diff --git a/Makefile.rhelver b/Makefile.rhelver index bf44d99e3..11b3068d4 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 1 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 66 +RHEL_RELEASE = 67 # # RHEL_REBASE_NUM diff --git a/kernel.changelog b/kernel.changelog index c195039ab..784aa9d13 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,20 @@ +* Fri Mar 21 2025 Julio Faracco [6.12.0-67.el10] +- Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CKI Backport Bot) [RHEL-81378] {CVE-2024-57988} +- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CKI Backport Bot) [RHEL-81510] {CVE-2024-58013} +- ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CKI Backport Bot) [RHEL-77888] {CVE-2025-21652} +- usbnet: ipheth: document scope of NCM implementation (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: fix DPE OoB read (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: break up NCM header size computation (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: refactor NCM datagram loop (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: use static NDP16 location in URB (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: check that DPE points past NCM header (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: fix possible overflow in DPE length check (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- workqueue: Put the pwq after detaching the rescuer from the pool (CKI Backport Bot) [RHEL-81475] {CVE-2025-21786} +- netfilter: nf_tables: reject mismatching sum of field_len with set key length (CKI Backport Bot) [RHEL-82492] {CVE-2025-21826} +- pktgen: Avoid out-of-bounds access in get_imix_entries (CKI Backport Bot) [RHEL-77232] {CVE-2025-21680} +- Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CKI Backport Bot) [RHEL-81271] {CVE-2024-57987} +Resolves: RHEL-77232, RHEL-77888, RHEL-81271, RHEL-81349, RHEL-81378, RHEL-81435, RHEL-81475, RHEL-81510, RHEL-81565, RHEL-82492 + * Wed Mar 19 2025 Julio Faracco [6.12.0-66.el10] - crypto: tegra - do not transfer req when tegra init fails (Herbert Xu) [RHEL-82479] {CVE-2024-58075} - NFSD: fix hang in nfsd4_shutdown_callback (Olga Kornievskaia) [RHEL-81295] {CVE-2025-21795} diff --git a/kernel.spec b/kernel.spec index be894069e..5e18a628a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -164,15 +164,15 @@ Summary: The Linux kernel %define specrpmversion 6.12.0 %define specversion 6.12.0 %define patchversion 6.12 -%define pkgrelease 66 +%define pkgrelease 67 %define kversion 6 -%define tarfile_release 6.12.0-66.el10 +%define tarfile_release 6.12.0-67.el10 # This is needed to do merge window version magic %define patchlevel 12 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 66%{?buildid}%{?dist} +%define specrelease 67%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.12.0-66.el10 +%define kabiversion 6.12.0-67.el10 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -4358,7 +4358,7 @@ fi\ # # %changelog -* Fri Mar 21 2025 Andrei Lukoshko - 6.12.0-66 +* Tue Mar 25 2025 Andrei Lukoshko - 6.12.0-67 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 @@ -4369,10 +4369,26 @@ fi\ - kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained -* Fri Mar 21 2025 Eduard Abdullin - 6.12.0-66 +* Tue Mar 25 2025 Eduard Abdullin - 6.12.0-67 - Use AlmaLinux OS secure boot cert - Debrand for AlmaLinux OS +* Fri Mar 21 2025 Julio Faracco [6.12.0-67.el10] +- Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CKI Backport Bot) [RHEL-81378] {CVE-2024-57988} +- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CKI Backport Bot) [RHEL-81510] {CVE-2024-58013} +- ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CKI Backport Bot) [RHEL-77888] {CVE-2025-21652} +- usbnet: ipheth: document scope of NCM implementation (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: fix DPE OoB read (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: break up NCM header size computation (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: refactor NCM datagram loop (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: use static NDP16 location in URB (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: check that DPE points past NCM header (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- usbnet: ipheth: fix possible overflow in DPE length check (Jose Ignacio Tornos Martinez) [RHEL-81349 RHEL-81435 RHEL-81565] {CVE-2025-21741 CVE-2025-21743 CVE-2025-21742} +- workqueue: Put the pwq after detaching the rescuer from the pool (CKI Backport Bot) [RHEL-81475] {CVE-2025-21786} +- netfilter: nf_tables: reject mismatching sum of field_len with set key length (CKI Backport Bot) [RHEL-82492] {CVE-2025-21826} +- pktgen: Avoid out-of-bounds access in get_imix_entries (CKI Backport Bot) [RHEL-77232] {CVE-2025-21680} +- Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CKI Backport Bot) [RHEL-81271] {CVE-2024-57987} + * Wed Mar 19 2025 Julio Faracco [6.12.0-66.el10] - crypto: tegra - do not transfer req when tegra init fails (Herbert Xu) [RHEL-82479] {CVE-2024-58075} - NFSD: fix hang in nfsd4_shutdown_callback (Olga Kornievskaia) [RHEL-81295] {CVE-2025-21795} diff --git a/sources b/sources index 2cf838e7c..c59fad6eb 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.12.0-66.el10.tar.xz) = bb11ef570bb5451ce04c291a9a1b502c5339ae5a849eae65ad979cbdb154393929ee00a496b286ed52bd8d385aeeaa538f596db27196d1e60e8a291f16f3eedb -SHA512 (kernel-abi-stablelists-6.12.0-66.el10.tar.xz) = a688754a63b7eccc4e9620882d3edac094defb5f7e1da67a62de15267879322874c85fc992d28d651ad0b8fbf71933ca0d21dac4abf54c05dfabe848eb6f2c3b -SHA512 (kernel-kabi-dw-6.12.0-66.el10.tar.xz) = 363638a37d0822f41ee10a642eba36b7442adc8697b96afc32d0dfe7cdfef25279d16621d6a9d75e29ec659a379ba2be6b7a92e59255bdeb00c17b5d4b54690d +SHA512 (linux-6.12.0-67.el10.tar.xz) = 0868b684c1c795188a918b8ca9bfd4694766313b9a960f3d392f111ce27063ddc92c2c8ab49341a0141b93313640145e5701b4e725a39bccbe05934967ce1bc6 +SHA512 (kernel-abi-stablelists-6.12.0-67.el10.tar.xz) = 1f6bdc946a8eac5078a3f7cacbbaea49609ed614ef0c33fb40e11e69c47cf2834ae858b1c92d1066ec5d730ec331436e5fbf259294d40c8e1db2b2e71f5cbb01 +SHA512 (kernel-kabi-dw-6.12.0-67.el10.tar.xz) = 363638a37d0822f41ee10a642eba36b7442adc8697b96afc32d0dfe7cdfef25279d16621d6a9d75e29ec659a379ba2be6b7a92e59255bdeb00c17b5d4b54690d