Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
200
security advisoryimportantsyscallSciLinux SL7: SLSA-2021-4044-1 Important Flatpak Sandbox Bypass Fix
flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 -flatpak-1.0.9-12.el7_9.x86_64.rpm - flatpak-builder-1.0.0-12.el7_9.x86_64.rpm - flatpak-debuginfo-1.0.9-12.el7_9.x86_64.rpm - flatpak-devel-1.0.9- [More...]. Synopsis: Important: flatpak security update Advisory ID: SLSA-2021:4044-1 Issue Date: 2021-11-02 CVE Numbers: CVE-2021-41133 -- Security Fix(es): * flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 -flatpak-1.0.9-12.el7_9.x86_64.rpm - flatpak-builder-1.0.0-12.el7_9.x86_64.rpm - flatpak-debuginfo-1.0.9-12.el7_9.x86_64.rpm - flatpak-devel-1.0.9-12.el7_9.x86_64.rpm - flatpak-libs-1.0.9-12.el7_9.x86_64.rpm -- - Scientific Linux Development Team . Critical Flatpak patch for SL7 resolves a recent vulnerability linked to sandbox circumvention through syscall alterations.. flatpak Security, SL7 Release, Syscall Issue, Sandbox Bypass, Security Update. . Severity: Important. LinuxSecurity.com Team
Nov 02, 2021
•Important
Scientific Linux
89
security advisoryupdateFedoraFedora 22: FEDORA-2015-6565f29415 Critical: Pax-Utils Syscall Controls
Changes since 1.0.5: * security: whitelist the getcwd syscall * security: fix build on systems w/out si_syscall * security: whitelist the futex syscall * security: whitelist dup syscalls * security: do not warn when seccomp is disabled in the kernel * security: whitelist fakeroot syscalls * security: add a debug handler for seccomp * security: clean up syscall ifdefs * security: use. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6565f29415 2015-12-14 07:42:13.646285 -------------------------------------------------------------------------------- Name : pax-utils Product : Fedora 22 Version : 1.1.4 Release : 1.fc22 URL : https://wiki.gentoo.org/wiki/Project:Hardened Summary : PaX aware and related utilities for ELF binaries Description : pax-utils is a small set of various PaX aware and related utilities for ELF binaries. It was written for ELF Q/A on Gentoo systems but can be used on any distro. -------------------------------------------------------------------------------- Update Information: Changes since 1.0.5: * security: whitelist the getcwd syscall * security: fix build on systems w/out si_syscall * security: whitelist the futex syscall * security: whitelist dup syscalls * security: do not warn when seccomp is disabled in the kernel * security: whitelist fakeroot syscalls * security: add a debug handler for seccomp * security: clean up syscall ifdefs * security: use seccomp to lock ourselves down * security: lock down privs a bit via prctl * security: leverage namespaces to restrict the runtime a bit * lddtree.sh: fix interp handling when doing a full listing * lddtree.py: fix glob handling w/ld.so.conf * scanelf: fix memory leak with the -s option -------------------------------------------------------------------------------- References: [ 1 ] Bug #1286232 - pax-utils-1.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1286232 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pax-utils' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 14, 2015
•Critical
Fedora
89
security advisoryFedorasyscallFedora 23 FEDORA-2015-73cdd43bc0 Critical: Pax-Utils Syscall Enhancements
Changes since 1.0.5: * security: whitelist the getcwd syscall * security: fix build on systems w/out si_syscall * security: whitelist the futex syscall * security: whitelist dup syscalls * security: do not warn when seccomp is disabled in the kernel * security: whitelist fakeroot syscalls * security: add a debug handler for seccomp * security: clean up syscall ifdefs * security: use. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-73cdd43bc0 2015-12-09 18:50:09.116091 -------------------------------------------------------------------------------- Name : pax-utils Product : Fedora 23 Version : 1.1.4 Release : 1.fc23 URL : https://wiki.gentoo.org/wiki/Project:Hardened Summary : PaX aware and related utilities for ELF binaries Description : pax-utils is a small set of various PaX aware and related utilities for ELF binaries. It was written for ELF Q/A on Gentoo systems but can be used on any distro. -------------------------------------------------------------------------------- Update Information: Changes since 1.0.5: * security: whitelist the getcwd syscall * security: fix build on systems w/out si_syscall * security: whitelist the futex syscall * security: whitelist dup syscalls * security: do not warn when seccomp is disabled in the kernel * security: whitelist fakeroot syscalls * security: add a debug handler for seccomp * security: clean up syscall ifdefs * security: use seccomp to lock ourselves down * security: lock down privs a bit via prctl * security: leverage namespaces to restrict the runtime a bit * lddtree.sh: fix interp handling when doing a full listing * lddtree.py: fix glob handling w/ld.so.conf * scanelf: fix memory leak with the -s option -------------------------------------------------------------------------------- References: [ 1 ] Bug #1286232 - pax-utils-1.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1286232 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pax-utils' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 09, 2015
•Critical
Fedora
89
security advisoryfedoracriticalFedora 11 Critical Advisory: CVE-2009-2767 Kernel Null Pointer Dereference
Fix oops in clock_nanosleep syscall which allows an ordinary user to cause a null ptr dereference in the kernel. CVE-2009-2767. Fixes BUG_ON() in the intel gem page fault code breaking GNOME Shell.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8684 2009-08-17 20:42:52 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 11 Version : 2.6.29.6 Release : 217.2.8.fc11 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. -------------------------------------------------------------------------------- Update Information: Fix oops in clock_nanosleep syscall which allows an ordinary user to cause a null ptr dereference in the kernel. CVE-2009-2767. Fixes BUG_ON() in the intel gem page fault code breaking GNOME Shell. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 15 2009 Kyle McMartin 2.6.29.6-217.2.8 - CVE-2009-2767: Fix clock_nanosleep NULL ptr deref. * Fri Aug 14 2009 Kyle McMartin 2.6.29.6-217.2.7 - CVE-2009-2692: Fix sock sendpage NULL ptr deref. * Thu Aug 13 2009 Kristian Høgsberg - 2.6.29.6-217.2.6 - Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management code. Adds drm-i915-gem-bad-bug-on.patch, fixes #514091. * Wed Aug 12 2009 John W. Linville 2.6.29.6-217.2.5 - iwlwifi: fix TX queue race * Mon Aug 10 2009 Jarod Wilson 2.6.29.6-217.2.4 - Add tunable pad threshold support to lirc_imon - Blacklist all iMON devices in usbhid driver so lirc_imon can bind - Add new device ID to lirc_mceusb (#512483) - Enable IR transceiver on the HD PVR * Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.3 - Don't optimize away NULL pointer testswhere pointer is used before the test. (CVE-2009-1897) * Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.2 - Fix mmap_min_addr security bugs (CVE-2009-1895) * Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.1 - Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407) * Thu Jul 23 2009 Kyle McMartin 2.6.29.6-217 - Apply three patches requested by sgruszka@redhat.com: - iwl3945-release-resources-before-shutting-down.patch - iwl3945-add-debugging-for-wrong-command-queue.patch - iwl3945-fix-rfkill-sw-and-hw-mishmash.patch * Thu Jul 23 2009 Jarod Wilson - virtio_blk: don't bounce highmem requests, works around a frequent oops in kvm guests using virtio block devices (#510304) * Wed Jul 22 2009 Tom "spot" Callaway - We have to override the new %install behavior because, well... the kernel is special. * Wed Jul 22 2009 Ben Skeggs - drm-nouveau.patch: Fix DPMS off for DAC outputs, NV4x PFIFO typo * Tue Jul 7 2009 Chuck Ebbert 2.6.29.6-213 - Drop the correct patch to fix bug #498858 * Mon Jul 6 2009 Chuck Ebbert 2.6.29.6-212 - Additional fixes for bug #498854 * Thu Jul 2 2009 Chuck Ebbert 2.6.29.6-211 - Fix NFSD null credentials bug (#494067) - Remove null credentials debugging patch. * Thu Jul 2 2009 Chuck Ebbert 2.6.29.6-210 - Linux 2.6.29.6 * Wed Jul 1 2009 Chuck Ebbert 2.6.29.6-209.rc1 - Linux 2.6.29.6-rc1 - Enable CONFIG_DEBUG_CREDENTIALS in debug kernels only. - Dropped patches merged upstream: linux-2.6-netdev-r8169-fix-lg-pkt-crash.patch linux-2.6-input-atkbd-forced-release.patch * Wed Jul 1 2009 Dave Airlie 2.6.29.5-208 - drm-intel-a17-fix.patch, drm-pnp-add-resource-range-checker.patch, drm-i915-enable-mchbar.patch: backport upstream fixes for 915/945 tiling slowness. * Tue Jun 30 2009 Chuck Ebbert 2.6.29.5-207 - Fix stalled NFS writes (#508174) - Fix broken TSC-based delay. * Tue Jun 30 2009 Jarod Wilson 2.6.29.5-206 - Fix busticated lirc_serial (#504402) * Tue Jun 30 2009 Ben Skeggs 2.6.29.5-205 - nouveau: Forcibly DPMS on DAC/SORs during modeset * Mon Jun29 2009 Chuck Ebbert 2.6.29.5-204 - Fix "port=" option in CIFS mount calls. (#506574) * Mon Jun 29 2009 Chuck Ebbert 2.6.29.5-203 - Add support for Apple mini keyboard (#507517) * Mon Jun 29 2009 Chuck Ebbert 2.6.29.5-202 - New debug patch for null selinux credentials (for bug #494067) * Fri Jun 26 2009 Ben Skeggs 2.6.29.5-201 - nouveau: bump timeout up a bit, some people hitting false hangs * Fri Jun 26 2009 Ben Skeggs 2.6.29.5-200 - nouveau: backport nv50 output script fixes from upstream * Fri Jun 26 2009 Ben Skeggs - nouveau: fix GT200 context control, will allow use of 3D engine now * Wed Jun 24 2009 Jarod Wilson 2.6.29.5-198 - Fix lirc_i2c functionality (#507047) - Add ability to disable lirc_imon mouse mode * Wed Jun 24 2009 Kyle McMartin - config changes: - generic: - CONFIG_SCSI_DEBUG=m (was off, requested by davidz.) * Mon Jun 22 2009 Chuck Ebbert 2.6.29.5-196 - Fix oopses in a bunch of USB serial devices (#500954) * Sat Jun 20 2009 Chuck Ebbert 2.6.29.5-195 - Add linux-2.6-drivers-char-low-latency-removal.patch to fix oops in nozomi driver (#507005) * Thu Jun 18 2009 Ben Skeggs 2.6.29.5-194 - drm-nouveau.patch: un-break DPMS after DRM changes * Thu Jun 18 2009 Dave Airlie 2.6.29.5-193 - drm-radeon-cs-oops-fix.patch: fix oops if CS path called from non-kms * Wed Jun 17 2009 Jarod Wilson - New lirc_imon hotness: * support dual-interface devices with a single lirc device * directional pad functions as an input device mouse * touchscreen devices finally properly supported * support for using MCE/RC-6 protocol remotes * fix oops in RF remote association code (F10 bug #475496) * fix re-enabling case/panel buttons and/or knobs - Add some misc additional lirc_mceusb2 transceiver IDs - Add missing unregister_chrdev_region() call to lirc_dev exit - Add it8720 support to lirc_it87 * Tue Jun 16 2009 Chuck Ebbert 2.6.29.5-191 - Copy latest version of the -mm streaming IO and executable pages patches from F-10 - Copy the saner-vm-settings patch from F-10: changewriteback interval from 5,30 seconds to 3,10 seconds - Comment out the null credentials debugging patch (bug #494067) * Tue Jun 16 2009 Chuck Ebbert 2.6.29.5-190 - Two r8169 driver updates from 2.6.30 - Update via-sdmmc driver * Tue Jun 16 2009 Chuck Ebbert 2.6.29.5-189 - New debug patch for bug #494067, now enabled for non-debug kernels too. * Tue Jun 16 2009 Chuck Ebbert 2.6.29.5-188 - Avoid lockup on OOM with /dev/zero * Tue Jun 16 2009 Chuck Ebbert 2.6.29.5-187 - Drop the disable of mwait on VIA Nano processor. The lockup bug is fixed by BIOS updates. * Tue Jun 16 2009 Ben Skeggs 2.6.29.5-186 - nouveau: Use VBIOS image from PRAMIN in preference to PROM (#492658) * Tue Jun 16 2009 Dave Airlie 2.6.29.5-185 - drm-connector-dpms-fix.patch - allow hw to dpms off - drm-dont-frob-i2c.patch - don't play with i2c bits just do EDID - drm-intel-tv-fix.patch - fixed intel tv after connector dpms - drm-modesetting-radeon-fixes.patch - fix AGP issues (go faster) (otaylor) - drm-radeon-fix-ring-commit.patch - fix stability on some radeons - drm-radeon-new-pciids.patch - add rv770/790 support - drm-intel-vmalloc.patch - fix vmalloc patch * Mon Jun 15 2009 Chuck Ebbert - 2.6.29.5-184 - Get rid of the annoying parport sysctl registration warning (#503773) (linux-2.6-parport-quickfix-the-proc-registration-bug.patch) * Mon Jun 15 2009 Chuck Ebbert - 2.6.29.5-183 - Linux 2.6.29.5 * Mon Jun 15 2009 Chuck Ebbert - 2.6.29.5-182.rc1 - Add support for touchpad on MacBook 5 (Unibody) (#504197) * Mon Jun 15 2009 Chuck Ebbert - 2.6.29.5-181.rc1 - Fix reporting of short writes to the NFS client (#493500) * Mon Jun 15 2009 John W. Linville - neigh: fix state transition INCOMPLETE-> FAILED via Netlink request * Fri Jun 12 2009 Chuck Ebbert - 2.6.29.5-179.rc1 - VIA Nano / VX800 fixes Padlock 64-bit fixes Disable mwait on the Nano Add via-sdmmc driver Enable the VIA random number generator on 64-bit - Enable the userspace ARP daemon (#502844) * Wed Jun 10 2009 Ben Skeggs - drm-nouveau.patch: fillin modes derived from VBIOS tables better * Tue Jun 9 2009 Chuck Ebbert - 2.6.29.5-177.rc1 - 2.6.29.5-rc1 - Reverted from stable, patch already in drm-next: drm-r128-fix-r128-ioremaps-to-use-ioremap_wc.patch - Dropped patches, merged in -stable: hpet-fixes.patch keys-Handle-there-being-no-fallback-destination-key.patch kvm-Fix-PDPTR-reloading-on-CR4-writes.patch kvm-Make-paravirt-tlb-flush-also-reload-the-PAE-PDP.patch linux-2.6-ptrace-fix-possible-zombie-leak.patch linux-2.6-usb-cdc-acm-remove-low-latency-flag.patch linux-2.6-xen-xenbus_state_transition_when_not_connected.patch linux-2.6.29.5-ext4-stable-fixes.patch * Tue Jun 9 2009 John W. Linville - Clean-up some wireless bits in config-generic * Tue Jun 9 2009 Chuck Ebbert - 2.6.29.4-175 - Add ext4 stable patch queue, 18 patches submitted for 2.6.29.5 (adds 10 patches that weren't already in F-11.) * Tue Jun 9 2009 Chuck Ebbert - 2.6.29.4-174 - Add support for ACPI P-states on VIA processors. - Disable the e_powersaver driver. * Mon Jun 8 2009 Chuck Ebbert - 2.6.29.4-173 - Add linux-2.6-ptrace-fix-possible-zombie-leak.patch Fixes bug #481753, ptraced processes fail to deliver exit notification to parent * Mon Jun 8 2009 Chuck Ebbert - 2.6.29.4-172 - Add linux-2.6-netdev-ehea-fix-circular-locking.patch (#498854) * Mon Jun 8 2009 Chuck Ebbert - 2.6.29.4-171 - Add AT keyboard forced key release quirks for four more notebooks. (Fixes Samsung NC20/Q45, Fujitsu PA1510/Xi3650) * Mon Jun 8 2009 Chuck Ebbert - 2.6.29.4-170 - Drop ALSA jiffies-based PCM boundary checking (#498858) * Mon Jun 8 2009 Chuck Ebbert - 2.6.29.4-169 - Add debug patch for finding null security credentials. (494067) * Tue Jun 2 2009 Roland McGrath - 2.6.29.4-168 - utrace update (fixes stap PR10185) -------------------------------------------------------------------------------- References: [ 1 ] Bug #515867 - CVE-2009-2767 kernel: clock_nanosleep() with CLOCK_MONOTONIC_RAW NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=515867 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kernel' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 17, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!