SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1223-1)

This update for the Linux Kernel 4.4.114-9267 fixes one issue. The following security issue was fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. Note that Tenable Network...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1236-1)

This update for the Linux Kernel 4.4.59-9217 fixes several issues. The following security issues were fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1230-1)

This update for the Linux Kernel 4.4.74-9235 fixes several issues. The following security issues were fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1251-1)

This update for the Linux Kernel 3.12.74-606457 fixes several issues. The following security issues were fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1267-1)

This update for the Linux Kernel 3.12.61-5292 fixes several issues. The following security issues were fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1266-1)

This update for the Linux Kernel 3.12.74-606440 fixes several issues. The following security issues were fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE-SU-2018:1240-1 Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3)

This update for the Linux Kernel 4.4.103-633 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE-SU-2018:1248-1 Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3)

This update for the Linux Kernel 4.4.82-69 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE-SU-2018:1232-1 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606469 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1202-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

Xen Intel Architecture Debug Exception Handling Local Privilege Escalation (XSA-260)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local privilege escalation vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if...

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Multiple operating system vendors issued coordinated patches this week to address a common vulnerability across their platforms, which was introduced thanks to widespread misinterpretation of Intel developer documentation. According to the CERT/CC team, most major players including Apple, FreeBSD...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1177-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown)

This update for xen to version 4.9.2 fixes several issues. This feature was added : - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed : - CVE-2018-8897: Prevent...

FreeBSD : FreeBSD -- Mishandling of x86 debug exceptions (521ce804-52fd-11e8-9123-a4badb2f4699)

The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead ...

RHEL 7 : kernel-rt (RHSA-2018:1355)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1355 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

PT-2018-17921 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x and later Description: The issue allows for a DNS rebinding attack, potentially leading to remote code execution. This can be exploited by malicious websites open in a web browser on the same computer or another computer...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-3641-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3641-1 advisory. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attack...

USN-3641-1: Linux kernel vulnerabilities

Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service system crash. This issue only affected the amd64 architecture. CVE-2018-8897 Andy Lutomirski discovered that...

USN-3641-1 linux, linux-aws, linux-azure, linux-euclid, linux-gcp, linux-hwe, linux-kvm, linux-lts-xenial, linux-oem, linux-raspi2, linux-snapdragon vulnerabilities

Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service system crash. This issue only affected the amd64 architecture. CVE-2018-8897 Andy Lutomirski discovered that...