diff --git a/.gitignore b/.gitignore index d505143..2b3b63a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.121.1.rt7.462.el8_10.tar.xz +SOURCES/linux-4.18.0-553.123.1.rt7.464.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index eee8990..289c160 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -f2d5dced3890da3decbb356ca0c5218d734e5945 SOURCES/linux-4.18.0-553.121.1.rt7.462.el8_10.tar.xz +314b0016d06d283bc2d2a8b76dbe556fcddd9eb9 SOURCES/linux-4.18.0-553.123.1.rt7.464.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index e167b29..9e5157e 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.121.1.rt7.462.el8_10 +%define pkgrelease 553.123.1.rt7.464.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.121.1.rt7.462%{?dist} +%define specrelease 553.123.1.rt7.464%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .462 +%global rtbuild .464 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2710,6 +2710,25 @@ fi # # %changelog +* Mon May 04 2026 Denys Vlasenko [4.18.0-553.123.1.rt7.464.el8_10] +- crypto: algif_aead - snapshot IV for async AEAD requests (Herbert Xu) [RHEL-172187] +- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [RHEL-172187] +- crypto: authencesn - reject short ahash digests during instance creation (Herbert Xu) [RHEL-172187] +- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [RHEL-172187] +- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [RHEL-172187] {CVE-2026-31431} +- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Herbert Xu) [RHEL-172187] {CVE-2026-23060} +- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [RHEL-172187] +- crypto: af_alg - limit RX SG extraction by receive buffer budget (Herbert Xu) [RHEL-172187] {CVE-2026-31677} +- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [RHEL-172187] {CVE-2026-31431} +- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Herbert Xu) [RHEL-172187] +- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Paolo Bonzini) [RHEL-153727] {CVE-2026-23401} + +* Fri Apr 24 2026 CKI KWF Bot [4.18.0-553.122.1.rt7.463.el8_10] +- nvme: avoid double free special payload (Maurizio Lombardi) [RHEL-51303] {CVE-2024-41073} +- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166921] {CVE-2025-68724} +- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Jay Shin) [RHEL-166155] {CVE-2025-40252} +- kernel.h: Move ARRAY_SIZE() to a separate header (Jay Shin) [RHEL-166155] {CVE-2025-40252} + * Wed Apr 15 2026 CKI KWF Bot [4.18.0-553.121.1.rt7.462.el8_10] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Scott Mayhew) [RHEL-167011] {CVE-2026-31402}