Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
217
security advisoryimportantkernelOracle Linux 7 Kernel Important Security Update ELSA-2026-50142
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50142 http://linux.oracle.com/errata/ELSA-2026-50142.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.353.3.el7uek.x86_64.rpm kernel-uek-container-5.4.17-2136.353.3.el7uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.353.3.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.353.3.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.353.3.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.353.3.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.353.3.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.353.3.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.353.3.el7uek.src.rpm Related CVEs: CVE-2025-40215 Description of changes: [5.4.17-2136.353.3] - xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000] - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000] - Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 38934000] - Revert "IB/mlx5: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520] - Revert "IB/core: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520] - Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" (Sharath Srinivasan) [Orabug: 38923520] - fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812] [5.4.17-2136.353.2] - Revert "perf/x86: Always store regs-> ip in perf_callchain_kernel()" (Jiri Olsa) [Orabug: 38893604] - xfrm: delete x-> tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493] {CVE-2025-40215} [5.4.17-2136.352.5] - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022} [5.4.17-2136.352.4] - arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197] [5.4.17-2136.352.3] - net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278] - net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416] - infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469] - inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469] - rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727] - kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727] - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964} - RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622] - x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954] [5.4.17-2136.352.2] - LTS tag: v5.4.302 (Sherry Yang) - Input: pegasus-notetaker - fix potential out-of-boundsaccess (Seungjin Bae) - Input: remove third argument of usb_maxpacket() (Vincent Mailhol) - usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol) - fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271} - pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin) - pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla) - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245} - net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor) - net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon) - ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe) - mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres) - kconfig/nconf: Initialize the default locale at startup (Jakub Horký) - kconfig/mconf: Initialize the default locale at startup (Jakub Horký) - vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248} - s390/ctcm: Fix double-kfree (Aleksei Nikiforov) - net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254} - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan) - MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki) - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229} - scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259} - Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263} - be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264} - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734} - EDAC/altera: Use INTTESTregister for Ethernet and USB SBE injection (Niravkumar L Rabara) - EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara) - spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede) - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241} - strparser: Fix signed/unsigned mismatch bug (Nate Karstens) - gcov: add support for GCC 15 (Peter Oberparleiter) - mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs) - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277} - ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang) - regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang) - regulator: fixed: use dev_err_probe for register (Chris Morgan) - Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen) - net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet) - net_sched: remove need_resched() from qdisc_run() (Eric Dumazet) - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman) - net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman) - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N) - wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg) - net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday) - tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280} - tipc: simplify the finalize work queue (Xin Long) - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281} - sctp: get netns from asoc and ep base (Xin Long) - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen) - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV addresstype confusion (Pauli Virtanen) - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen) - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283} - net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang) - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad) - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb) - NFS4: Fix state renewals missing after boot (Joshua Watt) - compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra) - extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski) - tracing: Fix memory leaks in create_field_var() (Zilin Guan) - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192} - sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331} - sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler) - net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski) - net: dsa: b53: fix enabling ip multicast (Jonas Gorski) - net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski) - net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas) - net: dsa/b53: change b53_force_port_config() pause argument (Russell King) - net: vlan: sync VLAN features with lower device (Hangbin Liu) - ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko) - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304} - ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus) - 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry) - 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry) - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink(Yikang Yue) - ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre) - orangefs: fix xattr related buffer overflow... (Mike Marshall) - page_pool: Clamp pool size to max 16K pages (Dragos Tatulea) - Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308} - Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309} - net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun) - nfs4_setup_readdir(): insufficient locking for -> d_parent-> d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185} - NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos) - NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia) - remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold) - sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma) - net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das) - jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane) - jfs: Verify inode mode when loading from disk (Tetsuo Handa) - ipv6: np-> rxpmtu race annotation (Eric Dumazet) - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman) - allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro) - scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee) - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee) - selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng) - net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao) - selftests: Replace sleep with slowwait (David Ahern) - selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern) - media: redrat3: use int type to store negative error codes (Rong Qianfeng) - net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund) - phy: cadence:cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy) - usb: gadget: f_hid: Fix zero length packet transfer (William Wu) - net: call cond_resched() less often in __release_sock() (Eric Dumazet) - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae) - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay) - dmaengine: dw-edma: Set status for callback_result (Devendra K Verma) - dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev) - dmaengine: sh: setup_xref error handling (Thomas Andreatta) - scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng) - mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski) - mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski) - mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski) - media: fix uninitialized symbol warnings (Chelsy Ratnawat) - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin) - extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim) - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima) - net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch) - char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu) - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni) - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi) - media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194} - net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363} - bridge: Redirect to backup port when port is administratively down (Ido Schimmel) - powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle) - x86/vsyscall: Do not require X86_PF_INSTR to emulatevsyscall (Kirill A. Shutemov) - media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart) - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae) - selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu) - selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu) - PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives) - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab) - mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann) - mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein) - mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein) - tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown) - tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown) - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar) - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf) - uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa) - clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano) - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel) - tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi) - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede) - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg) - irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel) - arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook) - cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier) - selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière) - ACPI: video: force native for Lenovo 82K8 (Mario Limonciello) - memstick: Add timeout to prevent indefinite waiting (Jiayi Li) - mmc: host: renesas_sdhi: Fix the actual clock (Biju Das) - bpf: Don't use %pK through printk (Thomas Weißschuh) -spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh) - soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel) - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu) - serial: 8250_dw: handle reset control deassert error (Artem Shimko) - serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko) - serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko) - can: gs_usb: increase max interface to U8_MAX (Celeste Liu) - devcoredump: Fix circular locking dependency with devcd-> mutex. (Maarten Lankhorst) - net: ravb: Enforce descriptor type ordering (Lad Prabhakar) - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger) - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321} - net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli) - regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov) - drm/etnaviv: fix flush sequence logic (Tomeu Vizoso) - usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312} - wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain) - ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla) - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin) - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs) - fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322} - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211} - fbdev: atyfb: Check if pll_ops-> init_pll failed (Daniel Palmer) - net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin) - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana) - x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan) - net/sched:sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083} [5.4.17-2136.352.1] - RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401] - soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154] - soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154] - soc/pensando: psci support (David Clear) [Orabug: 38688154] - soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154] [5.4.17-2136.351.3] - Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366] - fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507] - uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382] - uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382] [5.4.17-2136.351.2] - uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548] - rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486] - uio_hv_generic: Set event for all channels on the device (Long Li) - ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel) - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng) [5.4.17-2136.351.1] - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482] _______________________________________________ El-errata mailing list
Mar 09, 2026
•Important
Oracle
100
security advisorymoderateSuSESUSE: Kernel-Livepatch-MICRO-6 Moderate Fixes for CVE-2025 Issues
* bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 . # Security update for kernel-livepatch-MICRO-6-0_Update_6 Announcement ID: SUSE-SU-2025:20761-1 Release Date: 2025-09-11T15:43:43Z Rating: moderate References: * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities and has one fix can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_6 fixes the following issues: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245505) * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579) * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235) * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775) * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791) * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-106=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-5-3.1 * kernel-livepatch-6_4_0-28-default-5-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-5-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 . Kernel-livepatch-MICRO-6-0 Update 6 resolves moderate security issues in SUSE Linux Micro 6.1 systems.. kernel-livepatch update, SUSE Linux security, system vulnerabilities, patch instructions, kernel bug fixes. . LinuxSecurity.com Team
Sep 26, 2025
SuSE
202
security advisoryimportantkernelopenSUSE: Critical Kernel Security Patch SUSE-SU-2025:04150-2
An update that solves nine vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03124-1 Release Date: 2025-09-09T19:33:51Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq-> bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3124=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3124=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_49-debugsource-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-15-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-preempt-15-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_49-debugsource-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-15-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 . Crucial system enhancementfor Linux Kernel within openSUSE tackling severe glitches and security risks, referenced as SUSE-SU-2025:03124-1.. openSUSE Kernel Patch, Linux Kernel Security, Important Updates. . Severity: Important. LinuxSecurity.com Team
Sep 09, 2025
•Important
OpenSUSE
100
security advisorysecurity issueSuSESUSE Linux Micro 6.1: Kernel Livepatch Important Issues Fix 2025:20624-1
* bsc#1244337 * bsc#1245776 * bsc#1245793 * bsc#1245797 . # Security update for kernel-livepatch-MICRO-6-0-RT_Update_8 Announcement ID: SUSE-SU-2025:20624-1 Release Date: 2025-08-25T12:45:12Z Rating: important References: * bsc#1244337 * bsc#1245776 * bsc#1245793 * bsc#1245797 Cross-References: * CVE-2025-21702 * CVE-2025-37752 * CVE-2025-37797 CVSS scores: * CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_8 fixes the following issues: * CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776) * CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793) * CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-> limit == 0 (bsc#1245797) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-72=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-2-1.2 * kernel-livepatch-6_4_0-31-rt-2-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-2-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-21702.html * https://www.suse.com/security/cve/CVE-2025-37752.html * https://www.suse.com/security/cve/CVE-2025-37797.html * https://bugzilla.suse.com/show_bug.cgi?id=1244337 * https://bugzilla.suse.com/show_bug.cgi?id=1245776 * https://bugzilla.suse.com/show_bug.cgi?id=1245793 *https://bugzilla.suse.com/show_bug.cgi?id=1245797 . Crucial announcement concerning SUSE Linux Micro 6.1 that resolves multiple security vulnerabilities while improving overall system reliability.. SUSE Linux 6.1 Update Kernel Livepatch Importance Security. . Severity: Important. LinuxSecurity.com Team
Aug 29, 2025
•Important
SuSE
98
security advisoryRed Hatcritical updateRed Hat: RHSA-2015-0726-02 Urgent Kernel Vulnerability Report
Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0726-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0726.html Issue date: 2015-03-26 CVE Names: CVE-2014-8159 CVE-2015-1421 ==================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user withaccess to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. This update also fixes the following bugs: * In certain systems with multiple CPUs, when a crash was triggered on one CPU with an interrupt handler and this CPU sent Non-Maskable Interrupt (NMI) to another CPU, and, at the same time, ioapic_lock had already been acquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump service could become unresponsive. This bug has been fixed and kdump now works as expected. (BZ#1197742) * On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi module was not properly loaded, and thus the function keys and radio switches did not work. This update applies a new string pattern of BIOS version, which fixes this bug, and function keys and radio switches now work as intended. (BZ#1197743) * During a heavy file system load involving many worker threads, all worker threads in the pool became blocked on a resource, and no manager thread existed to create more workers. As a consequence, the running processes became unresponsive. With this update, the logic around manager creation has been changed to assure that the last worker thread becomes a manager thread and does not start executing work items. Now, a manager thread exists, spawns new workers as needed, and processes no longer hang. (BZ#1197744) * If a thin-pool's metadata enters read-only or fail mode, for example, due to thin-pool running out of metadata or data space, any attempt to make metadatachanges such as creating a thin device or snapshot thin device should error out cleanly. However, previously, the kernel code returned verbose and alarming error messages to the user. With this update, due to early trapping of attempt to make metadata changes, informative errors are displayed, no longer unnecessarily alarming the user. (BZ#1197745) * When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V hypervisor, the storvsc module did not return the correct error code for the upper level Small Computer System Interface (SCSI) subsystem. As a consequence, a SCSI command failed and storvsc did not handle such a failure properly under some conditions, for example, when RAID devices were created on top of storvsc devices. An upstream patch has been applied to fix this bug, and storvsc now returns the correct error code in the described situation. (BZ#1197749) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access 1196581 - CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: kernel-3.10.0-229.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.1.2.el7.noarch.rpm kernel-doc-3.10.0-229.1.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-headers-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.1.2.el7.x86_64.rpm perf-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: kernel-3.10.0-229.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.1.2.el7.noarch.rpm kernel-doc-3.10.0-229.1.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-headers-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.1.2.el7.x86_64.rpm perf-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: kernel-3.10.0-229.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.1.2.el7.noarch.rpm kernel-doc-3.10.0-229.1.2.el7.noarch.rpm ppc64: kernel-3.10.0-229.1.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.1.2.el7.ppc64.rpm kernel-debug-3.10.0-229.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.1.2.el7.ppc64.rpm kernel-devel-3.10.0-229.1.2.el7.ppc64.rpm kernel-headers-3.10.0-229.1.2.el7.ppc64.rpm kernel-tools-3.10.0-229.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.1.2.el7.ppc64.rpm perf-3.10.0-229.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm s390x: kernel-3.10.0-229.1.2.el7.s390x.rpm kernel-debug-3.10.0-229.1.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.1.2.el7.s390x.rpm kernel-debug-devel-3.10.0-229.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.1.2.el7.s390x.rpm kernel-devel-3.10.0-229.1.2.el7.s390x.rpm kernel-headers-3.10.0-229.1.2.el7.s390x.rpm kernel-kdump-3.10.0-229.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.1.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.1.2.el7.s390x.rpm perf-3.10.0-229.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.s390x.rpm x86_64: kernel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-headers-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.1.2.el7.x86_64.rpm perf-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.1.2.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.1.2.ael7b.noarch.rpm kernel-doc-3.10.0-229.1.2.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.1.2.ael7b.ppc64le.rpm perf-3.10.0-229.1.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: kernel-debug-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm python-perf-3.10.0-229.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.1.2.el7.s390x.rpm python-perf-3.10.0-229.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: kernel-debug-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.1.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm python-perf-3.10.0-229.1.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.1.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Workstation (v.7): Source: kernel-3.10.0-229.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.1.2.el7.noarch.rpm kernel-doc-3.10.0-229.1.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-devel-3.10.0-229.1.2.el7.x86_64.rpm kernel-headers-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.1.2.el7.x86_64.rpm perf-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm python-perf-3.10.0-229.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.1.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8159 https://access.redhat.com/security/cve/CVE-2015-1421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVFDu7XlSAg2UNWIIRAhe0AJ0VXKx7TOIorm2vi6olS9ZKPbMLoACgl+C0 j2J3dgr4aWVyWTjAKfupViY=FAcH -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 26, 2015
•Important
Red Hat
98
security advisoryRed HateximRed Hat Enterprise Linux 4: RHSA-2005:358-01 Moderate: Exim PCRE Issue
Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: exim security update Advisory ID: RHSA-2005:358-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:358.html Issue date: 2005-09-08 Updated on: 2005-09-08 Product: Red Hat Enterprise Linux Cross references: RHSA-2005:761 CVE Names: CAN-2005-2491 - ---------------------------------------------------------------------1. Summary: Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the 'exim' user. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2491 to this issue. These erratum packages change Exim to use the system PCRE library instead of the internal one. These packages also fix a minor flaw where the Exim Monitorwas incorrectly computing free space on very large file systems. Users should upgrade to these erratum packages and also ensure they have updated the system PCRE library, for which erratum packages are available seperately in RHSA-2005:761 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 166332 - CAN-2005-2491 PCRE heap overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: 7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm i386: 3cedaa691ee80491012233bc7f6b5751 exim-4.43-1.RHEL4.5.i386.rpm 71cc7b677be34a85562b6dd92b75c136 exim-doc-4.43-1.RHEL4.5.i386.rpm 5ff347baab3ffa60d50560336a199a54 exim-mon-4.43-1.RHEL4.5.i386.rpm 6fd82576cc6f922e5296b53c6ff97c69 exim-sa-4.43-1.RHEL4.5.i386.rpm ia64: a4ac3e9dee59905dae00e5b7e330f9fd exim-4.43-1.RHEL4.5.ia64.rpm ba202ea35047272f83f1f57e7e8e1f3d exim-doc-4.43-1.RHEL4.5.ia64.rpm e0e9dd5323d335e227506712f7a6a820 exim-mon-4.43-1.RHEL4.5.ia64.rpm 95468315402e3e0d3140c9a21914b7af exim-sa-4.43-1.RHEL4.5.ia64.rpm ppc: ffd0e37c4407b5dedac0da6f49a14d09 exim-4.43-1.RHEL4.5.ppc.rpm c0450ef0f06f9bd4b9183de41e3d7458 exim-doc-4.43-1.RHEL4.5.ppc.rpm 26e777eb5e558014c891b857b6d734f6 exim-mon-4.43-1.RHEL4.5.ppc.rpm 55bdf1ec67259d95ab493aacb64dec3d exim-sa-4.43-1.RHEL4.5.ppc.rpm s390: d291ff6c800d57ebf40da49d5b9088f4 exim-4.43-1.RHEL4.5.s390.rpm 7c5b13cd6b4544c7d9b815408cc8f4b2 exim-doc-4.43-1.RHEL4.5.s390.rpm 56718f4f626486eec8ec514a58682c9b exim-mon-4.43-1.RHEL4.5.s390.rpm 8f8e56895552a976808f5040b4fcb823 exim-sa-4.43-1.RHEL4.5.s390.rpm s390x: f5bd90cb6c486a76ded7766f2b81742a exim-4.43-1.RHEL4.5.s390x.rpm dff099ef25b4af3c41b569ed9014938a exim-doc-4.43-1.RHEL4.5.s390x.rpm 1bfb1c3c1e9d60405d716ca55e2caa48 exim-mon-4.43-1.RHEL4.5.s390x.rpm 6f4af3e411cf415b5d25803cda2652a3 exim-sa-4.43-1.RHEL4.5.s390x.rpm x86_64: fae383601e1b7349492efef5e5b011cd exim-4.43-1.RHEL4.5.x86_64.rpm fdcc6e36253529483bc6b8a36e5a17ea exim-doc-4.43-1.RHEL4.5.x86_64.rpm 5dc87e2087877d0c84a5a0e0ba93377a exim-mon-4.43-1.RHEL4.5.x86_64.rpm f0da0c2ec5c405ed0fdb380059fc67a1 exim-sa-4.43-1.RHEL4.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm i386: 3cedaa691ee80491012233bc7f6b5751 exim-4.43-1.RHEL4.5.i386.rpm 71cc7b677be34a85562b6dd92b75c136 exim-doc-4.43-1.RHEL4.5.i386.rpm 5ff347baab3ffa60d50560336a199a54 exim-mon-4.43-1.RHEL4.5.i386.rpm 6fd82576cc6f922e5296b53c6ff97c69 exim-sa-4.43-1.RHEL4.5.i386.rpm x86_64: fae383601e1b7349492efef5e5b011cd exim-4.43-1.RHEL4.5.x86_64.rpm fdcc6e36253529483bc6b8a36e5a17ea exim-doc-4.43-1.RHEL4.5.x86_64.rpm 5dc87e2087877d0c84a5a0e0ba93377a exim-mon-4.43-1.RHEL4.5.x86_64.rpm f0da0c2ec5c405ed0fdb380059fc67a1 exim-sa-4.43-1.RHEL4.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm i386: 3cedaa691ee80491012233bc7f6b5751 exim-4.43-1.RHEL4.5.i386.rpm 71cc7b677be34a85562b6dd92b75c136 exim-doc-4.43-1.RHEL4.5.i386.rpm 5ff347baab3ffa60d50560336a199a54 exim-mon-4.43-1.RHEL4.5.i386.rpm 6fd82576cc6f922e5296b53c6ff97c69 exim-sa-4.43-1.RHEL4.5.i386.rpm ia64: a4ac3e9dee59905dae00e5b7e330f9fd exim-4.43-1.RHEL4.5.ia64.rpm ba202ea35047272f83f1f57e7e8e1f3d exim-doc-4.43-1.RHEL4.5.ia64.rpm e0e9dd5323d335e227506712f7a6a820 exim-mon-4.43-1.RHEL4.5.ia64.rpm 95468315402e3e0d3140c9a21914b7af exim-sa-4.43-1.RHEL4.5.ia64.rpm x86_64: fae383601e1b7349492efef5e5b011cd exim-4.43-1.RHEL4.5.x86_64.rpm fdcc6e36253529483bc6b8a36e5a17ea exim-doc-4.43-1.RHEL4.5.x86_64.rpm 5dc87e2087877d0c84a5a0e0ba93377a exim-mon-4.43-1.RHEL4.5.x86_64.rpm f0da0c2ec5c405ed0fdb380059fc67a1 exim-sa-4.43-1.RHEL4.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm i386: 3cedaa691ee80491012233bc7f6b5751 exim-4.43-1.RHEL4.5.i386.rpm 71cc7b677be34a85562b6dd92b75c136 exim-doc-4.43-1.RHEL4.5.i386.rpm 5ff347baab3ffa60d50560336a199a54 exim-mon-4.43-1.RHEL4.5.i386.rpm 6fd82576cc6f922e5296b53c6ff97c69 exim-sa-4.43-1.RHEL4.5.i386.rpm ia64: a4ac3e9dee59905dae00e5b7e330f9fd exim-4.43-1.RHEL4.5.ia64.rpm ba202ea35047272f83f1f57e7e8e1f3d exim-doc-4.43-1.RHEL4.5.ia64.rpm e0e9dd5323d335e227506712f7a6a820 exim-mon-4.43-1.RHEL4.5.ia64.rpm 95468315402e3e0d3140c9a21914b7af exim-sa-4.43-1.RHEL4.5.ia64.rpm x86_64: fae383601e1b7349492efef5e5b011cd exim-4.43-1.RHEL4.5.x86_64.rpm fdcc6e36253529483bc6b8a36e5a17ea exim-doc-4.43-1.RHEL4.5.x86_64.rpm 5dc87e2087877d0c84a5a0e0ba93377a exim-mon-4.43-1.RHEL4.5.x86_64.rpm f0da0c2ec5c405ed0fdb380059fc67a1 exim-sa-4.43-1.RHEL4.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2491 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Recent exim updates for Red Hat address a significant security vulnerability and enhance performance with extensive file system data handling.. Red Hat Exim Update, mail transport agent security, exim package fix. . LinuxSecurity.com Team
Sep 08, 2005
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!