RHEA-2017:1805-1: new packages: kmod-redhat-qed, kmod-redhat-qede, and kmod-redhat-qedf Red Hat Enterprise Linux: New kmod-redhat-qed, kmod-redhat-qede, and kmod-redhat-qedf packages are now available for Red Hat Enterprise Linux 7. Source: RHEA-2017:1805-1: new packages: kmod-redhat-qed, kmod-redhat-qede, and kmod-redhat-qedf
USN-3364-3: Linux kernel (AWS, GKE) vulnerabilities Ubuntu Security Notice USN-3364-3 25th July, 2017 linux-aws, linux-gke vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to/proc/iomem. A local attacker could use this to expose sensitiveinformation. (CVE-2015-8944) Alexander Potapenko discovered a race condition in the Advanced Linux SoundArchitecture (ALSA) subsystem in the Linux kernel. A local attacker coulduse this to expose sensitive information (kernel [ more… ]
USN-3365-1: Ruby vulnerabilities Ubuntu Security Notice USN-3365-1 25th July, 2017 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Ruby. Software description ruby1.9.1 – Object-oriented scripting language ruby2.0 – Object-oriented scripting language ruby2.3 – Object-oriented scripting language Details It was discovered that Ruby DL::dlopen incorrectly handled openinglibraries. An attacker could possibly use this issue to open libraries withtainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the RubyOpenSSL extension incorrectly handled hostname wildcard matching. Thisissue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855) Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectlyhandled certain crafted strings. An attacker could use this issue to causea denial of service, or possibly execute arbitrary code. [ more… ]
RHSA-2017:1599-2: Important: ansible security update Red Hat Enterprise Linux: An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7466, CVE-2017-7481 Source: RHSA-2017:1599-2: Important: ansible security update
USN-3364-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3364-1 24th July, 2017 linux, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to/proc/iomem. A local attacker could use this to expose sensitiveinformation. (CVE-2015-8944) Alexander Potapenko discovered a race condition in the Advanced Linux SoundArchitecture (ALSA) subsystem in the Linux kernel. A local attacker coulduse this to expose sensitive information (kernel memory).(CVE-2017-1000380) Li [ more… ]
Copyright © 2024 | WordPress Theme by MH Themes
