Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 64 articles for you...
172

Ubuntu SQLite Critical Denial of Service Vulnerability USN-8480-1

Several security issues were fixed in SQLite.. ========================================================================== Ubuntu Security Notice USN-8480-1 June 29, 2026 sqlite3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in SQLite. Software Description: - sqlite3: C library that implements an SQL database engine Details: It was discovered that SQLite incorrectly handled certain memory operations in the FTS5 full-text search extension. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libsqlite3-0 3.46.1-9ubuntu0.1 Ubuntu 25.10 libsqlite3-0 3.46.1-8ubuntu0.1 Ubuntu 24.04 LTS libsqlite3-0 3.45.1-1ubuntu2.6 Ubuntu 22.04 LTS libsqlite3-0 3.37.2-2ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8480-1 CVE-2026-11822, CVE-2026-11824 Package Information: https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-9ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-8ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.45.1-1ubuntu2.6 https://launchpad.net/ubuntu/+source/sqlite3/3.37.2-2ubuntu0.6 . Several security issues addressed in SQLite may lead to crashes or unauthorized code execution. Update required for Ubuntu.. SQLite Security Update, Denial Of Service, Ubuntu Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 29, 2026 Important Ubuntu
100

Ubuntu OS 20.04 xkbcompile Memory Cap Warning DEBIAN-NOTICE-2028-40405-3

An update that solves four vulnerabilities can now be installed.. # Security update for xkbcomp Announcement ID: SUSE-SU-2026:20186-1 Release Date: 2026-01-28T15:47:30Z Rating: low References: * bsc#1105832 Cross-References: * CVE-2018-15853 * CVE-2018-15859 * CVE-2018-15861 * CVE-2018-15863 CVSS scores: * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for xkbcomp fixes the following issues: * CVE-2018-15863, CVE-2018-15861, CVE-2018-15859, CVE-2018-15853: Fixed multiple memory handling and correctness issues (bsc#1105832) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-208=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-208=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * xkbcomp-debuginfo-1.4.7-160000.3.1 * xkbcomp-1.4.7-160000.3.1 * xkbcomp-devel-1.4.7-160000.3.1 * xkbcomp-debugsource-1.4.7-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * xkbcomp-debuginfo-1.4.7-160000.3.1 * xkbcomp-1.4.7-160000.3.1 * xkbcomp-devel-1.4.7-160000.3.1 * xkbcomp-debugsource-1.4.7-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-15853.html * https://www.suse.com/security/cve/CVE-2018-15859.html * https://www.suse.com/security/cve/CVE-2018-15861.html * https://www.suse.com/security/cve/CVE-2018-15863.html * https://bugzilla.suse.com/show_bug.cgi?id=1105832 . This security advisory highlights a low-severity update for xkbcomp addressing multiple memory handling issues.. SUSE security update,xkbcomp update,low severity security,xkbcomp vulnerabilities,SUSE advisory. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Feb 03, 2026 Low SuSE
202

openSUSE 15.3: samba Critical Vulnerabilities Command Injection 2025:3677-1

An update that solves two vulnerabilities can now be installed.. # Security update for samba Announcement ID: SUSE-SU-2025:3677-1 Release Date: 2025-10-20T08:37:56Z Rating: critical References: * bsc#1251279 * bsc#1251280 Cross-References: * CVE-2025-10230 * CVE-2025-9640 CVSS scores: * CVE-2025-10230 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-9640 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-9640 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2025-9640: Fixed vfs_streams_xattr uninitialized memory write (bsc#1251279). * CVE-2025-10230: Fixed command Injection in WINS Server Hook Script (bsc#1251280). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3677=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-3677=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patchSUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3677=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3677=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3677=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3677=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3677=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3677=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-test-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-pcp-pmda-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-test-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-pcp-pmda-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *libsamba-policy0-python3-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (noarch) * samba-doc-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (aarch64 x86_64) * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * openSUSE Leap 15.3 (aarch64_ilp32) * samba-client-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64) * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1 * ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Enterprise Storage 7.1 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 *samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1 * samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10230.html * https://www.suse.com/security/cve/CVE-2025-9640.html * https://bugzilla.suse.com/show_bug.cgi?id=1251279 * https://bugzilla.suse.com/show_bug.cgi?id=1251280 . Critical security update for openSUSE fixing samba vulnerabilities related to command injection and memory safety.. openSUSE samba security update command injection memory safety. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 20, 2025 Critical OpenSUSE
202

openSUSE 15.6: 2025:1506-1 important: MozillaThunderbird Memory Flaws

An update that solves seven vulnerabilities can now be installed.. # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2025:1506-1 Release Date: 2025-05-07T12:13:22Z Rating: important References: * bsc#1241621 Cross-References: * CVE-2025-2817 * CVE-2025-4082 * CVE-2025-4083 * CVE-2025-4084 * CVE-2025-4087 * CVE-2025-4091 * CVE-2025-4093 CVSS scores: * CVE-2025-2817 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-2817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-2817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4082 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4082 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4082 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-4083 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4083 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4083 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-4084 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4084 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4084 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-4087 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-4087 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-4087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4091 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4091 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4093 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N *CVE-2025-4093 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4093 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.10 update (bsc#1241621): * CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS. * CVE-2025-4087: Unsafe attribute access during XPath parsing. * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird. * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. * CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames. * CVE-2025-4084: Potential local code execution in "copy as cURL" command. * CVE-2025-2817: Privilege escalation in Thunderbird Updater. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1506=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1506=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1506=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 *MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2817.html * https://www.suse.com/security/cve/CVE-2025-4082.html * https://www.suse.com/security/cve/CVE-2025-4083.html * https://www.suse.com/security/cve/CVE-2025-4084.html * https://www.suse.com/security/cve/CVE-2025-4087.html * https://www.suse.com/security/cve/CVE-2025-4091.html * https://www.suse.com/security/cve/CVE-2025-4093.html * https://bugzilla.suse.com/show_bug.cgi?id=1241621 . An important patch for MozillaFirefox resolves several significant vulnerabilities concerning security on Fedora systems. Update without delay.. MozillaThunderbird Security Update, openSUSE Important Update, Memory Safety Issues, MozillaThunderbird Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 07, 2025 Important OpenSUSE
172

Ubuntu 7299-3: X.Org X Server Security Advisory Updates

USN-7299-2 caused a regression in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-7299-3 March 12, 2025 xorg-server, xwayland regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-7299-2 caused a regression in X.Org X Server. Software Description: - xorg-server: X.Org X11 server - xorg-server-hwe-18.04: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server Details: USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update reverts it pending further investigation. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm11 Available with Ubuntu Pro xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3 Available with Ubuntu Pro xwayland 2:1.19.6-1ubuntu4.15+esm11 Available with Ubuntu Pro xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm16 Available with Ubuntu Pro xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8 Available with Ubuntu Pro xwayland 2:1.18.4-0ubuntu0.12+esm16 Availablewith Ubuntu Pro xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7299-3 https://ubuntu.com/security/notices/USN-7299-2 https://ubuntu.com/security/notices/USN-7299-1 https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2101897 . Ubuntu Security Notice USN-7299-3 highlights a regression in the X.Org X Server affecting Ubuntu LTS releases, demanding urgent action.. usn-7299-2, caused, regression, server, ==================================================. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 12, 2025 Critical Ubuntu
172

Ubuntu 24.10 USN-7307-1 Critical: libxmltok Denial of Service Threat

Libxmltok could be made to crash if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7307-1 February 26, 2025 libxmltok vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Libxmltok could be made to crash if it opened a specially crafted file. Software Description: - libxmltok: XML Parser Toolkit, developer libraries Details: Tim Boddy discovered that Expat, contained within the xmltok library, did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libxmltok1t64 1.2-4.1ubuntu3.2 Ubuntu 24.04 LTS libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS libxmltok1 1.2-4ubuntu0.22.04.1~esm5 Available with Ubuntu Pro Ubuntu 20.04 LTS libxmltok1 1.2-4ubuntu0.20.04.1~esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS libxmltok1 1.2-4ubuntu0.18.04.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all thenecessary changes. References: https://ubuntu.com/security/notices/USN-7307-1 CVE-2012-1148 Package Information: https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu3.2 . Ubuntu Security Advisory USN-7308-1 discusses vulnerabilities in libcurl that may expose systems to remote code execution risks.. libxmltok, denial of service, memory issues, Ubuntu updates, security advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 27, 2025 Critical Ubuntu
100

SUSE Linux Enterprise Micro 5 moderate: 2025:0724-1 vim heap overflow

* bsc#1229685 * bsc#1229822 * bsc#1230078 * bsc#1235695 * bsc#1236151 . # Security update for vim Announcement ID: SUSE-SU-2025:0724-1 Release Date: 2025-02-26T13:30:43Z Rating: moderate References: * bsc#1229685 * bsc#1229822 * bsc#1230078 * bsc#1235695 * bsc#1236151 * bsc#1237137 Cross-References: * CVE-2024-43790 * CVE-2024-43802 * CVE-2024-45306 * CVE-2025-1215 * CVE-2025-22134 * CVE-2025-24014 CVSS scores: * CVE-2024-43790 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-43790 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-43802 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-43802 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-45306 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45306 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-45306 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-45306 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-1215 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1215 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1215 ( NVD ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1215 ( NVD ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2025-22134 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-22134 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-22134 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-24014 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-24014 ( SUSE ): 4.2CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-24014 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves six vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.1.1101: * CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). * CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). * CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). * CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). * CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). * CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-724=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-724=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-724=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-724=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-724=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patchSUSE-SLE-Micro-5.4-2025-724=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-724=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.4(noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.1.1101-150000.5.69.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-debuginfo-9.1.1101-150000.5.69.1 * vim-small-debuginfo-9.1.1101-150000.5.69.1 * vim-small-9.1.1101-150000.5.69.1 * vim-debugsource-9.1.1101-150000.5.69.1 * xxd-9.1.1101-150000.5.69.1 ## References: * https://www.suse.com/security/cve/CVE-2024-43790.html * https://www.suse.com/security/cve/CVE-2024-43802.html * https://www.suse.com/security/cve/CVE-2024-45306.html * https://www.suse.com/security/cve/CVE-2025-1215.html * https://www.suse.com/security/cve/CVE-2025-22134.html * https://www.suse.com/security/cve/CVE-2025-24014.html * https://bugzilla.suse.com/show_bug.cgi?id=1229685 * https://bugzilla.suse.com/show_bug.cgi?id=1229822 * https://bugzilla.suse.com/show_bug.cgi?id=1230078 * https://bugzilla.suse.com/show_bug.cgi?id=1235695 * https://bugzilla.suse.com/show_bug.cgi?id=1236151 * https://bugzilla.suse.com/show_bug.cgi?id=1237137 . Delve into the SUSE Linux Enterprise Micro 5 edition security patch for vim, tackling various vulnerabilities and improving overall robustness.. SUSE Linux, Security Update, vim, Heap Overflow, Memory Corruption. . LinuxSecurity.com Team

Calendar%202 Feb 26, 2025 SuSE
217

Oracle Linux 8 ELSA-2024-12780: Important Kernel Updates Addressing Issues

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-12780 http://linux.oracle.com/errata/ELSA-2024-12780.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.336.5.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.336.5.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.336.5.1.el8uek.src.rpm Related CVEs: CVE-2024-27397 CVE-2024-41012 CVE-2024-41015 CVE-2024-41017 CVE-2024-41020 CVE-2024-41042 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41068 CVE-2024-41070 CVE-2024-41072 CVE-2024-41081 CVE-2024-41090 CVE-2024-41091 CVE-2024-42131 CVE-2024-42259 CVE-2024-42265 CVE-2024-42271 CVE-2024-42276 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42292 CVE-2024-42295 CVE-2024-42297 CVE-2024-42301 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42313 CVE-2024-43829 CVE-2024-43830 CVE-2024-43839 CVE-2024-43841 CVE-2024-43846 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43867 CVE-2024-43871 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43890 CVE-2024-43893 CVE-2024-43894 CVE-2024-43908 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44948 CVE-2024-44954 CVE-2024-44960 CVE-2024-44965 CVE-2024-44968 CVE-2024-44969 CVE-2024-46738 Description of changes: [5.4.17-2136.336.5.1.el8uek] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37138988] [5.4.17-2136.336.5.el8uek] - uek-rpm: Add skx_edac_common.ko to nano_modules (Sherry Yang) [Orabug:37030127] - EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann) [Orabug: 37030127] - uek-rpm: Integrating the container build in UEK6 (Jack Vogel) [Orabug: 37021061] - i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov) [Orabug: 36988197] - xsigo: Use NAPI in UD/TX flows for xve (Alok Tiwari) [Orabug: 35180168] - xsigo: remove incorrect spin_unlock_irqrestore call in vhba_queuecommand (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix slab-out-of-bounds in vhba_create (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix memory free issue in dma mapping (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix use-after-free n xsvbha for srb *sp (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix mtu setting issue in xve netdev (Alok Tiwari) [Orabug: 35180168] - xsigo: Add struct ib_mad_send_buf to recv_handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove tx_outstanding variable from xve xmit (Alok Tiwari) [Orabug: 35180168] - xsigo: Add extack argument to dev_change_flags() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove compare_data while calling ib_cm_listen() (Alok Tiwari) [Orabug: 35180168] - xsigo: Ignore the return value of "ib_destroy_cq" (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sif_verbs header (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace setup_timer with the timer_setup (Alok Tiwari) [Orabug: 35180168] - xsigo: Use ib_ud_wr for xve_dev_priv instread of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove return from register event handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Add client_data for struct ib_client remove() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace dev-> trans_start update with helper netif_trans_update (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove usage of net_device last_rx member from xsigo (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace skb_frag page with bv_page in xve (Alok Tiwari) [Orabug: 35180168] - xsigo: Use sg_next() to get the next sg instead of SG_NEXT (Alok Tiwari) [Orabug: 35180168] -xsigo: Rename ib_init_ah_from_path to ib_init_ah_attr_from_path (Alok Tiwari) [Orabug: 35180168] - xsigo: remove pointer dereference for ib_fmr_pool_map_phys (Alok Tiwari) [Orabug: 35180168] - xsigo: ib_fmr_pool_map_phys does not need rargs (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_sg_dma_address() and ib_sg_dma_len() (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error from xsvbha module (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sg_copy_buffer from vhba_align (Alok Tiwari) [Orabug: 35180168] - xsigo: Xve, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xve module (Alok Tiwari) [Orabug: 35180168] - xsigo: Xsvnic, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xsvnic module (Alok Tiwari) [Orabug: 35180168] - xsigo: Change port number from u8 to u32 (Alok Tiwari) [Orabug: 35180168] - xsigo: Use frag-> bv_offset in place of page_offset (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename skb_frag_t size to bv_len (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error due to Constify of ib_cm_event (Alok Tiwari) [Orabug: 35180168] - xsigo: Add the $(srctree)/ prefix to xsigo Makefile (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign IB_MGMT_BASE_VERSION for ib_create_send_mad (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign rdma_ctxs and port_num for struct ib_qp_init_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_cq_init_attr for ib_create_cq() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace max_sge with max_send_sge for xscore_create_qp (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_get_dma_mr and ib_dereg_mr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_device with callback "ops.query_device" (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_gid with rdma_query_gid (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_modify_cq with rdma_set_cq_moderation (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign path recordtype rec_type for sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_sa_path_rec to sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_ud_wr ud_wr instead of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace struct ib_ah_attr with struct rdma_ah_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_create_ah and ib_destroy_ah (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign const argument for ib_post_send/recv() (Alok Tiwari) [Orabug: 35180168] - uek-rpm: add xsigo module in ol7 and ol8 config file (Alok Tiwari) [Orabug: 35180168] - Revert "RDMA/core/sa_query: Remove unused function" (Alok Tiwari) [Orabug: 35180168] - xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050] [Orabug: 35180168] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27074085] [Orabug: 35180168] - xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26474000] [Orabug: 35180168] - xsigo: UEK4-master:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199177] [Orabug: 35180168] - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] [Orabug: 35180168] - xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] [Orabug: 35180168] - xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] [Orabug: 35180168] - xsigo: Fix crash in accessing xve proc l2 entries (Pradeep Gopanapalli) [Orabug: 25165085] [Orabug: 35180168] - xsigo: Fix race in freeing aged Forwarding table entry (Pradeep Gopanapalli) [Orabug: 25129729] [Orabug: 35180168] - xsigo: Schedule while uninterruptible (Pradeep Gopanapalli) [Orabug: 25097469] [Orabug: 35180168] - xsigo: supported SGE's for LSO QP (Pradeep Gopanapalli) [Orabug: 25029868] [Orabug: 35180168] - xsigo: Hardening driver in handling remote QP failures (Pradeep Gopanapalli) [Orabug: 24929076] [Orabug: 35180168] - xsigo: send nack codes (PradeepGopanapalli) [Orabug: 24442792] [Orabug: 35180168] - xsigo: xve driver has excessive messages (Pradeep Gopanapalli) [Orabug: 24758335] [Orabug: 35180168] - xsigo: hard LOCKUP in freeing paths (Pradeep Gopanapalli) [Orabug: 24669507] [Orabug: 35180168] - xsigo: Crash in xscore_port_num (Pradeep Gopanapalli) [Orabug: 24760465] [Orabug: 35180168] - xsigo: Resize uVNIC/PVI CQ size (Pradeep Gopanapalli) [Orabug: 24765034] [Orabug: 35180168] - xsigo: Optimizing Transmit completions (Pradeep Gopanapalli) [Orabug: 24928865] [Orabug: 35180168] - xsigo: Implementing Jumbo MTU support (Pradeep Gopanapalli) [Orabug: 24928804] [Orabug: 35180168] - xsigo: EoiB QP support (Pradeep Gopanapalli) [Orabug: 24508359] [Orabug: 35180168] - xsigo: Send Heart Beat Lost Operational state (Pradeep Gopanapalli) [Orabug: 23032392] [Orabug: 35180168] - xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - Fixed vnic issue after saturn reset (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - uvnic issues (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Fixed wrongly checked return type Added Debug print (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Integrate Uvnic functionality into uek-4.1 Revision 8008 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) S_IRWXU causing kernel soft crash changing to 0644 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) Support vnic for EDR based platform(uVnic) 2) Supported Types now Type 0 (Pradeep Gopanapalli) [Orabug: 35180168] - Add Oracle virtual Networking Drivers for uek4 kernel (Pradeep Gopanapalli) [Orabug: 35180168] [5.4.17-2136.336.4.el8uek] - igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037205]{CVE-2024-46738} - x86/speculation: Basic IBRS is enabled with AMD Automatic IBRS (Alexandre Chartre) [Orabug: 37044540] [5.4.17-2136.336.3.el8uek] - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li) - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) - LTS tag: v5.4.282 (Sherry Yang) - media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young) - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) - nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017] {CVE-2024-43882} - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969] {CVE-2024-42259} - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042} - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630432] {CVE-2024-27397} - netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) - kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) - Fix gcc 4.9 build issue in 5.4.y (Jari Ruusu) - drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948} - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890} - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fixconstant_charge_voltage writes (Hans de Goede) - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009] {CVE-2024-43893} - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - ntp: Safeguard against time_constant overflow (Justin Stitt) - ntp: Clamp maxerror and esterror to operating range (Justin Stitt) - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032] {CVE-2024-44968} - scsi: ufs: core: Fix hba-> last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960} - USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki) - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992971] {CVE-2024-43883} - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954} - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014] {CVE-2024-43894} - spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) - spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov) - bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) - i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) - i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) - i2c: smbus: Don't filter out duplicate alerts (Corey Minyard) - arm64: errata: Expand speculative SSBS workaround (again) (Mark Rutland) - arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) - arm64: errata: Expand speculative SSBS workaround (Mark Rutland) -arm64: errata: Unify speculative SSBS errata logic (Mark Rutland) - arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) - arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) - arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (Mark Rutland) - arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) - arm64: Add Neoverse-V2 part (Besar Wicaksono) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) - ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969} - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) - media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908} - btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) - wifi: nl80211: don't give key data to userspace (Johannes Berg) - udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) - PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) - ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weißschuh) - ACPI: battery: create alarm sysfs attribute atomically (Thomas Weißschuh) - clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund) - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127] {CVE-2024-43914} - net: fec: Stop PPS on driver remove (Csókás, Bence) - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) -net: linkwatch: use system_unbound_wq (Eric Dumazet) - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959] {CVE-2024-43861} - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147] {CVE-2024-44935} - sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012] {CVE-2024-44965} - irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) - genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) - netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) - ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) - protect the fetch of -> fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808] {CVE-2024-42265} - HID: wacom: Modify pen IDs (Tatsunosuke Tobita) - ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski) - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271} - drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867} - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964537] {CVE-2024-43860} - remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng) - remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan) - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085] {CVE-2024-42290} - irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) - irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) - genirq: Allow the PM device to originate from irq domain (Marc Zyngier) - devres: Fix memory leakagecaused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991] {CVE-2024-43871} - driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko) - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301} - parport: Standardize use of printmode (Joe Perches) to pr_ ( (Joe Perches) - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) - PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai) - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131} - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022] {CVE-2024-42276} - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - ASoC: Intel: Convert to new X86 CPU match macros (Thomas Gleixner) - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) - apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280} - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281} - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044] {CVE-2024-42283} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047] {CVE-2024-42284} - net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) - ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856} - libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) - um: time-travel: fix time-travel-start option (Johannes Berg) - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858} - kdb: address -Wformat-security warnings (Arnd Bergmann) - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203] {CVE-2024-42295} - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) - drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) - selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054] {CVE-2024-42285} - platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) - rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) - perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) - perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286} - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287} - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288} - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080] {CVE-2024-42289} - rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292} - decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) - ubi: eba: properly rollback insideself_check_eba (Fedor Pchelkin) - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297} - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) - binder: fix hang of unregistered readers (Carlos Llamas) - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) - hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - tools/memory-model: Fix bug in lock.cat (Alan Stern) - leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - wifi: mwifiex: Fix interface type change (Rafael Beims) - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304} - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237] {CVE-2024-42305} - m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306} - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308} - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253] {CVE-2024-42309} - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260] {CVE-2024-42310} - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265] {CVE-2024-42311} - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313} - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) - ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) - af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) - net: netconsole: Disable target before netpoll cleanup (Breno Leitao) - tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) -rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence) - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) - fs/nilfs2: remove some unused macros to tame gcc (Alex Shi) - pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755] {CVE-2024-44944} - bnxt_re: Fix imm_data endianness (Jack Wang) - macintosh/therm_windtunnel: fix module unload. (Nick Bowler) - powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) - Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) - RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) - mtd: make mtd_test.c a separate module (Arnd Bergmann) - ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) - RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) - Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) - PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen) - SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) - sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) - ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) - SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) - mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829} - drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) - perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964459] {CVE-2024-43830} - media: renesas: vsp1: Store RPF partition configuration per RPFinstance (Laurent Pinchart) - media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) - media: uvcvideo: Override default flags (Daniel Schaefer) - media: uvcvideo: Allow entity-defined get_info and get_cur (Ricardo Ribalda) - saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) - media: imon: Fix race getting ictx-> lock (Ricardo Ribalda) - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) - USB: move snd_usb_pipe_sanity_check into the USB core (Greg Kroah-Hartman) - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480] {CVE-2024-43839} - wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487] {CVE-2024-43841} - qed: Improve the stack space of filter_config() (Shai Malin) - perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) - perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) - netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence) - net: fec: Refactor: #define magic constants (Csókás Bence) - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984010] {CVE-2024-43879} - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880} - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846} - selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) - net/smc: Allow SMC-D 1MB DMB allocations (Stefan Raspl) - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) - firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún) - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún) - m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) - x86/xen: Convert comma to semicolon (Chen Ni) - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) - arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) - arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (Rafał Miłecki) - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) - arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) - hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) - pwm: stm32: Always do lazy disabling (Uwe Kleine-König) - hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen) - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen) - x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen) - hfsplus: fix to avoid false alarm of circular locking (Chao Yu) - platform/chrome:cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) - LTS tag: v5.4.281 (Sherry Yang) - tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36660755] {CVE-2024-41090} - tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36660755] {CVE-2024-41091} - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020} {CVE-2024-41012} - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994] {CVE-2024-41063} - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) - powerpc/eeh: avoid possible crash when edev-> pdev changes (Ganesh Goudar) [Orabug: 36897003] {CVE-2024-41064} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009] {CVE-2024-41065} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068} - can: kvaser_usb: fix return value forhif_usb_send_regout (Chen Ni) - ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - mips: fix compat_sys_lseek syscall (Arnd Bergmann) - ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897048] {CVE-2024-41070} - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312] {CVE-2024-41072} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081} - Input: silead - Always support 10 fingers (Hans de Goede) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758] {CVE-2024-41012} {CVE-2024-41020} - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) [5.4.17-2136.336.2.el8uek] - mm: Only enable HVO under UEK6 for Exadata system (Jane Chu) [Orabug: 36990830] - mm: delete redundent old PageCompound() macro (Jane Chu) [Orabug: 36990830] [5.4.17-2136.336.1.el8uek] - mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug:36947110] - mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 36947110] - mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 36947110] - mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 36947110] - mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 36947110] - mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 36947110] - mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 36947110] - mm,hwpoison: introduce MF_MSG_UNSPLIT_THP (Naoya Horiguchi) [Orabug: 36947110] - KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky) [Orabug: 36401960] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . The Oracle security notice ELSA-2024-12780 addresses vital kernel modifications aimed at resolving serious vulnerabilities in Oracle Linux.. Oracle Linux Security, kernel updates, Linux security advisory, critical vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 15, 2024 Important Oracle
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200