Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Enterprise Linuxcritical update

Red Hat Enterprise Linux 8.4: RHSA-2021-4623 Important FreeRDP Memory Flaws

An update for freerdp is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: freerdp security update Advisory ID: RHSA-2021:4623-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4623 Issue date: 2021-11-11 CVE Names: CVE-2021-41159 CVE-2021-41160 ==================================================================== 1. Summary: An update for freerdp is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: improper client input validation for gateway connections allows to overwrite memory (CVE-2021-41159) * freerdp: improper region checks in all clients allow out of bound write to memory (CVE-2021-41160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update,which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2016403 - CVE-2021-41159 freerdp: improper client input validation for gateway connections allows to overwrite memory 2016412 - CVE-2021-41160 freerdp: improper region checks in all clients allow out of bound write to memory 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.4): Source: freerdp-2.2.0-6.el8_4.src.rpm aarch64: freerdp-2.2.0-6.el8_4.aarch64.rpm freerdp-debuginfo-2.2.0-6.el8_4.aarch64.rpm freerdp-debugsource-2.2.0-6.el8_4.aarch64.rpm freerdp-libs-2.2.0-6.el8_4.aarch64.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.aarch64.rpm libwinpr-2.2.0-6.el8_4.aarch64.rpm libwinpr-debuginfo-2.2.0-6.el8_4.aarch64.rpm libwinpr-devel-2.2.0-6.el8_4.aarch64.rpm ppc64le: freerdp-2.2.0-6.el8_4.ppc64le.rpm freerdp-debuginfo-2.2.0-6.el8_4.ppc64le.rpm freerdp-debugsource-2.2.0-6.el8_4.ppc64le.rpm freerdp-libs-2.2.0-6.el8_4.ppc64le.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.ppc64le.rpm libwinpr-2.2.0-6.el8_4.ppc64le.rpm libwinpr-debuginfo-2.2.0-6.el8_4.ppc64le.rpm libwinpr-devel-2.2.0-6.el8_4.ppc64le.rpm s390x: freerdp-2.2.0-6.el8_4.s390x.rpm freerdp-debuginfo-2.2.0-6.el8_4.s390x.rpm freerdp-debugsource-2.2.0-6.el8_4.s390x.rpm freerdp-libs-2.2.0-6.el8_4.s390x.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.s390x.rpm libwinpr-2.2.0-6.el8_4.s390x.rpm libwinpr-debuginfo-2.2.0-6.el8_4.s390x.rpm libwinpr-devel-2.2.0-6.el8_4.s390x.rpm x86_64: freerdp-2.2.0-6.el8_4.x86_64.rpm freerdp-debuginfo-2.2.0-6.el8_4.i686.rpm freerdp-debuginfo-2.2.0-6.el8_4.x86_64.rpm freerdp-debugsource-2.2.0-6.el8_4.i686.rpm freerdp-debugsource-2.2.0-6.el8_4.x86_64.rpm freerdp-libs-2.2.0-6.el8_4.i686.rpm freerdp-libs-2.2.0-6.el8_4.x86_64.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.i686.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.x86_64.rpm libwinpr-2.2.0-6.el8_4.i686.rpm libwinpr-2.2.0-6.el8_4.x86_64.rpm libwinpr-debuginfo-2.2.0-6.el8_4.i686.rpm libwinpr-debuginfo-2.2.0-6.el8_4.x86_64.rpm libwinpr-devel-2.2.0-6.el8_4.i686.rpm libwinpr-devel-2.2.0-6.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v.8.4): aarch64: freerdp-debuginfo-2.2.0-6.el8_4.aarch64.rpm freerdp-debugsource-2.2.0-6.el8_4.aarch64.rpm freerdp-devel-2.2.0-6.el8_4.aarch64.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.aarch64.rpm libwinpr-debuginfo-2.2.0-6.el8_4.aarch64.rpm ppc64le: freerdp-debuginfo-2.2.0-6.el8_4.ppc64le.rpm freerdp-debugsource-2.2.0-6.el8_4.ppc64le.rpm freerdp-devel-2.2.0-6.el8_4.ppc64le.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.ppc64le.rpm libwinpr-debuginfo-2.2.0-6.el8_4.ppc64le.rpm s390x: freerdp-debuginfo-2.2.0-6.el8_4.s390x.rpm freerdp-debugsource-2.2.0-6.el8_4.s390x.rpm freerdp-devel-2.2.0-6.el8_4.s390x.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.s390x.rpm libwinpr-debuginfo-2.2.0-6.el8_4.s390x.rpm x86_64: freerdp-debuginfo-2.2.0-6.el8_4.i686.rpm freerdp-debuginfo-2.2.0-6.el8_4.x86_64.rpm freerdp-debugsource-2.2.0-6.el8_4.i686.rpm freerdp-debugsource-2.2.0-6.el8_4.x86_64.rpm freerdp-devel-2.2.0-6.el8_4.i686.rpm freerdp-devel-2.2.0-6.el8_4.x86_64.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.i686.rpm freerdp-libs-debuginfo-2.2.0-6.el8_4.x86_64.rpm libwinpr-debuginfo-2.2.0-6.el8_4.i686.rpm libwinpr-debuginfo-2.2.0-6.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-41159 https://access.redhat.com/security/cve/CVE-2021-41160 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYY0rA9zjgjWX9erEAQiy5g/8CNCLYh3rVAkWT9EIj7E7M+7D9x1xlmHX L2wJtozBus7rZlmFzI5388bnjhXWOban8Vg652GHeJBqgR5Dni4V4D7Y2Py1mtPD AuSVDnq2HKsu9Ia5OgmKQLtfhDKS5XXKpJoBAvwyyvB6B4ZzRMgOyHVbAhId6YzS negyZitiZo+KdGHw/l9iM6J0zLBny7B6sRuNCInuH5rzoleKcA/CKfouEOpWtGpF y6H06MM1ubW3bpmNA/cZURohagohx7cTjlS4hq807IJC9w6kejFUwtSMGRFH0FTr p0EMNg2V1UROcxeTuCky4Q27MHaJKZk3qVMNwBjaQDRq/EbzjJkLcWpu+BPyyfyF MYrA7a0SqE3XU2PtvUNQReQhyMJAhhmtdf7aNqEmmVfI85g95Cx1EaoaCMCXAKp2 4RJZrmY+d+dEDZzTywtOFaqEAGnhD2mgbXr4gf4c617o0x5LtphHgbBFAUQbTd7T 6qGj6AlEX+5knKccA8XPOenYeL3q0RXxH81WtApN/w/ZORSavFVsjKjWAmnJ3fRt 4ND3oPOlFebefOKGlNznidMFfh/buEjtettt1amWlwQAxs+EprCknzcpxiyHJ/Mj EasEafIePWPqeScEfCi/bAv50L/ltvyehNKtPk0g3ECnQMTok157U5vqB8WG0V67 P8cojOQczS0=jX1f -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial freeRDP patch released for Red Hat Enterprise Linux 8.4 tackling significant vulnerability concerns and potential memory exploitation threats.. freeRDP Update, Red Hat Security, Remote Desktop Protocol, RDP Memory Flaw, Enterprise Linux Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 11, 2021 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorabug fixes

Fedora 26: Critical Update for WindowMaker Addressing Memory Flaws

Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-8f27031c8f 2017-09-19 02:41:35.415951 --------------------------------------------------------------------------------Name : WindowMaker Product : Fedora 26 Version : 0.95.8 Release : 3.fc26 URL : http://www.windowmaker.org Summary : A fast, feature rich Window Manager Description : Window Maker is an X11 window manager designed to give additional integration support to the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP GUI. It is fast, feature rich, easy to configure, and easy to use. In addition, Window Maker works with GNOME and KDE, making it one of the most useful and universal window managers available. --------------------------------------------------------------------------------Update Information: Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates. --------------------------------------------------------------------------------References: [ 1 ] Bug #1471837 - CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471837 [ 2 ] Bug #1471122 - CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471122 [ 3 ] Bug #1470670 - CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1470670 [ 4 ] Bug #1465064 - CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1465064 [ 5 ] Bug #1455602 - CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1455602 [ 6 ] Bug #1453125 - CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1453125 [ 7 ] Bug #1413898 - CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1413898 [ 8 ] Bug #1408404 - CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1408404 [ 9 ] Bug #1483575 - CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483575 [ 10 ] Bug #1299275 - ImageMagick-7.0.6-9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1299275 [ 11 ] Bug #1483132 - CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483132 [ 12 ] Bug #1483117 - CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483117 [ 13 ] Bug #1482655 - CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482655 [ 14 ] Bug #1482626 - CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482626 [ 15 ] Bug #1350462 - CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1350462 [ 16 ] Bug #1361494 - CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361494 [ 17 ] Bug #1378790 - CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1378790 [ 18 ] Bug #1361578 - CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361578 [ 19 ] Bug #1477566 - CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477566 [ 20 ] Bug #1477070 - CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477070 [ 21 ] Bug #1475486 - CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475486 [ 22 ] Bug #1475471 - CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475471 [ 23 ] Bug #1475464 - CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475464 [ 24 ] Bug #1474846 - CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474846 [ 25 ] Bug #1474420 - CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474420 [ 26 ] Bug #1473848 - CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473848 [ 27 ] Bug #1473825 - CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473825 [ 28 ] Bug #1473802 - CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473802 [ 29 ] Bug #1473799 - CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473799 [ 30 ] Bug #1473797 - CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473797 [ 31 ] Bug #1473775 - CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473775 [ 32 ] Bug #1473758 - CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473758 [ 33 ] Bug #1473719 - CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473719 [ 34 ] Bug #1410515 - ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1410515 [ 35 ] Bug #1479313 - synfigstudio doesn't start https://bugzilla.redhat.com/show_bug.cgi?id=1479313 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade WindowMaker' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Discover the most recent WindowMaker update on Fedora, addressing various security vulnerabilities and bug fixes to improve overall usability.. WindowMaker Security Update, Fedora System Update, Critical Fixes for WindowMaker. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 19, 2017 Critical Fedora
Banner 2 1028x280 1708121730 1 1771599631
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceDoS

Ubuntu: 0025-1 Moderate: Linux Kernel Memory Flaws And DoS Risks

Several security issues were fixed in the kernel.. =========================================================================Kernel Live Patch Security Notice LSN-0025-1 July 06, 2017 linux vulnerability ========================================================================= A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074) It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could usethis to obtain sensitive information (kernel memory). (CVE-2017-2584) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075) It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-21.37 | 25.1 | generic, lowlatency | | 4.4.0-22.39 | 25.1 | generic, lowlatency | | 4.4.0-22.40 | 25.1 | generic, lowlatency | | 4.4.0-24.43 | 25.1 | generic, lowlatency | | 4.4.0-28.47 | 25.1 | generic, lowlatency | | 4.4.0-31.50 | 25.1 | generic, lowlatency | | 4.4.0-34.53 | 25.1 | generic, lowlatency | | 4.4.0-36.55 | 25.1 | generic, lowlatency | |4.4.0-38.57 | 25.1 | generic, lowlatency | | 4.4.0-42.62 | 25.1 | generic, lowlatency | | 4.4.0-43.63 | 25.1 | generic, lowlatency | | 4.4.0-45.66 | 25.1 | generic, lowlatency | | 4.4.0-47.68 | 25.1 | generic, lowlatency | | 4.4.0-51.72 | 25.1 | generic, lowlatency | | 4.4.0-53.74 | 25.1 | generic, lowlatency | | 4.4.0-57.78 | 25.1 | generic, lowlatency | | 4.4.0-59.80 | 25.1 | generic, lowlatency | | 4.4.0-62.83 | 25.1 | generic, lowlatency | | 4.4.0-63.84 | 25.1 | generic, lowlatency | | 4.4.0-64.85 | 25.1 | generic, lowlatency | | 4.4.0-66.87 | 25.1 | generic, lowlatency | | 4.4.0-67.88 | 25.1 | generic, lowlatency | | 4.4.0-70.91 | 25.1 | generic, lowlatency | | 4.4.0-71.92 | 25.1 | generic, lowlatency | | 4.4.0-72.93 | 25.1 | generic, lowlatency | | 4.4.0-75.96 | 25.1 | generic, lowlatency | | 4.4.0-77.98 | 25.1 | generic, lowlatency | | 4.4.0-78.99 | 25.1 | generic, lowlatency | | 4.4.0-79.100 | 25.1 | generic, lowlatency | | 4.4.0-81.104 | 25.1 | generic, lowlatency | | 4.4.0-83.106 | 25.1 | generic, lowlatency | | lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | |lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency | | lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency | | lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience. References: CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584, CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9242 -- ubuntu-security-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Multiple kernel security flaws patched in Ubuntu. Critical fixes rolled out for enhanced protection.. Kernel Issues, Ubuntu Security, Linux Kernel Patch, Administrative Privileges. .LinuxSecurity.com Team

Calendar 2 Jul 06, 2017 Ubuntu
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of servicecritical

Ubuntu 12.10: USN-2114-1 Critical: Kernel Memory Issues and DoS

Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-2114-1 February 18, 2014 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: linux-image-3.5.0-46-generic 3.5.0-46.70 linux-image-3.5.0-46-highbank 3.5.0-46.70 linux-image-3.5.0-46-omap 3.5.0-46.70 linux-image-3.5.0-46-powerpc-smp 3.5.0-46.70 linux-image-3.5.0-46-powerpc64-smp 3.5.0-46.70 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernelmodules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-2114-1 CVE-2013-2929, CVE-2013-4592, CVE-2013-6378, CVE-2013-6380 Package Information: https://launchpad.net/ubuntu/+source/linux/3.5.0-46.70 . Resolved vulnerabilities in the Linux kernel for Ubuntu 12.10. Information on defects and upgrade guidelines provided.. Kernel Security, Linux Updates, Denial of Service Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 19, 2014 Critical Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here