Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryupdateFedoraFedora 41: FEDORA-2025-cd51e0177b moderate: yq command-line processor
Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-cd51e0177b 2025-02-04 01:14:03.353042+00:00 -------------------------------------------------------------------------------- Name : yq Product : Fedora 41 Version : 4.43.1 Release : 5.fc41 URL : https://github.com/mikefarah/yq Summary : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor Description : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor. -------------------------------------------------------------------------------- Update Information: Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 26 2025 Michel Lind - 4.43.1-5 - Fix building with Go 1.24; Resolves: RHBZ#2341595 * Sun Jan 19 2025 Fedora Release Engineering - 4.43.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333265 - CVE-2024-45338 yq: Non-linear parsing of case-insensitive content in golang.org/x/net/html [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333265 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cd51e0177b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 04, 2025
Fedora
89
security advisoryfedorasecurity fixFedora 41: Critical Microcode Update 2024-67a38b081a Released Now
Update to upstream 2.1-44. 20240813 Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003605 up to 0x5003707; Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802 up to 0x7002904;. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-67a38b081a 2024-09-13 20:43:08.470529 -------------------------------------------------------------------------------- Name : microcode_ctl Product : Fedora 41 Version : 2.1 Release : 64.fc41 URL : https://pagure.io/microcode_ctl Summary : Tool to transform and deploy CPU microcode update for x86 Description : The microcode_ctl utility is a companion to the microcode driver written by Tigran Aivazian . The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode. -------------------------------------------------------------------------------- Update Information: Update to upstream 2.1-44. 20240813 Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003605 up to 0x5003707; Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802 up to 0x7002904; Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1 up to 0xd0003e7; Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290 up to 0x10002b0; Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4 up to 0xc6; Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision 0xb6 up to 0xb8; Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up to 0x38; Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up to 0x52; Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xf4 up to 0xf6; Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision 0xf4 up to 0xf6; Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from revision0xf4 up to 0xf6; Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xf4 up to 0xf6; Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode from revision 0xfa up to 0xfc; Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up to 0x1a; Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xf6 up to 0xf8; Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xf4 up to 0xf6; Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision 0xf6 up to 0xf8; Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision 0xfc up to 0x100; Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up to 0xfc; Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa up to 0xfc; Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa up to 0xfc; Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa up to 0xfe; Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xfa up to 0xfc; Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up to 0x62; Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c up to 0x1e. Addresses CVE-2024-24853, CVE-2024-24980, CVE-2024-25939 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 29 2024 Eugene Syromiatnikov 2:2.1-64 - Update to upstream 2.1-44. 20240813 - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003605 up to 0x5003707; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802 up to 0x7002904; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1 up to 0xd0003e7; - Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290 up to 0x10002b0; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4 up to 0xc6; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision 0xb6 up to 0xb8; - Update of 06-8c-02/0xc2 (TGL-R C0)microcode from revision 0x36 up to 0x38; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up to 0x52; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xf4 up to 0xf6; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision 0xf4 up to 0xf6; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from revision 0xf4 up to 0xf6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xf4 up to 0xf6; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode from revision 0xfa up to 0xfc; - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up to 0x1a; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xf6 up to 0xf8; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xf4 up to 0xf6; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision 0xf6 up to 0xf8; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision 0xfc up to 0x100; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up to 0xfc; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa up to 0xfc; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa up to 0xfc; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa up to 0xfe; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xfa up to 0xfc; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up to 0x62; - Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c up to 0x1e. - Addresses CVE-2024-24853, CVE-2024-24980, CVE-2024-25939 - Resolves RHBZ#2305324 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2305324 - 20240813 is available https://bugzilla.redhat.com/show_bug.cgi?id=2305324 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-67a38b081a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 13, 2024
•Critical
Fedora
172
security advisorymoderateupdateUbuntu 21.04 LTS USN-4628-3 Moderate: Intel Microcode Exploit
Several security issues were fixed in Intel Microcode.. =========================================================================Ubuntu Security Notice USN-4628-3 May 17, 2021 intel-microcode vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: intel-microcode 3.20210216.0ubuntu0.21.04.1 Ubuntu 20.10: intel-microcode 3.20210216.0ubuntu0.20.10.1 Ubuntu 20.04 LTS: intel-microcode 3.20210216.0ubuntu0.20.04.1 Ubuntu18.04 LTS: intel-microcode 3.20210216.0ubuntu0.18.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4628-3 https://ubuntu.com/security/notices/USN-4628-1 CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20210216.0ubuntu0.21.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20210216.0ubuntu0.20.10.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20210216.0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20210216.0ubuntu0.18.04.1 . Intel firmware issues resolved in Ubuntu; adhere to the upgrade procedures to ensure your system's protection!. Intel Microcode, Ubuntu Update, Processor Security. . Severity: Important. LinuxSecurity.com Team
May 17, 2021
•Important
Ubuntu
172
security advisorythreatkernelUbuntu 18.04 LTS: 0059-1 Critical: Kernel Processor Issues
On November 12, fixes for several high-severity Intel processor CVEs were released into the Ubuntu kernel, accompanied by a related processor microcode update. Due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot [More...]. =========================================================================Kernel Live Patch Security Notice 0059-1 November 12, 2019 linux vulnerability ========================================================================= A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: On November 12, fixes for several high-severity Intel processor CVEs were released into the Ubuntu kernel, accompanied by a related processor microcode update. Due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. The details of these CVEs follows: CVE-2018-12207 On an Ubuntu KVM host configured to use hugepages, a malicious KVM guest can cause a host machine check exception (MCE) capable of bringing down the host OS. CVE-2019-0154 On Intel processors containing an i915 graphics processing unit, it is possible from userspace to cause a GPU hang in certain low-power states by reading a specific memory-mapped IO register. CVE-2019-0155 On Intel processors containing an i915 graphics processing unit, it is possible to use the GPU's blitter command streamer to write to memory-mapped IO locations, which could be used for privilege escalation or to leak kernel memory. CVE-2019-11135 On Intel processors with support for Transactional Synchronization Extensions (TSX), it is possible to exploit a transactional asynchronous abort (TAA) to perform a side-channel attack and leak kernel memory. Further details on the vulnerabilities and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Again, due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. Software Description: - linux: Linux kernel Update instructions: The problem can be corrected by installing an updated kernel with these fixes and rebooting. | Series | Version | Flavors | |------------------+-----------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1054.55 | aws | | Ubuntu 16.04 LTS | 4.4.0-1098.102 | aws | | Ubuntu 18.04 LTS | 5.0.0-1025.27~18.04.1 | azure | | Ubuntu 16.04 LTS | 4.15.0-1063.66 | azure | | Ubuntu 18.04 LTS | 4.15.0-69.78 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-69.78~16.04.1 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-168.197~14.04.1 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1063.72 | oem | |Ubuntu 16.04 LTS | 4.4.0-168.197 | generic lowlatency | Support Information: Kernels older than the levels listed above will no longer receive livepatch updates. References: CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135 -- ubuntu-security-announce mailing list
Nov 12, 2019
•Critical
Ubuntu
100
security advisoryupdateimportantSUSE: 2018:2331-2 Critical Update: Intel Ucode Spectre Vulnerability Fix
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2331-2 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old-> New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019-> 0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007-> 0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e-> 00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004-> 00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037-> 0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f-> 00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-> 00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a-> 0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023-> 00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019-> 0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d-> 0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2-> 000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015-> 00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012-> 07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011-> 0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c-> 00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2-> 000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1573=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 _______________________________________________ sle-security-updates mailing list
Oct 18, 2018
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!