Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorycriticalheap buffer overflowopenSUSE 2024:0254-2 Important: Chromium Heap Overflow Fix
An update that fixes 25 vulnerabilities is now available. . openSUSE Security Update: Security update for chromium, gn, rust-bindgen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0254-2 Rating: important References: #1228628 #1228940 #1228941 #1228942 Cross-References: CVE-2024-6988 CVE-2024-6989 CVE-2024-6990 CVE-2024-6991 CVE-2024-6992 CVE-2024-6993 CVE-2024-6994 CVE-2024-6995 CVE-2024-6996 CVE-2024-6997 CVE-2024-6998 CVE-2024-6999 CVE-2024-7000 CVE-2024-7001 CVE-2024-7003 CVE-2024-7004 CVE-2024-7005 CVE-2024-7255 CVE-2024-7256 CVE-2024-7532 CVE-2024-7533 CVE-2024-7534 CVE-2024-7535 CVE-2024-7536 CVE-2024-7550 CVSS scores: CVE-2024-6988 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6989 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6990 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6991 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6994 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6995 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2024-6996 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-6997 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6999 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7000 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7001 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7003 (NVD) : 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7004 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7005 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7255 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7532 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7533 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7534 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7535 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7536 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7550 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free inTabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn gh: - Update to version 0.20240730: * Rust: link_output, depend_output and runtime_outputs for dylibs * Add missing reference section to function_toolchain.cc * Do not cleanup args.gn imports located in the output directory. * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule * Do not add native dependencies to the library search path * Support linking frameworks and swiftmodules in Rust targets * [desc] Silence print() statements when outputing json * infra: Move CI/try builds to Ubuntu-22.04 * [MinGW] Fix mingw building issues * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn * [template] Fix "rule alink_thin" in the //build/build_linux.ninja.template * Allow multiple --ide switches * [src] Add "#include " in the //src/base/files/file_enumerator_win.cc * Get updates to infra/recipes.py from upstream * Revert "Teach gn to handle systems with > 64 processors" * [apple] Rename the code-signing properties of create_bundle * Fix a typo in "gn help refs" output * Revert "[bundle] Use "phony" builtin tool for create_bundle targets" * [bundle] Use "phony" builtin tool for create_bundle targets * [ios] Simplify handling of assets catalog * [swift] List all outputs as deps of "source_set" stamp file * [swift] Update`gn check ...` to consider the generated header * [swift] Set `restat = 1` to swift build rules * Fix build with gcc12 * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude() * [swift] Remove problematic use of "stamp" tool * Implement new --ninja-outputs-file option. * Add NinjaOutputsWriter class * Move InvokePython() function to its own source file. * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat * Enable C++ runtime assertions in debug mode. * Fix regression in MakeRelativePath() * fix: Fix Windows MakeRelativePath. * Add long path support for windows * Ensure read_file() files are considered by "gn analyze" * apply 2to3 to for some Python scripts * Add rustflags to desc and help output * strings: support case insensitive check only in StartsWith/EndsWith * add .git-blame-ignore-revs * use std::{string,string_view}::{starts_with,ends_with} * apply clang-format to all C++ sources * add forward declaration in rust_values.h * Add `root_patterns` list to build configuration. * Use c++20 in GN build * update windows sdk to 2024-01-11 * update windows sdk * Add linux-riscv64. * Update OWNERS list. * remove unused function * Ignore build warning -Werror=redundant-move * Fix --as=buildfile `gn desc deps` output. * Update recipe engine to 9dea1246. * treewide: Fix spelling mistakes Added rust-bindgen: - Version 0.69.1 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-254=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gn-0.20240730-bp156.2.3.1 gn-debuginfo-0.20240730-bp156.2.3.1 gn-debugsource-0.20240730-bp156.2.3.1 rust-bindgen-0.69.1-bp156.2.1 rust-bindgen-debuginfo-0.69.1-bp156.2.1 - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-127.0.6533.119-bp156.2.14.1 chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1 chromium-127.0.6533.119-bp156.2.14.1 chromium-debuginfo-127.0.6533.119-bp156.2.14.1 References: https://www.suse.com/security/cve/CVE-2024-6988.html https://www.suse.com/security/cve/CVE-2024-6989.html https://www.suse.com/security/cve/CVE-2024-6990.html https://www.suse.com/security/cve/CVE-2024-6991.html https://www.suse.com/security/cve/CVE-2024-6992.html https://www.suse.com/security/cve/CVE-2024-6993.html https://www.suse.com/security/cve/CVE-2024-6994.html https://www.suse.com/security/cve/CVE-2024-6995.html https://www.suse.com/security/cve/CVE-2024-6996.html https://www.suse.com/security/cve/CVE-2024-6997.html https://www.suse.com/security/cve/CVE-2024-6998.html https://www.suse.com/security/cve/CVE-2024-6999.html https://www.suse.com/security/cve/CVE-2024-7000.html https://www.suse.com/security/cve/CVE-2024-7001.html https://www.suse.com/security/cve/CVE-2024-7003.html https://www.suse.com/security/cve/CVE-2024-7004.html https://www.suse.com/security/cve/CVE-2024-7005.html https://www.suse.com/security/cve/CVE-2024-7255.html https://www.suse.com/security/cve/CVE-2024-7256.html https://www.suse.com/security/cve/CVE-2024-7532.html https://www.suse.com/security/cve/CVE-2024-7533.html https://www.suse.com/security/cve/CVE-2024-7534.html https://www.suse.com/security/cve/CVE-2024-7535.html https://www.suse.com/security/cve/CVE-2024-7536.html https://www.suse.com/security/cve/CVE-2024-7550.html https://bugzilla.suse.com/1228628 https://bugzilla.suse.com/1228940 https://bugzilla.suse.com/1228941 https://bugzilla.suse.com/1228942 . An update for Fedora that addresses various vulnerabilities in firefox and libcurl, improving the overallsecurity of the system.. openSUSE Security, chromium update, rust-bindgen vulnerabilities, system integrity fixes. . Severity: Important. LinuxSecurity.com Team
Aug 23, 2024
•Important
OpenSUSE
89
security advisorydenial of serviceFedoraFedora 37: A93C06A1D9 Critical: USD Memory Access Issues
Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a93c06a1d9 2023-11-04 03:45:00.543203 -------------------------------------------------------------------------------- Name : usd Product : Fedora 37 Version : 22.05b Release : 28.fc37 URL : https://openusd.org/release/index.html Summary : 3D VFX pipeline interchange file format Description : Universal Scene Description (USD) is a time-sampled scene description for interchange between graphics applications. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 26 2023 Benjamin A. Beasley - 22.05b-28 - Ensure stb_image contains the latest CVE patches * Thu Oct 26 2023 Benjamin A. Beasley - 22.05b-27 - Add versioned Requires on usd-libs from python3-usd * Thu Oct 26 2023 Benjamin A. Beasley - 22.05b-26 - Update License to SPDX -------------------------------------------------------------------------------- References: [ 1 ] Bug #2246102 - CVE-2023-45661 stb: out of bounds read https://bugzilla.redhat.com/show_bug.cgi?id=2246102 [ 2 ] Bug #2246103 - CVE-2023-45662 stb: out of bounds read https://bugzilla.redhat.com/show_bug.cgi?id=2246103 [ 3 ] Bug #2246104 - CVE-2023-45663 stb: memory access violations https://bugzilla.redhat.com/show_bug.cgi?id=2246104 [ 4 ] Bug #2246105 - CVE-2023-45664 stb: memory access violations https://bugzilla.redhat.com/show_bug.cgi?id=2246105 [ 5 ] Bug #2246109 - CVE-2023-45666 stb: memory access violation https://bugzilla.redhat.com/show_bug.cgi?id=2246109 [ 6 ] Bug #2246110 - CVE-2023-45667 stb: memory access violation https://bugzilla.redhat.com/show_bug.cgi?id=2246110 [ 7 ] Bug #2246320 - CVE-2023-43281 stb: remote denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2246320 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a93c06a1d9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 04, 2023
•Critical
Fedora
100
security advisoryupdate instructionsapplication crashSUSE Linux 12-SP5 Advisory: 2022:1690-1 Moderate Memory Access Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1690-1 Rating: moderate References: #1159921 Cross-References: CVE-2019-20093 CVSS scores: CVE-2019-20093 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20093 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podofo fixes the following issues: - CVE-2019-20093: Fixed an invalid memory access that could cause an application crash (bsc#1159921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1690=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1690=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libpodofo0_9_2-0.9.2-3.12.1 libpodofo0_9_2-debuginfo-0.9.2-3.12.1 podofo-debuginfo-0.9.2-3.12.1 podofo-debugsource-0.9.2-3.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.12.1 podofo-debuginfo-0.9.2-3.12.1 podofo-debugsource-0.9.2-3.12.1 References: https://www.suse.com/security/cve/CVE-2019-20093.html https://bugzilla.suse.com/1159921 . SUSE has issued a security update for Podofo, tackling a moderate risk vulnerability in memory access that could allow unauthorized manipulations of memory. SUSE Linux Enterprise,Podofo Security Update,Memory Access Issue,Update Instructions. . LinuxSecurity.com Team
May 16, 2022
SuSE
98
security advisoryRed Hat Enterprise Linuxsecurity threatRedHat: RHSA-2021-2760 Important: Nettle Memory Access Issue
An update for nettle is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nettle security update Advisory ID: RHSA-2021:2760-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2760 Issue date: 2021-07-19 CVE Names: CVE-2021-20305 ==================================================================== 1. Summary: An update for nettle is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 3. Description: Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1942533 - CVE-2021-20305 nettle: Out of bounds memory access in signatureverification 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: nettle-2.7.1-9.el7_3.src.rpm x86_64: nettle-2.7.1-9.el7_3.i686.rpm nettle-2.7.1-9.el7_3.x86_64.rpm nettle-debuginfo-2.7.1-9.el7_3.i686.rpm nettle-debuginfo-2.7.1-9.el7_3.x86_64.rpm nettle-devel-2.7.1-9.el7_3.i686.rpm nettle-devel-2.7.1-9.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPUvm9zjgjWX9erEAQjzhhAAotSdw1OwugWKwn1+WsDPK6cT2rEKPG3c Z7uqwpc39wMlBf5MKh7Gj5U6c9XJFuVwHLaGshJ8oTOQLVAV1m7ftPeYHSnPZ3nd 04nPpkdthgk7x6e5fhbtTLVmu3NjQ4ggWCvLo6aQ0ogrfuS1YtvIMerbGFUJuKyZ hPSZR48QQ7GuATFbYM6B+rO+aMTLwlxYwqfqTl99SLwel+030+gS7T1GDeX45LTq 9yTj6GB8rg9VeWQbfLO0c7OyyHL/Xrl/jo18H9UDGZyFYAveISVYuojnHP8/d88Z BEbivMKI8ihsY0Qyn7BVuvsLAePwE4UOxG92DjWxluoAnLe+zav0gFgT5nT8xfur k1v4WcfqVAmeBQNPTi0PvVv4jiEvJcv2hhBreYz+UBcmIqbJkAIc/OMpG32dnWaw Ov+gfy6IeJ+k54yugWcEEFWG+ExXZPBCZ71qo7wIQ9rNQLMVssAqWXYEpWpd4YIh lgETV0+1M8I0MYv0Dp+gDWAGzDyhsVLR6EIE2ckKf610Ltji/5MeXUFCRBf7fUid sCN+VZi0CE32nM93AUZrHImReg1HMmXm7cVf/yk24f+rG31c9PCNe/XbVnFAbOZH 3hv/sWkoH8rEiLAjanJTXYtScVodJkJq7dyhHZtl12EiLOE2hotjoUkR7ewudmgA 0C71DSruiGI=XFOF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 19, 2021
•Important
Red Hat
203
security advisorycriticalsoftware updateMageia: 2020-0151 Critical: Vim Memory Access Security Update
It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory (CVE-2019-20079). References: - https://bugs.mageia.org/show_bug.cgi?id=26380 . MGASA-2020-0151 - Updated vim packages fix security vulnerability Publication date: 01 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0151.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-20079 It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory (CVE-2019-20079). References: - https://bugs.mageia.org/show_bug.cgi?id=26380 - https://ubuntu.com/security/notices/USN-4309-1 - https://www.cve.org/CVERecord?id=CVE-2019-20079 SRPMS: - 7/core/vim-8.1.2136-1.mga7 . A revision to emacs libraries tackles a significant memory vulnerability in Mandriva platforms, bolstering defense.. memory access, vim security, mageia update. . Severity: Critical. LinuxSecurity.com Team
Mar 31, 2020
•Critical
Mageia
200
security advisorybug fixmoderate severityScientific Linux SL7: Addressing SLSA-2018-3242-1 Glusterfs Memory Issue
glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) SL7 x86_64 glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-fuse-3.12.2-1 [More...]. Synopsis: Moderate: glusterfs security, bug fix, and Advisory ID: SLSA-2018:3242-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10911 -- Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) -- SL7 x86_64 glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-fuse-3.12.2-18.el7.x86_64.rpm glusterfs-libs-3.12.2-18.el7.x86_64.rpm glusterfs-api-devel-3.12.2-18.el7.x86_64.rpm glusterfs-devel-3.12.2-18.el7.x86_64.rpm glusterfs-rdma-3.12.2-18.el7.x86_64.rpm python2-gluster-3.12.2-18.el7.x86_64.rpm - Scientific Linux Development Team . Cautionary notice for glusterfs users on Scientific Linux regarding a vulnerability related to incorrect deserialization outlined in CVE-2018-10911.. glusterfs, deserialization, security advisory, memory leak, SL7. . LinuxSecurity.com Team
Nov 26, 2018
Scientific Linux
200
security advisorykernel updatebug fixScientific Linux: SLSA-2014:1143-1 Moderate: Kernel Security Update
Moderate: kernel security and bug fix update. Date: Thu, 4 Sep 2014 14:48:44 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: kernel on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2014:1143-1 Issue Date: 2014-09-03 CVE Numbers: CVE-2014-3917 -- * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) This update also fixes the following bugs: * A bug in the journaling code (jbd and jbd2) could, under very heavy workload of fsync() operations, trigger a BUG_ON and result in a kernel oops. Also, fdatasync() could fail to immediately write out changes in the file size only. These problems have been resolved by backporting a series of patches that fixed these problems in the respective code on Scientific Linux 6. This update also improves performance of ext3 and ext4 file systems. * Due to a bug in the ext4 code, the fdatasync() system call did not force the inode size change to be written to the disk if it was the only metadata change in the file. This could result in the wrong inode size and possible data loss if the system terminated unexpectedly. The code handling inode updates has been fixed and fdatasync() now writes data to the disk as expected in this situation. * A workaround to a DMA read problem in the tg3 driver was incorrectly applied to the whole Broadcom 5719 and 5720 chipset family. This workaround is valid only to the A0 revision of the 5719 chips and for other revisions and chips causes occasional Tx timeouts. This update correctly applies the aforementioned workaround only to the A0 revision of the 5719 chips. * Due to a bug in the page writeback code, the system could become unresponsive whenbeing under memory pressure and heavy NFS load. This update fixes the code responsible for handling of dirty pages, and dirty page write outs no longer flood the work queue. The system must be rebooted for this update to take effect. -- SL5 x86_64 kernel-2.6.18-371.12.1.el5.x86_64.rpm kernel-debug-2.6.18-371.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.12.1.el5.x86_64.rpm kernel-devel-2.6.18-371.12.1.el5.x86_64.rpm kernel-headers-2.6.18-371.12.1.el5.x86_64.rpm kernel-xen-2.6.18-371.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.12.1.el5.x86_64.rpm i386 kernel-2.6.18-371.12.1.el5.i686.rpm kernel-PAE-2.6.18-371.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.12.1.el5.i686.rpm kernel-debug-2.6.18-371.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.12.1.el5.i686.rpm kernel-devel-2.6.18-371.12.1.el5.i686.rpm kernel-headers-2.6.18-371.12.1.el5.i386.rpm kernel-xen-2.6.18-371.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.12.1.el5.i686.rpm noarch kernel-doc-2.6.18-371.12.1.el5.noarch.rpm - Scientific Linux Development Team . Stable kernel enhancement for Scientific Linux targeting buffer overflow vulnerabilities and a variety of bug resolutions.. kernel Update, Scientific Linux, kernel Security. . LinuxSecurity.com Team
Sep 04, 2014
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!