Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorySUSEnghttp2SUSE: 2023:3341-1 Important: bci/nodejs Memory Leak Security Fix
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3341-1 Container Tags : bci/node:18 , bci/node:18-11.7 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.7 , bci/nodejs:latest Container Release : 11.7 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - container:sles15-image-15.0.0-36.5.40 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed . SUSE Container Update Notification delivers updates forbci/python addressing issues with resource consumption in nghttp3.. SUSE Container Update,bci/nodejs Security Fix,nghttp2 Memory Leak. . Severity: Important. LinuxSecurity.com Team
Oct 10, 2023
•Important
SuSE
98
security advisorykernel updatelow impactRed Hat Enterprise Linux 7 Low Advisory: RHSA-2020-3907-01 on qemu-kvm-ma
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm-ma security update Advisory ID: RHSA-2020:3907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3907 Issue date: 2020-09-29 CVE Names: CVE-2018-15746 CVE-2019-20382 ==================================================================== 1. Summary: An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x Red Hat Enterprise Linux Server Optional (v. 7) - ppc64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746) * QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the RedHat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1615637 - CVE-2018-15746 QEMU: seccomp: blacklist is not applied to all threads 1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-ma-2.12.0-48.el7.src.rpm ppc64: qemu-img-ma-2.12.0-48.el7.ppc64.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm ppc64le: qemu-img-ma-2.12.0-48.el7.ppc64le.rpm qemu-kvm-common-ma-2.12.0-48.el7.ppc64le.rpm qemu-kvm-ma-2.12.0-48.el7.ppc64le.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64le.rpm qemu-kvm-tools-ma-2.12.0-48.el7.ppc64le.rpm s390x: qemu-img-ma-2.12.0-48.el7.s390x.rpm qemu-kvm-common-ma-2.12.0-48.el7.s390x.rpm qemu-kvm-ma-2.12.0-48.el7.s390x.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.s390x.rpm qemu-kvm-tools-ma-2.12.0-48.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: qemu-kvm-common-ma-2.12.0-48.el7.ppc64.rpm qemu-kvm-ma-2.12.0-48.el7.ppc64.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm qemu-kvm-tools-ma-2.12.0-48.el7.ppc64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15746 https://access.redhat.com/security/cve/CVE-2019-20382 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjBdzjgjWX9erEAQj6gQ//SEWVHOdjJhjXKnCkeWEucrMHwwCkWRmI jHsSo2DoriKwmbAsUzBTT2OJq4gAHCp0gCk15ndqLFQgPT3mQ/JTscg1r8TOFu8C 1hXOXJphxZAQKvSxbfdQ2GreCkrMGTD7PnUmnk/23OfEfg+z2GIT6e/unsLvWhzi B4+CmXOCU4DvjImrkgPJQUqaYmvA4zH+Exoi30M0oM1Wm8Pc+V8bV0awFPyP/K2B +cStKzK4AwGsKB00kSz3kkLX7Q6AztHfD/39W+pI77rok3iKG933tkogoo+485Qc LN0GLLJMnu/bwXw6y44in67TuHC8uX0azOHLyBKBe2S0LEmO72fWq8zj8wQix3wi wBI/dooFzlrmlrZI+ftZGqoeigcd3VDaGu4ji5yo6a+2UuvawrAfdwha1vt16zaK Vy2Uqnfh+Kfc1bwqbG7aeDcFXAHUVJZLfQ69Pzp6ufsqlrTKi7KZAzx2u/QL+e/w aWuF1krI/rr07F3p7vewiL443FGAL9BcCFcGF8G42saovcwozn3Z1bQTU5+MJeRw M4lPJeyvbRbKUld7e/N9igzGr4wk3rdALKWo2JjwYrYvcPWd2AVEancY9gtnrnj5 x9GGq8oZMPd6WSnjnNxjpnPYwHrT3d61QslkghNBDoHmxb5rrTdyVzVW3guVYNaE y0GKn5Ljxig=L1l0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 29, 2020
•Low
Red Hat
89
security advisoryfedorasoftware updateFedora 33: FEDORA-2020-7b1541266c Critical: PowerDNS Memory Leak
- Update to 4.3.1 - PowerDNS Security Advisory 2020-05 (CVE-2020-17482) Release notes: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1 Security Advisory: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-7b1541266c 2020-09-29 00:15:09.214598 --------------------------------------------------------------------------------Name : pdns Product : Fedora 33 Version : 4.3.1 Release : 1.fc33 URL : https://www.powerdns.com/ Summary : A modern, advanced and high performance authoritative-only nameserver Description : The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database. --------------------------------------------------------------------------------Update Information: - Update to 4.3.1 - PowerDNS Security Advisory 2020-05 (CVE-2020-17482) Release notes: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1 Security Advisory: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html --------------------------------------------------------------------------------ChangeLog: * Wed Sep 23 2020 Morten Stevens - 4.3.1-1 - Update to 4.3.1 - PowerDNS Security Advisory 2020-05 (CVE-2020-17482) --------------------------------------------------------------------------------References: [ 1 ] Bug #1881673 - CVE-2020-17482 pdns: leaking uninitialised memory through crafted zone records [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1881673 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-7b1541266c' atthe command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 28, 2020
•Critical
Fedora
98
security advisorybug fixlow severityRed Hat Virtualization: RHSA-2020:3267-01 Low Severity Memory Leak Fix
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm-rhev security, bug fix, and enhancement update Advisory ID: RHSA-2020:3267-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3267 Issue date: 2020-08-03 CVE Names: CVE-2019-20382 ==================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHV-M 4.3 - x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Add support for newer glusterfs (BZ#1802216) * Backport: Passthrough host CPU microcode version to KVM guest ifusing CPU passthrough to RHEL 7.7/7.8 (BZ#1791653) * After hot unplug virtio-net and vfio nic, hot plug vfio-pci device fails in Win2019 guest (BZ#1721403) * qemu-kvm-rhev: Qemu: seccomp: blacklist is not applied to all threads (BZ#1618504) * Fix overzealous I/O request splitting performance regression (BZ#1819253) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1721403 - After hot unplug virtio-net and vfio nic, hot plug vfio-pci device fails in Win2019 guest 1791653 - Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8 1802216 - Add support for newer glusterfs 1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect 1819253 - Fix overzealous I/O request splitting performance regression 6. Package List: Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts: Source: qemu-kvm-rhev-2.12.0-48.el7.src.rpm ppc64le: qemu-img-rhev-2.12.0-48.el7.ppc64le.rpm qemu-kvm-common-rhev-2.12.0-48.el7.ppc64le.rpm qemu-kvm-rhev-2.12.0-48.el7.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7.ppc64le.rpm qemu-kvm-tools-rhev-2.12.0-48.el7.ppc64le.rpm x86_64: qemu-img-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-common-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-48.el7.x86_64.rpm RHV-M 4.3: Source: qemu-kvm-rhev-2.12.0-48.el7.src.rpm x86_64: qemu-img-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-common-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-48.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-20382 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXye73tzjgjWX9erEAQhGiw/7BzImUc9qgkWpuAwhYV3ZJ97FdD9aQYpT Fa5cTR49vkB/2W0JBbX9FhPt/BeL+gvlMV28lMhLQld+T3JiNuCkg/dLld3m383l jaFGAFqvBqW/oMbJ+zmGUEoEeTn2jEv8lF4Qt80RlT8LKZ8ZECYV9GPKd2AwksjU o5AlIYj0dJltO0TwkFrZSZoCTf6U8W/PmNqg0F96NeAbvIBcwZKgvypK3E+01H3x XncUm6AE1SpdoyEBSvG0X76MCRGHLPnpqTmOBC+hJuOGHLK70HT3ux9O2W8Vf3o4 T1BywujkZ+ULKLH2A8JIjoFl2GHfBU2RP8hghWwEC3Lk0A2flyl4uIayXxwAHfI3 Jj1PhSfdFFbnmuA1anp7RU4ciVMRA3uGLDvFHu/XyakI2dKOeCrcsrYq87Ksn7Qo CZIGeDzO7yC6lL8XyrSGsqNpQ9j9J0HM1sRjPAK9TBjRxpSPOZM60dnwc0o9VpOz QOUBYdYsuJbBAtBCT2JjuxEeB2t8yz5FhWlzY2pN0lM09LxHIDI183XPZP9aEvpw hH2WxR8u0RUz0uuYml4QSJgfaFGEZBGe+SYRRQ8VTLv/jpWwwsEJOSJSFiij/FRM gL3ItiliMDOSPYFcZtydLyfvOFtSxzRHex/VKndPcWuOQB5QmhLHquZ56brJg8Nl kRnaQRkkhng=awUa -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 03, 2020
•Low
Red Hat
202
security advisoryupdateDoSopenSUSE Leap 42.3: 2017:2821-1 Important: Xen DoS Issues Fixed
An update that solves 8 vulnerabilities and has three fixes An update that solves 8 vulnerabilities and has three fixes An update that solves 8 vulnerabilities and has three fixes is now available. is now available.. openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2821-1 Rating: important References: #1027519 #1055321 #1059777 #1061076 #1061077 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernelsor tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) - bsc#1055321: When dealing with the grant map space of add-to-physmap operations, ARM specific code failed to release a lock. This allowed a malicious guest administrator to cause DoS (XSA-235) This update was imported from the SUSE:SLE-12-SP3:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1181=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): xen-4.9.0_14-10.1 xen-debugsource-4.9.0_14-10.1 xen-devel-4.9.0_14-10.1 xen-doc-html-4.9.0_14-10.1 xen-libs-4.9.0_14-10.1 xen-libs-debuginfo-4.9.0_14-10.1 xen-tools-4.9.0_14-10.1 xen-tools-debuginfo-4.9.0_14-10.1 xen-tools-domU-4.9.0_14-10.1 xen-tools-domU-debuginfo-4.9.0_14-10.1 References: https://www.suse.com/security/cve/CVE-2017-15588.html https://www.suse.com/security/cve/CVE-2017-15589.html https://www.suse.com/security/cve/CVE-2017-15590.html https://www.suse.com/security/cve/CVE-2017-15592.html https://www.suse.com/security/cve/CVE-2017-15593.html https://www.suse.com/security/cve/CVE-2017-15594.html https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1055321 https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061077 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 . This patch addresses 7 bugs impacting xen on openSUSE, providing solutions for resource exhaustion and memory overflow.. openSUSE Update, Xen Fixes, Security Patches, DoS Mitigation. . Severity: Important. LinuxSecurity.com Team
Oct 21, 2017
•Important
OpenSUSE
89
security advisorysecurity issueFedoraFedora 26: 2017-f336ba205d Moderate: Xen Memory Leakage and Escalation
Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-f336ba205d 2017-08-22 19:36:30.389716 --------------------------------------------------------------------------------Name : xen Product : Fedora 26 Version : 4.8.1 Release : 6.fc26 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855] --------------------------------------------------------------------------------References: [ 1 ] Bug #1477651 - CVE-2017-12136 xsa228 xen: grant_table: Race conditions with maptrack free list handling (XSA-228) https://bugzilla.redhat.com/show_bug.cgi?id=1477651 [ 2 ] Bug #1477655 - CVE-2017-12135 xsa226 xen: possibly unbounded recursion in grant table code (XSA-226) https://bugzilla.redhat.com/show_bug.cgi?id=1477655 [ 3 ] Bug #1477657 -CVE-2017-12137 xsa227 xen: x86: PV privilege escalation via map_grant_ref (XSA-227) https://bugzilla.redhat.com/show_bug.cgi?id=1477657 [ 4 ] Bug #1481762 - CVE-2017-12855 xsa230 CVE-2017-12855 xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230) https://bugzilla.redhat.com/show_bug.cgi?id=1481762 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 22, 2017
Fedora
89
security advisorykernel updatesoftware updateFedora 24: Critical Memory Leak Fix 2017-5ce9d89b82 Released Now
The 4.11.10 update contains a number of important fixes across the tree. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5ce9d89b82 2017-07-17 14:49:17.278406 --------------------------------------------------------------------------------Name : kernel Product : Fedora 24 Version : 4.11.10 Release : 100.fc24 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 4.11.10 update contains a number of important fixes across the tree --------------------------------------------------------------------------------References: [ 1 ] Bug #1468023 - CVE-2017-10810 Kernel: virtio-gpu: memory leakage while creating gpu object https://bugzilla.redhat.com/show_bug.cgi?id=1468023 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade kernel' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 17, 2017
•Critical
Fedora
89
security advisoryfedoracritical updateFedora 25: 2017-054729ab08 Critical: Xen Memory Leakage and Breakout
Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873) x86: broken check in memory_exchange() permits PV guest breakout [XSA-212, CVE-2017-7228] (#1438804). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-054729ab08 2017-04-08 21:44:40.561326 -------------------------------------------------------------------------------- Name : xen Product : Fedora 25 Version : 4.7.2 Release : 5.fc25 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873) x86: broken check in memory_exchange() permits PV guest breakout [XSA-212, CVE-2017-7228] (#1438804) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437871 - CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create https://bugzilla.redhat.com/show_bug.cgi?id=1437871 [ 2 ] Bug #1434741 - CVE-2017-7228 xsa212 xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) https://bugzilla.redhat.com/show_bug.cgi?id=1434741 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 09, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!