Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorysecurity issuefedoraFedora 28: FEDORA-2019-dfb925deab Critical: Risk from Spectre Variant 4
Speculative Store Bypass [XSA-263, CVE-2018-3639]. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-aec846c0ef 2018-06-07 11:49:10.292246 --------------------------------------------------------------------------------Name : xen Product : Fedora 27 Version : 4.9.2 Release : 4.fc27 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: Speculative Store Bypass [XSA-263, CVE-2018-3639] --------------------------------------------------------------------------------ChangeLog: * Tue May 22 2018 Michael Young - 4.9.2-4 - Speculative Store Bypass [XSA-263, CVE-2018-3639] (with extra patches so it applies cleanly) * Wed May 9 2018 Michael Young - 4.9.2-3 - x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] (with extra patch so it applies cleanly) - x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089) - qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680) * Wed Apr 25 2018 Michael Young - 4.9.2-2 - Information leak via crafted user-supplied CDROM [XSA-258] (#1571867) - x86: PV guest may crash Xen with XPTI [XSA-259] (#1571878) * Wed Apr 4 2018 Michael Young - 4.9.2-1 - update to 4.9.2 adjust xen.use.fedora.ipxe.patch remove patches for issues now fixed upstream * Tue Feb 27 2018 Michael Young - 4.9.1-5 - add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 - DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540] (#1549568) - grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541] (#1549570) - x86 PVH guest without LAPIC may DoS the host [XSA-256,CVE-2018-7542] (#1549572) * Tue Dec 12 2017 Michael Young - 4.9.1-4 - another patch related to the [XSA-240, CVE-2017-15595] issue - xen: various flaws (#1525018) x86 PV guests may gain access to internally used page [XSA-248, CVE-2017-17566] broken x86 shadow mode refcount overflow check [XSA-249, CVE-2017-17563] improper x86 shadow mode refcount error handling [XSA-250, CVE-2017-17564] improper bug check in x86 log-dirty handling [XSA-251, CVE-2017-17565] * Sat Dec 2 2017 Richard W.M. Jones - 4.9.1-3 - OCaml 4.06.0 rebuild. * Tue Nov 28 2017 Michael Young - 4.9.1-2 - xen: various flaws (#1518214) x86: infinite loop due to missing PoD error checking [XSA-246, CVE-2017-17044] Missing p2m error checking in PoD code [XSA-247, CVE-2017-17045] * Thu Nov 23 2017 Michael Young - 4.9.1-1 - update to 4.9.1 (#1515818) adjust xen.use.fedora.ipxe.patch and qemu.git-fec5e8c92becad223df9d972770522f64aafdb72.patch remove patches for issues now fixed upstream and parts of xen.gcc7.fix.patch update xen.hypervisor.config - update Source0 location * Wed Nov 15 2017 Michael Young - 4.9.0-14 - fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue - fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS) * Thu Oct 26 2017 Michael Young - 4.9.0-13 - pin count / page reference race in grant table code [XSA-236, CVE-2017-15597] (#1506693) * Thu Oct 12 2017 Michael Young - 4.9.0-12 - xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237, CVE-2017-15590] DMOP map/unmap missing argument checks [XSA-238, CVE-2017-15591] hypervisor stack leak in x86 I/O intercept code [XSA-239, CVE-2017-15589] Unlimited recursion in linear pagetable de-typing [XSA-240, CVE-2017-15595] Stale TLB entry due to page type release race [XSA-241, CVE-2017-15588] page type reference leak on x86 [XSA-242, CVE-2017-15593] x86: Incorrect handling of self-linear shadow mappings with translated guests [XSA-243,CVE-2017-15592] x86: Incorrect handling of IST settings during CPU hotplug [XSA-244, CVE-2017-15594] --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-aec846c0ef' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 07, 2018
•Critical
Fedora
202
security advisorysecurity updatekernel patchopenSUSE Leap 15.0: 2018:1420-1 Important: Speculative Store Bypass
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1420-1 Rating: important References: #1087082 #1088273 Cross-References: CVE-2018-3639 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation:Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" The following non-security bugs were fixed: - allow_unsupported: add module tainting on feature use (FATE#323394). - powerpc/64/kexec: fix race in kexec when XIVE is shutdown (bsc#1088273). - reiserfs: mark read-write mode unsupported (FATE#323394). - reiserfs: package in separate KMP (FATE#323394). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-515=1 Package List: - openSUSE Leap 15.0 (x86_64): kernel-debug-4.12.14-lp150.12.4.1 kernel-debug-base-4.12.14-lp150.12.4.1 kernel-debug-base-debuginfo-4.12.14-lp150.12.4.1 kernel-debug-debuginfo-4.12.14-lp150.12.4.1 kernel-debug-debugsource-4.12.14-lp150.12.4.1 kernel-debug-devel-4.12.14-lp150.12.4.1 kernel-debug-devel-debuginfo-4.12.14-lp150.12.4.1 kernel-default-4.12.14-lp150.12.4.1 kernel-default-base-4.12.14-lp150.12.4.1 kernel-default-base-debuginfo-4.12.14-lp150.12.4.1 kernel-default-debuginfo-4.12.14-lp150.12.4.1 kernel-default-debugsource-4.12.14-lp150.12.4.1 kernel-default-devel-4.12.14-lp150.12.4.1 kernel-default-devel-debuginfo-4.12.14-lp150.12.4.1 kernel-kvmsmall-4.12.14-lp150.12.4.1 kernel-kvmsmall-base-4.12.14-lp150.12.4.1 kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.4.1 kernel-kvmsmall-debuginfo-4.12.14-lp150.12.4.1 kernel-kvmsmall-debugsource-4.12.14-lp150.12.4.1 kernel-kvmsmall-devel-4.12.14-lp150.12.4.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.4.1 kernel-obs-build-4.12.14-lp150.12.4.1 kernel-obs-build-debugsource-4.12.14-lp150.12.4.1 kernel-obs-qa-4.12.14-lp150.12.4.1 kernel-syms-4.12.14-lp150.12.4.1 - openSUSE Leap 15.0 (noarch): kernel-devel-4.12.14-lp150.12.4.1 kernel-docs-4.12.14-lp150.12.4.1 kernel-docs-html-4.12.14-lp150.12.4.1 kernel-macros-4.12.14-lp150.12.4.1 kernel-source-4.12.14-lp150.12.4.1 kernel-source-vanilla-4.12.14-lp150.12.4.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1088273 -- . News regarding openSUSE Leap 15.0 kernel improvements tackling Speculative Store Bypass vulnerabilities along with multiple security upgrades.. openSUSE Leap 15.0, Linux Kernel Patch, Speculative Execution Fix, Security Update. . Severity: Important. LinuxSecurity.com Team
May 25, 2018
•Important
OpenSUSE
89
security advisorycritical issuekernel updateFedora 28: 2018-db0d3e157e Critical: Kernel Security Update
The v4.16.11 kernel includes important fixes across the tree. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-db0d3e157e 2018-05-24 13:55:25.575339 --------------------------------------------------------------------------------Name : kernel Product : Fedora 28 Version : 4.16.11 Release : 300.fc28 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The v4.16.11 kernel includes important fixes across the tree --------------------------------------------------------------------------------ChangeLog: * Tue May 22 2018 Jeremy Cline - 4.16.11-300 - Linux v4.16.11 * Mon May 21 2018 Justin M. Forbes - 4.16.10-301 - Fix CVE-2018-3639 (rhbz 1566890 1580713) * Mon May 21 2018 Jeremy Cline - 4.16.10-300 - Linux v4.16.10 * Sun May 20 2018 Hans de Goede - Enable GPIO_AMDPT, PINCTRL_AMD and X86_AMD_PLATFORM_DEVICE Kconfig options to fix i2c and GPIOs not working on AMD based laptops (rhbz#1510649) * Thu May 17 2018 Justin M. Forbes - Fix CVE-2018-1120 (rhbz 1575472 1579542) * Thu May 17 2018 Jeremy Cline - 4.16.9-300 - Linux v4.16.9 - Silence unwanted "swiotlb buffer is full" warnings (rhbz 1556797) * Wed May 9 2018 Jeremy Cline - Workaround for m400 uart irq firmware description (rhbz 1574718) * Wed May 9 2018 Jeremy Cline - 4.16.8-300 - Linux v4.16.8 * Mon May 7 2018 Jeremy Cline - Fix issue with KVM on older Core 2 processors (rhbz 1566258) * Sat May 5 2018 Peter Robinson - ARM and Raspberry Pi fixes - Fix USB-2 on Tegra devices * Fri May 4 2018 Laura Abbott - Fix for building out of tree modules on powerpc (rhbz 1574604) * Fri May 4 2018 Justin M. Forbes - Fix CVE-2018-10322 (rhbz 1571623 1571624) - Fix CVE-2018-10323 (rhbz 1571627 1571630) * Wed May 2 2018 Jeremy Cline - 4.16.7-300 - Linuxv4.16.7 * Tue May 1 2018 Jeremy Cline - 4.16.6-302 - Revert the entire random series from 4.16.4 (rhbz 1572944) * Tue May 1 2018 Jeremy Cline - 4.16.6-301 - Revert the fix for CVE-2018-1108 (rhbz 1572944) * Mon Apr 30 2018 Jeremy Cline - 4.16.6-300 - Linux v4.16.6 * Fri Apr 27 2018 Jeremy Cline - 4.16.5-300 - Fix an issue with bluetooth autosupsend on some XPS 13 9360 (rhbz 1514836) - Fix prlimit64 with RLIMIT_CPU ignored (rhbz 1568337) - Linux v4.16.5 * Fri Apr 27 2018 Peter Robinson - Enable QLogic NICs on ARM * Wed Apr 25 2018 Jeremy Cline - Fix a kernel oops when using Thunderbolt 3 docks (rhbz 1565131) * Tue Apr 24 2018 Jeremy Cline - 4.16.4-300 - Linux v4.16.4 - Fix a regression in backlight interfaces for some laptops (rhbz 1571036) --------------------------------------------------------------------------------References: [ 1 ] Bug #1580713 - CVE-2018-3639 kernel: hw: cpu: speculative store bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580713 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-db0d3e157e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 24, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!