SUSE-SU-2020:2027-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. bsc1173573 - CVE-2020-15393: Fixed a memory leak in...

Ubuntu: Security Advisory (USN-4427-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

kernel is vulnerable to information disclosure. A flaw was found in the Linux kernels implementation of IBPB Indirect Branch Prediction Barrier. The IBPB mitigation will be disabled when STIBP is not available or when Enhanced Indirect Branch Restricted Speculation IBRS is available...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4427-1 advisory. It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could...

kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

A flaw was found in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to...

kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

A flaw was found in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to...

kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

A flaw was found in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to...

kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

A flaw was found in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to...

Twitter Hack Update: What We Know (and What We Don't)

UPDATED 7/18 at 12:50 p.m. ET Earlier this week, Twitter locked down thousands of verified accounts, including the accounts of Joe Biden, Bill Gates, Elon Musk, Apple, Uber and others, after it became clear that hackers had been able to compromise them. The tip-off? Suddenly these high-profile...

Twitter Hacked in Bitcoin Scam

It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message; I am giving back to the community. All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0028)

The remote OracleVM system is missing necessary patches to address critical security updates : - ipv4: ipv4defaultadvmss should use route mtu Eric Dumazet Orabug: 31563095 - net: ipv4: Refine the ipv4defaultadvmss Gao Feng Orabug: 31563095 - Revert 'bnxten: Remove busy poll logic in the driver.'...

SUSE-SU-2020:1713-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10768: Fixed an issue with the prctl function which could have allowed indirect branch speculation even after it has been disabled bsc1172783. -...

kernel security and bug fix update

3.10.0-1127.13.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 3.10.0-1127.13.1 - x86 x86/speculation: Support old struct x86cpuid & x86matchcpu...

SUSE-SU-2020:1693-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10768: The prctl function could be used to enable indirect branch speculation even after it has been disabled. bnc1172783 - CVE-2020-10766: A bug in the...

CVE-2020-10768

A flaw was found in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to...

UBUNTU-CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

kernel security and bug fix update

2.6.32-754.30.2.OL6 - Update genkey bug 25599697 2.6.32-754.30.2 - x86/speculation: Provide SRBDS late microcode loading support Waiman Long - documentation x86/speculation: Add Ivy Bridge to affected list Waiman Long 1827185 CVE-2020-0543 - documentation x86/speculation: Add SRBDS vulnerability...

Unbreakable Enterprise kernel security update

5.4.17-2011.3.2.1uek - x86/speculation: Add Ivy Bridge to affected list Josh Poimboeuf Orabug: 31352779 CVE-2020-0543 - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31352779 CVE-2020-0543 - x86/speculation: Add Special Register Buffer Data Sampling SRBD...

Unbreakable Enterprise kernel security update

4.14.35-1902.303.4.1 - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31422209 CVE-2020-0543 - x86/speculation: Add Special Register Buffer Data Sampling SRBDS mitigation Mark Gross Orabug: 31422209 CVE-2020-0543 - x86/cpu: Add 'table' argument to...

CVE-2020-13844

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."...