Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
100
security advisorySuSEimportantSUSE Kernel-Livepatch 6.1 Important Security Update SUSE-SU-2025:20772-1
* bsc#1245685 * bsc#1246001 * bsc#1247499 * bsc#1248298 . # Security update for kernel-livepatch-MICRO-6-0_Update_8 Announcement ID: SUSE-SU-2025:20772-1 Release Date: 2025-09-23T07:55:15Z Rating: important References: * bsc#1245685 * bsc#1246001 * bsc#1247499 * bsc#1248298 Cross-References: * CVE-2025-38109 * CVE-2025-38181 * CVE-2025-38498 * CVE-2025-38555 CVSS scores: * CVE-2025-38109 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38181 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38498 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38555 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_8 fixes the following issues: * CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow (bsc#1245685) * CVE-2025-38181: calipso: fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246001) * CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247499) * CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248298) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-136=1 ## PackageList: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-5-1.2 * kernel-livepatch-6_4_0-30-default-5-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-5-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38109.html * https://www.suse.com/security/cve/CVE-2025-38181.html * https://www.suse.com/security/cve/CVE-2025-38498.html * https://www.suse.com/security/cve/CVE-2025-38555.html * https://bugzilla.suse.com/show_bug.cgi?id=1245685 * https://bugzilla.suse.com/show_bug.cgi?id=1246001 * https://bugzilla.suse.com/show_bug.cgi?id=1247499 * https://bugzilla.suse.com/show_bug.cgi?id=1248298 . A security update for SUSE Linux Micro 6.1 addresses four vulnerabilities in kernel-livepatch-MICRO-6-0_Update_8.. SUSE Linux Micro 6.1,kernel patch,security vulnerabilities,system stability. . Severity: Important. LinuxSecurity.com Team
Sep 26, 2025
•Important
SuSE
217
security advisorysecurity issuekernel updateOracle Linux 8 ELSA-2024-12618 Critical Kernel Update and Threats
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-12618 http://linux.oracle.com/errata/ELSA-2024-12618.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-core-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-210.163.7.el8uek.noarch.rpm kernel-uek-modules-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-container-5.15.0-210.163.7.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-210.163.7.el8uek.x86_64.rpm aarch64: bpftool-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-core-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-210.163.7.el8uek.noarch.rpm kernel-uek-modules-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-container-5.15.0-210.163.7.el8uek.aarch64.rpm kernel-uek-container-debug-5.15.0-210.163.7.el8uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-210.163.7.el8uek.src.rpm RelatedCVEs: CVE-2022-3566 CVE-2022-3567 CVE-2024-36032 CVE-2024-36033 CVE-2024-36484 CVE-2024-36894 CVE-2024-36901 CVE-2024-36974 CVE-2024-36978 CVE-2024-37078 CVE-2024-38588 CVE-2024-38619 CVE-2024-39362 CVE-2024-39468 CVE-2024-39469 CVE-2024-39482 CVE-2024-39484 CVE-2024-39487 CVE-2024-39495 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39509 CVE-2024-40901 CVE-2024-40902 CVE-2024-40904 CVE-2024-40905 CVE-2024-40908 CVE-2024-40911 CVE-2024-40912 CVE-2024-40914 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40937 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40947 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40963 CVE-2024-40967 CVE-2024-40968 CVE-2024-40970 CVE-2024-40971 CVE-2024-40974 CVE-2024-40976 CVE-2024-40978 CVE-2024-40980 CVE-2024-40981 CVE-2024-40983 CVE-2024-40987 CVE-2024-40988 CVE-2024-40990 CVE-2024-40993 CVE-2024-40994 CVE-2024-40995 CVE-2024-41000 CVE-2024-41002 CVE-2024-41005 CVE-2024-41006 CVE-2024-41007 CVE-2024-41027 CVE-2024-41034 CVE-2024-41035 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41046 CVE-2024-41047 CVE-2024-41048 CVE-2024-41049 CVE-2024-41087 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-42068 CVE-2024-42069 CVE-2024-42070 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42084 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42094 CVE-2024-42095 CVE-2024-42096 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42103 CVE-2024-42104 CVE-2024-42105 CVE-2024-42106 CVE-2024-42109 CVE-2024-42115 CVE-2024-42116 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42124 CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42137 CVE-2024-42140 CVE-2024-42143 CVE-2024-42145 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42154 CVE-2024-42157 CVE-2024-42161 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42229 CVE-2024-42232 CVE-2024-42236 CVE-2024-42244 CVE-2024-42247 Description of changes: [5.15.0-210.163.7.el8uek] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37030280] [5.15.0-210.163.6.el8uek] - Revert "Fix userfaultfd_api to return EINVAL as expected" (Vijayendra Suman) [Orabug: 37004422] [5.15.0-210.163.5.el8uek] - Revert "bpf: Allow reads from uninit stack" (Vijayendra Suman) [Orabug: 36992948] - selftests/vm: Fix build issue with pkey_sighandler_tests.c (Aruna Ramakrishna) [Orabug: 36992941] [5.15.0-210.163.4.el8uek] - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (Jerome Brunet) - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - MIPS: Octeron: remove source file executable bit (Dominique Martinet) - sched: act_ct: take care of padding in struct zones_ht_key (Eric Dumazet) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) - KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: Allow APICv APIC ID inhibit to be cleared (Greg Edwards) [Orabug: 36839768] - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456581] [5.15.0-210.163.3.el8uek] - selftests/net: remove extra argument domain for do_recv_completions() (Samasth Norway Ananda) [Orabug: 36949448] - selftests/mm: Add new testcases for pkeys (Keith Lucas) [Orabug: 36943199] - x86/pkeys: Restore altstack access in sigreturn() (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Update PKRU to enable all pkeys before XSAVE (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Addhelper functions to update PKRU on the sigframe (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Add PKRU as a parameter in signal handling functions (Aruna Ramakrishna) [Orabug: 36943199] - x86/signal/64: Move 64-bit signal code to its own file (Brian Gerst) [Orabug: 36943199] - x86/signal/32: Merge native and compat 32-bit signal code (Brian Gerst) [Orabug: 36943199] - x86/signal: Add ABI prefixes to frame setup functions (Brian Gerst) [Orabug: 36943199] - x86/signal: Merge get_sigframe() (Brian Gerst) [Orabug: 36943199] - x86: Remove __USER32_DS (Brian Gerst) [Orabug: 36943199] - signal/compat: Remove compat_sigset_t override (Brian Gerst) [Orabug: 36943199] - x86/signal: Remove sigset_t parameter from frame setup functions (Brian Gerst) [Orabug: 36943199] - x86/signal: Remove sig parameter from frame setup functions (Brian Gerst) [Orabug: 36943199] [5.15.0-210.163.2.el8uek] - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922239] - net: mana: Fix possible double free in error handling path (Ma Ke) [Orabug: 36897038] {CVE-2024-42069} - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (Thomas Gleixner) [Orabug: 35773810] - xfs: fix agf/agfl verification on v4 filesystems (Mark Tinguely) [Orabug: 35623655] [5.15.0-210.163.1.el8uek] - net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768888] {CVE-2024-36484} - LTS version: v5.15.163 (Vijayendra Suman) - i2c: rcar: fix error code in probe() (Dan Carpenter) - kbuild: Make ld-version.sh more robust against version string changes (Nathan Chancellor) - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (Brian Gerst) - i2c: rcar: clear NO_RXDMA flag after resetting (Wolfram Sang) - i2c: testunit: avoid re-issued work after read message (Wolfram Sang) - i2c: rcar: ensure Gen3+ reset does not disturb local targets (Wolfram Sang) - i2c: rcar: introduce Gen4 devices (Wolfram Sang) - i2c: rcar: reset controller is mandatory for Gen3+ (Wolfram Sang) - i2c: rcar: Add R-Car Gen4support (Geert Uytterhoeven) - i2c: mark HostNotify target address as used (Wolfram Sang) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896820] {CVE-2024-41034} - bpf: Allow reads from uninit stack (Eduard Zingerman) - ipv6: prevent NULL dereference in ip6_output() (Eric Dumazet) [Orabug: 36683273] {CVE-2024-36901} - ipv6: annotate data-races around cnf.disable_ipv6 (Eric Dumazet) - wireguard: send: annotate intentional data race in checking empty queue (Jason A. Donenfeld) - wireguard: queueing: annotate intentional data race in cpu round robin (Jason A. Donenfeld) - wireguard: allowedips: avoid unaligned 64-bit memory accesses (Helge Deller) [Orabug: 36930166] {CVE-2024-42247} - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930127] {CVE-2024-42232} - Fix userfaultfd_api to return EINVAL as expected (Audra Mitchell) [Orabug: 36896804] {CVE-2024-41027} - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (Nazar Bilinskyi) - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (MichaÅ KopeÄ) - nvmem: core: only change name to fram for current attribute (Thomas WeiÃschuh) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - nvmem: rmem: Fix return value of rmem_read() (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896825] {CVE-2024-41035} - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930137] {CVE-2024-42236} - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: mos7840: fix crash on resume (Dmitry Smirnov) [Orabug: 36930153] {CVE-2024-42244} - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add NetprismaLCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjørn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - net: ks8851: Fix potential TX stall after interface reopen (Ronald Wahl) - tcp: avoid too many retransmit packets (Eric Dumazet) [Orabug: 36841815] {CVE-2024-41007} - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - octeontx2-af: fix issue with IPv4 match for RSS (Satheesh Paul) - octeontx2-af: fix issue with IPv6 ext match for RSS (Kiran Kumar K) - octeontx2-af: extend RSS supported offload types (Kiran Kumar K) - octeontx2-af: fix detection of IP layer (Michal Mazur) - octeontx2-af: fix a issue with cpt_lf_alloc mailbox (Srujana Challa) - octeontx2-af: update cpt lf alloc mailbox (Srujana Challa) - octeontx2-af: replace cpt slot with lf id on reg write (Nithin Dabilpuram) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - net/sched: Fix UAF when resolving a clash (Chengen Du) [Orabug: 36896837] {CVE-2024-41040} - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) [Orabug: 36896841] {CVE-2024-41041} - ethtool: netlink: do not return SQI value if link is down (Oleksij Rempel) - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896855] {CVE-2024-41044} - net: ethernet: mtk-star-emac: set mac_managed_pm when probing (Jian Hui Lee) - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896862] {CVE-2024-41046} - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - i40e: Fix XDP program unloading while removing the driver (Michal Kubiak) [Orabug: 36896869] {CVE-2024-41047} - net: fix rc7's __skb_datagram_iter() (Hugh Dickins) - octeontx2-af: Fix incorrect valueoutput on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - skmsg: Skip zero length skb in sk_msg_recvmsg (Geliang Tang) [Orabug: 36896872] {CVE-2024-41048} - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry-> d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896875] {CVE-2024-41049} - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - null_blk: Do not allow runt zone with zone capacity smaller then zone size (Damien Le Moal) - nfc/nci: Add the inconsistency check between the input data length and count (Edward Adam Davis) [Orabug: 36897796] {CVE-2024-42130} - kbuild: fix short log for AS in link-vmlinux.sh (Masahiro Yamada) - nvmet: fix a possible leak when destroy a ctrl during qp establishment (Sagi Grimberg) [Orabug: 36897901] {CVE-2024-42152} - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (hmtheboy154) - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet (hmtheboy154) - regmap-i2c: Subtract reg size from max_write (Jim Wylder) - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (Kundan Kumar) - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails (Fedor Pchelkin) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - fs/ntfs3: Mark volume as dirty if xattr is broken (Konstantin Komarov) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897908] {CVE-2024-42153} - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (Luca Weiss) - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - ima: Avoid blocking in RCU read-side critical section (GUO Zihua) [Orabug: 36835827] {CVE-2024-40947} -bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897884] {CVE-2024-42148} - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (Val Packett) - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (Miquel Raynal) - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (Miquel Raynal) - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897639] {CVE-2024-42101} - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (Zijun Hu) [Orabug: 36897825] {CVE-2024-42137} - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (Naohiro Aota) [Orabug: 36934739] {CVE-2024-42103} - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897802] {CVE-2024-42131} - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897651] {CVE-2024-42104} - nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897657] {CVE-2024-42105} - Revert "igc: fix a log entry using uninitialized netdev" (Sasha Neftin) - gpiolib: of: add polarity quirk for TSC2005 (Dmitry Torokhov) - gpiolib: of: add a quirk for reset line polarity for Himax LCDs (Dmitry Torokhov) - gpiolib: of: factor out code overriding gpio line polarity (Dmitry Torokhov) - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897665] {CVE-2024-42106} - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825247] {CVE-2024-39487} -netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [Orabug: 36897676] {CVE-2024-42109} - riscv: kexec: Avoid deadlock in kexec crash path (Song Shuai) [Orabug: 36897831] {CVE-2024-42140} - wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko) - net: allow skb_datagram_iter to be called from any context (Sagi Grimberg) - e1000e: Fix S0ix residency on corporate systems (Dima Ruinskiy) - KVM: s390: fix LPSWEY handling (Christian Borntraeger) - tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897914] {CVE-2024-42154} - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - tools/power turbostat: Remember global max_die_id (Len Brown) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897933] {CVE-2024-42157} - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897693] {CVE-2024-42115} - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (Jose E. Marchesi) [Orabug: 36897964] {CVE-2024-42161} - igc: fix a log entry using uninitialized netdev (Corinna Vinschen) [Orabug: 36897705] {CVE-2024-42116} - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (Greg Kurz) - kunit: Fix timeout message (Mickaël Salaün) - orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897836] {CVE-2024-42143} - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897975] {CVE-2024-42223} - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897981] {CVE-2024-42224} - wifi: mt76: replace skb_put with skb_put_zero (Felix Fietkau) [Orabug: 36897988]{CVE-2024-42225} - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897725] {CVE-2024-42119} - drm/amd/display: Check pipe offset before setting vblank (Alex Hung) [Orabug: 36897731] {CVE-2024-42120} - drm/amd/display: Check index msg_id before read or write (Alex Hung) [Orabug: 36897738] {CVE-2024-42121} - drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - crypto: aead,cipher - zeroize key buffer after use (Hailey Mothershead) [Orabug: 36898013] {CVE-2024-42229} - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897759] {CVE-2024-42124} - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897846] {CVE-2024-42145} - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897778] {CVE-2024-42127} - locking/mutex: Introduce devm_mutex_init() (George Stark) - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - LTS version: v5.15.162 (Vijayendra Suman) - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (Udit Kumar) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (FUKAUMI Naoki) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption (Marc Zyngier) - efi/x86: Free EFI memory map only when installing a new one. (Ard Biesheuvel) - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures (Ard Biesheuvel) - efi: memmap: Move manipulationroutines into x86 arch tree (Ard Biesheuvel) - efi: Correct comment on efi_memmap_alloc (Liu Zixian) - drivers: fix typo in firmware/efi/memmap.c (Zheng Zhi Yuan) - tcp: Fix data races around icsk-> icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719865] {CVE-2022-3566} - ipv6: Fix data races around sk-> sk_prot. (Kuniyuki Iwashima) [Orabug: 34719905] {CVE-2022-3567} - ipv6: annotate some data-races around sk-> sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-König) - syscalls: fix sys_fanotify_mark prototype (Arnd Bergmann) - syscalls: fix compat_sys_io_pgetevents_time64 usage (Arnd Bergmann) - ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897557] {CVE-2024-42084} - ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897373] {CVE-2024-41087} - ata: ahci: Clean up sysfs file on error (Niklas Cassel) - batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897379] {CVE-2024-41089} - drm/i915/gt: Fix potential UAF by revoke of fence registers (Janusz Krzysztofik) [Orabug: 36897385] {CVE-2024-41092} - drm/amdgpu: avoid using null object of framebuffer (Julia Zhang) [Orabug: 36897435] {CVE-2024-41093} - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897442] {CVE-2024-41095} - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - sh: rework sync_file_range ABI (Arnd Bergmann) - kbuild: Install dtb files as 0644 in Makefile.dtbinst (Dragan Simic) - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() (Yuntao Wang) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAMtransmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897515] {CVE-2024-42076} - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - serial: 8250_omap: Implementation of Errata i2310 (Udit Kumar) [Orabug: 36897613] {CVE-2024-42095} - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (Meng Li) [Orabug: 36897563] {CVE-2024-42085} - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897450] {CVE-2024-41097} - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: fix races against disable (Oliver Neukum) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897565] {CVE-2024-42086} - iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (Alexander Sverdlin) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - i2c: testunit: discard write requests while old command is running (Wolfram Sang) - i2c: testunit: don't erase registers after STOP (Wolfram Sang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) - ocfs2: fix DIO failure due to insufficient transaction credits (Jan Kara) [Orabug: 36897528] {CVE-2024-42077} - parisc: use generic sys_fanotify_mark implementation (Arnd Bergmann) - x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897615] {CVE-2024-42096} - gpiolib: cdev: Disallow reconfiguration without direction(uAPI v1) (Kent Gibson) - gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897598] {CVE-2024-42092} - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (Liu Ying) - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - drm/radeon/radeon_display: Decrease the size of allocated memory (Erick Archer) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897623] {CVE-2024-42097} - crypto: ecdh - explicitly zeroize private_key (Joachim Vandersmissen) [Orabug: 36897630] {CVE-2024-42098} - net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897601] {CVE-2024-42093} - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897607] {CVE-2024-42094} - RDMA/restrack: Fix potential invalid address access (Wenchao Hao) [Orabug: 36897540] {CVE-2024-42080} - bpf: Add a check for struct bpf_fib_lookup size (Anton Protopopov) - mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (Uros Bizjak) - vduse: Temporarily fail if control queue feature requested (Maxime Coquelin) - vduse: validate block features only with block devices (Maxime Coquelin) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897569] {CVE-2024-42087} - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() (Christophe Leroy) [Orabug: 36897491] {CVE-2024-42068} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897499] {CVE-2024-42070} - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (Neal Cardwell) - parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix compat recv/recvfrom syscalls (Arnd Bergmann) -sparc: fix old compat_sys_select() (Arnd Bergmann) - Fix race for duplicate reqsk on identical SYN (luoxuanqiang) - xdp: Remove WARN() from __xdp_reg_mem_model() (Daniil Dulov) [Orabug: 36897553] {CVE-2024-42082} - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - ibmvnic: Free any outstanding tx skbs during scrq reset (Nick Child) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv-> pdev before using it (Elinor Montmasson) [Orabug: 36897577] {CVE-2024-42089} - net: stmmac: Assign configured channel value to EXTTS event (Oleksij Rempel) - net: mdio: add helpers to extract clause 45 regad and devad fields (Russell King (Oracle)) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835991] {CVE-2024-40987} - cifs: fix typo in module parameter enable_gcm_256 (Steve French) - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897585] {CVE-2024-42090} - Input: ili210x - fix ili251x_read_touch_data() return value (John Keeping) - gve: Clear napi-> skb before dev_kfree_skb_any() (Ziwei Xiao) [Orabug: 36835798] {CVE-2024-40937} - gve: Add RX context. (David Awogbemila) - ACPI: x86: Force StorageD3Enable on more products (Mario Limonciello) - ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (Mario Limonciello) - smb: client: fix deadlock in smb2_find_smb_tcon() (Enzo Matsumiya) [Orabug: 36774640] {CVE-2024-39468} - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - riscv: fixoverlap of allocated page and PTR_ERR (Nam Cao) - riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef (Jisheng Zhang) - kheaders: explicitly define file modes for archived headers (Matthias Maennich) - Revert "kheaders: substituting --sort in archive creation" (Masahiro Yamada) - drm/i915/gt: Disarm breadcrumbs if engines are already idle (Chris Wilson) - drm/i915/gt: Only kick the signal worker if there's been an update (Chris Wilson) - ksmbd: ignore trailing slashes in share paths (Nandor Kracser) - x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL (Tony Luck) - x86/cpu/vfm: Add new macros to work with (vendor/family/model) values (Tony Luck) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - bcache: fix variable length array abuse in btree_iter (Matthew Mirvish) [Orabug: 36809293] {CVE-2024-39482} - pmdomain: ti-sci: Fix duplicate PD referrals (Tomi Valkeinen) - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (Bitterblue Smith) - rtlwifi: rtl8192de: Style clean-ups (Kees Cook) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - perf script: Show also errors for --insn-trace option (Adrian Hunter) - perf: script: add raw|disasm arguments to --insn-trace option (Changbin Du) - drm/amd/display: revert Exit idle optimizations before HDCP execution (Martin Leung) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (Frank Li) - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - tcp: clear tp-> retrans_stamp in tcp_rcv_fastopen_synack() (Eric Dumazet) - kcov: don't lose track of remote references during softirqs (Aleksandr Nogikh) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSANwarning in kv_dpm.c (Alex Deucher) [Orabug: 36835996] {CVE-2024-40988} - drm/i915/mso: using joiner is not possible with eDP MSO (Jani Nikula) - ALSA: hda/realtek: Limit mic boost on N14AP7 (Edson Juliano Drosdeck) - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (Sean Christopherson) - btrfs: retry block group reclaim without infinite loop (Boris Burkov) - net: do not leave a dangling sk pointer, when socket creation fails (Ignat Korchagin) - serial: stm32: rework RX over DMA (Erwan Le Ray) - RDMA/mlx5: Add check for srq max_sge attribute (Patrisious Haddad) [Orabug: 36836003] {CVE-2024-40990} - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (Raju Rangoju) - regulator: bd71815: fix ramp values (Kalle Niemi) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (Nikita Shubin) - dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (Nikita Shubin) - dmaengine: ioat: use PCI core macros for PCIe Capability (Bjorn Helgaas) - dmaengine: ioatdma: Fix leaking on version mismatch (Nikita Shubin) - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() (Bjorn Helgaas) - dmaengine: ioat: switch from 'pci_' to 'dma_' API (Qing Wang) - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (Li RongQing) [Orabug: 36835844] {CVE-2024-40956} - regulator: core: Fix modpost error "regulator_get_regmap" undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (Pavan Chebbi) - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Jianguo Wu) [Orabug: 36835846] {CVE-2024-40957} - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36836326] {CVE-2024-40993} - octeontx2-pf: Add error handling to VLAN unoffload handling (Simon Horman) - virtio_net: checksum offloadinghandling fix (Heng Qi) - net: stmmac: No need to calculate speed divider when offload is disabled (Xiaolei Wang) - ptp: fix integer overflow in max_vclocks_store (Dan Carpenter) [Orabug: 36836016] {CVE-2024-40994} - sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) - net/sched: act_ct: set 'net' pointer when creating new nf_flow_table (Vlad Buslov) - tipc: force a dst refcount before doing decryption (Xin Long) [Orabug: 36835980] {CVE-2024-40983} - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836018] {CVE-2024-40995} - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - qca_spi: Make interrupt remembering atomic (Stefan Wahren) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835848] {CVE-2024-40958} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835851] {CVE-2024-40959} - ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835856] {CVE-2024-40960} - ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835861] {CVE-2024-40961} - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836085] {CVE-2024-41006} - cipso: fix total option length computation (Ondrej Mosnacek) - tracing: Build event generation tests only as modules (Masami Hiramatsu (Google)) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835869] {CVE-2024-40963} - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Järvinen) - serial: exar: adding missing CTI and Exar PCI ids (Parker Newman) - serial: imx: Introduce timeout when waiting on transmitter empty (Esben Haabendal) [Orabug: 36835886] {CVE-2024-40967} - MIPS: Octeon: Add PCIe link status check (Songyang Li) [Orabug: 36835892] {CVE-2024-40968} - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) -Avoid hw_desc array overrun in dw-axi-dmac (Joao Pinto) [Orabug: 36835903] {CVE-2024-40970} - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - f2fs: remove clear SB_INLINECRYPT flag in default_options (Yunlei He) [Orabug: 36835908] {CVE-2024-40971} - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (Aleksandr Aprelkov) - power: supply: cros_usbpd: provide ID table for avoiding fallback match (Tzung-Bi Shih) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835925] {CVE-2024-40974} - drm/lima: mask irqs in timeout path before hard reset (Erico Nunes) [Orabug: 36835935] {CVE-2024-40976} - drm/lima: add mask irq callback to gp and pp (Erico Nunes) - drm/amd/display: Exit idle optimizations before HDCP execution (Nicholas Kazlauskas) - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (Takashi Iwai) - HID: Add quirk for Logitech Casa touchpad (Sean O'Brien) - netpoll: Fix race condition in netpoll_owner_active (Breno Leitao) [Orabug: 36836079] {CVE-2024-41005} - kselftest: arm64: Add a null pointer check (Kunwu Chan) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835946] {CVE-2024-40978} - drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835959] {CVE-2024-40980} - af_packet: avoid a false positive warning in packet_setsockopt() (Eric Dumazet) - wifi: ath9k: work around memset overflow warning (Arnd Bergmann) - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835965] {CVE-2024-40981} - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (Yonghong Song) - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - block/ioctl: prefer different overflow check (Justin Stitt) [Orabug: 36836043]{CVE-2024-41000} - rcutorture: Fix invalid context warning when enable srcu barrier testing (Zqiang) - rcutorture: Make stall-tasks directly exit when rcutorture tests end (Zqiang) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - crypto: hisilicon/sec - Fix memory leak for sec resource release (Chenghai Huang) [Orabug: 36836053] {CVE-2024-41002} - padata: Disable BH when taking works lock on MT path (Herbert Xu) - Bluetooth: qca: fix info leak when fetching board id (Johan Hovold) [Orabug: 36934735] {CVE-2024-36033} - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (Dan Carpenter) - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (Oleg Nesterov) - i2c: designware: Fix the functionality flags of the slave-only interface (Jean Delvare) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753733] {CVE-2024-38619} - greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835563] {CVE-2024-39495} - kbuild: Remove support for Clang's ThinLTO caching (Nathan Chancellor) - mptcp: pm: update add_addr counters after connect (YonglongLi) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (YonglongLi) - hugetlb_encode.h: fix undefined behaviour (34 speed with the portTransmitRate from the tc-cbs parameters (Xiaolei Wang) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) [Orabug: 36835673] {CVE-2024-39505} - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) [Orabug: 36835676] {CVE-2024-39506} - net: hns3: add cond_resched() to hns3 ring buffer init process (Jie Wang) - net: hns3: fixkernel crash problem in concurrent scenario (Yonglong Liu) [Orabug: 36835679] {CVE-2024-39507} - net: sfp: Always call sfp_sm_mod_remove() on remove (Csókás, Bence) - drm/vmwgfx: 3D disabled should not effect STDU memory limits (Ian Forbes) - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (José Expósito) [Orabug: 36835792] {CVE-2024-40934} - iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) [Orabug: 36835823] {CVE-2024-40945} - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - iommu/amd: Introduce pci segment structure (Vasant Hegde) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835688] {CVE-2024-39509} - gpio: tqmx86: store IRQ trigger type and unmask status separately (Matthias Schiffer) - gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - platform/x86: dell-smbios: Fix wrong token data in sysfs (Armin Wolf) - platform/x86: dell-smbios-base: Use sysfs_emit() (ye xingchen) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - clk: sifive: Do not register clkdevs for PRCI clocks (Samuel Holland) - Input: try trimming too long modalias strings (Dmitry Torokhov) - powerpc/uaccess: Fix build errors seen with GCC 13/14 (Michael Ellerman) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835695] {CVE-2024-40901} - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Handle TD clearing for multiple streams case (Hector Martin) [Orabug: 36835772] {CVE-2024-40927} - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835700] {CVE-2024-40902} - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (Kyle Tso) - USB: class: cdc-wdm: Fix CPUlockup caused by excessive log messages (Alan Stern) [Orabug: 36835708] {CVE-2024-40904} - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774645] {CVE-2024-39469} - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - btrfs: fix leak of qgroup extent records after transaction abort (Filipe Manana) - wifi: ath10k: fix QCOM_RPROC_COMMON dependency (Dmitry Baryshkov) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - mm/cma: drop incorrect alignment check in cma_init_reserved_mem (Frank van der Linden) - cma: factor out minimum alignment requirement (David Hildenbrand) - i2c: acpi: Unbind mux adapters before delete (Hamish Martin) [Orabug: 36774617] {CVE-2024-39362} - i2c: add fwnode APIs (Russell King (Oracle)) - mmc: davinci: Don't strip remove function when driver is builtin (Uwe Kleine-König) [Orabug: 36809300] {CVE-2024-39484} - mmc: davinci_mmc: Convert to platform remove callback returning void (Yangtao Li) - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753573] {CVE-2024-38588} - x86/ibt,ftrace: Search for __fentry__ location (Peter Zijlstra) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - Bluetooth: qca: fix info leak when fetching fw build id (Johan Hovold) [Orabug: 36683103] {CVE-2024-36032} - Bluetooth: qca: add support for QCA2066 (Tim Jiang) - Bluetooth: qca: use switch case for soc type behavior (Neil Armstrong) - Bluetooth: btqca: Add WCN3988 support (Luca Weiss) - Bluetooth: btqca: use le32_to_cpu for ver.soc_id (Min-Hua Chen) - Bluetooth: hci_qca: mark OF related data asmaybe unused (Krzysztof Kozlowski) - skbuff: introduce skb_pull_data (Luiz Augusto von Dentz) - misc/pvpanic-pci: register attributes via pci_driver (Thomas WeiÃschuh) - misc/pvpanic: deduplicate common code (Thomas WeiÃschuh) - pvpanic: Indentation fixes here and there (Andy Shevchenko) - pvpanic: Keep single style across modules (Andy Shevchenko) - drm/amd/display: Fix incorrect DSC instance for MST (Hersen Wu) - drm/amd/display: drop unnecessary NULL checks in debugfs (Alexey Kodanev) - drm/amd/display: Clean up some inconsistent indenting (Jiapeng Chong) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - iio: accel: mxc4005: Reset chip on probe() and resume() (Hans de Goede) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683254] {CVE-2024-36894} - usb: gadget: f_fs: use io_data-> status consistently (John Keeping) - ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) [Orabug: 36835713] {CVE-2024-40905} - af_unix: Annotate data-race of sk-> sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). (Kuniyuki Iwashima) - af_unix: annotate lockless accesses to sk-> sk_err (Eric Dumazet) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net-> unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk-> sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk-> sk_state in unix_stream_read_skb(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk-> sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk-> sk_state in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk-> sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotatedata-race of sk-> sk_state in unix_inq_len(). (Kuniyuki Iwashima) - af_unix: Annodate data-races around sk-> sk_state for writers. (Kuniyuki Iwashima) - af_unix: Set sk-> sk_state under unix_state_lock() for truly disconencted peer. (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) [Orabug: 36748168] {CVE-2024-36974} - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) [Orabug: 36748175] {CVE-2024-36978} - octeontx2-af: Always allocate PF entries from low prioriy zone (Subbaraya Sundeep) - bpf: Set run context for rawtp test_run callback (Jiri Olsa) [Orabug: 36835722] {CVE-2024-40908} - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - net/ncsi: Fix the multi thread manner of NCSI driver (DelphineCCChiu) - net/ncsi: Simplify Kconfig/dts control flow (Peter Delevoryas) - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (Lingbo Kong) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835807] {CVE-2024-40941} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (Miri Korenblit) [Orabug: 36835779] {CVE-2024-40929} - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: cfg80211: Lock wiphy in cfg80211_get_station (Remi Pommarel) [Orabug: 36835729] {CVE-2024-40911} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835734] {CVE-2024-40912} - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835811] {CVE-2024-40942} _______________________________________________ El-errata mailinglist
Sep 12, 2024
•Critical
Oracle
203
security advisoryprivilege escalationkernelMageia 8 MGASA-2023-0237 Moderate: Kernel Privilege Escalation Threat
This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the . MGASA-2023-0237 - Updated kernel packages fix security vulnerabilities Publication date: 19 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0237.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-3338, CVE-2023-3390, CVE-2023-31248, CVE-2023-35001 This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support (CVE-2023-3338). A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue (CVE-2023-3390). Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248). Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001). NOTE!! This kernel also contains a fix for dkms builds hanging / stalling during upgrade to Mageia 9 (mga#31982) due to the new make 4.4 series utility ending up in a loop processing Makefile in kernel-devel packages. So if you use dkms packaged drivers, you need to be running this kernel (or any later released ones) before you do an online upgrade to avoid the upgrade stalling / hanging. References: -https://bugs.mageia.org/show_bug.cgi?id=32093 - https://bugs.mageia.org/show_bug.cgi?id=31982 - https://www.cve.org/CVERecord?id=CVE-2023-3338 - https://www.cve.org/CVERecord?id=CVE-2023-3390 - https://www.cve.org/CVERecord?id=CVE-2023-31248 - https://www.cve.org/CVERecord?id=CVE-2023-35001 SRPMS: - 8/core/kernel-5.15.120-2.mga8 - 8/core/kmod-virtualbox-7.0.8-1.12.mga8 - 8/core/kmod-xtables-addons-3.23-1.22.mga8 . Patch release MGASA-2023-0238 addresses various vulnerabilities in the kernel of Mandriva, enhancing overall system security and performance.. kernel update, security issues, mageia 8, privilege escalation, networking issues. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2023
•Important
Mageia
87
security advisorydenial of servicesubversionDebian: DSA-4851-1 Critical: Subversion DoS Issue - CVE-2020-17525
Thomas Akesson discovered a remotely triggerable vulnerability in the mod_authz_svn module in Subversion, a version control system. When using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option an unauthenticated remote client can take advantage of this flaw . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4851-1
Feb 13, 2021
•Critical
Debian
98
security advisoryRed Hatsoftware updateRed Hat 6 RHSA-2013:1591-03 Moderate: OpenSSL Vulnerability Patched
Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2013:1591-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1591.html Issue date: 2013-11-21 CVE Names: CVE-2010-5107 ==================================================================== 1. Summary: Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random earlyconnection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks 974096 - Kerberos ticket forwarding does not work if /tmp is polyinstantiated 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: openssh-5.3p1-94.el6.i686.rpm openssh-askpass-5.3p1-94.el6.i686.rpm openssh-clients-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-server-5.3p1-94.el6.i686.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-ldap-5.3p1-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: openssh-5.3p1-94.el6.i686.rpm openssh-askpass-5.3p1-94.el6.i686.rpm openssh-clients-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-server-5.3p1-94.el6.i686.rpm ppc64: openssh-5.3p1-94.el6.ppc64.rpm openssh-askpass-5.3p1-94.el6.ppc64.rpm openssh-clients-5.3p1-94.el6.ppc64.rpm openssh-debuginfo-5.3p1-94.el6.ppc64.rpm openssh-server-5.3p1-94.el6.ppc64.rpm s390x: openssh-5.3p1-94.el6.s390x.rpm openssh-askpass-5.3p1-94.el6.s390x.rpm openssh-clients-5.3p1-94.el6.s390x.rpm openssh-debuginfo-5.3p1-94.el6.s390x.rpm openssh-server-5.3p1-94.el6.s390x.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-ldap-5.3p1-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm ppc64: openssh-debuginfo-5.3p1-94.el6.ppc.rpm openssh-debuginfo-5.3p1-94.el6.ppc64.rpm openssh-ldap-5.3p1-94.el6.ppc64.rpm pam_ssh_agent_auth-0.9.3-94.el6.ppc.rpm pam_ssh_agent_auth-0.9.3-94.el6.ppc64.rpm s390x: openssh-debuginfo-5.3p1-94.el6.s390.rpm openssh-debuginfo-5.3p1-94.el6.s390x.rpm openssh-ldap-5.3p1-94.el6.s390x.rpm pam_ssh_agent_auth-0.9.3-94.el6.s390.rpm pam_ssh_agent_auth-0.9.3-94.el6.s390x.rpm x86_64: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: openssh-5.3p1-94.el6.i686.rpm openssh-askpass-5.3p1-94.el6.i686.rpm openssh-clients-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-server-5.3p1-94.el6.i686.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-ldap-5.3p1-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2010-5107 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/openssh.html#RHSA-2013-1591 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . Newly released OpenSSH updates bring improvements and adjustments to Red Hat Enterprise Linux 6, featuring minor security enhancements and various bug resolutions.. Red Hat OpenSSH Update, Security Advisory Update, Bug Fix OpenSSH. . Severity: Low. LinuxSecurity.com Team
Nov 20, 2013
•Low
Red Hat
200
security advisorybug fixxinetdScientific Linux SL5.x SLSA-2013:1302-1 Low: xinetd Remote Access Risk
Low: xinetd security and bug fix update. Date: Wed, 9 Oct 2013 13:24:46 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: xinetd on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: xinetd security and bug fix update Advisory ID: SLSA-2013:1302-1 Issue Date: 2013-09-30 CVE Numbers: CVE-2012-0862 -- When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. -- SL5 x86_64 xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm i386 xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm - Scientific Linux Development Team . Scientific Linux SL5.x has released a low-severity bug fix for xinetd, enhancing remote access security and correcting service-relatedissues for better performance.. xinetd Update, Scientific Linux, Remote Access Fix, Security Advisory. . Severity: Low. LinuxSecurity.com Team
Oct 09, 2013
•Low
Scientific Linux
200
security advisorybug fixdirectory traversalScientific Linux: CVE-2011-2166 Low: Dovecot Access Restrictions Issue
Low: dovecot security and bug fix update. Date: Mon, 4 Mar 2013 13:09:42 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: dovecot on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: dovecot security and bug fix update Issue Date: 2013-02-21 CVE Numbers: CVE-2011-2166 CVE-2011-2167 CVE-2011-4318 -- Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts. (CVE-2011-2166, CVE-2011-2167) A flaw was found in the way Dovecot performed remote server identity verification, when it was configured to proxy IMAP and POP3 connections to remote hosts using TLS/SSL protocols. A remote attacker could use this flaw to conduct man-in-the-middle attacks using an X.509 certificate issued by a trusted Certificate Authority (for a different name). (CVE-2011-4318) This update also fixes the following bug: * When a new user first accessed their IMAP inbox, Dovecot was, under some circumstances, unable to change the group ownership of the inbox directory in the user's Maildir location to match that of the user's mail spool (/var/mail/$USER). This correctly generated an "Internal error occurred" message. However, with a subsequent attempt to access the inbox, Dovecot saw that the directory already existed and proceeded with its operation, leaving the directory with incorrectly set permissions. This update corrects the underlying permissions setting error. When a new user now accesses their inbox for the first time, and it is not possible to set group ownership, Dovecot removes the created directory and generates an error message instead of keeping the directory with incorrect group ownership. After installing the updated packages, the dovecot service will be restarted automatically. -- SL6 x86_64 dovecot-2.0.9-5.el6.i686.rpm dovecot-2.0.9-5.el6.x86_64.rpm dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-debuginfo-2.0.9-5.el6.x86_64.rpm dovecot-mysql-2.0.9-5.el6.x86_64.rpm dovecot-pgsql-2.0.9-5.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-5.el6.x86_64.rpm dovecot-devel-2.0.9-5.el6.x86_64.rpm i386 dovecot-2.0.9-5.el6.i686.rpm dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-mysql-2.0.9-5.el6.i686.rpm dovecot-pgsql-2.0.9-5.el6.i686.rpm dovecot-pigeonhole-2.0.9-5.el6.i686.rpm dovecot-devel-2.0.9-5.el6.i686.rpm - Scientific Linux Development Team . The recent Dovecot security patch addresses issues related to access controls and several vulnerabilities in CentOS.. Dovecot Security Update, Scientific Linux Advisory, Low Severity Vulnerabilities. . Severity: Low. LinuxSecurity.com Team
Mar 04, 2013
•Low
Scientific Linux
200
security advisorylow severityremote access issueScientific Linux: CVE-2012-0862 Low: xinetd Remote Access Issue
Low: xinetd security and bug fix update. Date: Thu, 28 Feb 2013 16:16:42 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: xinetd on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: xinetd security and bug fix update Issue Date: 2013-02-21 CVE Numbers: CVE-2012-0862 -- When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. -- SL6 x86_64 xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm i386 xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm - Scientific Linux Development Team . CVE-2012-0863 targets vulnerabilities in Apache HTTP Server on Red Hat with critical patches and enhancements.. Scientific Linux,xinetdupdate,security patch,remote access,system log. . Severity: Low. LinuxSecurity.com Team
Feb 28, 2013
•Low
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!