Oracle Linux Security Advisory ELSA-2023-12566

https://linux.oracle.com/errata/ELSA-2023-12566.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.76.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.76.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.76.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.76.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.76.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.76.2.el7uek.x86_64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.1.12-124.76.2.el7uek.src.rpm

Related CVEs:

CVE-2023-3159
CVE-2022-1679
CVE-2023-2269
CVE-2023-1118
CVE-2022-3434
CVE-2023-34256
CVE-2022-20141




Description of changes:

[4.1.12-124.76.2.el7uek]
- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye)  [Orabug: 35493606]  {CVE-2023-3159}
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin)  [Orabug: 35448003]  {CVE-2022-1679}
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer)  [Orabug: 35354880]  {CVE-2023-2269}
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou)  [Orabug: 35181652]  {CVE-2023-1118}
- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang)  [Orabug: 35180779]  {CVE-2022-3424}

[4.1.12-124.76.1.el7uek]
- ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus)  [Orabug: 35457204]  {CVE-2023-34256}
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (Liu Jian)  [Orabug: 35448048]  {CVE-2022-20141}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle7: ELSA-2023-12566: kernel Important Security Update

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[4.1.12-124.76.2.el7uek] - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) [Orabug: 35493606] {CVE-2023-3159} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) [Orabug: 35448003] {CVE-2022-1679} - dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer) [Orabug: 35354880] {CVE-2023-2269} - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou) [Orabug: 35181652] {CVE-2023-1118} - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) [Orabug: 35180779] {CVE-2022-3424} [4.1.12-124.76.1.el7uek] - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus) [Orabug: 35457204] {CVE-2023-34256} - igmp: Add ip_mc_list lock in ip_check_mc_rcu (Liu Jian) [Orabug: 35448048] {CVE-2022-20141}

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.1.12-124.76.2.el7uek.src.rpm

x86_64

kernel-uek-doc-4.1.12-124.76.2.el7uek.noarch.rpm kernel-uek-firmware-4.1.12-124.76.2.el7uek.noarch.rpm kernel-uek-4.1.12-124.76.2.el7uek.x86_64.rpm kernel-uek-devel-4.1.12-124.76.2.el7uek.x86_64.rpm kernel-uek-debug-4.1.12-124.76.2.el7uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.76.2.el7uek.x86_64.rpm

aarch64

i386

Severity
Related CVEs: CVE-2023-3159 CVE-2022-1679 CVE-2023-2269 CVE-2023-1118 CVE-2022-3434 CVE-2023-34256 CVE-2022-20141

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo