Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorydenial of servicefedoraFedora 43 Coturn 4.10.0 Security Update CVE-2026-40613 Denial of Service
Coturn 4.10.0 Performance Add Linux-only recvmmsg client receive path for DTLS/UDP listener Skip response buffer allocation for STUN indications Remove mutex from per-thread super_memory allocator. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1adc5f1ef8 2026-04-25 01:42:21.312856+00:00 -------------------------------------------------------------------------------- Name : coturn Product : Fedora 43 Version : 4.10.0 Release : 1.fc43 URL : https://github.com/coturn/coturn/ Summary : TURN/STUN & ICE Server Description : The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying TURN extension - RFC 6156 - IPv6 extension for TURN - Experimental DTLS support as client protocol. STUN specs: - RFC 3489 - "classic" STUN - RFC 5389 - base "new" STUN specs - RFC 5769 - test vectors for STUN protocol testing - RFC 5780 - NAT behavior discovery support The implementation fully supports the following client-to-TURN-server protocols: - UDP (per RFC 5766) - TCP (per RFC 5766 and RFC 6062) - TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2 - DTLS (experimental non-standard feature) Supported relay protocols: - UDP (per RFC 5766) - TCP (per RFC 6062) Supported user databases (for user repository, with passwords or keys, if authentication is required): - SQLite - MySQL - PostgreSQL - Redis Redis can also be used for status and statistics storage and notification. Supported TURN authentication mechanisms: - long-term - TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications) The load balancing can be implemented with the following tools (either one ora combination of them): - network load-balancer server - DNS-based load balancing - built-in ALTERNATE-SERVER mechanism. -------------------------------------------------------------------------------- Update Information: Coturn 4.10.0 Performance Add Linux-only recvmmsg client receive path for DTLS/UDP listener Skip response buffer allocation for STUN indications Remove mutex from per-thread super_memory allocator Eliminate mutex and reduce copies on auth message dispatch Replace mutex_bps with lock-free atomics for bandwidth tracking Remove unused mutex from ur_map structure WebRTC Auth optimization path Improve worst case scenario - avoid memory allocation Memory issues Fix null pointer dereferences in post_parse() Fix stack buffer overflow in OAuth token decoding Fix uint16_t truncation overflow in stun_get_message_len_str() Initialize variables before use Security CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser General Improvements Disable reason string in response messages to reduce amplification factor Keep only NEV_UDP_SOCKET_PER_THREAD network engine Replace perror with logging Extend seed corpus and add more fuzzing scenarios Update config and Readme files about deprecated TLSv1/1.1 Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0 Change port identifiers to use uint16_t Fixes: run_tests.sh and no db Improve PostgreSQL.md clarity Add session usage reporting callback to TURN database driver CLI interface is disabled by default -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 17 2026 Robert Scheck - 4.10.0-1 - Upgrade to 4.10.0 (#2458094) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460213 - CVE-2026-40613 coturn: coturn: Denial of Service due to misaligned memory reads from crafted STUN messages https://bugzilla.redhat.com/show_bug.cgi?id=2460213 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1adc5f1ef8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
•Important
Fedora
89
security advisoryFedorabug fixFedora 30: FEDORA-2019-ac2a21ff07 Moderate: Gamemode SELinux Denial
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ac2a21ff07 2019-04-17 16:04:32.355044 --------------------------------------------------------------------------------Name : gamemode Product : Fedora 30 Version : 1.2 Release : 4.fc30 URL : https://github.com/FeralInteractive/gamemode Summary : Optimize system performance for games on demand Description : GameMode is a daemon/lib combo for GNU/Linux that allows games to request a set of optimizations be temporarily applied to the host OS. GameMode was designed primarily as a stop-gap solution to problems with the Intel and AMD CPU "powersave" or "ondemand" governors, but is now able to launch custom user defined plugins, and is intended to be expanded further, as there are a wealth of automation tasks one might want to apply. --------------------------------------------------------------------------------Update Information: This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). This includes gnome-initial-setup, which was affected by this problem, resulting in a[release-blocking bug](https://bugzilla.redhat.com/show_bug.cgi?id=1699099) that prevented it running correctly with SELinux in enforcing mode. --------------------------------------------------------------------------------References: [ 1 ] Bug #1699099 - gnome-initial-setup 3.32.0+ crashes due to SELinux denials (because it has execstack flag set, because meson 0.50.0 sets it when it shouldn't) https://bugzilla.redhat.com/show_bug.cgi?id=1699099 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ac2a21ff07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 17, 2019
Fedora
89
security advisoryFedoracryptographyFedora: FEDORA-2018-98ab6b4e56 moderate: Botan2 Side Channel Hardening
Update Botan2 to 2.7.0. Focus of this release is on performance and side channel hardening. - Address side channels in RSA key generation and ECDSA signing - Side channel hardening in many core algorithms (modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, etc) to reduce the risk of future exploitable side channels. - Many. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-98ab6b4e56 2018-07-11 19:27:57.419836 --------------------------------------------------------------------------------Name : botan2 Product : Fedora 27 Version : 2.7.0 Release : 1.fc27 URL : https://botan.randombit.net/ Summary : Crypto and TLS for C++11 Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan. --------------------------------------------------------------------------------Update Information: Update Botan2 to 2.7.0. Focus of this release is on performance and side channel hardening. - Address side channels in RSA key generation and ECDSA signing - Side channel hardening in many core algorithms (modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, etc) to reduce the risk of future exploitable side channels. - Many optimizations for ECC operations, RSA (including key gen), DSA, DH, and XMSS. Typical speedups vs 2.6.0 is 10 to 40% depending on operation and key size. -Add Scrypt password hashing. Also supported is using Scrypt to derive keys for private key encryption (format compatible with upcoming OpenSSL 1.1.1) - Add base32encoding/decoding - Plus many bug fixes and smaller enhancements documented in the [release notes](https://botan.randombit.net/news.html#version-2-7-0-2018-07-02) --------------------------------------------------------------------------------References: [ 1 ] Bug #1591831 - CVE-2018-12435 botan: memory-cache side-channel attack on ECDSA signatures https://bugzilla.redhat.com/show_bug.cgi?id=1591831 [ 2 ] Bug #1591163 - CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries https://bugzilla.redhat.com/show_bug.cgi?id=1591163 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-98ab6b4e56' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 11, 2018
Fedora
98
security advisoryRed Hat Enterprise LinuximportantRedHat 6.7: RHSA-2018-1638-01 Critical: CPU Leakage Risk
An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:1638-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1638 Issue date: 2018-05-29 CVE Names: CVE-2018-3639 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's datacache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update mitigations for x86 (both 32 and 64 bit) architecture are provided. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v.6.7): Source: kernel-2.6.32-573.55.4.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.55.4.el6.noarch.rpm kernel-doc-2.6.32-573.55.4.el6.noarch.rpm kernel-firmware-2.6.32-573.55.4.el6.noarch.rpm x86_64: kernel-2.6.32-573.55.4.el6.x86_64.rpm kernel-debug-2.6.32-573.55.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.55.4.el6.i686.rpm kernel-debug-devel-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm kernel-devel-2.6.32-573.55.4.el6.x86_64.rpm kernel-headers-2.6.32-573.55.4.el6.x86_64.rpm perf-2.6.32-573.55.4.el6.x86_64.rpm perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm python-perf-2.6.32-573.55.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.7): Source: kernel-2.6.32-573.55.4.el6.src.rpm i386: kernel-2.6.32-573.55.4.el6.i686.rpm kernel-debug-2.6.32-573.55.4.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debug-devel-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm kernel-devel-2.6.32-573.55.4.el6.i686.rpm kernel-headers-2.6.32-573.55.4.el6.i686.rpm perf-2.6.32-573.55.4.el6.i686.rpm perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.55.4.el6.noarch.rpm kernel-doc-2.6.32-573.55.4.el6.noarch.rpm kernel-firmware-2.6.32-573.55.4.el6.noarch.rpm ppc64: kernel-2.6.32-573.55.4.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.55.4.el6.ppc64.rpm kernel-debug-2.6.32-573.55.4.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.55.4.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.55.4.el6.ppc64.rpm kernel-devel-2.6.32-573.55.4.el6.ppc64.rpm kernel-headers-2.6.32-573.55.4.el6.ppc64.rpm perf-2.6.32-573.55.4.el6.ppc64.rpm perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm s390x: kernel-2.6.32-573.55.4.el6.s390x.rpm kernel-debug-2.6.32-573.55.4.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.s390x.rpm kernel-debug-devel-2.6.32-573.55.4.el6.s390x.rpm kernel-debuginfo-2.6.32-573.55.4.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.55.4.el6.s390x.rpm kernel-devel-2.6.32-573.55.4.el6.s390x.rpm kernel-headers-2.6.32-573.55.4.el6.s390x.rpm kernel-kdump-2.6.32-573.55.4.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.55.4.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.55.4.el6.s390x.rpm perf-2.6.32-573.55.4.el6.s390x.rpm perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm x86_64: kernel-2.6.32-573.55.4.el6.x86_64.rpm kernel-debug-2.6.32-573.55.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.55.4.el6.i686.rpm kernel-debug-devel-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm kernel-devel-2.6.32-573.55.4.el6.x86_64.rpm kernel-headers-2.6.32-573.55.4.el6.x86_64.rpm perf-2.6.32-573.55.4.el6.x86_64.rpm perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v.6.7): i386: kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm python-perf-2.6.32-573.55.4.el6.i686.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.55.4.el6.ppc64.rpm perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm python-perf-2.6.32-573.55.4.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.55.4.el6.s390x.rpm kernel-debuginfo-2.6.32-573.55.4.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.55.4.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.55.4.el6.s390x.rpm perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm python-perf-2.6.32-573.55.4.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm python-perf-2.6.32-573.55.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBWw1k4dzjgjWX9erEAQj0mQ/+Mn55yJvy7CVpgvtnBOyB28Irg/6qD74E jpVqCH7g163gY1r62H9sPak7oLz84U34xg+OKKbUgmef2kjhpx/zV4+8C5CpKvb1 GXNgUJ82Db6zXbauAwtpmFvLEZdMlxN52dR3sFS8MzDoSzYjIWmAi+9huIQv495s BFkIkaLVIyif15aWQHmXmNXxiiQLglMc6kcPez+PzuDw1p3/oIwKfLYmRLDv2lYr 2wEr6r8jBAdU9TZdOMjnSq0iuW8qbqb70OFiJjnx+dbgJUSTnz2v8STKl5XRU031 DrGWCzWWfGd4+kF1Wp3FX2+KH7qnpajnRW7M8/9JAGylFnFlN6VYk06ITYM+SrDj NufVSSif03/XEw4+ZylQCxmJxteFwJaYdDw3nLwXJIiM5mAzt+Dfbvuyl+/oBs0X I6HQzKdKXhtB26j6pA7s+kid+nAjsXr9udolPgrnqE/kX9NYgfCxxa6QEKLWBzRp 1UkVhl5qY3SmXUNxtTwf6h1V1716IK6uSG8oHK2JRYkSEKB9J8gmFIPL/l87qrdE MXXUDDgHEyyi7LP3uR7mliPFw4gYNlnvCuItZN5TvdtH1cozhO/hlrG/KiiLT3RR 0U8iXQCEUrB/kbfWgPje9yutX8qIOEIwdwJZI/hmjTwaYUu6KRn460VQ3u4brOoz qhDqm3JNYpw=YWWQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 29, 2018
•Critical
Red Hat
200
security advisorykernel updatesecurity fixSciLinux SL6 Important: SLSA-2018-1651-1 Kernel Mitigation for Cache Attack
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older v [More...]. Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:1651-1 Issue Date: 2018-05-22 CVE Numbers: CVE-2018-3639 -- Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. In this update mitigations for x86 (both 32 and 64 bit) architecture are provided. Bug Fix(es): * Previously, an erroneous code in the x86 kexec system call path caused a memory corruption. As a consequence, the system became unresponsive with the following kernel stack trace: 'WARNING: CPU: 13 PID: 36409 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0 list_del corruption. prev-> next should be ffffdd03fddeeca0, but was (null)' This update ensures that the code doesnot corrupt memory. As a result, the operating system no longer hangs. -- SL6 x86_64 kernel-2.6.32-696.30.1.el6.x86_64.rpm kernel-debug-2.6.32-696.30.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.30.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm kernel-devel-2.6.32-696.30.1.el6.x86_64.rpm kernel-headers-2.6.32-696.30.1.el6.x86_64.rpm perf-2.6.32-696.30.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm python-perf-2.6.32-696.30.1.el6.x86_64.rpm i386 kernel-2.6.32-696.30.1.el6.i686.rpm kernel-debug-2.6.32-696.30.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm kernel-devel-2.6.32-696.30.1.el6.i686.rpm kernel-headers-2.6.32-696.30.1.el6.i686.rpm perf-2.6.32-696.30.1.el6.i686.rpm perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm python-perf-2.6.32-696.30.1.el6.i686.rpm noarch kernel-abi-whitelists-2.6.32-696.30.1.el6.noarch.rpm kernel-doc-2.6.32-696.30.1.el6.noarch.rpm kernel-firmware-2.6.32-696.30.1.el6.noarch.rpm - Scientific Linux Development Team . Crucial core system patch for SL6 tackling speculative execution vulnerabilities to enhance overall system security.. Kernel Update, Cache Attack, Performance Optimization, Security Advisory, Speculative Execution. . Severity:Important. LinuxSecurity.com Team
May 22, 2018
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!