Описание
ELSA-2024-3619: kernel security and bug fix update (MODERATE)
- [5.14.0-427.20.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.20.1_4]
- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735}
- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-36145 RHEL-29035]
- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-36145 RHEL-29035]
- PCI: Fix pci_rh_check_status() call semantics (Luiz Capitulino) [RHEL-36541 RHEL-35032]
- cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-36530 RHEL-31990 RHEL-9354]
[5.14.0-427.19.1_4]
- x86/mce: Cleanup mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- x86/mce: Define amd_mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- x86/MCE/AMD: Split amd_mce_is_memory_error() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35302 RHEL-35078] {CVE-2024-26993}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
bpftool
7.3.0-427.20.1.el9_4
kernel-cross-headers
5.14.0-427.20.1.el9_4
kernel-headers
5.14.0-427.20.1.el9_4
kernel-tools
5.14.0-427.20.1.el9_4
kernel-tools-libs
5.14.0-427.20.1.el9_4
kernel-tools-libs-devel
5.14.0-427.20.1.el9_4
perf
5.14.0-427.20.1.el9_4
python3-perf
5.14.0-427.20.1.el9_4
Oracle Linux x86_64
bpftool
7.3.0-427.20.1.el9_4
kernel
5.14.0-427.20.1.el9_4
kernel-abi-stablelists
5.14.0-427.20.1.el9_4
kernel-core
5.14.0-427.20.1.el9_4
kernel-cross-headers
5.14.0-427.20.1.el9_4
kernel-debug
5.14.0-427.20.1.el9_4
kernel-debug-core
5.14.0-427.20.1.el9_4
kernel-debug-devel
5.14.0-427.20.1.el9_4
kernel-debug-devel-matched
5.14.0-427.20.1.el9_4
kernel-debug-modules
5.14.0-427.20.1.el9_4
kernel-debug-modules-core
5.14.0-427.20.1.el9_4
kernel-debug-modules-extra
5.14.0-427.20.1.el9_4
kernel-devel
5.14.0-427.20.1.el9_4
kernel-devel-matched
5.14.0-427.20.1.el9_4
kernel-doc
5.14.0-427.20.1.el9_4
kernel-headers
5.14.0-427.20.1.el9_4
kernel-modules
5.14.0-427.20.1.el9_4
kernel-modules-core
5.14.0-427.20.1.el9_4
kernel-modules-extra
5.14.0-427.20.1.el9_4
kernel-tools
5.14.0-427.20.1.el9_4
kernel-tools-libs
5.14.0-427.20.1.el9_4
kernel-tools-libs-devel
5.14.0-427.20.1.el9_4
libperf
5.14.0-427.20.1.el9_4
perf
5.14.0-427.20.1.el9_4
python3-perf
5.14.0-427.20.1.el9_4
rtla
5.14.0-427.20.1.el9_4
rv
5.14.0-427.20.1.el9_4
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
In the Linux kernel, the following vulnerability has been resolved: i ...