Ubuntu Security Notice 4115-2 - USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. Various other issues were also addressed.
f3c403ca6993818b3a6b46a2dc892b23Ubuntu Security Notice 4118-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
606239d761ad7f615ccb6ead5cc82c96Ubuntu Security Notice 4115-1 - Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service. Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
d33b91a9062e22127c5fc65115ec33feUbuntu Security Notice 4095-1 - Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ff726cc76288b070879d39966cb18209Red Hat Security Advisory 2019-2043-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
396c021234e85bd85be4ed53ce333c58Red Hat Security Advisory 2019-2029-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
91bf814ce959e44a2c4748ee469254c3Ubuntu Security Notice 4069-2 - USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
eed12995fb3ecba8be58c706282a29f2Ubuntu Security Notice 4069-1 - It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
6df771797de75dc230e8feb33ae00aaeSlackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.
dcc164dee87e520c21919a34673ad54bDebian Linux Security Advisory 4465-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a2e7d7ad8cd5265b8a90186bcd82ff4dLinux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification.
6e83b659aeebd1f611e769f9fff5b64b
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed