Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 22.04 LTS USN-6609-3: Critical Oracle Kernel Denial of Service
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6609-3 February 06, 2024 linux-oracle, linux-oracle-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oracle: Linux kernel for Oracle Cloud systems - linux-oracle-5.15: Linux kernel for Oracle Cloud systems Details: Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6040) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6817) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMPprotocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly check deactivated elements in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-0193) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1050-oracle 5.15.0-1050.56 linux-image-oracle 5.15.0.1050.45 linux-image-oracle-lts-22.04 5.15.0.1050.45 Ubuntu 20.04 LTS: linux-image-5.15.0-1050-oracle 5.15.0-1050.56~20.04.1 linux-image-oracle 5.15.0.1050.56~20.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6609-3 https://ubuntu.com/security/notices/USN-6609-1 CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193 Package Information: https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1050.56 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1050.56~20.04.1 . Address critical issues in Oracle Linux kernels with USN-6609-3 and ensure system integrity by upgrading now.. Ubuntu SecurityNotice, Oracle Kernel, Denial of Service, Linux Kernel Update. . Severity: Critical. LinuxSecurity.com Team
Feb 06, 2024
•Critical
Ubuntu
172
security advisorydenial of serviceinformation exposureUbuntu 20.04, 18.04 LTS: USN-6118-1 Critical: Oracle Kernel Issues
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-6118-1 May 30, 2023 linux-oracle, linux-oracle-5.4 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oracle: Linux kernel for Oracle Cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems Details: Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1078) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. Alocal attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1101-oracle 5.4.0-1101.110 linux-image-oracle-lts-20.04 5.4.0.1101.94 Ubuntu 18.04 LTS: linux-image-5.4.0-1101-oracle 5.4.0-1101.110~18.04.1 linux-image-oracle 5.4.0.1101.110~18.04.73 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6118-1 CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269 Package Information: https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1101.110 https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1101.110~18.04.1 . Important security flaws in Oracle Linux kernel resolved onMay 30, 2023; apply updates for enhanced protection.. Oracle Linux Kernel, Denial Of Service, Information Exposure. . Severity: Critical. LinuxSecurity.com Team
May 30, 2023
•Critical
Ubuntu
172
security advisorydenial of servicesecurity issueUbuntu 22.04 LTS USN-5599-1 Critical: Oracle Kernel Denial of Service
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5599-1 September 05, 2022 linux-oracle vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oracle: Linux kernel for Oracle Cloud systems Details: Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle an illegal instruction in a guest, resulting in a null pointer dereference. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1852) It was discovered that the UDF file system implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1943) Gerald Lee discovered that the NTFS file system implementation in the Linux kernel did not properly handle certainerror conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2022-1973) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device-mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2503) Zheyu Ma discovered that the Intel iSMT SMBus host controller driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2873) Selim Enes Karaduman discovered that a race condition existed in the pipe buffers implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly escalate privileges. (CVE-2022-2959) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1017-oracle 5.15.0-1017.22 linux-image-oracle 5.15.0.1017.15 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5599-1 CVE-2021-33061, CVE-2022-1012, CVE-2022-1729, CVE-2022-1852, CVE-2022-1943, CVE-2022-1973, CVE-2022-2503, CVE-2022-2873, CVE-2022-2959 Package Information: https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1017.22 . Patch released to address several vulnerabilities in the Ubuntu Linux kernel tailored for Oracle environments. Upgrade promptly to safeguard against potential risks.. Linux Kernel, Oracle Linux, Security Patch, System Update. . Severity: Critical. LinuxSecurity.com Team
Sep 05, 2022
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!