From 299b15932daaa314d15060324b94784d3b74746d Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Thu, 4 Jun 2026 09:50:01 -0400 Subject: [PATCH] import CS git kernel-rt-4.18.0-553.129.1.rt7.470.el8_10 --- .gitignore | 2 +- .kernel-rt.metadata | 2 +- SPECS/kernel.spec | 21 ++++++++++++++++++--- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index e4d8997..d29bf21 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.126.1.rt7.467.el8_10.tar.xz +SOURCES/linux-4.18.0-553.129.1.rt7.470.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 5fa0a18..833863a 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -8f8d94e707fdaa1f2a191630c34ce9148e0b61be SOURCES/linux-4.18.0-553.126.1.rt7.467.el8_10.tar.xz +1a7f0d3827f067168deb12b1739ea95b50054ab7 SOURCES/linux-4.18.0-553.129.1.rt7.470.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 5c4347f..7f378da 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.126.1.rt7.467.el8_10 +%define pkgrelease 553.129.1.rt7.470.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.126.1.rt7.467%{?dist} +%define specrelease 553.129.1.rt7.470%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .467 +%global rtbuild .470 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2710,6 +2710,21 @@ fi # # %changelog +* Tue Jun 02 2026 CKI KWF Bot [4.18.0-553.129.1.rt7.470.el8_10] +- smb: client: reject userspace cifs.spnego descriptions (Paulo Alcantara) [RHEL-178938] {CVE-2026-46243} + +* Fri May 29 2026 CKI KWF Bot [4.18.0-553.128.1.rt7.469.el8_10] +- smb: client: fix OOB reads parsing symlink error response (Paulo Alcantara) [RHEL-171465] {CVE-2026-31613} +- geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Antoine Tenart) [RHEL-168961] +- geneve: Fix use-after-free in geneve_find_dev(). (Antoine Tenart) [RHEL-168961] {CVE-2025-21858} +- netfilter: nf_tables: release flowtable after rcu grace period on error (Florian Westphal) [RHEL-160514] {CVE-2026-23392} + +* Wed May 27 2026 CKI KWF Bot [4.18.0-553.127.1.rt7.468.el8_10] +- smc: Fix use-after-free in tcp_write_timer_handler(). (Steve Best) [RHEL-167084] {CVE-2023-53781} +- nbd: defer config unlock in nbd_genl_connect (CKI Backport Bot) [RHEL-166939] {CVE-2025-68366} +- libceph: prevent potential out-of-bounds reads in handle_auth_done() (CKI Backport Bot) [RHEL-143892] {CVE-2026-22984} +- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CKI Backport Bot) [RHEL-143874] {CVE-2026-22990} + * Wed May 20 2026 CKI KWF Bot [4.18.0-553.126.1.rt7.467.el8_10] - crypto: af_alg - Work around empty control messages without MSG_MORE (Thomas Huth) [RHEL-175772] - crypto: af_alg - Fix regression on empty requests (Thomas Huth) [RHEL-175772]