CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

UBUNTU-CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

CVE-2019-3887

CVE-2019-3887 covers a KVM x2APIC MSR access flaw that can allow a L1 guest to read L0 APIC values via a L2 guest when nested virtualization is enabled, potentially crashing the host kernel (DoS). Affected: Linux kernel with nested=1 supporting x2APIC mode; cited in multiple Unity Linux/Nessus ad...

CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

DEBIAN-CVE-2019-1785

A vulnerability in the RAR file scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanism...

UBUNTU-CVE-2019-1785

A vulnerability in the RAR file scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanism...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3932-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3932-1 advisory. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3932-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3932-2 advisory. USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3931-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3931-1 advisory. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a...

USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation...

USN-3932-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. CVE-2017-18249 Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadat...

USN-3931-2: Linux kernel (HWE) vulnerabilities

USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirsk...

USN-3931-2 linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities

USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirsk...

USN-3930-2 linux-hwe, linux-azure vulnerabilities

USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sou...

USN-3930-1: Linux kernel vulnerabilities

Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture ALSA subsystem. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2018-19824 Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an...

openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)

This update for xen fixes the following issues : Update to Xen 4.10.2 bug fix release bsc1027519. Security vulnerabilities fixed : - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, m...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-772)

This update for MozillaThunderbird fixes the following issues : Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues bsc1112852 : Security issues fixed MFSA 2018-28 : - CVE-2018-12389: Fixed memory safety bugs. - CVE-2018-12390: Fixed memory safety bugs. - CVE-2018-12391:...

Nested Pages <= 3.0.7 - Post Edit Bypass

Contributors could quick edit posts not authored by themselves, and could allow them to change the slugs as well as titles...

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak...

CVE-2019-7221

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free...