SECURITY

No Image

USN-5092-3: Linux kernel (Azure) regression

2021-10-19 KENNETH 0

USN-5092-3: Linux kernel (Azure) regression USN-5092-2 fixed vulnerabilities in Linux 5.11-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. (CVE-2021-41073) Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against [ more… ]

No Image

USN-5110-1: Ardour vulnerability

2021-10-18 KENNETH 0

USN-5110-1: Ardour vulnerability It was discovered that Ardour incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Source: USN-5110-1: Ardour vulnerability

No Image

USN-5109-1: nginx vulnerability

2021-10-18 KENNETH 0

USN-5109-1: nginx vulnerability It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. Source: USN-5109-1: nginx vulnerability

No Image

USN-5091-3: Linux kernel (Azure) regression

2021-10-15 KENNETH 0

USN-5091-3: Linux kernel (Azure) regression USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in [ more… ]

No Image

USN-5078-3: Squashfs-Tools vulnerability

2021-10-13 KENNETH 0

USN-5078-3: Squashfs-Tools vulnerability USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Source: USN-5078-3: Squashfs-Tools vulnerability