From 0e1c35756fc3f1fbde105133f8b8119551b47f77 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 6 Aug 2025 17:10:20 +0000 Subject: [PATCH] import CS kernel-4.18.0-553.66.1.el8 --- .gitignore | 2 +- .kernel.metadata | 4 ++-- SPECS/kernel.spec | 25 +++++++++++++++++++++++-- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index b6d27b7..70c0ce4 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -SOURCES/linux-4.18.0-553.64.1.el8_10.tar.xz +SOURCES/linux-4.18.0-553.66.1.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index 7fc8a45..ab1b18c 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -ec49b8ac83e3ccebbce3a21b5044734f71dee42e SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 +1a172bccc2563c8e5ca1fa5b48115923f179b721 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 2318474e4033305aa0461e29d5962ca0a5dc24cb SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -2dd8369fc3d33d4d5446e938a01732d0c37251cc SOURCES/linux-4.18.0-553.64.1.el8_10.tar.xz +289ecbb66e1feec5ac3140041585f747addd4cdb SOURCES/linux-4.18.0-553.66.1.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 06577ef..38a067d 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.64.1.el8_10 +%define pkgrelease 553.66.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.64.1%{?dist} +%define specrelease 553.66.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2705,6 +2705,27 @@ fi # # %changelog +* Mon Jul 28 2025 Denys Vlasenko [4.18.0-553.66.1.el8_10] +- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} +- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000} +- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CKI Backport Bot) [RHEL-105415] {CVE-2025-37890} +- sch_hfsc: make hfsc_qlen_notify() idempotent (Xin Long) [RHEL-105415] +- crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102223] {CVE-2025-38079} +- Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-100698] {CVE-2025-22077} +- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-100698] +- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-100698] +- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-100698] {CVE-2024-54680} +- smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-100698] {CVE-2024-53095} +- smb: client: fix warning in generic_ip_connect() (Paulo Alcantara) [RHEL-100698] +- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103079] +- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103079] {CVE-2025-38052} +- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CKI Backport Bot) [RHEL-99013] {CVE-2025-22020} +- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98837] {CVE-2025-21928} + +* Thu Jul 24 2025 Denys Vlasenko [4.18.0-553.65.1.el8_10] +- x86/alternatives: avoid mapping FIX_TEXT_POKE1 page when it is not required (Rafael Aquini) [RHEL-95422] +- ext4: avoid resizing to a partial cluster size (CKI Backport Bot) [RHEL-101423] {CVE-2022-50020} + * Wed Jul 23 2025 Denys Vlasenko [4.18.0-553.64.1.el8_10] - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CKI Backport Bot) [RHEL-100387] {CVE-2025-21919} - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [RHEL-86256]