kernel-4.18.0-553.23.1.el8_10
* Thu Sep 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.23.1.el8_10] - ethtool: check device is present when getting link settings (Jamie Bainbridge) [RHEL-57002] - netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924} - netfilter: nf_tables: missing iterator type in lookup walk (Phil Sutter) [RHEL-35033] {CVE-2024-27017} - netfilter: nft_set_pipapo: walk over current view on netlink dump (Phil Sutter) [RHEL-35033] {CVE-2024-27017} - netfilter: nftables: add helper function to flush set elements (Phil Sutter) [RHEL-35033] {CVE-2024-27017} - netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51040] {CVE-2024-41042} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter) [RHEL-51516] {CVE-2024-42070} - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Phil Sutter) [RHEL-43003] {CVE-2024-35898} - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47606] {CVE-2024-39503} - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter) [RHEL-47606] {CVE-2024-39503} - netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47606] {CVE-2024-39503} - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Phil Sutter) [RHEL-42680] {CVE-2024-26851} - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - dev/parport: fix the array out-of-bounds risk (Steve Best) [RHEL-54985] {CVE-2024-42301} - KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) [RHEL-35100] {CVE-2024-26976} - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44279] {CVE-2024-38540} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55069] {CVE-2024-42284} - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CKI Backport Bot) [RHEL-26831] {CVE-2024-24857} - drm/i915/dpt: Make DPT object unshrinkable (CKI Backport Bot) [RHEL-47856] {CVE-2024-40924} - tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48363] {CVE-2024-40983} - block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54763] {CVE-2024-43854} - gso: do not skip outer ip header in case of ipip and net_failover (CKI Backport Bot) [RHEL-55790] {CVE-2022-48936} - drm/amdgpu: avoid using null object of framebuffer (CKI Backport Bot) [RHEL-51405] {CVE-2024-41093} - ipv6: prevent possible NULL deref in fib6_nh_init() (Guillaume Nault) [RHEL-48170] {CVE-2024-40961} - mlxsw: spectrum_acl_erp: Fix object nesting warning (CKI Backport Bot) [RHEL-55568] {CVE-2024-43880} - ibmvnic: Add tx check to prevent skb leak (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066} - ibmvnic: rename local variable index to bufidx (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066} - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - USB: serial: mos7840: fix crash on resume (CKI Backport Bot) [RHEL-53680] {CVE-2024-42244} - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CKI Backport Bot) [RHEL-48381] {CVE-2024-40984} Resolves: RHEL-26831, RHEL-34221, RHEL-35033, RHEL-35100, RHEL-37038, RHEL-37039, RHEL-42680, RHEL-43003, RHEL-44279, RHEL-47606, RHEL-47856, RHEL-48170, RHEL-48363, RHEL-48381, RHEL-51040, RHEL-51249, RHEL-51405, RHEL-51516, RHEL-53680, RHEL-54763, RHEL-54985, RHEL-55069, RHEL-55568, RHEL-55790, RHEL-57002 Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
This commit is contained in:
parent
1238d03c7f
commit
67fea34b5b
42
kernel.spec
42
kernel.spec
@ -38,10 +38,10 @@
|
|||||||
# define buildid .local
|
# define buildid .local
|
||||||
|
|
||||||
%define specversion 4.18.0
|
%define specversion 4.18.0
|
||||||
%define pkgrelease 553.22.1.el8_10
|
%define pkgrelease 553.23.1.el8_10
|
||||||
|
|
||||||
# allow pkg_release to have configurable %%{?dist} tag
|
# allow pkg_release to have configurable %%{?dist} tag
|
||||||
%define specrelease 553.22.1%{?dist}
|
%define specrelease 553.23.1%{?dist}
|
||||||
|
|
||||||
%define pkg_release %{specrelease}%{?buildid}
|
%define pkg_release %{specrelease}%{?buildid}
|
||||||
|
|
||||||
@ -2696,6 +2696,44 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.23.1.el8_10]
|
||||||
|
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [RHEL-57002]
|
||||||
|
- netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924}
|
||||||
|
- netfilter: nf_tables: missing iterator type in lookup walk (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
|
||||||
|
- netfilter: nft_set_pipapo: walk over current view on netlink dump (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
|
||||||
|
- netfilter: nftables: add helper function to flush set elements (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
|
||||||
|
- netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51040] {CVE-2024-41042}
|
||||||
|
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter) [RHEL-51516] {CVE-2024-42070}
|
||||||
|
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Phil Sutter) [RHEL-43003] {CVE-2024-35898}
|
||||||
|
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
|
||||||
|
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
|
||||||
|
- netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
|
||||||
|
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Phil Sutter) [RHEL-42680] {CVE-2024-26851}
|
||||||
|
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- dev/parport: fix the array out-of-bounds risk (Steve Best) [RHEL-54985] {CVE-2024-42301}
|
||||||
|
- KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) [RHEL-35100] {CVE-2024-26976}
|
||||||
|
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44279] {CVE-2024-38540}
|
||||||
|
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55069] {CVE-2024-42284}
|
||||||
|
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (CKI Backport Bot) [RHEL-26831] {CVE-2024-24857}
|
||||||
|
- drm/i915/dpt: Make DPT object unshrinkable (CKI Backport Bot) [RHEL-47856] {CVE-2024-40924}
|
||||||
|
- tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48363] {CVE-2024-40983}
|
||||||
|
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54763] {CVE-2024-43854}
|
||||||
|
- gso: do not skip outer ip header in case of ipip and net_failover (CKI Backport Bot) [RHEL-55790] {CVE-2022-48936}
|
||||||
|
- drm/amdgpu: avoid using null object of framebuffer (CKI Backport Bot) [RHEL-51405] {CVE-2024-41093}
|
||||||
|
- ipv6: prevent possible NULL deref in fib6_nh_init() (Guillaume Nault) [RHEL-48170] {CVE-2024-40961}
|
||||||
|
- mlxsw: spectrum_acl_erp: Fix object nesting warning (CKI Backport Bot) [RHEL-55568] {CVE-2024-43880}
|
||||||
|
- ibmvnic: Add tx check to prevent skb leak (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
|
||||||
|
- ibmvnic: rename local variable index to bufidx (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
|
||||||
|
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
|
||||||
|
- USB: serial: mos7840: fix crash on resume (CKI Backport Bot) [RHEL-53680] {CVE-2024-42244}
|
||||||
|
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CKI Backport Bot) [RHEL-48381] {CVE-2024-40984}
|
||||||
|
|
||||||
* Wed Sep 11 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.22.1.el8_10]
|
* Wed Sep 11 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.22.1.el8_10]
|
||||||
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Michal Schmidt) [RHEL-51278] {CVE-2024-41071}
|
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Michal Schmidt) [RHEL-51278] {CVE-2024-41071}
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (linux-4.18.0-553.22.1.el8_10.tar.xz) = 6cf1d69cc0d72a300b56b036321b43ad63d124e3c3549f079144aa212fa4cb3347d7c674991987061e024a013b826b6e4bfde84b54c8da436546b30cbd14eb8e
|
SHA512 (linux-4.18.0-553.23.1.el8_10.tar.xz) = 388d8732d91708ac41284a72a5a4129e043fbef579bdc0011de7f11ea3c87e7cea0aeae3d7e097f907df4caebf9072721a64641644ce487b903af1129fae303e
|
||||||
SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = ce686f2cfaaf5bc4e99005586dbf2878d47a25d9680de97bee62281e5a26eac0ffe633ce418463dd9f0ba1f42238fba73700293a47ae153d38ef2305b809933d
|
SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 1bed5130cf54e7baad1ba769dabccf0e8eac92ae998f311b700ae41ebdb9fd8b8caf8c0f5d21703ceee28d9603dab7c6854f503cf3ed29a76c5af24f2257a829
|
||||||
SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf
|
SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf
|
||||||
|
Loading…
Reference in New Issue
Block a user