Important: kernel-livepatch-4.14.177-139.253

Issue Overview: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending...

Important: kernel-livepatch-4.14.173-137.229

Issue Overview: In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4xattrsetentry use-after-free in fs/ext4/xattr.c when a large oldsize value is used in a memset call. CVE-2019-19319 Affected...

Important: kernel-livepatch-4.14.173-137.228

Issue Overview: In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4xattrsetentry use-after-free in fs/ext4/xattr.c when a large oldsize value is used in a memset call. CVE-2019-19319 Affected...

Important: kernel-livepatch-4.14.173-137.228

Issue Overview: An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody.CVE-2020-12657 Affected Packages: kernel-livepatch-4.14.173-137.228 Issue Correction: Please ensure you have live patching enabled. Run yum...

Important: kernel-livepatch-4.14.171-136.231

Issue Overview: An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody.CVE-2020-12657 Affected Packages: kernel-livepatch-4.14.171-136.231 Issue Correction: Please ensure you have live patching enabled. Run yum...

Medium: kernel-livepatch-4.14.171-136.231

Issue Overview: In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls. CVE-2020-10942 Affected Packages: kernel-livepatch-4.14.171-136.231 Issue Correctio...

Important: kernel-livepatch-4.14.171-136.231

Issue Overview: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIP...

Medium: kernel-livepatch-4.14.165-131.185

Issue Overview: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in drivers/tty/ntty.c.CVE-2020-8648 Affected Packages: kernel-livepatch-4.14.165-131.185 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: kernel-livepatch-4.14.171-136.231

Issue Overview: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in drivers/tty/ntty.c.CVE-2020-8648 Affected Packages: kernel-livepatch-4.14.171-136.231 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.165-131.185

Issue Overview: An issue was discovered in the Linux kernel before 5.0.10. SMB2negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.CVE-2019-1591 Affected Packages: kernel-livepatch-4.14.165-131.185 Issue...

Medium: kernel-livepatch-4.14.165-131.185

Issue Overview: In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.CVE-2019-20096 Affected Packages: kernel-livepatch-4.14.165-131.185 Issue Correction: Please ensure you have live patching enabled...

SUSE-SU-2018:2426-1 Security update for kernel-livepatch-tools

This update for kernel-livepatch-tools fixes the following issues: Add script for disabling SMT to help with the mitigation of the 'L1 Terminal Fault' issue CVE-2018-3646 bsc1099306 The script is called 'klp-kvm-l1tf-ctrl-smt' and is used for enabling or disabling SMT to mitigate the issue when...

OracleVM 3.4 : xen (OVMSA-2017-0116)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=74b662e79bc874fe8ad8a93d2891e6569c380004 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional...

Fedora 25 : xen (2016-81e5a36d8c)

enable xen livepatch in hypervisor via .config file qemu-kvm: Directory traversal flaw in 9p virtio backend CVE-2016-7116 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite CVE-2016-7161 CR0.TS and CR0.EM not always honored for x86 HVM guest XSA-190, CVE-2016-7777 Note that Tenable Network...