kernel-4.18.0-553.31.1.el8_10

* Fri Nov 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.31.1.el8_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}
Resolves: RHEL-65399, RHEL-65955, RHEL-66042, RHEL-66104, RHEL-66457, RHEL-66862, RHEL-67823, RHEL-7988

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
This commit is contained in:
Denys Vlasenko 2024-11-22 09:48:19 +01:00
parent a897b12c37
commit 14ee20d83a
2 changed files with 23 additions and 4 deletions

View File

@ -38,10 +38,10 @@
# define buildid .local
%define specversion 4.18.0
%define pkgrelease 553.30.1.el8_10
%define pkgrelease 553.31.1.el8_10
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 553.30.1%{?dist}
%define specrelease 553.31.1%{?dist}
%define pkg_release %{specrelease}%{?buildid}
@ -2696,6 +2696,25 @@ fi
#
#
%changelog
* Fri Nov 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.31.1.el8_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}
* Fri Nov 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.30.1.el8_10]
- media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043}
- blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200]

View File

@ -1,3 +1,3 @@
SHA512 (linux-4.18.0-553.30.1.el8_10.tar.xz) = 13a97fe954386270130c5876c710f625d3dbb30e4b16c33f7641155ca2bc2ada00d672fffa84259911378913bcec9f5e6eb9cb4bb7a9bb3a3f02bc8d0c272203
SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = da50f79871884b80655e7f3c5e3248daffc742dfd1e3d620e16736211dafb3d7f2b6ace84cfc75eeb1b1174b3571ef3f8ceecd8b296d8946b182b4b11c014785
SHA512 (linux-4.18.0-553.31.1.el8_10.tar.xz) = 9d0008b1df1e00b06f5baba8e217a32d8104ffdc5d2f05b2a6f24b7bd1d9c18ff268b2fe09c5791b85c6d142cf05677f5ae6dc28ca53fa7065a41fafebdd99ab
SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 070d63e199b6ff3d212ad5865156defb4b8ab1d51e5c9889b29203808aa351da5c983fbccde6aa7b1622a5c0a0fc1a6a3f292eb31fabd15d28b3525d67ba766f
SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf