diff --git a/.gitignore b/.gitignore index 152cc63..457b8b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.97.1.rt7.438.el8_10.tar.xz +SOURCES/linux-4.18.0-553.100.1.rt7.441.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 77803ee..92466a3 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -a49497a3f9e1d663ec85b8a536dbaf4ea8618442 SOURCES/linux-4.18.0-553.97.1.rt7.438.el8_10.tar.xz +e659169409d37b204fc4298cc2e61c4c6b2fdb79 SOURCES/linux-4.18.0-553.100.1.rt7.441.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 9243228..ef0f7e4 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.97.1.rt7.438.el8_10 +%define pkgrelease 553.100.1.rt7.441.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.97.1.rt7.438%{?dist} +%define specrelease 553.100.1.rt7.441%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .438 +%global rtbuild .441 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2708,6 +2708,28 @@ fi # # %changelog +* Tue Jan 27 2026 CKI KWF Bot [4.18.0-553.100.1.rt7.441.el8_10] +- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Kamal Heib) [RHEL-138396] {CVE-2024-26766} + +* Sat Jan 24 2026 CKI KWF Bot [4.18.0-553.99.1.rt7.440.el8_10] +- fbdev: bitblit: bound-check glyph index in bit_putcs* (Jocelyn Falempe) [RHEL-136937] {CVE-2025-40322} +- atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137591] {CVE-2025-38459} +- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138010] {CVE-2025-38415} +- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138010] {CVE-2025-38415} +- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137362] {CVE-2025-39760} +- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137058] {CVE-2025-38024} + +* Thu Jan 22 2026 Patrick Talbert [4.18.0-553.98.1.rt7.439.el8_10] +- vfs: use READ_ONCE() to access ->i_link (Jay Shin) [RHEL-141790] +- fold generic_readlink() into its only caller (Jay Shin) [RHEL-141790] +- fs/proc: fix uaf in proc_readdir_de() (Pavel Reichl) [RHEL-137093] {CVE-2025-40271} +- Backport 'create an empty changelog file when changing its name' (Alexandra Hájková) +- mptcp: fix race condition in mptcp_schedule_work() (Paolo Abeni) [RHEL-134443] {CVE-2025-40258} +- mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) [RHEL-134443] +- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865} +- tcp: minor optimization in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865} +- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (Kamal Heib) [RHEL-134347] {CVE-2025-38022} + * Tue Jan 20 2026 CKI KWF Bot [4.18.0-553.97.1.rt7.438.el8_10] - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129107] {CVE-2025-40154}