CVE-2019-18805

A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack. Mitigation This flaw can be mitigated ...

Linux kernel fs/proc/proc_sysctl.c file null pointer dereference vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in the 'dropsysctltable' in the fs/proc/procsysctl.c file in Linux...

DEBIAN-CVE-2019-20054

In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e...

UBUNTU-CVE-2019-20054

In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e...

CVE-2019-19039

btrfsfreeextent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfsprintleaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as no...

openSUSE Security Update : procps (openSUSE-2019-2376)

This update for procps fixes the following issues : procps was updated to 3.3.15. bsc1092100 Following security issues were fixed : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved...

Kernel update: New kernel 2.6.32-042stab140.4; Virtuozzo 6.0 Update 12 Hotfix 46 (6.0.12-3750)

This update provides a new kernel 2.6.32-042stab140.4 for Virtuozzo 6.0 based on the RHEL 6.10 kernel 2.6.32-754.18.2.el6. The new kernel includes stability and usability fixes. Vulnerability id: PSBM-97313 Kernel could crash with "BUG at net/ipv4/tcpoutput.c" message in tcpretransmitskb...

Kernel update: New kernel 2.6.32-042stab140.4 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab140.4 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.18.2.el6. The new kernel includes stability and usability fixes. Vulnerability id: PSBM-97313 Kernel could crash with "BUG at...

CVE-2019-15325

In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled while /etc/sysctl.d/10-ptrace.conf attempts to set /proc/sys/kernel/yama/ptrace_scope to 1. This creates the appearance of a protection mechanism that is not actually effective, potentially increasing risk. The connected documents reiterate the s...

UBUNTU-CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-2)

This update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pamsystemd which could be exploited by a local user bsc1132348. CVE-2019-6454: Fixed a denial of service via crafted D-Bus message bsc1125352. CVE-2019-3843, CVE-2019-3844:...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0035) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - scsi: libfc: Fixup discmutex handling in fcoe module Hannes Reinecke Orabug: 29511036 - scsi: libfc: sanitize EDTOV and RATOV setting in fcp Hannes Reinecke Orabug: 29511036 - sysctl: Fix kabi breakag...

Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...

Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...

[ASA-201906-14] linux-lts: denial of service

Arch Linux Security Advisory ASA-201906-14 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-lts Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-984 Summary ======= The...

[SECURITY] [DLA 1823-1] linux security update

Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pamsystemd which could be exploited by a local user bsc1132348. CVE-2019-6454: Fixed a denial of service via crafted D-Bus message bsc1125352. CVE-2019-3843, CVE-2019-3844:...

openSUSE Security Update : systemd (openSUSE-2019-1450)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files bsc1080919. - CVE-2019-3842: Fixed a vulnerability in pamsystemd which...