Security update for openvswitch (moderate)

This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...

systemd/fuzz-netdev-parser: Use-of-uninitialized-value in in_addr_is_null

Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=5731561064890368 Project: systemd Fuzzer: libFuzzersystemdfuzz-netdev-parser Fuzz target binary: fuzz-netdev-parser Job Type: libfuzzermsansystemd Platform Id: linux Crash Type:...

systemd/fuzz-netdev-parser: Heap-buffer-overflow in wireguard_done

Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=5656248813355008 Project: systemd Fuzzer: libFuzzersystemdfuzz-netdev-parser Fuzz target binary: fuzz-netdev-parser Job Type: libfuzzerasansystemd Platform Id: linux Crash Type: Heap-buffer-overflow...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass

/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch(CVE-2017-1000112)

Bug details When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb-len...

Fedora 23 : kernel-4.2.3-300.fc23 (2015-43145298f4)

The 4.2.3 stable kernel update contains a number of important fixes across the tree. kernel-4.2.3-300.fc23 - Linux v4.2.3 - Netdev fix race in resqqueueunlink Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

OracleVM 3.3 : kernel-uek (OVMSA-2015-0144)

The remote OracleVM system is missing necessary patches to address critical security updates : - virtio-net: drop NETIFFFRAGLIST Jason Wang Orabug: 22145600 CVE-2015-5156 - netdev: fix NETIFFGSOUDPTUNNELBIT enum shift in i40e driver import Todd Vierling Orabug: 22066176 - xen/blkfront: remove...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-98.5.2 - virtio-net: drop NETIFFFRAGLIST Jason Wang Orabug: 22145600 CVE-2015-5156 3.8.13-98.5.1 - netdev: fix NETIFFGSOUDPTUNNELBIT enum shift in i40e driver import Todd Vierling Orabug: 22066176...

UBUNTU-CVE-2014-3535

include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdevprintk and its related logging implementation, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash by sending invalid packets to a VxLAN interface...

PT-2014-5377 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36 Description: The issue is related to the incorrect use of macros for netdev printk and its related logging implementation in the Linux kernel. This can be exploited by remote attackers to cause a denial o...

Fedora 18 : libvirt-0.10.2.3-1.fc18 (2013-1644)

Rebased to version 0.10.2.3 - Fix libxl driver to build against xen 4.2 bz 870689 - Fix possible crash when destroying guests bz 877110 - Fix loading sysctl file bz 887017 - Fix svirt memory leak bz 890039 - Fix attaching PCI netdev to VM bz 893131 - Fix libvirtd segfault on shutdown bz 903184 -...

RHEL 6 : kernel (RHSA-2012:1589)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1589 advisory. - kernel: unfiltered netdev rioioctl access by users CVE-2012-2313 Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 6 : kernel (RHSA-2012:1304)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1304 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: An...