Oracle alert ELSA-2023-12842 (kernel)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2023-12842 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update | |
| Date: | Tue, 03 Oct 2023 16:46:25 -0700 | |
| Message-ID: | <mailman.191.1696376794.16280.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2023-12842 http://linux.oracle.com/errata/ELSA-2023-12842.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.79.2.el7uek.noarch.rpm kernel-uek-firmware-4.1.12-124.79.2.el7uek.noarch.rpm kernel-uek-4.1.12-124.79.2.el7uek.x86_64.rpm kernel-uek-devel-4.1.12-124.79.2.el7uek.x86_64.rpm kernel-uek-debug-4.1.12-124.79.2.el7uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.79.2.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.1... Related CVEs: CVE-2022-34918 CVE-2023-2513 CVE-2023-4387 CVE-2023-22024 CVE-2023-3772 CVE-2023-35001 CVE-2023-4206 CVE-2023-3611 CVE-2023-4459 CVE-2023-3776 Description of changes: [4.1.12-124.79.2] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814273] {CVE-2023-4206} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636291] {CVE-2023-3611} - rds: Fix lack of reentrancy for connection reset with dst addr zero (HÃ¥kon Bugge) [Orabug: 35741584] [Orabug: 35818110] {CVE-2023-22024} [4.1.12-124.79.1] - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754509] {CVE-2023-3772} - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) [Orabug: 35732892] {CVE-2023-4459} - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) [Orabug: 35732764] {CVE-2023-4387} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636313] {CVE-2023-3776} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609787] {CVE-2023-35001} - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) [Orabug: 35382025] {CVE-2023-2513} - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) [Orabug: 35382025] {CVE-2023-2513} - netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) [Orabug: 34362008] {CVE-2022-34918} _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata