5.15.0.83.92~20.04.41 linux-image-oem-20.04c 5.15.0.83.92~20.04.41 linux-image-oem-20.04d 5.15.0.83.92~20.04.41 linux-image-virtual-hwe-20.04 5.15.0.83.92~20.04.41 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6339-1 CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38426, CVE-2023-38428, CVE-2023-38429 Package Information: https://launchpad.net/ubuntu/+source/linux/5.15.0-83.92 https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1041.49 https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1037.40 https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1041.46 https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-83.92 https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1032.32 https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-83.92~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-83.92~20.04.1 . A range of vulnerabilities addressed in the Ubuntu kernel, affecting various versions; urgent patches required for optimal system performance.. Kernel Security, Ubuntu Updates, Critical Security, Denial Of Service. . Severity: Critical. LinuxSecurity.com Team
Sep 05, 2023
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 18.04 LTS USN-5298-1 Critical: Kernel Denial Of Service
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5298-1 February 22, 2022 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Jürgen Groß discovered that the Xen network backenddriver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Updateinstructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1035-dell300x 4.15.0-1035.40 linux-image-4.15.0-1087-oracle 4.15.0-1087.95 linux-image-4.15.0-1107-kvm 4.15.0-1107.109 linux-image-4.15.0-1116-gcp 4.15.0-1116.130 linux-image-4.15.0-1120-snapdragon 4.15.0-1120.129 linux-image-4.15.0-1131-azure 4.15.0-1131.144 linux-image-4.15.0-169-generic 4.15.0-169.177 linux-image-4.15.0-169-generic-lpae 4.15.0-169.177 linux-image-4.15.0-169-lowlatency 4.15.0-169.177 linux-image-aws-lts-18.04 4.15.0.1121.124 linux-image-azure-lts-18.04 4.15.0.1131.104 linux-image-dell300x 4.15.0.1035.37 linux-image-gcp-lts-18.04 4.15.0.1116.135 linux-image-generic 4.15.0.169.158 linux-image-generic-lpae 4.15.0.169.158 linux-image-kvm 4.15.0.1107.103 linux-image-lowlatency 4.15.0.169.158 linux-image-oracle-lts-18.04 4.15.0.1087.97 linux-image-snapdragon 4.15.0.1120.123 linux-image-virtual 4.15.0.169.158 Ubuntu 16.04 ESM: linux-image-4.15.0-1087-oracle 4.15.0-1087.95~16.04.1 linux-image-4.15.0-1116-gcp 4.15.0-1116.130~16.04.1 linux-image-4.15.0-1131-azure 4.15.0-1131.144~16.04.1 linux-image-4.15.0-169-generic 4.15.0-169.177~16.04.1 linux-image-4.15.0-169-lowlatency 4.15.0-169.177~16.04.1 linux-image-aws-hwe 4.15.0.1120.111 linux-image-azure 4.15.0.1131.122 linux-image-gcp 4.15.0.1116.117 linux-image-generic-hwe-16.04 4.15.0.169.161 linux-image-gke 4.15.0.1116.117 linux-image-lowlatency-hwe-16.04 4.15.0.169.161 linux-image-oem 4.15.0.169.161 linux-image-oracle 4.15.0.1087.75 linux-image-virtual-hwe-16.04 4.15.0.169.161 Ubuntu 14.04 ESM: linux-image-4.15.0-1131-azure 4.15.0-1131.144~14.04.1 linux-image-azure 4.15.0.1131.104 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5298-1 CVE-2021-22600, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-4083, CVE-2021-4155, CVE-2021-4202, CVE-2022-0330, CVE-2022-22942 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-169.177 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1121.129 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1131.144 https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1035.40 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1116.130 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1107.109 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1087.95 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1120.129 . Multiple security flaws addressed in Linux kernel for Ubuntu systems. Ensure you upgrade promptly to safeguard against possible threats.. Linux Kernel Issues, Kernel Security Updates, Ubuntu Kernel Fixes. . Severity: Critical. LinuxSecurity.com Team
Feb 22, 2022
•Critical
Ubuntu
98
security advisoryred hatlow severityRHEL 6.7 Extended Update Support Retirement Notice RHSA-2018:2224 Low
This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 6.7 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.7.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.7 Extended Update Support Six-Month Notice Advisory ID: RHSA-2018:2224-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2224 Issue date: 2018-07-19 ==================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 6.7 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.7. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018. In addition, on-going technical support through Red Hat's Customer Experience and Engagement will be limited as described under "non-current minor releases" in the Knowledge Base article located here https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.7 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hatsubscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Bugs fixed (https://bugzilla.redhat.com/): 1573212 - Send out RHEL 6.7 EUS 6-month retirement notice 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: redhat-release-computenode-6ComputeNode-6.7.0.5.el6_7.2.src.rpm x86_64: redhat-release-computenode-6ComputeNode-6.7.0.5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: redhat-release-server-6Server-6.7.0.5.el6_7.1.src.rpm i386: redhat-release-server-6Server-6.7.0.5.el6_7.1.i686.rpm ppc64: redhat-release-server-6Server-6.7.0.5.el6_7.1.ppc64.rpm s390x: redhat-release-server-6Server-6.7.0.5.el6_7.1.s390x.rpm x86_64: redhat-release-server-6Server-6.7.0.5.el6_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBW1B339zjgjWX9erEAQiL4w//TrO0HMRjmVxJvtsONtnT1iyk6b0mf1HJ S/Dlmbnl5FfQJu6iizEPIoWjHEcyT3X78uzGUGZw5yL9zWpfseycBTkmiC/2feUF 2vj8jB1nAP1r6OK53iyraI0zjsbETcy9hLw6ovVULwS32NOP86o+S5FRb/CTotxU 1jYP2qqCfF3rPREYd00l9ytKMN5lspLwgdx8I4LadnQyAsTrfb5G0NG9+a2ZWROp fhq7D7WQeEstsUnjZfewb8+iabAmF92X9xE2Ew9bw5fXHnaYd8VSQSwKb03WfF7R kxxTu+18ocNjeDhb0kI6waN+QBVPR5VVDPZNXMqoSd1Zg24yRW23KO6UT53W3UUW fgq+fLtlJWHaMoxGzkDmdokG18UetK+uNhuOqiarKxKkuzqMZ+AEGHnIhVRQ96T5 SAOtU97OaOL1eCCWMMhcTh0aqso5d8lqBtv4iC2oTHluTD2hpz+/Oy4s1E8XC86w VRKNwq0TswYO+bpmVoOwnMAw/6k/BaX/8DsTsZDRvYgnaPN72rCMDbLXoukMQwVX DkR2UxLtLRUU9i7j7ZyLADrbgzGrara0+6fsD9aOBIv0bxkEJTJYwlx2p4g38Fe5 E77F7TTl9MqjdSDZCN44oErPGqcvOh0ymqO8RvjrOeV0p3PD6Cpit0oKRMt3l51d zMZwT8F+Zfk=h07v -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 19, 2018
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!