Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
100
security advisorysoftware updatekernelSUSE: 2021:1702-1 low: local user threat from ed command vulnerability
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for ed ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1608-1 Rating: low References: #1019807 Cross-References: CVE-2017-5357 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ed fixes the following security issue: - CVE-2017-5357: An invalid free in the regular expression handling of the "ed" command processing could allow local users to crash ed. (bsc#1019807) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1608=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1608=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ed-1.9-4.4.5 ed-debuginfo-1.9-4.4.5 ed-debugsource-1.9-4.4.5 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ed-1.9-4.4.5 ed-debuginfo-1.9-4.4.5 ed-debugsource-1.9-4.4.5 References: https://www.suse.com/security/cve/CVE-2017-5357.html https://bugzilla.suse.com/1019807 _______________________________________________ sle-security-updates mailing list
Jun 11, 2020
•Low
SuSE
200
security advisorysecurity fiximportantScientific Linux SL7.x SLSA-2016:2098-1 Important Kernel Memory Flaw CVE-2016-5195
Important: kernel security update. Date: Mon, 24 Oct 2016 15:54:42 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: kernel on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Important: kernel security update Advisory ID: SLSA-2016:2098-1 Issue Date: 2016-10-24 CVE Numbers: CVE-2016-5195 -- Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) -- SL7 x86_64 kernel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm perf-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm kernel-doc-3.10.0-327.36.3.el7.noarch.rpm - Scientific Linux Development Team . Essential patch for kernel defenses addressing memory management flaws in SL7.x platforms.. kernel security update, Scientific Linux, security advisory, memory access flaw, important kernel fix. . Severity: Important. LinuxSecurity.com Team
Oct 24, 2016
•Important
Scientific Linux
100
security advisoryDoSkernel patchSUSE: 2016:0380-1 Important: Kernel Live Patch 3 DoS Fixes
An update that solves 5 vulnerabilities and has two fixes An update that solves 5 vulnerabilities and has two fixes An update that solves 5 vulnerabilities and has two fixes is now available. is now available.. SUSE Security Update: Security update for kernel live patch 3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0380-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.38-44.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lostdirect IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-221=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_38-44-default-4-2.1 kgraft-patch-3_12_38-44-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 . Resolved 5 security vulnerabilities with critical patches for kernel live patch version 3 on SUSE platforms.. SUSE Kernel Patch, Security Fix, Local User Threats, System Update, DoS Issues. . Severity: Important. LinuxSecurity.com Team
Feb 08, 2016
•Important
SuSE
98
security advisorysecurity issueRed Hat Enterprise LinuxCritical libXfont Stack Overflow in Red Hat Enterprise Linux 5 and 6
Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: libXfont security update Advisory ID: RHSA-2014:0018-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0018.html Issue date: 2014-01-10 CVE Names: CVE-2013-6462 ==================================================================== 1. Summary: Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was foundin the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (https://bugzilla.redhat.com/): 1048044 - CVE-2013-6462 libXfont: stack-based buffer overflow flaw when parsing Glyph Bitmap Distribution Format (BDF) fonts 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: libXfont-1.2.2-1.0.5.el5_10.i386.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.i386.rpm x86_64: libXfont-1.2.2-1.0.5.el5_10.i386.rpm libXfont-1.2.2-1.0.5.el5_10.x86_64.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.i386.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: libXfont-debuginfo-1.2.2-1.0.5.el5_10.i386.rpm libXfont-devel-1.2.2-1.0.5.el5_10.i386.rpm x86_64: libXfont-debuginfo-1.2.2-1.0.5.el5_10.i386.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.x86_64.rpm libXfont-devel-1.2.2-1.0.5.el5_10.i386.rpm libXfont-devel-1.2.2-1.0.5.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: libXfont-1.2.2-1.0.5.el5_10.i386.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.i386.rpm libXfont-devel-1.2.2-1.0.5.el5_10.i386.rpm ia64: libXfont-1.2.2-1.0.5.el5_10.ia64.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.ia64.rpm libXfont-devel-1.2.2-1.0.5.el5_10.ia64.rpm ppc: libXfont-1.2.2-1.0.5.el5_10.ppc.rpm libXfont-1.2.2-1.0.5.el5_10.ppc64.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.ppc.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.ppc64.rpm libXfont-devel-1.2.2-1.0.5.el5_10.ppc.rpm libXfont-devel-1.2.2-1.0.5.el5_10.ppc64.rpm s390x: libXfont-1.2.2-1.0.5.el5_10.s390.rpm libXfont-1.2.2-1.0.5.el5_10.s390x.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.s390.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.s390x.rpm libXfont-devel-1.2.2-1.0.5.el5_10.s390.rpm libXfont-devel-1.2.2-1.0.5.el5_10.s390x.rpm x86_64: libXfont-1.2.2-1.0.5.el5_10.i386.rpm libXfont-1.2.2-1.0.5.el5_10.x86_64.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.i386.rpm libXfont-debuginfo-1.2.2-1.0.5.el5_10.x86_64.rpm libXfont-devel-1.2.2-1.0.5.el5_10.i386.rpm libXfont-devel-1.2.2-1.0.5.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm x86_64: libXfont-1.4.5-3.el6_5.x86_64.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm x86_64: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: libXfont-1.4.5-3.el6_5.x86_64.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: x86_64: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm ppc64: libXfont-1.4.5-3.el6_5.ppc64.rpm libXfont-debuginfo-1.4.5-3.el6_5.ppc64.rpm s390x: libXfont-1.4.5-3.el6_5.s390x.rpm libXfont-debuginfo-1.4.5-3.el6_5.s390x.rpm x86_64: libXfont-1.4.5-3.el6_5.x86_64.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm ppc64: libXfont-1.4.5-3.el6_5.ppc.rpm libXfont-debuginfo-1.4.5-3.el6_5.ppc.rpm libXfont-debuginfo-1.4.5-3.el6_5.ppc64.rpm libXfont-devel-1.4.5-3.el6_5.ppc.rpm libXfont-devel-1.4.5-3.el6_5.ppc64.rpm s390x: libXfont-1.4.5-3.el6_5.s390.rpm libXfont-debuginfo-1.4.5-3.el6_5.s390.rpm libXfont-debuginfo-1.4.5-3.el6_5.s390x.rpm libXfont-devel-1.4.5-3.el6_5.s390.rpm libXfont-devel-1.4.5-3.el6_5.s390x.rpm x86_64: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm x86_64: libXfont-1.4.5-3.el6_5.x86_64.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm x86_64: libXfont-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.i686.rpm libXfont-debuginfo-1.4.5-3.el6_5.x86_64.rpm libXfont-devel-1.4.5-3.el6_5.i686.rpm libXfont-devel-1.4.5-3.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature areavailable from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2013-6462 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSz8HSXlSAg2UNWIIRAvo5AJ4976ATNgp8mmoyRgObDFnCvOP4zACfYWJc f9VhkwpGzE3y3jtSD9fupVg=T7Wm -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 10, 2014
•Important
Red Hat
172
security advisoryinformation leakkernel patchUbuntu 12.04 LTS USN-1993-1 moderate: kernel information leak
The system could be made to expose sensitive information to a local user.. =========================================================================Ubuntu Security Notice USN-1993-1 October 22, 2013 linux-ti-omap4 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: The system could be made to expose sensitive information to a local user. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: linux-image-3.2.0-1439-omap4 3.2.0-1439.58 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-1993-1 CVE-2013-2237 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1439.58 . A flaw in the Linux kernel potentially reveals confidential data to local users. Ensure your Ubuntu 12.04 system is updated to access the latest security patch.. Kernel Exploit Patch, OMAP4 Security Update, UbuntuInformation Leak. . LinuxSecurity.com Team
Oct 22, 2013
Ubuntu
172
security advisorycriticalubuntuUbuntu 11.10 USN-1533-1 Critical: Linux Kernel Access Issue
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-1533-1 August 10, 2012 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373) A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system. (CVE-2012-3375) Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: linux-image-3.0.0-24-generic 3.0.0-24.40 linux-image-3.0.0-24-generic-pae 3.0.0-24.40 linux-image-3.0.0-24-omap 3.0.0-24.40 linux-image-3.0.0-24-powerpc 3.0.0-24.40 linux-image-3.0.0-24-powerpc-smp 3.0.0-24.40 linux-image-3.0.0-24-powerpc64-smp 3.0.0-24.40 linux-image-3.0.0-24-server 3.0.0-24.40 linux-image-3.0.0-24-virtual 3.0.0-24.40 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION:Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-1533-1 CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400 Package Information: https://launchpad.net/ubuntu/+source/linux/3.0.0-24.40 . Essential security patches for the Ubuntu kernel resolve various vulnerabilities impacting system reliability and user permissions.. Linux Kernel Security, Ubuntu Security Alert, Administrative Privilege Flaw. . Severity: Critical. LinuxSecurity.com Team
Aug 10, 2012
•Critical
Ubuntu
98
security advisorysecurity updateRed HatRed Hat Enterprise Linux 6: RHSA-2011-1088 Moderate: Security Issues
Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2011:1088-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1088.html Issue date: 2011-07-25 CVE Names: CVE-2011-2502 CVE-2011-2503 ==================================================================== 1. Summary: Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes module, used whenperforming user-space probing ("staprun -u"). A local user who is a member of the stapusr group could use this flaw to bypass intended module-loading restrictions, allowing them to escalate their privileges by loading an arbitrary, unsigned module. (CVE-2011-2502) A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges. (CVE-2011-2503) SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 716476 - CVE-2011-2502 systemtap: insufficient security check when loading uprobes kernel module 716489 - CVE-2011-2503 systemtap: signed module loading race condition 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: systemtap-1.4-6.el6_1.2.i686.rpm systemtap-client-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-grapher-1.4-6.el6_1.2.i686.rpm systemtap-initscript-1.4-6.el6_1.2.i686.rpm systemtap-runtime-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-server-1.4-6.el6_1.2.i686.rpm systemtap-testsuite-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: systemtap-1.4-6.el6_1.2.i686.rpm systemtap-client-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-grapher-1.4-6.el6_1.2.i686.rpm systemtap-initscript-1.4-6.el6_1.2.i686.rpm systemtap-runtime-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-server-1.4-6.el6_1.2.i686.rpm ppc64: systemtap-1.4-6.el6_1.2.ppc64.rpm systemtap-client-1.4-6.el6_1.2.ppc64.rpm systemtap-debuginfo-1.4-6.el6_1.2.ppc.rpm systemtap-debuginfo-1.4-6.el6_1.2.ppc64.rpm systemtap-grapher-1.4-6.el6_1.2.ppc64.rpm systemtap-initscript-1.4-6.el6_1.2.ppc64.rpm systemtap-runtime-1.4-6.el6_1.2.ppc64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.ppc.rpm systemtap-sdt-devel-1.4-6.el6_1.2.ppc64.rpm systemtap-server-1.4-6.el6_1.2.ppc64.rpm s390x: systemtap-1.4-6.el6_1.2.s390x.rpm systemtap-client-1.4-6.el6_1.2.s390x.rpm systemtap-debuginfo-1.4-6.el6_1.2.s390.rpm systemtap-debuginfo-1.4-6.el6_1.2.s390x.rpm systemtap-grapher-1.4-6.el6_1.2.s390x.rpm systemtap-initscript-1.4-6.el6_1.2.s390x.rpm systemtap-runtime-1.4-6.el6_1.2.s390x.rpm systemtap-sdt-devel-1.4-6.el6_1.2.s390.rpm systemtap-sdt-devel-1.4-6.el6_1.2.s390x.rpm systemtap-server-1.4-6.el6_1.2.s390x.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-testsuite-1.4-6.el6_1.2.i686.rpm ppc64: systemtap-debuginfo-1.4-6.el6_1.2.ppc64.rpm systemtap-testsuite-1.4-6.el6_1.2.ppc64.rpm s390x: systemtap-debuginfo-1.4-6.el6_1.2.s390x.rpm systemtap-testsuite-1.4-6.el6_1.2.s390x.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: systemtap-1.4-6.el6_1.2.i686.rpm systemtap-client-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-grapher-1.4-6.el6_1.2.i686.rpm systemtap-initscript-1.4-6.el6_1.2.i686.rpm systemtap-runtime-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-server-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-testsuite-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-2502 https://access.redhat.com/security/cve/CVE-2011-2503 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1.4.4 (GNU/Linux) iD8DBQFOLfG1XlSAg2UNWIIRAoc2AJ9/85u8O9Pj0XUjhmZtVudst/QLTACeLZIl w6H/suHSWRBfEhyx8vsOZRw=4I/f -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 25, 2011
Red Hat
200
security advisorydenial of servicekernel updateScientific Linux SL4.x: CVE-2007-4130 Important Kernel Update
Important: kernel security and bug fix update. Date: Fri, 1 Feb 2008 15:52:55 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for kernel on SL4.x i386/x86_64 Comments: To: "
Feb 01, 2008
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!