kexec-tools bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

kexec-tools bug fix and enhancement update

An update is available for kexec-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2021-20269

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. Mitigation The kexec service can be...

kexec-tools bug fix and enhancement update

The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot...

Unbreakable Enterprise kernel-container security update

4.14.35-2025.402.2.1.el7 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040805 CVE-2020-8694 CVE-2020-8695 4.14.35-2025.402.2.el7 - ocfs2: fix remounting needed after setfacl command Gang He - Fix multiple variable definition with syzkaller Hans Westgaard Ry Orabug:...

RHEL 8 : kernel (RHSA-2020:1372)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1372 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: local user can read...

Information Disclosure

kexec-tools is vulnerable to information disclosure. mkdumprd created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to...

Information Disclosure

kexec-tools is vulnerable to information disclosure. mkdumprd included unneeded sensitive files such as all files from the "/root/.ssh/" directory and the host's private SSH keys in the resulting initrd. This could lead to an information leak when initrd files were previously created with...

Information Disclosure

kexec-tools is vulnerable to information disclosure. Kdump used the SSH Secure Shell "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.29.1 - Copy secureboot flag in boot params across kexec reboot Dave Young Orabug: 22066352 CVE-2015-7837 - ipv6: tcp: add rcu locking in tcpv6sendsynack Eric Dumazet Orabug: 25059183 CVE-2016-3841 - ipv6: add complete rcu protection around np-opt Eric Dumazet Orabug: 2505918...

Unbreakable Enterprise kernel security update

4.14.35-1818.5.4 - RDS: null pointer dereference in rdsatomicfreeop Mohamed Ghannam Orabug: 28020694 CVE-2018-5333 - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation Alejandro Jimenez Orabug: 28474853 - x86/speculation: Enable enhanced IBRS usage Alejandro Jimenez Orabug:...

kernel security and bug fix update

2.6.32-754.OL6 - Update genkey bug 25599697 2.6.32-754 - powerpc 64s: Add support for a store forwarding barrier at kernel entry/exit Mauricio Oliveira 1581053 CVE-2018-3639 - x86 amd: Disable AMD SSBD mitigation in a VM Waiman Long 1580360 - x86 specctrl: Fix late microcode problem with AMD Waim...

Security Bulletin: PowerKVM is affected by a kexec-tools vulnerability (CVE-2015-0267)

Summary PowerKVM is affected by a kexec-tools vulnerability CVE-2015-0267. Vulnerability Details CVEID: CVE-2015-0267 DESCRIPTION: kexec-tools could allow a local attacker to launch a symlink attack. The script module-setup.sh creates temporary files insecurely. A local attacker could exploit thi...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-515) (Spectre)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are...

kernel security and bug fix update

2.6.32-696.30.1.OL6 - Update genkey bug 25599697 2.6.32-696.30.1 - x86 x86/kvm: fix CPUID7EDX word 18 mask Jan Stancek 1566893 1566899 CVE-2018-3639 2.6.32-696.29.1 - x86 x86/specctrl: Fix late microcode problem with AMD Waiman Long 1566893 1566899 CVE-2018-3639 - x86 x86/specctrl: Clean up entry...

kernel security, bug fix, and enhancement update

3.10.0-862.2.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.2.3 - x86 kvm: fix icebp instruction handling Paolo Bonzini 1566849 1566845...

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

DEBIAN-CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secureboot flag across kexec reboot...

CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secureboot flag across kexec reboot...

CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secureboot flag across kexec reboot...