[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.261/: Upgraded. These updates fix various bugs and security issues, including the recently announced iSCSI vulnerabilities allowing local...

[SECURITY] Fedora 31 Update: kata-osbuilder-1.11.1-1.fc31.1

Kata guest initrd and image build scripts...

The vulnerability of the implementations of grub_cmd_initrd and grub_initrd_init, the Grub2 operating system loaders, allows an attacker to access confidential data, compromise data integrity, and cause service failures.

The vulnerability of the implementations of grubcmdinitrd and grubinitrdinit, which are used by the Grub2 operating system loader, is related to the introduction of a large number of arguments into the initrd command in 32-bit architectures. Exploiting this vulnerability allows an attacker to gai...

GRUB2 contained integer overflows when handling the initrd command leading to a heap-based buffer overflow.

...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

Moderate: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

Denial Of Service (DoS)

grub2 is vulnerable to denial of service DoS. The vulnerability exists through integer overflow in initrd size handling...

Debian DSA-4735-1 : grub2 - security update

Several vulnerabilities have been discovered in the GRUB2 bootloader. - CVE-2020-10713 A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code. Details can be found at https://www.eclypsium.com/2020/07/29/theres-a-hole-in-th e-boot/ - CVE-2020-1430...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

USN-4432-1 grub2, grub2-signed vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

CVE-2020-15707 GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

UBUNTU-CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

Information Disclosure

kexec-tools is vulnerable to information disclosure. mkdumprd created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to...

Information Disclosure

kexec-tools is vulnerable to information disclosure. mkdumprd included unneeded sensitive files such as all files from the "/root/.ssh/" directory and the host's private SSH keys in the resulting initrd. This could lead to an information leak when initrd files were previously created with...

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.182/: Upgraded. These updates fix various bugs and many minor security issues. Be sure to upgrade your initrd after upgrading the kernel...

openSUSE Security Update : virtualbox (openSUSE-2019-943)

This update for virtualbox fixes the following issues : virtualbox was updated to version 5.2.22 released November 09 2018 by Oracle. Security issues fixed : - Fixed a guest-to-host excape via the e1000 virtual network driver bsc1115041. Non-security issues fixed : - Audio: Fixed a regression in...