ELSA-2025-1262

Опубликовано: 11 фев. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-1262: kernel security update (IMPORTANT)

[5.14.0-503.23.2_5.OL9]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates

[5.14.0-503.23.2_5]

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78075 RHEL-69574] {CVE-2024-53104}

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

bpftool

7.4.0-503.23.2.el9_5

kernel-tools

5.14.0-503.23.2.el9_5

kernel-cross-headers

5.14.0-503.23.2.el9_5

kernel-tools-libs-devel

5.14.0-503.23.2.el9_5

kernel-tools-libs

5.14.0-503.23.2.el9_5

python3-perf

5.14.0-503.23.2.el9_5

kernel-headers

5.14.0-503.23.2.el9_5

perf

5.14.0-503.23.2.el9_5

rtla

5.14.0-503.23.2.el9_5

Oracle Linux x86_64

kernel-debug

5.14.0-503.23.2.el9_5

bpftool

7.4.0-503.23.2.el9_5

kernel

5.14.0-503.23.2.el9_5

kernel-abi-stablelists

5.14.0-503.23.2.el9_5

kernel-core

5.14.0-503.23.2.el9_5

kernel-debug-core

5.14.0-503.23.2.el9_5

kernel-debug-modules

5.14.0-503.23.2.el9_5

kernel-debug-modules-core

5.14.0-503.23.2.el9_5

kernel-debug-modules-extra

5.14.0-503.23.2.el9_5

kernel-debug-uki-virt

5.14.0-503.23.2.el9_5

kernel-modules

5.14.0-503.23.2.el9_5

kernel-modules-core

5.14.0-503.23.2.el9_5

kernel-modules-extra

5.14.0-503.23.2.el9_5

kernel-tools

5.14.0-503.23.2.el9_5

kernel-tools-libs

5.14.0-503.23.2.el9_5

kernel-uki-virt

5.14.0-503.23.2.el9_5

kernel-uki-virt-addons

5.14.0-503.23.2.el9_5

python3-perf

5.14.0-503.23.2.el9_5

kernel-debug-devel

5.14.0-503.23.2.el9_5

kernel-debug-devel-matched

5.14.0-503.23.2.el9_5

kernel-devel

5.14.0-503.23.2.el9_5

kernel-devel-matched

5.14.0-503.23.2.el9_5

kernel-doc

5.14.0-503.23.2.el9_5

kernel-headers

5.14.0-503.23.2.el9_5

perf

5.14.0-503.23.2.el9_5

rtla

5.14.0-503.23.2.el9_5

kernel-cross-headers

5.14.0-503.23.2.el9_5

kernel-tools-libs-devel

5.14.0-503.23.2.el9_5

libperf

5.14.0-503.23.2.el9_5

Связанные CVE

CVE-2024-53104

Ссылки на источники

Связанные уязвимости

CVE-2024-53104

CVSS3: 7.8

ubuntu

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.