Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
98
security advisorybug fixRed Hat Enterprise LinuxRHEL 9 RHSA-2023:0321-01 Moderate: Nodejs Security Update
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update Advisory ID: RHSA-2023:0321-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0321 Issue date: 2023-01-23 CVE Names: CVE-2021-44906 CVE-2022-3517 CVE-2022-35256 CVE-2022-43548 ==================================================================== 1. Summary: An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20). Security Fix(es): * minimist: prototype pollution (CVE-2021-44906) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs: Packaged version of undici does not fit with declared version. [rhel-9] (BZ#2151627) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2066009 - CVE-2021-44906 minimist: prototype pollution 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2140911 - CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address 2142808 - nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.1.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: nodejs-16.18.1-3.el9_1.src.rpm nodejs-nodemon-2.0.20-2.el9_1.src.rpm aarch64: nodejs-16.18.1-3.el9_1.aarch64.rpm nodejs-debuginfo-16.18.1-3.el9_1.aarch64.rpm nodejs-debugsource-16.18.1-3.el9_1.aarch64.rpm nodejs-full-i18n-16.18.1-3.el9_1.aarch64.rpm nodejs-libs-16.18.1-3.el9_1.aarch64.rpm nodejs-libs-debuginfo-16.18.1-3.el9_1.aarch64.rpm npm-8.19.2-1.16.18.1.3.el9_1.aarch64.rpm noarch: nodejs-docs-16.18.1-3.el9_1.noarch.rpm nodejs-nodemon-2.0.20-2.el9_1.noarch.rpm ppc64le: nodejs-16.18.1-3.el9_1.ppc64le.rpm nodejs-debuginfo-16.18.1-3.el9_1.ppc64le.rpm nodejs-debugsource-16.18.1-3.el9_1.ppc64le.rpm nodejs-full-i18n-16.18.1-3.el9_1.ppc64le.rpm nodejs-libs-16.18.1-3.el9_1.ppc64le.rpm nodejs-libs-debuginfo-16.18.1-3.el9_1.ppc64le.rpm npm-8.19.2-1.16.18.1.3.el9_1.ppc64le.rpm s390x: nodejs-16.18.1-3.el9_1.s390x.rpm nodejs-debuginfo-16.18.1-3.el9_1.s390x.rpm nodejs-debugsource-16.18.1-3.el9_1.s390x.rpm nodejs-full-i18n-16.18.1-3.el9_1.s390x.rpm nodejs-libs-16.18.1-3.el9_1.s390x.rpm nodejs-libs-debuginfo-16.18.1-3.el9_1.s390x.rpm npm-8.19.2-1.16.18.1.3.el9_1.s390x.rpm x86_64: nodejs-16.18.1-3.el9_1.x86_64.rpm nodejs-debuginfo-16.18.1-3.el9_1.i686.rpm nodejs-debuginfo-16.18.1-3.el9_1.x86_64.rpm nodejs-debugsource-16.18.1-3.el9_1.i686.rpm nodejs-debugsource-16.18.1-3.el9_1.x86_64.rpm nodejs-full-i18n-16.18.1-3.el9_1.x86_64.rpm nodejs-libs-16.18.1-3.el9_1.i686.rpm nodejs-libs-16.18.1-3.el9_1.x86_64.rpm nodejs-libs-debuginfo-16.18.1-3.el9_1.i686.rpm nodejs-libs-debuginfo-16.18.1-3.el9_1.x86_64.rpm npm-8.19.2-1.16.18.1.3.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-3517 https://access.redhat.com/security/cve/CVE-2022-35256 https://access.redhat.com/security/cve/CVE-2022-43548 https://access.redhat.com/security/updates/classification#moderate 8.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY863QtzjgjWX9erEAQjyEA//WIc1iuAyIQ3WtaxF0X/21hjWryEendA0 d+KAshzQdwEOgDqRyiLHCW/F4W57Y9Us7Fm/RK76k8ux0Hy61T0lqxrFr1DRyAvH tkkyZMB00S86Cn39fPM7mr6te5LuXAFCUbPumNMivhZ2Xn3NTvZAbcgqIklsGwcI kBVRASVut5q7mcwtA89ycJ5xBDhkECLj8ZgRklGs3FGZ5fp4E7+oTiphlOdOuHNg qKac9z2pwMuZ4DC0sUoFVKCS06XWhwuKtw0py64FbNI3WrE3h4uAhnJJXBLh0lhx 3TNXuOu/9Fs1S+uP/GpO93ZX181P448QGLWnjnBlYpN2rFI1iuZ0rd3LMlsYiXEp CPawjyNLV69SHfkw1+8vg+XPC9lt96ZFSXFVlfKorwWADBAU1Op6VZKYo5POHpmS MborNXzXPc9TsVyx67ooW+0n5r/K5PTIjJ/6fCrifSBLlINIk5iZ07zUkgRHBAsX jVtIhaTxOrE4VMlPZRV2M+LBfCnUvOeuRlfW1f91Vf+fpg0b2JNgXzBvAbIHRcEp HfOgd7XYNe+aCYCm9quXcQjgaRmFVmLb6iSLvc69I8pfIbJNd5i1GhLQlUUlogrp Sab/YOzQHOchkMZ5QDjsy2l2O6ujZz+YHVNg0Xef+/ZGqDURe9lP7NdvdaUIKQ82 BG5rwd6T15Q=ZZyv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 23, 2023
Red Hat
89
security advisoryFedoramoderate security issueFedora 36: 2022-5038c3236c Moderate: Weldr-Client Golang Fixes
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : weldr-client Product : Fedora 36 Version : 35.5 Release : 3.fc36 URL : %{gourl} Summary : Command line utility to control osbuild-composer Description : Command line utility to control osbuild-composer --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658,#675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 35.5-3 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2022
Fedora
98
security advisorybuffer overflowsoftware updateRed Hat Enterprise Linux 8 RHSA-2021-4060 Moderate: Libsolv Buffer Overflow
An update for libsolv is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libsolv security update Advisory ID: RHSA-2021:4060-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4060 Issue date: 2021-11-02 CVE Names: CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 ==================================================================== 1. Summary: An update for libsolv is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fix(es): * libsolv: heap-based buffer overflow in pool_installable() in src/repo.h (CVE-2021-33928) * libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h (CVE-2021-33929) * libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h (CVE-2021-33930) * libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c (CVE-2021-33938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, andother related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2000699 - CVE-2021-33928 libsolv: heap-based buffer overflow in pool_installable() in src/repo.h 2000703 - CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h 2000705 - CVE-2021-33930 libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h 2000707 - CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: libsolv-0.7.16-3.el8_4.src.rpm aarch64: libsolv-0.7.16-3.el8_4.aarch64.rpm libsolv-debuginfo-0.7.16-3.el8_4.aarch64.rpm libsolv-debugsource-0.7.16-3.el8_4.aarch64.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.aarch64.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.aarch64.rpm perl-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm python3-solv-0.7.16-3.el8_4.aarch64.rpm python3-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm ppc64le: libsolv-0.7.16-3.el8_4.ppc64le.rpm libsolv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm libsolv-debugsource-0.7.16-3.el8_4.ppc64le.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.ppc64le.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.ppc64le.rpm perl-solv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm python3-solv-0.7.16-3.el8_4.ppc64le.rpm python3-solv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm s390x: libsolv-0.7.16-3.el8_4.s390x.rpm libsolv-debuginfo-0.7.16-3.el8_4.s390x.rpm libsolv-debugsource-0.7.16-3.el8_4.s390x.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.s390x.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.s390x.rpm perl-solv-debuginfo-0.7.16-3.el8_4.s390x.rpm python3-solv-0.7.16-3.el8_4.s390x.rpm python3-solv-debuginfo-0.7.16-3.el8_4.s390x.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.s390x.rpm x86_64: libsolv-0.7.16-3.el8_4.i686.rpm libsolv-0.7.16-3.el8_4.x86_64.rpm libsolv-debuginfo-0.7.16-3.el8_4.i686.rpm libsolv-debuginfo-0.7.16-3.el8_4.x86_64.rpm libsolv-debugsource-0.7.16-3.el8_4.i686.rpm libsolv-debugsource-0.7.16-3.el8_4.x86_64.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.i686.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.x86_64.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.i686.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.x86_64.rpm perl-solv-debuginfo-0.7.16-3.el8_4.i686.rpm perl-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm python3-solv-0.7.16-3.el8_4.x86_64.rpm python3-solv-debuginfo-0.7.16-3.el8_4.i686.rpm python3-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.i686.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: libsolv-debuginfo-0.7.16-3.el8_4.aarch64.rpm libsolv-debugsource-0.7.16-3.el8_4.aarch64.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.aarch64.rpm libsolv-devel-0.7.16-3.el8_4.aarch64.rpm libsolv-tools-0.7.16-3.el8_4.aarch64.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.aarch64.rpm perl-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm python3-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm ppc64le: libsolv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm libsolv-debugsource-0.7.16-3.el8_4.ppc64le.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.ppc64le.rpm libsolv-devel-0.7.16-3.el8_4.ppc64le.rpm libsolv-tools-0.7.16-3.el8_4.ppc64le.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.ppc64le.rpm perl-solv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm python3-solv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.ppc64le.rpm s390x: libsolv-debuginfo-0.7.16-3.el8_4.s390x.rpm libsolv-debugsource-0.7.16-3.el8_4.s390x.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.s390x.rpm libsolv-devel-0.7.16-3.el8_4.s390x.rpm libsolv-tools-0.7.16-3.el8_4.s390x.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.s390x.rpm perl-solv-debuginfo-0.7.16-3.el8_4.s390x.rpm python3-solv-debuginfo-0.7.16-3.el8_4.s390x.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.s390x.rpm x86_64: libsolv-debuginfo-0.7.16-3.el8_4.i686.rpm libsolv-debuginfo-0.7.16-3.el8_4.x86_64.rpm libsolv-debugsource-0.7.16-3.el8_4.i686.rpm libsolv-debugsource-0.7.16-3.el8_4.x86_64.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.i686.rpm libsolv-demo-debuginfo-0.7.16-3.el8_4.x86_64.rpm libsolv-devel-0.7.16-3.el8_4.i686.rpm libsolv-devel-0.7.16-3.el8_4.x86_64.rpm libsolv-tools-0.7.16-3.el8_4.x86_64.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.i686.rpm libsolv-tools-debuginfo-0.7.16-3.el8_4.x86_64.rpm perl-solv-debuginfo-0.7.16-3.el8_4.i686.rpm perl-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm python3-solv-debuginfo-0.7.16-3.el8_4.i686.rpm python3-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.i686.rpm ruby-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYD6s9zjgjWX9erEAQgLyQ//Sx7xjlecpo++nZ+3UnqwhEY83tO429sx +HEN308LeczGtxQzjkl28bwx0xxlJZ0wFxCB/InxR0lyN56MyMooRSFXg6ckDA7n pBFmbkd6GH33JGDKuyI9ugdnKFtGuuegmEnMsYojBwEVk2CQxSaxMJvb0uF2UBCO jw+xHhX4Kbi5ihPoY92/Abc/PrEB4vwtbsupozH/dM6SlzPAWtZ7+GLuGeGM6Ris abDnQEA3RBMqjd/ZACzLCW7mGh9ckYyG0qQbNBVyojl0CyaR+NQoGVnZZxmmVRuK 49SQpJNh+o36MY6V/tvsLv2idfRjfc4hqMQrUl3D1j90kobGWhN8foOW88Ylu5jX wokSogacAN2oL/7ghfnc6mqt4t8AOc40c0PURSitCMqilmnpyw9U1HJe1wUMdrFU gMJySONfqr+LwMWMZSxP7mHBQeBK5MDJ5DQ5m0mkhOIFMnYFYWXKi7mBrlDMdaz2 Pdts2kUB6SVTET5YkGgdp4E/SY5jVdlQiiWvlFn2n/Zi6zQi2jayWzyRBUaTWFTD H8zh7lK8jo6Zt3m3oc3YTySPqBiUsKnU/waGIo/aaav0kE12YOHnbOjqPGt0o+fU QYVO8S+SYU5to1vPANf2JvE/6Vyxzvp97DYv9NTWezhXW9Qn6wBnli9Jwpmtb3jh xDJZ8VHy5M4=8h4z -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 02, 2021
Red Hat
98
security advisorymoderatesecurity updateRed Hat 8.1 RHSA-2020-5369-01 Moderate: Microcode_Ctl Security Issue
An update for microcode_ctl is now available for Red Hat enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2020:5369-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5369 Issue date: 2020-12-08 CVE Names: CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20201027 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. * Add README file to the documentation directory. * Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. * Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: microcode_ctl-20190618-1.20201112.1.el8_1.src.rpm x86_64: microcode_ctl-20190618-1.20201112.1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX89X7dzjgjWX9erEAQgQLhAAi9elwDstq7Vl2GPwxjp0tx6omFbv367o HB/hcSnPO6gg/c/iB5AVsYZkCv9WOvtbV8fvmt//Hw6MAtdGU0S4tVvR7gJCMdAd szvn409GtyA1Ca1IJB6Xv9KVktNqlXbMbLbC7w6j6CaaEoQguSPDcVz0S6YnHOom y0CX7/PQZKasm36VSysRxNTyV6r9HwTOODHZ/gwogUD3G0KEJjAibqdUl/Ktx8EF uUouzwVXyjQi4gFLE53Y9sBkDd2oK8ijlXtMV8UaJwbE4ZJOvE4ruyScfGJLCrXo njzh65ljAQw1lrajufFiSn4VRGLn8S96SgNujIYG+NmKLkboh68RSw1hccpxL8o/ u8mPPSyV6Ks8GSXRj2N8P+f+xhuNbTh2uveGVZWpSjl630hSZTDLsKO+bIS13Yh4 IVowR92tamboZnZtMcz9BbuyvgaDmYJfk0tS6lhf7kYvlXEIpFjcKh7haLIAbU57 C41M5i1Gc+g/jjtuMB0rCy1Ke8NYVUXwnrHoibfpITCeV28Ps1EE1beOAx6Abenq CF9yx7qC8nGKhpWdwPmRJk+1sYLoZKF9W7fmNn1L7nyI/uj8yjZ1LVRgkm2URYK7 5W+9XfuSfw0BMv5Gc0lOLf5VmZIKkDjEz+jw/issbXXit31qiJEkzRh3E0I58iSG Th4qZDRhuTc=Wi/J -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 08, 2020
Red Hat
202
security advisorybuffer overflowopenSUSEopenSUSE Leap 15.1 Security Update: openSUSE-SU-2020:1088-1 Moderate Risk
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1088-1 Rating: moderate References: #1173674 Cross-References: CVE-2020-15503 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1088=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libraw-debuginfo-0.18.9-lp151.4.3.1 libraw-debugsource-0.18.9-lp151.4.3.1 libraw-devel-0.18.9-lp151.4.3.1 libraw-devel-static-0.18.9-lp151.4.3.1 libraw-tools-0.18.9-lp151.4.3.1 libraw-tools-debuginfo-0.18.9-lp151.4.3.1 libraw16-0.18.9-lp151.4.3.1 libraw16-debuginfo-0.18.9-lp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2020-15503.html https://bugzilla.suse.com/1173674 -- . A recent update for openSUSE resolves a moderate security vulnerability within libraw that impacts Leap 15.1.. libraw Update, openSUSE security, buffer overflow fix. . LinuxSecurity.com Team
Jul 26, 2020
OpenSUSE
172
security advisorydenial of servicesoftware updateUbuntu 15.10 Moderate Advisory: QEMU Denial Of Service Risks
Several security issues were fixed in QEMU.. =========================================================================Ubuntu Security Notice USN-2891-1 February 03, 2016 qemu, qemu-kvm vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-7549) Lian Yihan discovered that QEMU incorrectly handled the VNC server. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8504) Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2015-8558) Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568) Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in adenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613) Ling Liu discovered that QEMU incorrectly handled the Human Monitor Interface. A local attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922) David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset emulation when performing VM guest migrations. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666) Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8743) It was discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745) Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1568) Donghai Zhu discovered that QEMU incorrect handled the firmware configuration device. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1714) It was discovered that QEMU incorrectly handled the e1000 device. An attacker inside the guest could use this issue to causeQEMU to crash, resulting in a denial of service. (CVE-2016-1981) Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 15.10. (CVE-2016-2197) Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-2198) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: qemu-system 1:2.3+dfsg-5ubuntu9.2 qemu-system-aarch64 1:2.3+dfsg-5ubuntu9.2 qemu-system-arm 1:2.3+dfsg-5ubuntu9.2 qemu-system-mips 1:2.3+dfsg-5ubuntu9.2 qemu-system-misc 1:2.3+dfsg-5ubuntu9.2 qemu-system-ppc 1:2.3+dfsg-5ubuntu9.2 qemu-system-sparc 1:2.3+dfsg-5ubuntu9.2 qemu-system-x86 1:2.3+dfsg-5ubuntu9.2 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.22 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.22 qemu-system-arm 2.0.0+dfsg-2ubuntu1.22 qemu-system-mips 2.0.0+dfsg-2ubuntu1.22 qemu-system-misc 2.0.0+dfsg-2ubuntu1.22 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.22 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.22 qemu-system-x86 2.0.0+dfsg-2ubuntu1.22 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.27 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2891-1 CVE-2015-7549, CVE-2015-8504, CVE-2015-8550, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8666,CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198 Package Information: https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu9.2 https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.22 https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.27 . Recent patches for QEMU security flaws on Ubuntu mitigate several denial of service vulnerabilities that impact different releases.. QEMU vulnerabilities, Ubuntu security updates, denial of service resolutions. . LinuxSecurity.com Team
Feb 03, 2016
Ubuntu
98
security advisoryRed Hat Enterprise Linuxtiming attackRed Hat OpenStack 3.0 RHSA-2014:0367 Moderate Timing Attack
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2014:0367-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2014:0367.html Issue date: 2014-04-03 CVE Names: CVE-2014-0006 ==================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups usingthe TempURL middleware were affected. (CVE-2014-0006) Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Samuel Merritt of SwiftStack as the original reporter. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1051670 - CVE-2014-0006 Openstack Swift: TempURL timing attack 6. Package List: OpenStack 3: Source: noarch: openstack-swift-1.8.0-8.el6ost.noarch.rpm openstack-swift-account-1.8.0-8.el6ost.noarch.rpm openstack-swift-container-1.8.0-8.el6ost.noarch.rpm openstack-swift-doc-1.8.0-8.el6ost.noarch.rpm openstack-swift-object-1.8.0-8.el6ost.noarch.rpm openstack-swift-proxy-1.8.0-8.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0006 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTPdB6XlSAg2UNWIIRAjmIAJ9asnnQMVMq8arez+wjhsg+yPv+5QCfc5pD OUYTTMNO/XJJCAYRtYC+jOA=KwDx -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 03, 2014
Red Hat
200
security advisorydenial of servicekernel updateScientific Linux SL5.x SLSA-2014:0108-1 Moderate: Kernel Denial of Service
Moderate: kernel security and bug fix update. Date: Wed, 29 Jan 2014 21:07:00 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: kernel on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2014:0108-1 Issue Date: 2014-01-29 CVE Numbers: CVE-2013-4494 -- * It was found that the Xen hypervisor did not always lock 'page_alloc_lock' and 'grant_table.lock' in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw to cause a denial of service on the host. (CVE-2013-4494, Moderate) This update also fixes the following bugs: * A recent patch to the CIFS code that introduced the NTLMSSP (NT LAN Manager Security Support Provider) authentication mechanism caused a regression in CIFS behavior. As a result of the regression, an encryption key that is returned during the SMB negotiation protocol response was only used for the first session that was created on the SMB client. Any subsequent mounts to the same server did not use the encryption key returned by the initial negotiation with the server. As a consequence, it was impossible to mount multiple SMB shares with different credentials to the same server. A patch has been applied to correct this problem so that an encryption key or a server challenge is now provided for every SMB session during the SMB negotiation protocol response. * The igb driver previously used a 16-bit mask when writing values of the flow control high-water mark to hardware registers on a network device. Consequently, the values were truncated on some network devices, disrupting the flow control. A patch has been applied to the igb driver so that it now uses a 32-bit mask as expected. * The IPMI driver did not properly handle kernel panic messages. Consequently, when a kernel panic occurred on a system that was utilizing IPMI without Kdump being set up, a second kernel panic could betriggered. A patch has been applied to the IPMI driver to fix this problem, and a message handler now properly waits for a response to panic event messages. The system must be rebooted for this update to take effect. -- SL5 x86_64 kernel-2.6.18-371.4.1.el5.x86_64.rpm kernel-debug-2.6.18-371.4.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.4.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.4.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.4.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.4.1.el5.x86_64.rpm kernel-devel-2.6.18-371.4.1.el5.x86_64.rpm kernel-headers-2.6.18-371.4.1.el5.x86_64.rpm kernel-xen-2.6.18-371.4.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.4.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.4.1.el5.x86_64.rpm i386 kernel-2.6.18-371.4.1.el5.i686.rpm kernel-PAE-2.6.18-371.4.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.4.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.4.1.el5.i686.rpm kernel-debug-2.6.18-371.4.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.4.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.4.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.4.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.4.1.el5.i686.rpm kernel-devel-2.6.18-371.4.1.el5.i686.rpm kernel-headers-2.6.18-371.4.1.el5.i386.rpm kernel-xen-2.6.18-371.4.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.4.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.4.1.el5.i686.rpm noarch kernel-doc-2.6.18-371.4.1.el5.noarch.rpm - Scientific Linux Development Team lastline . Kernel patch released for Scientific Linux SL5.x to rectify vulnerabilities that could result in a denial of service.. kernel update, security advisory, Scientific Linux, moderate security fix, SL5.x update. . LinuxSecurity.com Team
Jan 29, 2014
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!