Fedora 35: kernel 2022-b948fc3cfb | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-b948fc3cfb
2022-10-15 21:26:15.456251
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 35
Version     : 5.19.15
Release     : 101.fc35
URL         : https://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless
network vulnerabilities and a couple of important arm bug fixes.  ----  The
5.19.15 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 13 2022 Justin M. Forbes  [5.19.15-1]
- Bump for build (Justin M. Forbes)
- mctp: prevent double key removal and unref (Jeremy Kerr)
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg)
- wifi: mac80211: fix crash in beacon protection for P2P-device (Johannes Berg)
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg)
- wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg)
- wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg)
- wifi: cfg80211: ensure length byte is present before access (Johannes Berg)
- wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg)
- wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg)
- wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg)
- drm/vc4: hdmi: Check the HSM rate at runtime_resume (Maxime Ripard)
- drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (Maxime Ripard)
- phy: rockchip-inno-usb2: Return zero after otg sync (Peter Geis)
* Wed Oct 12 2022 Justin M. Forbes  [5.19.15-0]
- scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds)
- ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern)
- Linux v5.19.15
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2128462 - CVE-2022-40768 kernel: leak of sensitive information due to uninitialized data in stex_queuecommand_lck() in drivers/scsi/stex.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2128462
  [ 2 ] Bug #2133490 - CVE-2022-3435 kernel: an out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2133490
  [ 3 ] Bug #2134377 - CVE-2022-41674 kernel: u8 overflow problem in  cfg80211_update_notlisted_nontrans()
        https://bugzilla.redhat.com/show_bug.cgi?id=2134377
  [ 4 ] Bug #2134440 - CVE-2022-42719 kernel: A use-after-free problem observed in multi-BSSID element when parsing
        https://bugzilla.redhat.com/show_bug.cgi?id=2134440
  [ 5 ] Bug #2134451 - CVE-2022-42720 kernel: A use-after-free problem was observed in bss_ref_get in net/wireless/scan.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2134451
  [ 6 ] Bug #2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2134506
  [ 7 ] Bug #2134517 - CVE-2022-42722 Kernel: Denial of service in beacon protection for  P2P-device
        https://bugzilla.redhat.com/show_bug.cgi?id=2134517
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-b948fc3cfb' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 35: kernel 2022-b948fc3cfb

October 15, 2022
The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless network vulnerabilities and a couple of important arm bug fixes

Summary

The kernel meta package

Update Information:

The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless network vulnerabilities and a couple of important arm bug fixes. ---- The 5.19.15 stable kernel update contains a number of important fixes across the tree.

Change Log

* Thu Oct 13 2022 Justin M. Forbes [5.19.15-1] - Bump for build (Justin M. Forbes) - mctp: prevent double key removal and unref (Jeremy Kerr) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg) - wifi: mac80211: fix crash in beacon protection for P2P-device (Johannes Berg) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg) - wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg) - wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg) - wifi: cfg80211: ensure length byte is present before access (Johannes Berg) - wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg) - wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg) - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg) - drm/vc4: hdmi: Check the HSM rate at runtime_resume (Maxime Ripard) - drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (Maxime Ripard) - phy: rockchip-inno-usb2: Return zero after otg sync (Peter Geis) * Wed Oct 12 2022 Justin M. Forbes [5.19.15-0] - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) - ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern) - Linux v5.19.15

References

[ 1 ] Bug #2128462 - CVE-2022-40768 kernel: leak of sensitive information due to uninitialized data in stex_queuecommand_lck() in drivers/scsi/stex.c https://bugzilla.redhat.com/show_bug.cgi?id=2128462 [ 2 ] Bug #2133490 - CVE-2022-3435 kernel: an out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c https://bugzilla.redhat.com/show_bug.cgi?id=2133490 [ 3 ] Bug #2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() https://bugzilla.redhat.com/show_bug.cgi?id=2134377 [ 4 ] Bug #2134440 - CVE-2022-42719 kernel: A use-after-free problem observed in multi-BSSID element when parsing https://bugzilla.redhat.com/show_bug.cgi?id=2134440 [ 5 ] Bug #2134451 - CVE-2022-42720 kernel: A use-after-free problem was observed in bss_ref_get in net/wireless/scan.c https://bugzilla.redhat.com/show_bug.cgi?id=2134451 [ 6 ] Bug #2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c https://bugzilla.redhat.com/show_bug.cgi?id=2134506 [ 7 ] Bug #2134517 - CVE-2022-42722 Kernel: Denial of service in beacon protection for P2P-device https://bugzilla.redhat.com/show_bug.cgi?id=2134517

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-b948fc3cfb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : kernel
Product : Fedora 35
Version : 5.19.15
Release : 101.fc35
URL : https://www.kernel.org/
Summary : The Linux kernel

Related News

openSUSE Begins Enforcing Secure Boot Kernel Lockdown

Linux Inadvertently Has Been Leaving IBRS-Mitigated Systems Without STIBP

Citrix Fixes Severe Flaws in Workspace, Virtual Apps and Desktops

Parrot OS 5.2 Tightens Security, Better TOR Bridges Support

News

Advisories

HOWTOs

Features

Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy