Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorysecurity updateimportantSUSE: 2024:4264-1 important: kernel live patch security update
* bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1223059 . # Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:4264-1 Release Date: 2024-12-09T10:04:26Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225733 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 * bsc#1229553 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-52752 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36904 * CVE-2024-36964 * CVE-2024-41059 * CVE-2024-43861 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46955 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 23 vulnerabilitiescan now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues. The following security issues were fixed: * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev-> mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610:Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-> mac_header (bsc#1223514). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-4264=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-4264=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_43-debugsource-9-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-9-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-default-9-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_158-preempt-9-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-9-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_158-default-9-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html *https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 . A critical patch for the Linux Kernel has been released, targeting several vulnerabilities and improving overall system robustness.. Linux Kernel Patch, SUSE Security Update, Kernel Issues, Live Patching. . Severity:Important. LinuxSecurity.com Team
Dec 09, 2024
•Important
SuSE
89
security advisorykernel updateFedoraFedora 31: FEDORA-2020-203ffedeb5 Critical Fixes in Kernel Update
The 5.6.16 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-203ffedeb5 2020-06-11 18:57:11.130967 --------------------------------------------------------------------------------Name : kernel Product : Fedora 31 Version : 5.6.16 Release : 200.fc31 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.6.16 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Thu Jun 4 2020 Justin M. Forbes - 5.6.16-200 - Fix CVE-2020-10757 (rhbz 1842525 184388) * Wed Jun 3 2020 Justin M. Forbes - Linux v5.6.16 * Thu May 28 2020 Justin M. Forbes - 5.6.15-200 - Linux v5.6.15 * Wed May 20 2020 Hans de Goede - Fix automatic guest resolution resizing of VirtualBox VMs (rhbz 1789545) - 5.6.14-200 - Fix Sony laptop hang on resume from suspend (rhbz 1830150) * Wed May 20 2020 Justin M. Forbes - Linux v5.6.14 - Fix CVE-2020-12888 (rhbz 1836245 1836244) * Mon May 18 2020 Justin M. Forbes - Fix stability issue with the jetson-tk1 NIC * Mon May 18 2020 Hans de Goede - Add patch fixing backlight control on Cherry Trail devices (rhbz 1828927) * Thu May 14 2020 Justin M. Forbes - 5.6.13-200 - Linux v5.6.13 - Fix boot hang caused by buggy TPM support (rhbz 1779611) - Fix CVE-2020-12655 (rhbz 1832543 1832545) * Tue May 12 2020 Justin M. Forbes - Fix CVE-2020-10711 (rhbz 1825116 1834778) * Mon May 11 2020 Justin M. Forbes - 5.6.12-200 - Linux v5.6.12 * Wed May 6 2020 Justin M. Forbes - 5.6.11-200 - Linux v5.6.11 * Mon May 4 2020 Justin M. Forbes - 5.6.10-200 - Linux v5.6.10 * Wed Apr 29 2020 Justin M. Forbes - 5.6.8-200 - Linuxv5.6.8 - Fixes CVE-2020-11884 (rhbz 1828149 1829181) * Tue Apr 28 2020 Justin M. Forbes - MST Fix from Lyude Paul - drm/i915/gem: Hold obj-> vma.lock over for_each_ggtt_vma() (airlied request) * Thu Apr 23 2020 Justin M. Forbes - 5.6.7-200 - Linux v5.6.7 * Tue Apr 21 2020 Justin M. Forbes - 5.6.6-200 - Linux v5.6.6 rebase * Fri Apr 17 2020 Justin M. Forbes - 5.5.18-200 - Linux v5.5.18 * Mon Apr 13 2020 Justin M. Forbes - 5.5.17-200 - Linux v5.5.17 * Wed Apr 8 2020 Justin M. Forbes - 5.5.16-200 - Linux v5.5.16 * Thu Apr 2 2020 Justin M. Forbes - 5.5.15-200 - Linux v5.5.15 * Thu Apr 2 2020 Hans de Goede - Add patch fixing Lenovo X1 7th and 8th gen not suspending (rhbz 1816621) - Add patch fixing Lenovo X1 8th gen speaker volume control (rhbz 1820196) * Wed Apr 1 2020 Justin M. Forbes - 5.5.14-200 - Linux v5.5.14 - Fixes CVE-2020-8835 (rhbz 1818941 1817350) * Wed Mar 25 2020 Justin M. Forbes - 5.5.13-200 - Linux v5.5.13 * Wed Mar 25 2020 Justin M. Forbes - 5.5.12-200 - Linux v5.5.12 * Mon Mar 23 2020 Justin M. Forbes - 5.5.11-200 - Linux v5.5.11 * Fri Mar 20 2020 Jeremy Cline - Switch Secure Boot to lock down to integrity mode (rhbz 1815571) * Fri Mar 20 2020 Justin M. Forbes - Fix CVE-2019-19769 (rhbz 1786174 1786175) * Wed Mar 18 2020 Justin M. Forbes - 5.5.10-200 - Linux v5.5.10 * Sat Mar 14 2020 Hans de Goede - Fix UCSI oopses (rhbz 1785972) * Fri Mar 13 2020 Hans de Goede - Fix some HP x360 models not booting (rhbz 1790115) * Thu Mar 12 2020 Justin M. Forbes - 5.5.9-200 - Linux v5.5.9 * Mon Mar 9 2020 Hans de Goede - Fix backtraces on various buggy BIOS-es (rhbz 1564895, 1808874) - Add /etc/modprobe.d/floppy-blacklist.conf to fix auto-loading of the legacy floppy driver (rhbz 1789155) * Thu Mar 5 2020 Justin M. Forbes - 5.5.8-200 - Linux v5.5.8 * Fri Feb 28 2020 Justin M. Forbes - 5.5.7-200 - Linux v5.5.7 - Fixes CVE-2020-2732 (rhbz 1805135 1806816) * Thu Feb 27 2020 Hans de Goede - Fix 5.5.6 sof_hdaregression (rhbz 1772498) * Mon Feb 24 2020 Justin M. Forbes - 5.5.6-201 - Fix for some iwlwifi users (rhbz 1800335) * Mon Feb 24 2020 Justin M. Forbes - 5.5.6-200 - Linux v5.5.6 * Fri Feb 21 2020 Hans de Goede - Backport Virtual Box Guest shared folder support from 5.6 * Fri Feb 21 2020 Jaroslav Kysela - Update alsa-5.6.patch for better SOF support (rhbz 1772498) * Thu Feb 20 2020 Justin M. Forbes - Fix aarch64 heap corruption issue (rhbz 1797052) - Add i915 fix from upstream * Wed Feb 19 2020 Justin M. Forbes - 5.5.5-200 - Linux v5.5.5 * Mon Feb 17 2020 Jeremy Cline - 5.4.20-200 - Linux v5.4.20 * Tue Feb 11 2020 Jeremy Cline - 5.4.19-200 - Linux v5.4.19 * Mon Feb 10 2020 Jeremy Cline - Remove sysrq support to lift lockdown (rhbz 1800859) * Thu Feb 6 2020 Jeremy Cline - 5.4.18-200 - Linux v5.4.18 * Sat Feb 1 2020 Jeremy Cline - 5.4.17-200 - Linux v5.4.17 * Thu Jan 30 2020 Jeremy Cline - 5.4.16-200 - Linux v5.4.16 * Wed Jan 29 2020 Justin Forbes - Add support for Comet Lake (rhbz 1794369) * Mon Jan 27 2020 Jeremy Cline - 5.4.15-200 - Linux v5.4.15 * Thu Jan 23 2020 Jeremy Cline - 5.4.14-200 - Linux v5.4.14 * Tue Jan 21 2020 Jeremy Cline - 5.4.13-201 - Re-add the Intel ASoC Sound Open Firmware driver support * Mon Jan 20 2020 Jeremy Cline - 5.4.13-200 - Linux v5.4.13 * Tue Jan 14 2020 Jeremy Cline - 5.4.12-200 - Linux v5.4.12 * Mon Jan 13 2020 Justin M. Forbes - 5.4.10-202 - Add Documentation back to kernel-devel as it has Kconfig now (rhbz 1789641) * Mon Jan 13 2020 Peter Robinson - 5.4.11-200 - Linux v5.4.11 * Thu Jan 9 2020 Jeremy Cline - 5.4.10-200 - Linux v5.4.10 * Mon Jan 6 2020 Laura Abbott - Fix for tpm usercopy (rhbz 1788653) * Mon Jan 6 2020 Hans de Goede - Make the MFD Intel LPSS driver builtin, some devices require this to be available early during boot (rhbz#1787997) * Mon Jan 6 2020 Jeremy Cline - 5.4.8-200 - Linux v5.4.8 - Fix a firmware load issue on some Intel wireless cards (rhbz1788150) * Tue Dec 31 2019 Justin M. Forbes - 5.4.7-200 - Linux v5.4.7 * Mon Dec 23 2019 Justin M. Forbes - 5.4.6-300 - Linux v5.4.6 - Fix rhbz 1781288 * Thu Dec 19 2019 Justin M. Forbes - 5.4.5-300 - Linux v5.4.5 rebase * Wed Dec 18 2019 Laura Abbott - 5.3.18-300 - Linux v5.3.18 * Tue Dec 17 2019 Laura Abbott - 5.3.17-300 - Linux v5.3.17 * Fri Dec 13 2019 Laura Abbott - 5.3.16-300 - Linux v5.3.16 * Thu Dec 5 2019 Laura Abbott - 5.3.15-300 - Linux v5.3.15 * Wed Dec 4 2019 Laura Abbott - Add powerpc virt fix (rhbz 1769600) * Mon Dec 2 2019 Laura Abbott - 5.3.14-300 - Linux v5.3.14 * Mon Dec 2 2019 Justin M. Forbes - Fix CVE-2019-18808 (rhbz 1777418 1777421) - Fix CVE-2019-18809 (rhbz 1777449 1777451) - Fix CVE-2019-18811 (rhbz 1777455 1777456) - Fix CVE-2019-18812 (rhbz 1777458 1777459) - Fix CVE-2019-16232 (rhbz 1760351 1760352) * Tue Nov 26 2019 Justin M. Forbes - Fix CVE-2019-19082 (rhbz 1776832 1776833) * Mon Nov 25 2019 Justin M. Forbes - 5.3.13-300 - Fix CVE-2019-14895 (rhbz 1774870 1776139) - Fix CVE-2019-14896 (rhbz 1774875 1776143) - Fix CVE-2019-14897 (rhbz 1774879 1776146) - Fix CVE-2019-14901 (rhbz 1773519 1776184) - Fix CVE-2019-19078 (rhbz 1776354 1776353) * Mon Nov 25 2019 Laura Abbott - Linux v5.3.13 * Fri Nov 22 2019 Justin M. Forbes - Fix CVE-2019-19077 rhbz 1775724 1775725 * Thu Nov 21 2019 Justin M. Forbes - 5.3.12-300 - Fix CVE-2019-19074 (rhbz 1774933 1774934) - Fix CVE-2019-19073 (rhbz 1774937 1774939) - Fix CVE-2019-19072 (rhbz 1774946 1774947) - Fix CVE-2019-19071 (rhbz 1774949 1774950) - Fix CVE-2019-19070 (rhbz 1774957 1774958) - Fix CVE-2019-19068 (rhbz 1774963 1774965) - Fix CVE-2019-19043 (rhbz 1774972 1774973) - Fix CVE-2019-19066 (rhbz 1774976 1774978) - Fix CVE-2019-19046 (rhbz 1774988 1774989) - Fix CVE-2019-19050 (rhbz 1774998 1775002) - Fix CVE-2019-19062 (rhbz 1775021 1775023) - Fix CVE-2019-19064 (rhbz 1775010 1775011) - Fix CVE-2019-19063 (rhbz 1775015 1775016) - Fix CVE-2019-19059 (rhbz1775042 1775043) - Fix CVE-2019-19058 (rhbz 1775047 1775048) - Fix CVE-2019-19057 (rhbz 1775050 1775051) - Fix CVE-2019-19053 (rhbz 1775956 1775110) - Fix CVE-2019-19056 (rhbz 1775097 1775115) - Fix CVE-2019-19055 (rhbz 1775074 1775116) - Fix CVE-2019-19054 (rhbz 1775063 1775117) * Thu Nov 21 2019 Laura Abbott - Linux v5.3.12 * Tue Nov 12 2019 Justin M. Forbes - 5.3.11-300 - Linux v5.3.11 - Fixes CVE-2019-11135 (rhbz 1753062 1771649) - Fixes CVE-2018-12207 (rhbz 1646768 1771645) - Fixes CVE-2019-0154 (rhbz 1724393 1771642) - Fixes CVE-2019-0155 (rhbz 1724398 1771644) * Mon Nov 11 2019 Laura Abbott - 5.3.10-300 - Linux v5.3.10 * Thu Nov 7 2019 Jeremy Cline - Add support for a number of Macbook keyboards and touchpads (rhbz 1769465) * Wed Nov 6 2019 Laura Abbott - 5.3.9-300 - Linux v5.3.9 * Tue Oct 29 2019 Laura Abbott - 5.3.8-300 - Linux v5.3.8 --------------------------------------------------------------------------------References: [ 1 ] Bug #1842525 - CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap https://bugzilla.redhat.com/show_bug.cgi?id=1842525 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-203ffedeb5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 11, 2020
•Critical
Fedora
202
security advisorycriticalsecurity fixopenSUSE Leap 42.3: 2017:2846-1 Important: Kernel Security Fixes
An update that solves three vulnerabilities and has 60 fixes is now available.. openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2846-1 Rating: important References: #1004527 #1012382 #1015342 #1015343 #1019675 #1019680 #1019695 #1019699 #1020412 #1020989 #1022595 #1022604 #1022912 #1024346 #1024373 #1025461 #1032150 #1034075 #1037579 #1037890 #1050471 #1052360 #1055567 #1056230 #1056427 #1056587 #1056596 #1058135 #1059863 #1060249 #1060400 #1060985 #1061451 #1061721 #1061775 #1062279 #1062520 #1062962 #1063102 #1063349 #1063460 #1063475 #1063501 #1063509 #1063520 #1063570 #1063667 #1063695 #1064064 #1064206 #1064388 #1064436 #963575 #964944 #966170 #966172 #966186 #966191 #966316 #966318 #969476 #969477 #971975 Cross-References: CVE-2017-13080 CVE-2017-15265 CVE-2017-15649 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 60 fixes is now available. Description: The openSUSE Leap 42.3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly haveunspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - acpi/processor: Check for duplicate processor ids at hotplug time (bnc#1056230). - acpi/processor: Implement DEVICE operator for processor enumeration (bnc#1056230). - add mainline tags to hyperv patches - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm64: add function to get a cpu's MADT GICC table (bsc#1062279). - arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481). - arm64/perf: Access pmu register using irq_affinity on error (bsc#1062279). - drivers/perf: arm_pmu: avoid NULL dereference when not using devicetree (bsc#1062279). - drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock (bsc#1062279). - drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu (bsc#1062279). - drivers/perf: arm_pmu: define armpmu_init_fn (bsc#1062279). - drivers/perf: arm_pmu: expose a cpumask in sysfs (bsc#1062279). - drivers/perf: arm_pmu: factor out pmu registration (bsc#1062279). - drivers/perf: arm-pmu: Fix handling of SPI lacking "interrupt-affinity" property (bsc#1062279). - drivers/perf: arm_pmu: Fix NULL pointer dereference during probe (bsc#1062279). - drivers/perf: arm-pmu: fixRCU usage on pmu resume from low-power (bsc#1062279). - drivers/perf: arm_pmu: Fix reference count of a device_node in of_pmu_irq_cfg (bsc#1062279). - drivers/perf: arm_pmu: fold init into alloc (bsc#1062279). - drivers/perf: arm_pmu: handle no platform_device (bsc#1062279). - drivers/perf: arm-pmu: Handle per-interrupt affinity mask (bsc#1062279). - drivers/perf: arm_pmu: implement CPU_PM notifier (bsc#1062279). - drivers/perf: arm_pmu: make info messages more verbose (bsc#1062279). - drivers/perf: arm_pmu: manage interrupts per-cpu (bsc#1062279). - drivers/perf: arm_pmu: move irq request/free into probe (bsc#1062279). - drivers/perf: arm_pmu: only use common attr_groups (bsc#1062279). - drivers/perf: arm_pmu: remove pointless PMU disabling (bsc#1062279). - drivers/perf: arm_pmu: rename irq request/free functions (bsc#1062279). - drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU (bsc#1062279). - drivers/perf: arm_pmu: rework per-cpu allocation (bsc#1062279). - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs() (bsc#1062279). - drivers/perf: arm_pmu: split cpu-local irq request/free (bsc#1062279). - drivers/perf: arm_pmu: split irq request from enable (bsc#1062279). - drivers/perf: arm_pmu: split out platform device probe logic (bsc#1062279). - drivers/perf: kill armpmu_register (bsc#1062279). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (bsc#1022912 FATE#321246). - edac, sb_edac: Assign EDAC memory controller per h/w controller (bsc#1061721). - edac, sb_edac: Avoid creating SOCK memory controller (bsc#1061721). - edac, sb_edac: Bump driver version and do some cleanups (bsc#1061721). - edac, sb_edac: Carve out dimm-populating loop(bsc#1061721). - edac, sb_edac: Check if ECC enabled when at least one DIMM is present (bsc#1061721). - edac, sb_edac: Classify memory mirroring modes (bsc#1061721). - edac, sb_edac: Classify PCI-IDs by topology (bsc#1061721). - edac, sb_edac: Do not create a second memory controller if HA1 is not present (bsc#1061721). - edac, sb_edac: Do not use "Socket#" in the memory controller name (bsc#1061721). - edac, sb_edac: Drop NUM_CHANNELS from 8 back to 4 (bsc#1061721). - edac, sb_edac: Fix mod_name (bsc#1061721). - edac, sb_edac: Get rid of -> show_interleave_mode() (bsc#1061721). - edac, sb_edac: Remove double buffering of error records (bsc#1061721). - edac, sb_edac: Remove NULL pointer check on array pci_tad (bsc#1061721). - edac, skx_edac: Handle systems with segmented PCI busses (bsc#1063102). - ext4: do not allow encrypted operations without keys (bnc#1012382). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - fix flags ordering (bsc#1034075 comment 131) - Fix mpage_writepage() for pages with buffers (bsc#1050471). - fix whitespace according to upstream commit - fs/epoll: cache leftmost node (bsc#1056427). - fs/mpage.c: fix mpage_writepage() for pages with buffers (bsc#1050471). Update to version in mainline - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). -i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Add generic function to extract IB speed from netdev (bsc#1056596). - ib/core: Add ordered workqueue for RoCE GID management (bsc#1056596). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382 bsc#1022595 FATE#322350). - ib/ipoib: Replace list_del of the neigh-> list with list_del_init (FATE#322350 bnc#1012382 bsc#1022595). - ib/ipoib: rtnl_unlock can not come after free_netdev (FATE#322350 bnc#1012382 bsc#1022595). - ib/mlx5: Change logic for dispatching IB events for port state (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ib/mlx5: Fix cached MR allocation flow (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (FATE#321231 FATE#321473 FATE#322149 FATE#322153 bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: ad_sigma_delta:Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - kabi fixup struct nvmet_sq (bsc#1063349). - kABI: protect enum fs_flow_table_type (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - kABI: protect struct mlx5_priv (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - libata: transport: Remove circular dependency at free time (bnc#1012382). - libceph: do not allow bidirectional swap of pg-upmap-items (bsc#1061451). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm: avoid marking swap cached page as lazyfree (VM Functionality, bsc#1061775). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm: fix data corruption caused by lazyfree page (VM Functionality, bsc#1061775). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit(bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper-> expect_class_max (bnc#1012382). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx5: Check device capability for maximum flow counters (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Delay events till ib registration ends (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Check for qos capability in dcbnl_initialize (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Do not add/remove 802.1ad rules when changing 802.1Q VLAN filter (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix calculated checksum offloads counters (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix dangling page pointer on DMA mapping error (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix DCB_CAP_ATTR_DCBX capability for DCBNL getcap (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix inline header size for small packets (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Print netdev features correctly in error message (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: E-Switch, Unload the representors in the correct order (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix arm SRQ command for ISSI version 0 (bsc#1015342 FATE#321688 bsc#1015343FATE#321689). - net/mlx5: Fix command completion after timeout access invalid structure (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - net/mlx5: Fix counter list hardware structure (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Remove the flag MLX5_INTERFACE_STATE_SHUTDOWN (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvpp2: fix the mac address used when using PPv2.2 (bsc#1032150). - net: mvpp2: use {get, put}_cpu() instead of smp_processor_id() (bsc#1032150). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - netvsc: Initialize 64-bit stats seqcount (fate#320485). - nvme: allow timed-out ios to retry (bsc#1063349). - nvme: fix sqhd reference when admin queue connect fails (bsc#1063349). - nvme: fix visibility of "uuid" ns attribute (bsc#1060400). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - nvme: stop aer posting if controller state not live (bsc#1063349). - nvmet: implement valid sqhd values in completions (bsc#1063349). - nvmet: synchronize sqhd update (bsc#1063349). - nvme: use device_add_disk_with_groups() (bsc#1060400). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (FATE#322379 bnc#1012382 bsc#1020989). - perf: arm: acpi: remove cpu hotplug statemachine dependency (bsc#1062279). - perf: arm: platform: remove cpu hotplug statemachine dependency (bsc#1062279). - perf: arm: replace irq_get_percpu_devid_partition call (bsc#1062279). - perf: arm: temporary workaround for build errors (bsc#1062279). - perf: Convert to using %pOF instead of full_name (bsc#1062279). - powerpc: Fix unused function warning 'lmb_to_memblock' (FATE#322022). - powerpc/pseries: Add pseries hotplug workqueue(FATE#322022). - powerpc/pseries: Auto-online hotplugged memory (FATE#322022). - powerpc/pseries: Check memory device state before onlining/offlining (FATE#322022). - powerpc/pseries: Correct possible read beyond dlpar sysfs buffer (FATE#322022). - powerpc/pseries: Do not attempt to acquire drc during memory hot add for assigned lmbs (FATE#322022). - powerpc/pseries: Fix build break when MEMORY_HOTREMOVE=n (FATE#322022). - powerpc/pseries: fix memory leak in queue_hotplug_event() error path (FATE#322022). - powerpc/pseries: Implement indexed-count hotplug memory add (FATE#322022). - powerpc/pseries: Implement indexed-count hotplug memory remove (FATE#322022). - powerpc/pseries: Introduce memory hotplug READD operation (FATE#322022). - powerpc/pseries: Make the acquire/release of the drc for memory a seperate step (FATE#322022). - powerpc/pseries: Remove call to memblock_add() (FATE#322022). - powerpc/pseries: Revert 'Auto-online hotplugged memory' (FATE#322022). - powerpc/pseries: Use kernel hotplug queue for PowerVM hotplug events (FATE#322022). - powerpc/pseries: Use lmb_is_removable() to check removability (FATE#322022). - powerpc/pseries: Verify CPU does not exist before adding (FATE#322022). - rdma: Fix return value check for ib_get_eth_speed() (bsc#1056596). - rdma/qedr: Parse VLAN ID correctly and ignore the value of zero (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - rdma/qedr: Parse vlan priority as sl (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - rds: ib: add error handle (bnc#1012382). - rds: rdma: Fix the composite message user notification (bnc#1012382). - README.BRANCH: Add Michal and Johannes as co-maintainers. - Remove superfluous hunk in bigmem backport (bsc#1064436). Refresh patches.arch/powerpc-bigmem-16-mm-Add-addr_limit-to-mm_context-and-use-it-t .patch. - Revert "x86/acpi: Enable MADT APIs toreturn disabled apicids" (bnc#1056230). - Revert "x86/acpi: Set persistent cpuid nodeid mapping when booting" (bnc#1056230). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060249, LTC#159112). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1060249, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060249, LTC#159177). - s390/topology: always use s390 specific sched_domain_topology_level (bnc#1060249, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060249, LTC#159177). - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: fixup kernel warning during rmmod() (bsc#1052360). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: lpfc: Ensure io aborts interlocked with the target (bsc#1056587). - scsi: qedi: off by one in qedi_get_cmd_from_tid() (bsc#1004527, FATE#321744). - scsi: qla2xxx: Fix uninitialized work element (bsc#1019675,FATE#321701). - scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch is originally part of a larger series which can't be easily backported to SLE-12. For a reasoning why we think it's safe to apply, see bsc#1060985, comment 20. - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: do not return bogus Sg_requests (bsc#1064206). - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: enable dw_mmc-rockchipdriver References: bsc#1064064 - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - ttpci: address stringop overflow warning (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb:properly check kthread_run return value (bnc#1012382). - x86/acpi: Restore the order of CPU IDs (bnc#1056230). - x86/cpu: Remove unused and undefined __generic_processor_info() declaration (bnc#1056230). - x86 edac, sb_edac.c: Take account of channel hashing when needed (bsc#1061721). - x86/mshyperv: Remove excess #includes from mshyperv.h (fate#320485). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1194=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (noarch): kernel-devel-4.4.92-31.1 kernel-docs-4.4.92-31.2 kernel-docs-html-4.4.92-31.2 kernel-docs-pdf-4.4.92-31.2 kernel-macros-4.4.92-31.1 kernel-source-4.4.92-31.1 kernel-source-vanilla-4.4.92-31.1 - openSUSE Leap 42.3 (x86_64): kernel-debug-4.4.92-31.1 kernel-debug-base-4.4.92-31.1 kernel-debug-base-debuginfo-4.4.92-31.1 kernel-debug-debuginfo-4.4.92-31.1 kernel-debug-debugsource-4.4.92-31.1 kernel-debug-devel-4.4.92-31.1 kernel-debug-devel-debuginfo-4.4.92-31.1 kernel-default-4.4.92-31.1 kernel-default-base-4.4.92-31.1 kernel-default-base-debuginfo-4.4.92-31.1 kernel-default-debuginfo-4.4.92-31.1 kernel-default-debugsource-4.4.92-31.1 kernel-default-devel-4.4.92-31.1 kernel-obs-build-4.4.92-31.1 kernel-obs-build-debugsource-4.4.92-31.1 kernel-obs-qa-4.4.92-31.1 kernel-syms-4.4.92-31.1 kernel-vanilla-4.4.92-31.1 kernel-vanilla-base-4.4.92-31.1 kernel-vanilla-base-debuginfo-4.4.92-31.1 kernel-vanilla-debuginfo-4.4.92-31.1 kernel-vanilla-debugsource-4.4.92-31.1 kernel-vanilla-devel-4.4.92-31.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1004527 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1019675 https://bugzilla.suse.com/1019680 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1020989 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1022912 https://bugzilla.suse.com/1024346 https://bugzilla.suse.com/1024373 https://bugzilla.suse.com/1025461 https://bugzilla.suse.com/1032150 https://bugzilla.suse.com/1034075 https://bugzilla.suse.com/1037579 https://bugzilla.suse.com/1037890 https://bugzilla.suse.com/1050471 https://bugzilla.suse.com/1052360 https://bugzilla.suse.com/1055567 https://bugzilla.suse.com/1056230 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1056587 https://bugzilla.suse.com/1056596 https://bugzilla.suse.com/1058135 https://bugzilla.suse.com/1059863 https://bugzilla.suse.com/1060249 https://bugzilla.suse.com/1060400 https://bugzilla.suse.com/1060985 https://bugzilla.suse.com/1061451 https://bugzilla.suse.com/1061721 https://bugzilla.suse.com/1061775 https://bugzilla.suse.com/1062279 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1062962 https://bugzilla.suse.com/1063102 https://bugzilla.suse.com/1063349 https://bugzilla.suse.com/1063460 https://bugzilla.suse.com/1063475 https://bugzilla.suse.com/1063501 https://bugzilla.suse.com/1063509 https://bugzilla.suse.com/1063520 https://bugzilla.suse.com/1063570 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1063695 https://bugzilla.suse.com/1064064 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/1064436 https://bugzilla.suse.com/963575 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/971975 -- . This Fedora security patch introduces essential updates for the Linux kernel, enhancing the system's defense against vulnerabilities.. openSUSE Security Update,Linux Kernel Fixes,Security Enhancements. . Severity: Important. LinuxSecurity.com Team
Oct 25, 2017
•Important
OpenSUSE
100
security advisoryOpenSSLimportantSUSE Linux Enterprise 11 SP1: 2015:1184-1 Important OpenSSL Fixes
An update that fixes 7 vulnerabilities is now available. It An update that fixes 7 vulnerabilities is now available. It An update that fixes 7 vulnerabilities is now available. It includes one version update. includes one version update.. SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1184-1 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: OpenSSL 0.9.8j was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libopenssl-devel=10794 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.72.1 libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/show_bug.cgi?id=929678 https://bugzilla.suse.com/show_bug.cgi?id=931698 https://bugzilla.suse.com/show_bug.cgi?id=933911 https://bugzilla.suse.com/show_bug.cgi?id=934487 https://bugzilla.suse.com/show_bug.cgi?id=934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/show_bug.cgi?id=934493 https://scc.suse.com:443/patches/ . Crucial SUSE patch addresses various vulnerabilities in OpenSSL, significantly boosting system defensesagainst potential threats.. SUSE Linux Enterprise, OpenSSL, security update, important patch, system security. . Severity: Important. LinuxSecurity.com Team
Jul 03, 2015
•Important
SuSE
217
security advisorysecurity issuekernel updateOracle Linux 6 ELSA-2012-2045 Low: Kernel Bug Resolution
The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2012-2044 The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-2.6.32-300.39.1.el6uek.i686.rpm kernel-uek-debug-2.6.32-300.39.1.el6uek.i686.rpm kernel-uek-debug-devel-2.6.32-300.39.1.el6uek.i686.rpm kernel-uek-headers-2.6.32-300.39.1.el6uek.i686.rpm kernel-uek-devel-2.6.32-300.39.1.el6uek.i686.rpm kernel-uek-doc-2.6.32-300.39.1.el6uek.noarch.rpm kernel-uek-firmware-2.6.32-300.39.1.el6uek.noarch.rpm ofa-2.6.32-300.39.1.el6uek-1.5.1-4.0.58.i686.rpm ofa-2.6.32-300.39.1.el6uekdebug-1.5.1-4.0.58.i686.rpm mlnx_en-2.6.32-300.39.1.el6uek-1.5.7-0.1.i686.rpm mlnx_en-2.6.32-300.39.1.el6uekdebug-1.5.7-0.1.i686.rpm x86_64: kernel-uek-firmware-2.6.32-300.39.1.el6uek.noarch.rpm kernel-uek-doc-2.6.32-300.39.1.el6uek.noarch.rpm kernel-uek-2.6.32-300.39.1.el6uek.x86_64.rpm kernel-uek-headers-2.6.32-300.39.1.el6uek.x86_64.rpm kernel-uek-devel-2.6.32-300.39.1.el6uek.x86_64.rpm kernel-uek-debug-devel-2.6.32-300.39.1.el6uek.x86_64.rpm kernel-uek-debug-2.6.32-300.39.1.el6uek.x86_64.rpm ofa-2.6.32-300.39.1.el6uek-1.5.1-4.0.58.x86_64.rpm ofa-2.6.32-300.39.1.el6uekdebug-1.5.1-4.0.58.x86_64.rpm mlnx_en-2.6.32-300.39.1.el6uek-1.5.7-0.1.x86_64.rpm mlnx_en-2.6.32-300.39.1.el6uekdebug-1.5.7-0.1.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol6/SRPMS-updates/kernel-uek-2.6.32-300.39.1.el6uek.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/ofa-2.6.32-300.39.1.el6uek-1.5.1-4.0.58.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/mlnx_en-2.6.32-300.39.1.el6uek-1.5.7-0.1.src.rpm Description of changes: [2.6.32-300.39.1.el6uek] - hugepages: fix use after free bug in "quota" handling [15842385] {CVE-2012-2133} - mm: Hold a file reference in madvise_remove [15842884] {CVE-2012-3511} - udf: Fortify loading of sparing table [15843730] {CVE-2012-3400} - udf: Avoid run away loop when partition table length is corrupt [15843730]{CVE-2012-3400} . CentOS 6 obtains kernel patches through ELSA-2021-1234 which tackles a variety of vulnerabilities to improve overall system security.. Oracle Linux Update, Kernel Security Patch, ELSA-2012-2044. . Severity: Low. LinuxSecurity.com Team
Nov 09, 2012
•Low
Oracle
100
security advisoryupdateimportantSUSE: 2012:1015-1 Important Update: Rubygem-Actionpack Two Issues
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. It includes one version update. It includes one version update.. SUSE Security Update: Security update for rubygem-actionpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1015-1 Rating: important References: #765097 #766791 Cross-References: CVE-2012-2660 CVE-2012-2694 Affected Products: WebYaST [Appliance - Tools] WebYaST 1.2 SUSE Studio Standard Edition 1.2 SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 SUSE Linux Enterprise Software Development Kit 11 SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update to rubygem-actionpack fixes two unsafe query generations with "IS NULL" in the WHERE clause. (CVE-2012-2660 , CVE-2012-2694 ) Indications: Everyone using rubygem-actionpack should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST [Appliance - Tools]: zypper in -t patch slewystsp1-rubygem-actionpack-2_3-6619 - WebYaST 1.2: zypper in -t patch slewyst12-rubygem-actionpack-2_3-6665 - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-rubygem-actionpack-2_3-6665 - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-rubygem-actionpack-2_3-6665 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-rubygem-actionpack-2_3-6665 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patchsdksp1-rubygem-actionpack-2_3-6619 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Studio Onsite 1.2 (x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Studio Extension for System z 1.2 (s390x) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 References: https://www.suse.com/security/cve/CVE-2012-2660.html https://www.suse.com/security/cve/CVE-2012-2694.html . SUSE Security Advisory on rubygem-activerecord: urgent patch resolves major vulnerabilities, fortifying overall system integrity.. rubygem-actionpack Update,SUSE Security Fix,rubygem Actionpack. . Severity: Important. LinuxSecurity.com Team
Aug 21, 2012
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!