Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderatefedora

Fedora 35 FEDORA-2022-a0d7a5eaf2 Moderate Xen Flush And Retbleed

insufficient TLB flush for x86 PV guests in shadow mode [XSA-408, CVE-2022-33745] ---- Retbleed - arbitrary speculative code execution with return instructions [XSA-407, CVE-2022-23816, CVE-2022-23825, CVE-2022-29900]. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-a0d7a5eaf2 2022-08-12 01:41:01.346951 --------------------------------------------------------------------------------Name : xen Product : Fedora 35 Version : 4.15.3 Release : 4.fc35 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: insufficient TLB flush for x86 PV guests in shadow mode [XSA-408, CVE-2022-33745] ---- Retbleed - arbitrary speculative code execution with return instructions [XSA-407, CVE-2022-23816, CVE-2022-23825, CVE-2022-29900] --------------------------------------------------------------------------------ChangeLog: * Tue Jul 26 2022 Michael Young - 4.15.3-4 - insufficient TLB flush for x86 PV guests in shadow mode [XSA-408, CVE-2022-33745] * Fri Jul 22 2022 Michael Young - 4.15.3-3 - Retbleed - arbitrary speculative code execution with return instructions [XSA-407, CVE-2022-23816, CVE-2022-23825, CVE-2022-29900] --------------------------------------------------------------------------------References: [ 1 ] Bug #2112222 - CVE-2022-33745 xen: insufficient TLB flush for x86 PV guests in shadow mode https://bugzilla.redhat.com/show_bug.cgi?id=2112222 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-a0d7a5eaf2' at the command line. For more information, refer tothe dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The x86 PV guests' inadequate flushing and the Retbleed vulnerability have been tackled in the xen update announcement for Fedora 35.. Fedora Security Advisory, Xen Update, TLB Flush Issue, Retbleed Exploit. . LinuxSecurity.com Team

Calendar 2 Aug 11, 2022 Fedora
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorykernel updateimportant

SUSE: 2022:2423-1 Important Kernel Security Update for Retbleed

An update that solves 9 vulnerabilities and has 9 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2423-1 Rating: important References: #1194013 #1195775 #1196901 #1197362 #1199487 #1199489 #1199657 #1200263 #1200442 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1201050 #1201080 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver(bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - exec: Force single empty string when argv is empty (bsc#1200571). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2423=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2423=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2423=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP2-2022-2423=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2423=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2423=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2423=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2423=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2423=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2423=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2423=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 -SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-livepatch-5.3.18-150200.24.120.1 kernel-default-livepatch-devel-5.3.18-150200.24.120.1 kernel-livepatch-5_3_18-150200_24_120-default-1-150200.5.5.1 kernel-livepatch-5_3_18-150200_24_120-default-debuginfo-1-150200.5.5.1 kernel-livepatch-SLE15-SP2_Update_28-debugsource-1-150200.5.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.120.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.120.1 dlm-kmp-default-5.3.18-150200.24.120.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.120.1 gfs2-kmp-default-5.3.18-150200.24.120.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 ocfs2-kmp-default-5.3.18-150200.24.120.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 . Critical SUSE patch resolves several security concerns in the Linux Kernel, addressing both retbleed and memory-related flaws.. SUSE Update, Kernel Exploit Fix, Security Issues, Linux Patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 18, 2022 Important SuSE
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprivilege escalation

Debian 11: DSA-5184-1 Critical: Xen Privilege Escalation Risks

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5184-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 15, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. For additional information please refer to the following pages: https://xenbits.xen.org/xsa/advisory-404.html https://xenbits.xen.org/xsa/advisory-407.html For the stable distribution (bullseye), these problems have been fixed in version 4.14.5+24-g87d90d511c-1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu security notice USN-5500-1 addresses multiple vulnerabilities in the Linux kernel, resolving issues related to memory corruption and denial of service.. Debian Xen Security, Privilege EscalationFix, Hypervisor Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 15, 2022 Critical Debian
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity issueimportant

SUSE: 2022:2407-1 Important: Kernel Update Fixes 15 Security Issues

An update that solves 15 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2407-1 Rating: important References: #1177282 #1194013 #1196901 #1199487 #1199657 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1201050 #1201080 #1201251 Cross-References: CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVSS scores: CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed theRETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install thisSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2407=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2407=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2407=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2407=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2407=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2407=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 reiserfs-kmp-default-4.12.14-150000.150.95.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 reiserfs-kmp-default-4.12.14-150000.150.95.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.95.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.95.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-livepatch-4.12.14-150000.150.95.1 kernel-livepatch-4_12_14-150000_150_95-default-1-150000.1.3.1 kernel-livepatch-4_12_14-150000_150_95-default-debuginfo-1-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.95.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.95.1 dlm-kmp-default-4.12.14-150000.150.95.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.95.1 gfs2-kmp-default-4.12.14-150000.150.95.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 ocfs2-kmp-default-4.12.14-150000.150.95.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.95.1 References: https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 . SUSE Linux Kernel enhancement addresses 15 security flaws, notably the RETBLEED vulnerability. A systemreboot is required after installation.. SUSE Linux Kernel Update, Security Issues, Kernel Patch Instructions. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 15, 2022 Important SuSE
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdatecritical

Fedora 36: 2022-c69ef9c1dd Critical: Kernel Update For Retbleed

The 5.18.11 stable kernel update contains a number of important fixes across the tree. In addition to the 5.18.11 stable patches, this build contains the retbleed patches scheduled for 5.18.12 kernels.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-c69ef9c1dd 2022-07-14 01:43:48.689270 --------------------------------------------------------------------------------Name : kernel Product : Fedora 36 Version : 5.18.11 Release : 200.fc36 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.18.11 stable kernel update contains a number of important fixes across the tree. In addition to the 5.18.11 stable patches, this build contains the retbleed patches scheduled for 5.18.12 kernels. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 12 2022 Justin M. Forbes [5.18.11-200] - Turn on configs for retbleed (Justin M. Forbes) * Tue Jul 12 2022 Justin M. Forbes [5.18.11-0] - x86/static_call: Serialize __static_call_fixup() properly (Thomas Gleixner) - x86/speculation: Disable RRSBA behavior (Pawan Gupta) - x86/kexec: Disable RET on kexec (Konrad Rzeszutek Wilk) - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (Peter Zijlstra) - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) - x86/retbleed: Add fine grained Kconfig knobs (Peter Zijlstra) - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) - x86/common: Stamp out the stepping madness (Peter Zijlstra) - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) - KVM: VMX: Preventguest RSB poisoning attacks with eIBRS (Josh Poimboeuf) - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) - objtool: Add entry UNRET validation (Thadeu Lima de Souza Cascardo) - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) - x86/bugs: Add retbleed=ibpb (Peter Zijlstra) - x86/xen: Add UNTRAIN_RET (Peter Zijlstra) - x86/xen: Rename SYS* entry points (Peter Zijlstra) - objtool: Update Retpoline validation (Peter Zijlstra) - intel_idle: Disable IBRS during long idle (Peter Zijlstra) - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) - x86/entry: Add kernel IBRS implementation (Thadeu Lima de Souza Cascardo) - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) - x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) - x86: Add magic AMD return-thunk (Thadeu Lima de Souza Cascardo) - objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) - x86/entry: Avoid very early RET (Peter Zijlstra) - x86: Use return-thunk in asm code (Peter Zijlstra) - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) - x86/vsyscall_emu/64: Don't useRET in vsyscall emulation (Peter Zijlstra) - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) - x86/bpf: Use alternative RET encoding (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - x86,static_call: Use alternative RET encoding (Peter Zijlstra) - objtool: skip non-text sections when adding return-thunk sites (Thadeu Lima de Souza Cascardo) - x86,objtool: Create .return_sites (Peter Zijlstra) - x86: Undo return-thunk damage (Peter Zijlstra) - x86/retpoline: Use -mfunction-return (Peter Zijlstra) - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) - x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) - x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) - x86/entry: Remove skip_r11rcx (Peter Zijlstra) - x86/entry: Don't call error_entry() for XENPV (Lai Jiangshan) - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (Lai Jiangshan) - x86/entry: Switch the stack after error_entry() returns (Lai Jiangshan) - x86/traps: Use pt_regs directly in fixup_bad_iret() (Lai Jiangshan) --------------------------------------------------------------------------------References: [ 1 ] Bug #2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions https://bugzilla.redhat.com/show_bug.cgi?id=2090226 [ 2 ] Bug #2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions https://bugzilla.redhat.com/show_bug.cgi?id=2103148 [ 3 ] Bug #2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed) https://bugzilla.redhat.com/show_bug.cgi?id=2103153 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-c69ef9c1dd' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Essential software upgrade in Fedora 36 introduces important bug corrections and retbleed mitigations for improved system protection.. retbleed, Fedora 36, kernel update, security fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 13, 2022 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here