Fedora 37: kernel 2022-1a5b125ac6
Summary
The kernel meta package
The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless
network vulnerabilities and a couple of important arm bug fixes. ---- The
5.19.15 stable kernel update contains a number of important fixes across the
tree. ---- The 5.19.14 stable kernel update contains a number of important
fixes across the tree.
* Thu Oct 13 2022 Justin M. Forbes
- Bump for build (Justin M. Forbes)
- mctp: prevent double key removal and unref (Jeremy Kerr)
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg)
- wifi: mac80211: fix crash in beacon protection for P2P-device (Johannes Berg)
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg)
- wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg)
- wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg)
- wifi: cfg80211: ensure length byte is present before access (Johannes Berg)
- wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg)
- wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg)
- wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg)
- drm/vc4: hdmi: Check the HSM rate at runtime_resume (Maxime Ripard)
- drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (Maxime Ripard)
- phy: rockchip-inno-usb2: Return zero after otg sync (Peter Geis)
* Wed Oct 12 2022 Justin M. Forbes
- scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds)
- ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern)
- Linux v5.19.15
* Wed Oct 5 2022 Justin M. Forbes
- Linux v5.19.14
[ 1 ] Bug #2128462 - CVE-2022-40768 kernel: leak of sensitive information due to uninitialized data in stex_queuecommand_lck() in drivers/scsi/stex.c
https://bugzilla.redhat.com/show_bug.cgi?id=2128462
[ 2 ] Bug #2133490 - CVE-2022-3435 kernel: an out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c
https://bugzilla.redhat.com/show_bug.cgi?id=2133490
[ 3 ] Bug #2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
https://bugzilla.redhat.com/show_bug.cgi?id=2134377
[ 4 ] Bug #2134440 - CVE-2022-42719 kernel: A use-after-free problem observed in multi-BSSID element when parsing
https://bugzilla.redhat.com/show_bug.cgi?id=2134440
[ 5 ] Bug #2134451 - CVE-2022-42720 kernel: A use-after-free problem was observed in bss_ref_get in net/wireless/scan.c
https://bugzilla.redhat.com/show_bug.cgi?id=2134451
[ 6 ] Bug #2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
https://bugzilla.redhat.com/show_bug.cgi?id=2134506
[ 7 ] Bug #2134517 - CVE-2022-42722 Kernel: Denial of service in beacon protection for P2P-device
https://bugzilla.redhat.com/show_bug.cgi?id=2134517
su -c 'dnf upgrade --advisory FEDORA-2022-1a5b125ac6' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/
FEDORA-2022-1a5b125ac6 2022-10-17 22:54:25.295619 Product : Fedora 37 Version : 5.19.15 Release : 301.fc37 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless network vulnerabilities and a couple of important arm bug fixes. ---- The 5.19.15 stable kernel update contains a number of important fixes across the tree. ---- The 5.19.14 stable kernel update contains a number of important fixes across the tree. * Thu Oct 13 2022 Justin M. Forbes [5.19.15-1] - Bump for build (Justin M. Forbes) - mctp: prevent double key removal and unref (Jeremy Kerr) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg) - wifi: mac80211: fix crash in beacon protection for P2P-device (Johannes Berg) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg) - wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg) - wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg) - wifi: cfg80211: ensure length byte is present before access (Johannes Berg) - wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg) - wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg) - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg) - drm/vc4: hdmi: Check the HSM rate at runtime_resume (Maxime Ripard) - drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (Maxime Ripard) - phy: rockchip-inno-usb2: Return zero after otg sync (Peter Geis) * Wed Oct 12 2022 Justin M. Forbes [5.19.15-0] - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) - ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern) - Linux v5.19.15 * Wed Oct 5 2022 Justin M. Forbes [5.19.14-0] - Linux v5.19.14 [ 1 ] Bug #2128462 - CVE-2022-40768 kernel: leak of sensitive information due to uninitialized data in stex_queuecommand_lck() in drivers/scsi/stex.c https://bugzilla.redhat.com/show_bug.cgi?id=2128462 [ 2 ] Bug #2133490 - CVE-2022-3435 kernel: an out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c https://bugzilla.redhat.com/show_bug.cgi?id=2133490 [ 3 ] Bug #2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() https://bugzilla.redhat.com/show_bug.cgi?id=2134377 [ 4 ] Bug #2134440 - CVE-2022-42719 kernel: A use-after-free problem observed in multi-BSSID element when parsing https://bugzilla.redhat.com/show_bug.cgi?id=2134440 [ 5 ] Bug #2134451 - CVE-2022-42720 kernel: A use-after-free problem was observed in bss_ref_get in net/wireless/scan.c https://bugzilla.redhat.com/show_bug.cgi?id=2134451 [ 6 ] Bug #2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c https://bugzilla.redhat.com/show_bug.cgi?id=2134506 [ 7 ] Bug #2134517 - CVE-2022-42722 Kernel: Denial of service in beacon protection for P2P-device https://bugzilla.redhat.com/show_bug.cgi?id=2134517 su -c 'dnf upgrade --advisory FEDORA-2022-1a5b125ac6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/
Change Log
References
Update Instructions
