Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-12109

Опубликовано: 07 фев. 2023
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2023-12109: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.1.12-124.71.3]

  • USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662}
  • Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896}
  • Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307]
  • ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035]

[4.1.12-124.71.2]

  • scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763]
  • check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865]
  • KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865]
  • Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564}
  • Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564}

[4.1.12-124.71.1]

  • Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895}
  • wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628}
  • tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

4.1.12-124.71.3.el6uek

kernel-uek-debug

4.1.12-124.71.3.el6uek

kernel-uek-debug-devel

4.1.12-124.71.3.el6uek

kernel-uek-devel

4.1.12-124.71.3.el6uek

kernel-uek-doc

4.1.12-124.71.3.el6uek

kernel-uek-firmware

4.1.12-124.71.3.el6uek

Oracle Linux 7

Oracle Linux x86_64

kernel-uek

4.1.12-124.71.3.el7uek

kernel-uek-debug

4.1.12-124.71.3.el7uek

kernel-uek-debug-devel

4.1.12-124.71.3.el7uek

kernel-uek-devel

4.1.12-124.71.3.el7uek

kernel-uek-doc

4.1.12-124.71.3.el7uek

kernel-uek-firmware

4.1.12-124.71.3.el7uek

Связанные CVE

CVE-2022-3628
CVE-2022-3524
CVE-2022-42896
CVE-2022-42895
CVE-2022-4662
CVE-2022-3564

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2022:4574-1

suse-cvrf
больше 2 лет назад

Security update for the Linux Kernel

suse-cvrf логотип

SUSE-SU-2022:4615-1

suse-cvrf
больше 2 лет назад

Security update for the Linux Kernel

suse-cvrf логотип

SUSE-SU-2022:4573-1

suse-cvrf
больше 2 лет назад

Security update for the Linux Kernel

suse-cvrf логотип

SUSE-SU-2022:4614-1

suse-cvrf
больше 2 лет назад

Security update for the Linux Kernel

suse-cvrf логотип

SUSE-SU-2022:4589-1

suse-cvrf
больше 2 лет назад

Security update for the Linux Kernel