Описание
ELSA-2023-1703: kernel security and bug fix update (IMPORTANT)
- [5.14.0-162.23.1_1.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
[5.14.0-162.23.1_1]
- ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) [2165344 2165345] {CVE-2023-0386}
- intel_idle: make SPR C1 and C1E be independent (David Arcari) [2168361 2125352]
- intel_idle: Add a new flag to initialize the AMX state (David Arcari) [2168361 2117766]
- x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (David Arcari) [2168361 2117766]
- x86/insn: Add AMX instructions to the x86 instruction decoder (Michael Petlan) [2168361 2140492]
- futex: Resend potentially swallowed owner death notification (Rafael Aquini) [2168836 2161817]
- tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373 2156374] {CVE-2022-4744}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
bpftool
5.14.0-162.23.1.el9_1
kernel-cross-headers
5.14.0-162.23.1.el9_1
kernel-headers
5.14.0-162.23.1.el9_1
kernel-tools
5.14.0-162.23.1.el9_1
kernel-tools-libs
5.14.0-162.23.1.el9_1
kernel-tools-libs-devel
5.14.0-162.23.1.el9_1
perf
5.14.0-162.23.1.el9_1
python3-perf
5.14.0-162.23.1.el9_1
Oracle Linux x86_64
bpftool
5.14.0-162.23.1.el9_1
kernel
5.14.0-162.23.1.el9_1
kernel-abi-stablelists
5.14.0-162.23.1.el9_1
kernel-core
5.14.0-162.23.1.el9_1
kernel-cross-headers
5.14.0-162.23.1.el9_1
kernel-debug
5.14.0-162.23.1.el9_1
kernel-debug-core
5.14.0-162.23.1.el9_1
kernel-debug-devel
5.14.0-162.23.1.el9_1
kernel-debug-devel-matched
5.14.0-162.23.1.el9_1
kernel-debug-modules
5.14.0-162.23.1.el9_1
kernel-debug-modules-extra
5.14.0-162.23.1.el9_1
kernel-devel
5.14.0-162.23.1.el9_1
kernel-devel-matched
5.14.0-162.23.1.el9_1
kernel-doc
5.14.0-162.23.1.el9_1
kernel-headers
5.14.0-162.23.1.el9_1
kernel-modules
5.14.0-162.23.1.el9_1
kernel-modules-extra
5.14.0-162.23.1.el9_1
kernel-tools
5.14.0-162.23.1.el9_1
kernel-tools-libs
5.14.0-162.23.1.el9_1
kernel-tools-libs-devel
5.14.0-162.23.1.el9_1
perf
5.14.0-162.23.1.el9_1
python3-perf
5.14.0-162.23.1.el9_1
Связанные CVE
Связанные уязвимости
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
A flaw was found in the Linux kernel, where unauthorized access to the ...