Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorycode executionmemory flawMageia 8: 2021-0573 Critical Advisory: X11-Server Memory Issues
Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4008). . MGASA-2021-0573 - Updated x11-server packages fix security vulnerabilities Publication date: 21 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0573.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011 Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4008). The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4009). The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4010). The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write (CVE-2021-4011). All of these issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. References: - https://bugs.mageia.org/show_bug.cgi?id=29767 - https://lists.x.org/archives/xorg-announce/2021-December/003124.html - https://www.cve.org/CVERecord?id=CVE-2021-4008 - https://www.cve.org/CVERecord?id=CVE-2021-4009 - https://www.cve.org/CVERecord?id=CVE-2021-4010 - https://www.cve.org/CVERecord?id=CVE-2021-4011 SRPMS: - 8/core/x11-server-1.20.14-1.mga8 . The newest x11-server updates address critical security flaws that allow for privilege escalation and the potential for remote code execution.. x11-server security update,mageia 8,security fix,local privilegeescalation,remote code execution. . Severity: Critical. LinuxSecurity.com Team
Dec 21, 2021
•Critical
Mageia
100
security advisorysecurity issueDoSSUSE: 2021:2349-1 Important: Kernel Security Issues Addressed
An update that solves 9 vulnerabilities and has 79 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2349-1 Rating: important References: #1103990 #1103991 #1104353 #1113994 #1114648 #1129770 #1135481 #1136345 #1174978 #1179610 #1182470 #1184040 #1185428 #1185486 #1185677 #1185701 #1185861 #1185863 #1186206 #1186264 #1186463 #1186515 #1186516 #1186517 #1186518 #1186519 #1186520 #1186521 #1186522 #1186523 #1186524 #1186525 #1186526 #1186527 #1186528 #1186529 #1186530 #1186531 #1186532 #1186533 #1186534 #1186535 #1186537 #1186538 #1186539 #1186540 #1186541 #1186542 #1186543 #1186545 #1186546 #1186547 #1186548 #1186549 #1186550 #1186551 #1186552 #1186554 #1186555 #1186556 #1186627 #1186635 #1186638 #1186698 #1186699 #1186700 #1186701 #1187038 #1187049 #1187402 #1187404 #1187407 #1187408 #1187409 #1187411 #1187412 #1187452 #1187453 #1187455 #1187554 #1187595 #1187601 #1187630 #1187631 #1187833 #1187867 #1187972 #1188010 Cross-References: CVE-2019-25045 CVE-2020-24588 CVE-2020-26558 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693 CVSS scores: CVE-2019-25045 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-26558 (NVD) : 4.2CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 79 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM subsystem, related to an xfrm_state_fini panic. (bsc#1187049) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512:Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861) The following non-security bugs were fixed: - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: reset eapd coeff todefault value for alc287 (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453). - blk-wbt: Fix missed wakeup (bsc#1186627). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add missing error handling after doing leaf/node binary search (bsc#1187833). - btrfs: add the data transaction commitlogic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change insert_dirty_subvol to return errors (bsc#1187833). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check record_root_in_trans related failures in select_reloc_root (bsc#1187833). - btrfs: check return value of btrfs_commit_transaction in relocation (bsc#1187833). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: cleanup error handling in prepare_to_merge (bsc#1187833). - btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833). - btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#1187833). - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#1187833). - btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#1187833). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: do not force commit if we are data (bsc#1135481). - btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833). - btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481). - btrfs: do not panic in __add_reloc_root (bsc#1187833). - btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833). - btrfs: do proper error handling in create_reloc_inode (bsc#1187833). - btrfs: do proper error handling in create_reloc_root (bsc#1187833). - btrfs: do proper error handling in merge_reloc_roots (bsc#1187833). - btrfs: do proper error handling in record_reloc_root_in_trans (bsc#1187833). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayedrefs when trying to reserve data space (bsc#1135481). - btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#1187833). - btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#1187833). - btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#1187833). - btrfs: handle errors from select_reloc_root() (bsc#1187833). - btrfs: handle errors in reference count manipulation in replace_path (bsc#1187833). - btrfs: handle extent corruption with select_one_root properly (bsc#1187833). - btrfs: handle extent reference errors in do_relocation (bsc#1187833). - btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans (bsc#1187833). - btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#1187833). - btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#1187833). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833). - btrfs: make ALLOC_CHUNK use the space infoflags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1187833). - btrfs: remove err variable from do_relocation (bsc#1187833). - btrfs: remove nr_async_bios (bsc#1135481). - btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481). Preparation for ticketed data space flushing in btrfs. - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: remove the extent item sanity checks in relocate_block_group (bsc#1187833). - btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1187833). - btrfs: unset reloc control if we fail to recover (bsc#1187833). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use customized batch size for total_bytes_pinned (bsc#1135481). Turns out using the batched percpu api had an effect on timing w.r.t metadata/data reclaim. So backport this patch as well, side effect is it's also bringing the code closer to upstream so future backports shall be made easier. - btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481). Preparation for introducing ticketed space handling for data space. Due to the sequence of patches, the main patch has embedded in it changes from other patches which remove some unused arguments. This is done to ease backporting itself and shouldn't have any repercussions on functionality. - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - btrfs: validate root::reloc_root after recording root in trans (bsc#1187833). - can: flexcan: disable completely the ECC mechanism (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - can: xilinx_can: xcan_chip_start(): fix failure with invalid bus (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - char: hpet: add checks after calling ioremap (git-fixes). - cpufreq: Add NULL checks to show() and store() methods of cpufreq (bsc#1184040). - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bsc#1184040). - crypto: ccp - Fix a resource leak in an error handling path (12sp5). - cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#SLE-4681). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drbd: Remove uninitialized_var() usage (bsc#1186515). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770) Backporting changes: * move from driver/video/fbdev/core to driver/video/console * context changes - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). -drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: mpu3050: Fix reportedtemperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - ixgbevf: add correct exception tracing for XDP (bsc#1113994 ). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264). - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - libertas: register sysfs groups properly (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum: Do not process learned records with a dummy FID (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - Move nfs backports into sorted section - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes). - net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353). - net: netcp: Fix an error message (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: stmmac: Correctly take timestamp for PTPv2 (git-fixes). - net: stmmac: ensure that the device has released ownership before reading data (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/smc: remove device from smcd_dev_list after failed device_add() (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the valueof pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFS: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NFS: Do not rebind to the same source port when reconnecting to the server (bnc#1186264). - NFS: fix handling of sr_eof in SEEK's reply (git-fixes). - NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFS: fix return value of _nfs4_get_security_label() (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770) - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pid: take a reference when initializing `cad_pid` (bsc#1114648). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - pNFS/flexfiles: fixincorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - power: supply: Use IRQF_ONESHOT (git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - ravb: fix invalid context bug while calling auto-negotiation by ethtool (git-fixes). - ravb: fix invalid context bug while changing link options by ethtool (git-fixes). - RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991). - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#191041). - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" (git-fixes). - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - scsi: aacraid: Fix an oops in error handling (bsc#1186698). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186518). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186519). - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" (bsc#1186699). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520). - scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521). - scsi: bnx2i: Requires MMU (bsc#1186522). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()(bsc#1186524). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525). - scsi: cxgb4i: Fix TLS dependency (bsc#1186526). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186527). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529). - scsi: hisi_sas: Fix IRQ checks (bsc#1186530). - scsi: hisi_sas: Remove preemptible() (bsc#1186638). - scsi: jazz_esp: Add IRQ check (bsc#1186531). - scsi: libfc: Fix enum-conversion warning (bsc#1186532). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186534). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186535). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701). - scsi: mesh: Fix panic after host or bus reset (bsc#1186537). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186538). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186540). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186542). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186543). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186545). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186546). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186547). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix optimal I/O sizefor devices that change reported values (bsc#1186548). - scsi: sg: add sg_remove_request in sg_write (bsc#1186635). - scsi: sni_53c710: Add IRQ check (bsc#1186549). - scsi: sun3x_esp: Add IRQ check (bsc#1186550). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186551). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186552). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630). - scsi: ufs: fix ktime_t kabi change (bsc#1187630). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1186555). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes). - SUNRPC: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - swiotlb:fix "x86: Do not panic if can not alloc buffer for swiotlb" (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: cdc-acm: always claim data interface (git-fixes). - USB: cdc-acm: do not log successful probe on later errors (git-fixes). - USB: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: dwc3: omap: improve extcon initialization (git-fixes). - USB: fotg210-hcd: Fix an error message (git-fixes). - USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: sl811-hcd: improve misleading indentation (git-fixes). - USB: trancevibrator: fix control-request direction(git-fixes). - USB: typec: tcpm: Use LE to CPU conversion when accessing msg-> header (git-fixes). - USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - USB: typec: ucsi: Put fwnode in any case during -> probe() (git-fixes). - USB: xhci: Fix port minor revision (git-fixes). - USB: xhci: Increase timeout for HC halt (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hgafb: correctly handle card detect failure during probe (bsc#1129770) - video: hgafb: fix potential NULL pointer dereference (bsc#1129770) Backporting changes: * context changes - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - x86: fix seq_file iteration for pat/memtype.c (git-fixes). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1114648). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2349=1 - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2349=1 Package List: - SUSE MicroOS 5.0 (x86_64): kernel-rt-4.12.14-10.49.1 kernel-rt-debuginfo-4.12.14-10.49.1 kernel-rt-debugsource-4.12.14-10.49.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.49.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.49.1 dlm-kmp-rt-4.12.14-10.49.1 dlm-kmp-rt-debuginfo-4.12.14-10.49.1 gfs2-kmp-rt-4.12.14-10.49.1 gfs2-kmp-rt-debuginfo-4.12.14-10.49.1 kernel-rt-4.12.14-10.49.1 kernel-rt-base-4.12.14-10.49.1 kernel-rt-base-debuginfo-4.12.14-10.49.1 kernel-rt-debuginfo-4.12.14-10.49.1 kernel-rt-debugsource-4.12.14-10.49.1 kernel-rt-devel-4.12.14-10.49.1 kernel-rt-devel-debuginfo-4.12.14-10.49.1 kernel-rt_debug-4.12.14-10.49.1 kernel-rt_debug-debuginfo-4.12.14-10.49.1 kernel-rt_debug-debugsource-4.12.14-10.49.1 kernel-rt_debug-devel-4.12.14-10.49.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.49.1 kernel-syms-rt-4.12.14-10.49.1 ocfs2-kmp-rt-4.12.14-10.49.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.49.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.49.1 kernel-source-rt-4.12.14-10.49.1 References: https://www.suse.com/security/cve/CVE-2019-25045.html https://www.suse.com/security/cve/CVE-2020-24588.html https://www.suse.com/security/cve/CVE-2020-26558.html https://www.suse.com/security/cve/CVE-2020-36386.html https://www.suse.com/security/cve/CVE-2021-0129.html https://www.suse.com/security/cve/CVE-2021-0512.html https://www.suse.com/security/cve/CVE-2021-0605.html https://www.suse.com/security/cve/CVE-2021-33624.html https://www.suse.com/security/cve/CVE-2021-34693.html https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1136345 https://bugzilla.suse.com/1174978 https://bugzilla.suse.com/1179610 https://bugzilla.suse.com/1182470 https://bugzilla.suse.com/1184040 https://bugzilla.suse.com/1185428 https://bugzilla.suse.com/1185486 https://bugzilla.suse.com/1185677 https://bugzilla.suse.com/1185701 https://bugzilla.suse.com/1185861 https://bugzilla.suse.com/1185863 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186463 https://bugzilla.suse.com/1186515 https://bugzilla.suse.com/1186516 https://bugzilla.suse.com/1186517 https://bugzilla.suse.com/1186518 https://bugzilla.suse.com/1186519 https://bugzilla.suse.com/1186520 https://bugzilla.suse.com/1186521 https://bugzilla.suse.com/1186522 https://bugzilla.suse.com/1186523 https://bugzilla.suse.com/1186524 https://bugzilla.suse.com/1186525 https://bugzilla.suse.com/1186526 https://bugzilla.suse.com/1186527 https://bugzilla.suse.com/1186528 https://bugzilla.suse.com/1186529 https://bugzilla.suse.com/1186530 https://bugzilla.suse.com/1186531 https://bugzilla.suse.com/1186532 https://bugzilla.suse.com/1186533 https://bugzilla.suse.com/1186534 https://bugzilla.suse.com/1186535 https://bugzilla.suse.com/1186537 https://bugzilla.suse.com/1186538 https://bugzilla.suse.com/1186539 https://bugzilla.suse.com/1186540 https://bugzilla.suse.com/1186541 https://bugzilla.suse.com/1186542 https://bugzilla.suse.com/1186543 https://bugzilla.suse.com/1186545 https://bugzilla.suse.com/1186546 https://bugzilla.suse.com/1186547 https://bugzilla.suse.com/1186548 https://bugzilla.suse.com/1186549 https://bugzilla.suse.com/1186550 https://bugzilla.suse.com/1186551 https://bugzilla.suse.com/1186552 https://bugzilla.suse.com/1186554 https://bugzilla.suse.com/1186555 https://bugzilla.suse.com/1186556 https://bugzilla.suse.com/1186627 https://bugzilla.suse.com/1186635 https://bugzilla.suse.com/1186638 https://bugzilla.suse.com/1186698 https://bugzilla.suse.com/1186699 https://bugzilla.suse.com/1186700 https://bugzilla.suse.com/1186701 https://bugzilla.suse.com/1187038 https://bugzilla.suse.com/1187049 https://bugzilla.suse.com/1187402 https://bugzilla.suse.com/1187404 https://bugzilla.suse.com/1187407 https://bugzilla.suse.com/1187408 https://bugzilla.suse.com/1187409 https://bugzilla.suse.com/1187411 https://bugzilla.suse.com/1187412 https://bugzilla.suse.com/1187452 https://bugzilla.suse.com/1187453 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187554 https://bugzilla.suse.com/1187595 https://bugzilla.suse.com/1187601 https://bugzilla.suse.com/1187630 https://bugzilla.suse.com/1187631 https://bugzilla.suse.com/1187833 https://bugzilla.suse.com/1187867 https://bugzilla.suse.com/1187972 https://bugzilla.suse.com/1188010 . An important upgrade for the SUSE Linux Kernel addresses various vulnerabilities, enhances safety protocols, and boosts overall efficiency.. SUSE Kernel Update, Linux Security Patches, Linux Bug Fixes. . Severity: Important. LinuxSecurity.com Team
Jul 14, 2021
•Important
SuSE
100
security advisorykernel patchsystem updateSUSE: 2018:0253-1 Important Update: Linux Kernel Live Patch 17
An update that fixes two vulnerabilities is now available.. SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0253-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-174=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-7-2.1 kgraft-patch-3_12_74-60_64_48-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-7-2.1 kgraft-patch-3_12_74-60_64_48-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- . Patch released for SUSELinux Kernel to resolve critical concerns specifically related to local privilege escalation flaws.. SUSE Linux Kernel Update,SUSE Security Advisories,Kernel Patch,Live Patch,Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2018
•Important
SuSE
100
security advisorydenial of servicekernel patchSUSE: 2016:2006-1 Important: 8 Security Issues Resolved
An update that solves 8 vulnerabilities and has one errata An update that solves 8 vulnerabilities and has one errata An update that solves 8 vulnerabilities and has one errata is now available. is now available.. SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2006-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1173=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-2-2.2 kgraft-patch-3_12_55-52_42-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-2-2.2 kgraft-patch-3_12_55-52_42-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 . Debian Security Patch for Kernel Live Update 15 addresses various security flaws, improving overall system defense.. SUSE Security Update,Linux Kernel Patch,Local Privileges,Denial of Service,System Update. . Severity: Important. LinuxSecurity.com Team
Aug 09, 2016
•Important
SuSE
87
security advisorydenial of servicecode executionDebian 4.0 DSA-1436-1 Critical: Local Kernel Denial Of Service Exploit
LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1436-1
Dec 20, 2007
•Critical
Debian
99
security advisoryupdatebuffer overflowSlackware 9.1 Apache Buffer Overflow Advisory: Critical Update
Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] apache security update (SSA:2003-308-01) Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow userswho can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages. In addition, new mod_ssl packages have been prepared for all platforms, and new PHP packages have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already uses PHP 4.3.3). In -current, these packages also move the Apache module directory from /usr/libexec to /usr/libexec/apache. Links for all of these related packages are provided below. More details about the Apache issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CAN-2003-0542 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Mon Nov 3 20:06:29 PST 2003 patches/packages/apache-1.3.29-i486-1.tgz: Upgraded to apache-1.3.29. This fixes the following local security issue: o CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. This vulnerability requires the attacker to create or modify certain Apache configuration files, and is not a remote hole. However, it could possibly be used to gain additional privileges if access to the Apache administrator account can be gained through some other means. All sites running Apache should upgrade. (* Security fix*) +--------------------------+ WHERE TO FIND THE NEW PACKAGES: +-----------------------------+ Updated packages for Slackware 8.1: Updated packages for Slackware 9.0: Updated packages for Slackware 9.1: Updated packages for Slackware -current: MD5 SIGNATURES: +-------------+ Slackware 8.1 packages: 1a8190a214c052f0707bd5a6b005a7cd apache-1.3.29-i386-1.tgz eb74afbc99295c01d418b576e92e83bb mod_ssl-2.8.16_1.3.29-i386-1.tgz b41a44c3ce2a3a09873b5d0930faf4c1 php-4.3.3-i386-1.tgz Slackware 9.0 packages: bb34ae622245f57bdca747ac5d8f73cf apache-1.3.29-i386-1.tgz c84af5778a5667a06a60a274f2fe1edb mod_ssl-2.8.16_1.3.29-i386-1.tgz 7660e36f2cfb30cc339734369cca7719 php-4.3.3-i386-1.tgz Slackware 9.1 packages: 9b494bb3f03cb4a4cb8c28f4fcc76666 apache-1.3.29-i486-1.tgz 938412e01daf55fee37293a5790d907f mod_ssl-2.8.16_1.3.29-i486-1.tgz Slackware -current packages: 091c22d398c51fee820dd0d0b7d514e3 apache-1.3.29-i486-1.tgz cd260439c9f1373329ba2224ace0451d mod_ssl-2.8.16_1.3.29-i486-1.tgz cc90540cc07e840e5a0513ffbb308102 php-4.3.3-i486-3.tgz INSTALLATION INSTRUCTIONS: +------------------------+ First, stop apache: # apachectl stop Next, upgrade these packages as root: # upgradepkg apache-1.3.29-i486-1.tgz # upgradepkg mod_ssl-2.8.16_1.3.29-i486-1.tgz # upgradepkg php-4.3.3-i486-3.tgz Finally, restart apache: # apachectl start Or, if you're running a secure server with mod_ssl: # apachectl startssl +-----+ . Enhance Nginx software on Slackware to address local vulnerabilities that could permit unauthorized elevation of privileges. Fortify your system immediately!. apache security,slackware update,local privileges,buffer overflows,server safety. . Severity: Critical. LinuxSecurity.com Team
Nov 05, 2003
•Critical
Slackware
87
security advisorycriticaldebianDebian: DSA 085-1 Critical: Nvi Format String Exploit Patch
When a filename is saved, it ought to get displayed on the screen.The routine handling this didn't escape format strings.. -------------------------------------------------------------------------- Debian Security Advisory DSA 085-1
Oct 21, 2001
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!