Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryfedoraupdateFedora 39 FEDORA-2023-67f0f8d186 Critical: libomp Update for LLVM 17.0.2
Update to LLVM 17.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-67f0f8d186 2023-11-03 18:20:20.952539 -------------------------------------------------------------------------------- Name : libomp Product : Fedora 39 Version : 17.0.2 Release : 1.fc39 URL : https://openmp.llvm.org/ Summary : OpenMP runtime for clang Description : OpenMP runtime for clang. -------------------------------------------------------------------------------- Update Information: Update to LLVM 17.0.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 5 2023 Tulio Magno Quites Machado Filho - 17.0.2-1 - Update to LLVM 17.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2225597 - CVE-2023-29941 llvm: sparse-buffer-rewrite pass crashes with Segmentation fault [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2225597 [ 2 ] Bug #2241873 - llvm-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241873 [ 3 ] Bug #2242208 - libcxx-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242208 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-67f0f8d186' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
•Critical
Fedora
89
security advisoryfedoraupdateFedora: 2023-67f0f8d186 Moderate: LLVM Segmentation Fault Fixed
Update to LLVM 17.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-67f0f8d186 2023-11-03 18:20:20.952539 -------------------------------------------------------------------------------- Name : llvm Product : Fedora 39 Version : 17.0.2 Release : 1.fc39 URL : https://llvm.org/ Summary : The Low Level Virtual Machine Description : LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. The compiler infrastructure includes mirror sets of programming tools as well as libraries with equivalent functionality. -------------------------------------------------------------------------------- Update Information: Update to LLVM 17.0.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 3 2023 Tulio Magno Quites Machado Filho - 17.0.2-1 - Update to LLVM 17.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2225597 - CVE-2023-29941 llvm: sparse-buffer-rewrite pass crashes with Segmentation fault [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2225597 [ 2 ] Bug #2241873 - llvm-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241873 [ 3 ] Bug #2242208 - libcxx-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242208 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-67f0f8d186' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
Fedora
89
security advisoryfedoracriticalFedora 39 FEDORA-2023-67f0f8d186 Critical: Python-Lit Tool Update
Update to LLVM 17.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-67f0f8d186 2023-11-03 18:20:20.952539 -------------------------------------------------------------------------------- Name : python-lit Product : Fedora 39 Version : 17.0.2 Release : 1.fc39 URL : https://pypi.org/project/lit/ Summary : Tool for executing llvm test suites Description : lit is a tool used by the LLVM project for executing its test suites. -------------------------------------------------------------------------------- Update Information: Update to LLVM 17.0.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 3 2023 Tulio Magno Quites Machado Filho - 17.0.2-1 - Update to LLVM 17.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2225597 - CVE-2023-29941 llvm: sparse-buffer-rewrite pass crashes with Segmentation fault [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2225597 [ 2 ] Bug #2241873 - llvm-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241873 [ 3 ] Bug #2242208 - libcxx-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242208 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-67f0f8d186' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 03, 2023
•Critical
Fedora
89
security advisoryfedoraupdateFedora 39: 2023-67f0f8d186 moderate: LLVM 17.0.2 Data Locality Improvement
Update to LLVM 17.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-67f0f8d186 2023-11-03 18:20:20.952539 -------------------------------------------------------------------------------- Name : polly Product : Fedora 39 Version : 17.0.2 Release : 1.fc39 URL : https://polly.llvm.org/ Summary : LLVM Framework for High-Level Loop and Data-Locality Optimizations Description : Polly is a high-level loop and data-locality optimizer and optimization infrastructure for LLVM. It uses an abstract mathematical representation based on integer polyhedron to analyze and optimize the memory access pattern of a program. -------------------------------------------------------------------------------- Update Information: Update to LLVM 17.0.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 5 2023 Tulio Magno Quites Machado Filho - 17.0.2-1 - Update to LLVM 17.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2225597 - CVE-2023-29941 llvm: sparse-buffer-rewrite pass crashes with Segmentation fault [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2225597 [ 2 ] Bug #2241873 - llvm-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241873 [ 3 ] Bug #2242208 - libcxx-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242208 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-67f0f8d186' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
Fedora
89
security advisorysoftware updateFedoraFedora 39: 2023-67f0f8d186 Moderate: Clang Segmentation Fault Update
Update to LLVM 17.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-67f0f8d186 2023-11-03 18:20:20.952539 -------------------------------------------------------------------------------- Name : clang Product : Fedora 39 Version : 17.0.2 Release : 1.fc39 URL : https://llvm.org/ Summary : A C language family front-end for LLVM Description : clang: noun 1. A loud, resonant, metallic sound. 2. The strident call of a crane or goose. 3. C-language family front-end toolkit. The goal of the Clang project is to create a new C, C++, Objective C and Objective C++ front-end for the LLVM compiler. Its tools are built as libraries and designed to be loosely-coupled and extensible. Install compiler-rt if you want the Blocks C language extension or to enable sanitization and profiling options when building, and libomp-devel to enable -fopenmp. -------------------------------------------------------------------------------- Update Information: Update to LLVM 17.0.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 4 2023 Tulio Magno Quites Machado Filho - 17.0.2-1 - Update to LLVM 17.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2225597 - CVE-2023-29941 llvm: sparse-buffer-rewrite pass crashes with Segmentation fault [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2225597 [ 2 ] Bug #2241873 - llvm-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241873 [ 3 ] Bug #2242208 - libcxx-17.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242208 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-67f0f8d186' at the command line. For more information,refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
Fedora
172
security advisorydenial of servicesecurity issueUbuntu 22.04 LTS/23.04 USN-6258-1 Critical: LLVM Toolchain DoS
Several security issues were fixed in LLVM Toolchain.. ========================================================================== Ubuntu Security Notice USN-6258-1 July 27, 2023 llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in LLVM Toolchain. Software Description: - llvm-toolchain-13: C, C++ and Objective-C compiler - llvm-toolchain-14: C, C++ and Objective-C compiler - llvm-toolchain-15: C, C++ and Objective-C compiler Details: It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. (CVE-2023-29932, CVE-2023-29934, CVE-2023-29939) It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15. (CVE-2023-29933) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: llvm-13 1:13.0.1-11ubuntu14.1 llvm-13-tools 1:13.0.1-11ubuntu14.1 llvm-14 1:14.0.6-12ubuntu0.23.04.1 llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1 llvm-15 1:15.0.7-3ubuntu0.23.04.1 llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1 mlir-13-tools 1:13.0.1-11ubuntu14.1 mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1 mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1 Ubuntu 22.04 LTS: llvm-13 1:13.0.1-2ubuntu2.2 llvm-13-tools 1:13.0.1-2ubuntu2.2 llvm-14 1:14.0.0-1ubuntu1.1 llvm-14-tools 1:14.0.0-1ubuntu1.1 llvm-15 1:15.0.7-0ubuntu0.22.04.3 llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3 mlir-13-tools 1:13.0.1-2ubuntu2.2 mlir-14-tools 1:14.0.0-1ubuntu1.1 mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6258-1 CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939 Package Information: https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-11ubuntu14.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.6-12ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-3ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-2ubuntu2.2 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-0ubuntu0.22.04.3 . Several vulnerabilities identified within the LLVM Toolchain necessitate urgent updates for Ubuntu versions 22.04 LTS and 23.04.. LLVM Toolchain Security Update, Ubuntu Security Notice, Denial Of Service Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Jul 27, 2023
•Critical
Ubuntu
99
security advisorymoderatesoftware updateSlackware 14.0 & 14.1: 2013-350-03 Moderate: LLVM Rpath Security Issue
New llvm packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] llvm (SSA:2013-350-03) New llvm packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/llvm-3.3-i486-3_slack14.1.txz: Rebuilt. The LLVM package included binaries with an rpath pointing to the build location in /tmp. This allows an attacker with write access to /tmp to add modified libraries (and execute arbitrary code) as any user running the LLVM binaries. This updated package rebuilds LLVM to exclude the build directories from the rpath information. Thanks to Christopher Oliver for the bug report. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/llvm-3.0-i486-3_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/llvm-3.0-x86_64-3_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/llvm-3.3-i486-3_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/llvm-3.3-x86_64-3_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: ee6bb48c3400773d781031f677d74d92 llvm-3.0-i486-3_slack14.0.txz Slackware x86_64 14.0 package: 6dab3d09df2bb6e76160001ee325c59f llvm-3.0-x86_64-3_slack14.0.txz Slackware 14.1 package: c8ddaee0da005266de8dd2dcaa95a571 llvm-3.3-i486-3_slack14.1.txz Slackware x86_64 14.1 package: 348bb0ba5652a1a7fe5a7d89b2f578f3 llvm-3.3-x86_64-3_slack14.1.txz Slackware -current package: 2af043931760d86cb8f3060db1239273 d/llvm-3.3-i486-3.txz Slackware x86_64 -current package: 523603e4252f952a0b903b7b6bf3abae d/llvm-3.3-x86_64-3.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg llvm-3.3-i486-3_slack14.1.txz +-----+ . Recent llvm updates launched for Slackware users to fix vulnerabilities in the latest binaries. It is crucial to perform an upgrade.. llvm Packages, Slackware Security, Software Patching. . LinuxSecurity.com Team
Dec 17, 2013
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!