Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...

Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: CVE-2024-41090: tap: add missing verification for short frame bsc1228714. CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218. Patch...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...

SUSE-SU-2025:1252-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-41090: tap: add missing verification for short frame bsc1228714. - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218...

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

SUSE-SU-2025:20008-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. - CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

CLSA-2024-1725876080 kernel: Fix of 44 CVEs

dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklist CVE-2024-40956 - userfaultfd: fix a race between writeprotect and exitmmap CVE-2021-47461 - netfilter: nftables: use timestamp to check for set element timeout CVE-2024-27397 - x86/sev: Harden VC instruction emulation somewhat...

CVE-2024-41091

CVE-2024-41091, in the Linux kernel, is due to missing verification of frame length in the tun_xdp_one() path. This can allow a skb with insufficient Ethernet header length to be processed, risking out-of-bounds access or header-length inconsistencies in subsequent processing. A related path (tun...

CVE-2024-41090 tap: add missing verification for short frame

In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tapgetuserxdp path, which could cause a corrupted skb to be sent downstack. Even before the skb is...

Заткнуто 4 дырки в Internet Explorer (Browser Print Template, File Upload via Form, Scriptlet Rendering, Frame Domain Verification)

Через шаблоны печати можно выполнить код на компьютере клиента, формы позволяют загружать файл с компьютера пользователя без его одобрения, кроме того несколько ошибок с определением зоны выполнения скриптов...