Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorydenial of servicebug fixRed Hat Enterprise Linux 8: RHSA-2020-1567-01 Important Kernel-RT Fix
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2020:1567-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1567 Issue date: 2020-04-28 CVE Names: CVE-2018-16871 CVE-2019-8980 CVE-2019-10639 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-17053 CVE-2019-17055 CVE-2019-18805 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2020-1749 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: memory leak inthe kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) * kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) * kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716) * KVM-RT guest fails boot with emulatorsched (BZ#1712781) * 8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165) * Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8](BZ#1788352) * RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284) * [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871) Enhancement(s): * update to the upstream 5.x RT patchset (BZ#1680161) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service 1708716 - RT: update RT source tree to the RHEL-8.2 tree 1712781 - KVM-RT guest fails boot with emulatorsched 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c 1757165 - 8 vCPU guest need max latency < 20 us with stress [RT-8.2] 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. 1768730 - [kernel-rt-debug] BUG: MAX_LOCKDEP_CHAINS too low! 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c 1772738 - kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS 1774937 - CVE-2019-19073 kernel: Memory leaks indrivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1788352 - Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications 1796284 - RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package 1806871 - [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel. 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-193.rt13.51.el8.src.rpm x86_64: kernel-rt-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-core-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-devel-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-kvm-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-modules-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm Red Hat Enterprise Linux Real Time (v.8): Source: kernel-rt-4.18.0-193.rt13.51.el8.src.rpm x86_64: kernel-rt-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-core-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-devel-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-modules-4.18.0-193.rt13.51.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16871 https://access.redhat.com/security/cve/CVE-2019-8980 https://access.redhat.com/security/cve/CVE-2019-10639 https://access.redhat.com/security/cve/CVE-2019-15090 https://access.redhat.com/security/cve/CVE-2019-15099 https://access.redhat.com/security/cve/CVE-2019-15221 https://access.redhat.com/security/cve/CVE-2019-17053 https://access.redhat.com/security/cve/CVE-2019-17055 https://access.redhat.com/security/cve/CVE-2019-18805 https://access.redhat.com/security/cve/CVE-2019-19057 https://access.redhat.com/security/cve/CVE-2019-19073 https://access.redhat.com/security/cve/CVE-2019-19074 https://access.redhat.com/security/cve/CVE-2019-19534 https://access.redhat.com/security/cve/CVE-2019-19768 https://access.redhat.com/security/cve/CVE-2019-19922 https://access.redhat.com/security/cve/CVE-2020-1749 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contactis . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhWCdzjgjWX9erEAQhw9xAAmNf0fx3lmL0Yv4zb91jj48f+3nE2F0KI kRpUs3JAT/S9khFMoh4VnkrWr7CwjtlvUplhZka92R9WRdW3FH18qNqwWFR39TTz qwGTqqLeITsD3odRRaVqq4xuv+7PkiurybDnmm2NJk0NJ8BACDP6k+tj17uj1Onv JcXJY5ItohlZNkdZ0/g/V+GnqkvgrbHsMnv40/7iKlVNc88ssTlEa+Q7IH3gsxZ3 mLhfCqLDCA2mDukAU8paJW1O6wxv/4Xb8/1WOFO0RnpBNUsDn6jmbpd+NbsGgVbZ /UN6p9sspaN3DTvguJUO9zrnrCSQ1oODXpBBhhkSb7DJa2ll/8Hewm6W01XYOKmo xRbw1+ic9wRh5QLxaOdvSfTRWMQmuKrJyj7KLbtaZL1zZDRh7wXQjKhC4c+WIm3j zRDDWdj5VsIoB1kWQo4K7zRSdwHfnXXWMPBdkOKecV/bbIMZataz1NpzcYsyk+oc wzgeRnT/JWGnu21jaZoS+xNE9m1jyMWFbjH+6tpiFBrtIQz5Jc10r8HhCWfFiFeN eHEu2n9vVruoJ5jNAAEBNi6SFA6dThWRWIKrHDoXWW3PdfTKa5U+5kTXvQYcyUFC 4uZceZ9F+ZPN+swRWBvskbx0qzRZXEMrDD95pkW7ioWyKT58Jrx+XCgJ0oVUouyZ Ua1UafFT1jQ=eoe5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 28, 2020
•Important
Red Hat
89
security advisorycriticaltcpdumpFedora Core 3: FEDORA-2004-500 Critical Tcpdump NFS Security Flaw
fixed nfs protocol parsing for 64 bit architectures (bug 132781). --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-360 2004-11-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : tcpdump Version : 3.8.2 Release : 6.FC2.1 Summary : A network traffic monitoring tool. Description : Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. --------------------------------------------------------------------- * Tue Nov 02 2004 Thomas Woerner - 14:3.8.2-6.FC2.1 - fixed nfs protocol parsing for 64 bit architectures (bug 132781) --------------------------------------------------------------------- This update can be downloaded from: 8b538f3ca20d8c2315daf8c62853a90d SRPMS/tcpdump-3.8.2-6.FC2.1.src.rpm 846ea4245cf7f56e6f04de76f7f946b3 x86_64/tcpdump-3.8.2-6.FC2.1.x86_64.rpm fd637f9de2a34b52ed3be69ec608b680 x86_64/libpcap-0.8.3-6.FC2.1.x86_64.rpm 7ce553b2ead577e86d8ee5d3c424a81b x86_64/arpwatch-2.1a13-6.FC2.1.x86_64.rpm 3fd15e1f70432718a35655ee64e9b26b x86_64/debug/tcpdump-debuginfo-3.8.2-6.FC2.1.x86_64.rpm 3ee2a1a8776cb2d75203bccde5c50b4b i386/tcpdump-3.8.2-6.FC2.1.i386.rpm 3371dbcc6e1a77a6a2281349f169caff i386/libpcap-0.8.3-6.FC2.1.i386.rpm 60eae99e41454c088d2de2dd50bdf209 i386/arpwatch-2.1a13-6.FC2.1.i386.rpm 2fdedf7b7c2db35b1b3909d13ca8c5e9 i386/debug/tcpdump-debuginfo-3.8.2-6.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. . This release resolves the nfs protocol decoding problem for 64-bit systems within the Fedora tcpdump utility.. Tcpdump Update, Fedora Core 2, Network Tool Fix. . Severity:Critical. LinuxSecurity.com Team
Nov 30, 2004
•Critical
Fedora
98
security advisorycriticalpackage updateRed Hat Enterprise Linux 3 RHSA-2004:434-01 Critical NFS Security Risk
An updated redhat-config-nfs package that fixes bugs and potential security issues is now available for Red Hat Enterprise Linux 3.. --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated redhat-config-nfs package resolves several security issues Advisory ID: RHSA-2004:434-01 Issue date: 2004-09-22 Updated on: 2004-09-22 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0750 --------------------------------------------------------------------- 1. Summary: An updated redhat-config-nfs package that fixes bugs and potential security issues is now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch 3. Problem description: The redhat-config-nfs package includes a graphical user interface for creating, modifying, and deleting nfs shares. John Buswell discovered a flaw in redhat-config-nfs that could lead to incorrect permissions on exported shares when exporting to multiple hosts. This could cause an option such as "all_squash" to not be applied to all of the listed hosts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0750 to this issue. Additionally, a bug was found that prevented redhat-config-nfs from being run if hosts didn't have options set in /etc/exports. All users of redhat-config-nfs are advised to upgrade to these updated packages as well as checking their NFS shares directly or via the /etc/exports file for any incorrectly set options. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For informationon how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 107997 - CAN-2004-0750 [PATCH] /etc/exports has incorrect syntax for multiple hosts with a single mount point 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: 8ad0200a16439ba6341703e277b6edc0 redhat-config-nfs-1.0.13-6.src.rpm noarch: ddea963341fba763c3bd428f16c8fede redhat-config-nfs-1.0.13-6.noarch.rpm Red Hat Desktop version 3: SRPMS: 8ad0200a16439ba6341703e277b6edc0 redhat-config-nfs-1.0.13-6.src.rpm noarch: ddea963341fba763c3bd428f16c8fede redhat-config-nfs-1.0.13-6.noarch.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 8ad0200a16439ba6341703e277b6edc0 redhat-config-nfs-1.0.13-6.src.rpm noarch: ddea963341fba763c3bd428f16c8fede redhat-config-nfs-1.0.13-6.noarch.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 8ad0200a16439ba6341703e277b6edc0 redhat-config-nfs-1.0.13-6.src.rpm noarch: ddea963341fba763c3bd428f16c8fede redhat-config-nfs-1.0.13-6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from 7. References: CVE -CVE-2004-0750 8. Contact: The Red Hat security contact is . More contact details at Copyright 2004 Red Hat, Inc. . The updated redhat-config-samba package from Red Hat addresses security flaws affecting Samba share settings in Linux version 3.. Red Hat Linux, NFS Security, Package Updates, Permissions Issues, Linux Security Fixes. . Severity: Critical. LinuxSecurity.com Team
Sep 22, 2004
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!