kernel-4.18.0-553.25.1.el8_10

* Wed Oct 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.25.1.el8_10]
- cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052]
- cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052]
- cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052]
- smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052]
- smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052]
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052]
- cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052]
- cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052]
- cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052]
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052]
- cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052]
- cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052]
- Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix unix perm bits to cifsacl conversion for "other" bits. (Paulo Alcantara) [RHEL-56052]
- drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttilä) [RHEL-53633] {CVE-2024-41092}
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
- of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
Resolves: RHEL-27224, RHEL-44267, RHEL-51553, RHEL-53633, RHEL-55000, RHEL-56052

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>

kernel.spec

@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.24.1.el8_10
+%define pkgrelease 553.25.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.24.1%{?dist}
+%define specrelease 553.25.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,30 @@ fi
 #
 #
 %changelog
+* Wed Oct 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.25.1.el8_10]
+- cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052]
+- cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052]
+- cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052]
+- smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052]
+- smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052]
+- cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052]
+- cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052]
+- cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052]
+- cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052]
+- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052]
+- cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052]
+- cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052]
+- cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052]
+- Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
+- SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
+- cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052]
+- cifs: Fix unix perm bits to cifsacl conversion for "other" bits. (Paulo Alcantara) [RHEL-56052]
+- drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttilä) [RHEL-53633] {CVE-2024-41092}
+- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224]
+- kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
+- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
+- of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
+
 * Wed Sep 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.24.1.el8_10]
 - cifs: do not set WorkstationName in NTLMSSP auth blob (Paulo Alcantara) [RHEL-56729]
 - padata: Fix possible divide-by-0 panic in padata_mt_helper() (Steve Best) [RHEL-56162] {CVE-2024-43889}

sources

@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.24.1.el8_10.tar.xz) = 7a780ffe33e9f4e4fd66e5a84514476caef8ba5ebc3c19662d0c5a2ae2758f98da3493b10abe9e17cbff7d59454f8a7f84813d7daf838502fba105ea1f664220
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 41bc916b40753433e0c7a87bade37bc43d86e6a59c1d3917622fa56d0bf274a2987d916cf9f3ad6dbe1e854a12c044dab2bf3b033229ee27f5b02997f500ddbb
+SHA512 (linux-4.18.0-553.25.1.el8_10.tar.xz) = 738039a50fb1a1e8c0c706531f79ad9d4b3c7d5e73147f7f1f5fc49ef3b09d0c832d6278a0f57ad6c302c2717ebc6bd7d9855e2a09921d9659833b0e074e99d0
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = fa85538df5e9c14e4fa4bceb53c6e0f936df60fd4034687ff51b9438356dcfb4e4234426fbf35b988baac3fc1e39e105c02bf7f49b2fb5daee4e6988a1184d45
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf