Описание
ELSA-2022-1550: kernel security and bug fix update (IMPORTANT)
[4.18.0-348.23.1_5.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
[4.18.0-348.23.1_5]
- gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2069750 2061665]
[4.18.0-348.22.1_5]
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (Dick Kennedy) [2058193 2027558]
- cifs: check all path components in resolved dfs target (Ronnie Sahlberg) [2056329 2030880]
- RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032073 2032074] {CVE-2021-4028}
[4.18.0-348.21.1_5]
- netfilter: nf_queue: handle socket prefetch (Florian Westphal) [2061446 2009786]
- netfilter: nf_queue: fix possible use-after-free (Florian Westphal) [2061446 2009786]
- selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test (Florian Westphal) [2061446 2009786]
- netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) [2061446 2009786]
- netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056867 2056728] {CVE-2022-25636}
- netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056867 2056728] {CVE-2022-25636}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bpftool
4.18.0-348.23.1.el8_5
kernel-cross-headers
4.18.0-348.23.1.el8_5
kernel-headers
4.18.0-348.23.1.el8_5
kernel-tools
4.18.0-348.23.1.el8_5
kernel-tools-libs
4.18.0-348.23.1.el8_5
kernel-tools-libs-devel
4.18.0-348.23.1.el8_5
perf
4.18.0-348.23.1.el8_5
python3-perf
4.18.0-348.23.1.el8_5
Oracle Linux x86_64
bpftool
4.18.0-348.23.1.el8_5
kernel
4.18.0-348.23.1.el8_5
kernel-abi-stablelists
4.18.0-348.23.1.el8_5
kernel-core
4.18.0-348.23.1.el8_5
kernel-cross-headers
4.18.0-348.23.1.el8_5
kernel-debug
4.18.0-348.23.1.el8_5
kernel-debug-core
4.18.0-348.23.1.el8_5
kernel-debug-devel
4.18.0-348.23.1.el8_5
kernel-debug-modules
4.18.0-348.23.1.el8_5
kernel-debug-modules-extra
4.18.0-348.23.1.el8_5
kernel-devel
4.18.0-348.23.1.el8_5
kernel-doc
4.18.0-348.23.1.el8_5
kernel-headers
4.18.0-348.23.1.el8_5
kernel-modules
4.18.0-348.23.1.el8_5
kernel-modules-extra
4.18.0-348.23.1.el8_5
kernel-tools
4.18.0-348.23.1.el8_5
kernel-tools-libs
4.18.0-348.23.1.el8_5
kernel-tools-libs-devel
4.18.0-348.23.1.el8_5
perf
4.18.0-348.23.1.el8_5
python3-perf
4.18.0-348.23.1.el8_5
Связанные CVE
Связанные уязвимости
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
A flaw in the Linux kernel's implementation of RDMA communications man ...
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.