DEBIAN-CVE-2019-12218

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL2image function IMGLoadPCXRW at IMGpcx.c...

UBUNTU-CVE-2019-12216

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a heap-based buffer overflow in the SDL2image function IMGLoadPCXRW at IMGpcx.c...

Simple DirectMedia Layer Code Issue Vulnerability

Simple DirectMedia Layer SDL is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software and emulators. A code issue vulnerability exists in the libSDL2.a file in SDL version 2.0.9. The vulnerability arises from an improperly designed or...

Ubuntu 14.04 LTS : libvirt update (USN-3985-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

Null Pointer Reference Vulnerability in Simple DirectMedia Layer LoadSprite Function

Simple DirectMedia Layer is an office software. A null pointer reference vulnerability exists in the Simple DirectMedia Layer Lo function. An attacker could exploit this vulnerability to cause a denial of service...

openSUSE Security Update : xen (openSUSE-2019-1403) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4643)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4643 advisory. - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721848 CVE-2019-11091 - x86/speculation/mds: Make mdsmitigation mutable...

USN-3985-2 libvirt update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

MGASA-2019-0171 Updated kernel-tmb packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

Information Disclosure

The kernel packages is vulnerable to information disclosure. Microprocessors use a €˜load port€™ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and...

USN-3981-2 linux-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities

USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. Ke Sun, Henrique Kawakami, Kekai H...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4629)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4629 advisory. - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721935 CVE-2019-11091 - x86/speculation: Support 'mitigations='...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4628)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4628 advisory. - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721848 CVE-2019-11091 - x86/speculation/mds: Make mdsmitigation mutable...

Oracle Linux 6 : kernel (ELSA-2019-1169)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1169 advisory. - x86 x86/speculation/mds: Add SMT warning message Waiman Long 1692386 1692387 1692388 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 - x86...

RHEL 6 : qemu-kvm (RHSA-2019:1198)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1198 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide th...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4637)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4637 advisory. - x86/speculation/mds: Make cpumatches cpuinit Patrick Colp Orabug: 29752091 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 -...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4636)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4636 advisory. - x86/speculation/mds: Make cpumatches cpuinit Patrick Colp Orabug: 29751729 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 -...

hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...

Important: Red Hat Security Advisory: rhvm-appliance security update

An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...