Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
98
security advisorymoderatebug fixRed Hat OpenShift Data Foundation 4.12.3 Moderate Security Update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Data Foundation 4.12.3 Security and Bug fix update Advisory ID: RHSA-2023:3265-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2023:3265 Issue date: 2023-05-23 CVE Names: CVE-2022-23539 CVE-2022-24999 CVE-2022-36227 CVE-2022-40023 CVE-2023-0361 CVE-2023-27535 CVE-2023-28617 ==================================================================== 1. Summary: Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API. Security Fix(es): * jsonwebtoken: Unrestricted key type could lead to legacy keys usagen (CVE-2022-23539) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, odf-csi-addons-operator had low memory resource limit and as a result the odf-csi-addons-operator pod was OOMKilled (out of memory). With this fix, the default memory and the CPU resource limit has been increased and odf-csi-addons-operator OOMKills are not observed. (BZ#2177184) * Previously, non optimized database related flows on deletions caused Multicloud Object Gateway to spike in CPU usage and perform slowly on mass delete scenarios. For example, reclaiming a deleted object bucket claim (OBC). With this fix, indexes for the bucket reclaimer process are optimized, a new index is added to the database to speed up the database cleaner flows, and bucket reclaimer changes are introduced to work on batches of objects. (BZ#2186482) * Previously, the list of regions for creating the default Multicloud Object Gateway backing store on AWS did not have the new regions that were added recently to AWS. With this fix, the new regions are included to the list of regions and it is possible to deploy default backing store on the new regions. (BZ#2187637) * Previously, creating a storage system in OpenShift Data Foundation using an external Ceph cluster would fail if the RADOS block device (RBD) pool name contained an underscore (_) or a period(.). With this fix, the Python script (`ceph-external-cluster-details-exporter.py`) is enhanced to contain underscore (_) and period (.) so that an alias for the RBD pool names can be passed in. This alias allows the OpenShift Data Foundation to adopt an external Ceph cluster with RBD pool names containing an underscore(_) or a period(.). (BZ#2188379) All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have beenapplied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2155978 - CVE-2022-23539 jsonwebtoken: Unrestricted key type could lead to legacy keys usagen 2167304 - [4.12 clone] [rook clone] Security and VA issues with ODF operator 2174336 - [Backport to 4.12.z] Placeholder bug to backport the odf changes of Managed services epic RHSTOR-3194 to 4.12.z 2177184 - [csi-addons] odf-csi-addons-operator oomkilled with fresh installation 4.12 2179235 - [Fusion-aaS][4.12.z clone] Within 'prometheus-ceph-rules' the namespace for 'rook-ceph-mgr' jobs should be configurable. 2180685 - [4.12 clone] Security and VA issues with ODF operator 2180724 - [4.12 clone] [mcg-clone] Security and VA issues with ODF operator 2183687 - [Fusion-aaS][Backport to 4.12.3]failed to mount the the cephfs subvolume as subvolumegroup name is not sent in the GetStorageConfig RPC call 2185190 - [4.12.z]Fix storagecluster watch request for OCSInitialization 2185725 - [Fusion-aaS][Backport to 4.12.3]OCS-Operator expects NooBaa CRDs to be present on the cluster when installed directly without ODF Operator 2186443 - [Backport bug for 4.12.3][Fusion-aaS]Remove storageclassclaim cr and create new cr storageclass request cr 2186482 - [GSS] [4.12 backport] Object storage in degraded state 2187765 - [Fusion aaS Rook][backport bug for 4.12.3] Rook-ceph-operator pod should allow OBC CRDs to be optional instead of causing a crash when not present 2187796 - [Fusion-aaS] [Backport for 4.12.3] Collect Must-gather logs from the managed-fusion agent namesapce 2187799 - [Fusion-aaS][backport to 4.12.3]must-gather does not collect relevant logs when storage cluster is not in openshift-storage namespace 2188228 - [Fusion-aaS][Backport to 4.12.z] ocs-metrics-exporter cannot list/watch StorageCluster, StorageClass, CephBlockPool and other resources 2188327 - [IBM Z ] Multi ClusterOrchestrator operator is not available in the Operator Hub 2188667 - [Backport to 4.12.3][Fusion-aaS]wrong label in new storageclassrequest cr 2190005 - Update to RHCS 5.3z2 Ceph container image at ODF-4.12.3 2190140 - Include at ODF 4.12 ?Multi-Cloud Object Gateway Core? container image the RHEL8 CVE fix on "nodejs:14" 2190393 - Include at ODF 4.12 Container images (2) the RHEL8 CVE fix on "emacs/emacs-filesystem" 2192821 - Fix Multisite in external cluster 5. References: https://access.redhat.com/security/cve/CVE-2022-23539 https://access.redhat.com/security/cve/CVE-2022-24999 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-40023 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-28617 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGzKa9zjgjWX9erEAQiIMw/+OJiV0nMU+CcHMm0z6sabipM4M60xJML6 ogkwiOMn1ra0S70qpmycYNWnUkSzsM10p9NBA4X8PaMHQ3lFdxZHDZ0EppG2OpBT wyJqhPTVs3xjELQmwHrLjI0B4FN1pMuD7gJ6QeaHVrsmwPionhXJb5vf0DnJiBsT drf8apg3nWehxd7kipBTt5zFcK5ANXXNeBC7+079L/d5QzXDaRpks3gl8RBz7+eM Q81jPAQR9TaxMteyXrDOd4LupOlsSjbWDlRiTwc2Pp579TI5lIIPjsn9sWQieAjV daPrw/SPalxSFzOwTNPqwccayRgubngNeC1bui91mROjaM/TPyI5P7u5EMCBolMQ ABQikabIxV17Oh9dI6loxCsrYmdWsaZwWJRzK64TxzGjaI+3FGXABh0v/YHW6/he 1gqu8BDffC/X0zFeYoxRuxiNUJE4IWZBlYweMO12FMDHe6lmOUip70UzclxxX1gW U/VRCu/HPbCobRmqwDrkcN7GcTA1uEaNTg8VRavY8SGg0kixvR5htaL/2ZzhmKLk VM65FUgMvGEtWVcx7yljrcmJiMWpu/P911fwRHqn2cDmC1R6gQZN3Ku739lJeFoT e4Dage6bGbMxKX2ay5AG/P513Yx1fL5kPnvazItqKS3bUxP2Rw8nHQYsq7soBRzw VGapq3v2wgM=0sSg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 23, 2023
Red Hat
217
security advisorysecurity updatecriticalOracle7 ELSA-2022-9710 Important Kernel Security Update Details
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network . Oracle Linux Security Advisory ELSA-2022-9710 https://linux.oracle.com/errata/ELSA-2022-9710.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-container-5.4.17-2136.310.7.el7.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.310.7.el7.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-container-5.4.17-2136.310.7.el7.src.rpm Related CVEs: CVE-2022-2588 CVE-2022-29901 CVE-2022-23816 CVE-2022-21505 CVE-2022-2153 Description of changes: [5.4.17-2136.310.7.el7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621] [5.4.17-2136.310.6.el7] - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - Revert "hwmon: Make chip parameter for with_info API mandatory" (Greg Kroah-Hartman) [Orabug: 34423806] - ext4: make variable "count" signed (Ding Xiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) [5.4.17-2136.310.5.el7] - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} -x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add AMD retbleed= boot parameter(Alexandre Chartre) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Cleanup some#ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Clean upelf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-23816} {CVE-2022-29901} [5.4.17-2136.310.4.el7] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505} - bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] - bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] - bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] - bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] - bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] - bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] - bnxt:count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] - bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884] [5.4.17-2136.310.3.el7] - RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] - RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] - xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] - mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] - memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] - device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] - device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] - device-dax: ensure dev_dax-> pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] - device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] - device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] - mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] - mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] - mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] - RDMA/umem: batchpage unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] - mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153} - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153} - KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153} - rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] - x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382] [5.4.17-2136.310.2.el7] - LTS tag: v5.4.199 (Sherry Yang) - x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) - x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) - cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) - LTS tag: v5.4.198 (Sherry Yang) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) - ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) - mmc: block: Fix CQE recovery reset success (Adrian Hunter) - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) - cifs: return errors during session setup during reconnects (Shyam Prasad N) - ALSA: hda/conexant - Fix loopbackissue with CX20632 (huangwenhui) - scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) - vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) - nodemask: Fix return values to be unsigned (Kees Cook) - cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) - s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) - nbd: fix io hung while disconnecting device (Yu Kuai) - nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) - nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) - x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) - modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) - drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) - ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) - Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" (Michal Kubecek) - scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) - md: protect md_unregister_thread from reentrancy (Guoqing Jiang) - watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) - kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) - serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) - staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) - staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) - clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) - extcon: Modify extcon device to be created after driver data is set (bumwoo lee) - misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) - usb: dwc2: gadget: don't reset gadget's driver-> bus (Marek Szyprowski) - USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) - USB: host:isp116x: check return value after calling platform_get_resource() (Zhen Ni) - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) - tty: Fix a possible resource leak in icom_probe (Huang Guobin) - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) - lkdtm/usercopy: Expand size of "out of frame" object (Kees Cook) - iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) - drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) - net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) - ip_gre: test csum_start instead of transport header (Willem de Bruijn) - net/mlx5: fs, fail conflicting actions (Mark Bloch) - net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) - net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) - net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) - SUNRPC: Fix the calculation of xdr-> end in xdr_get_next_encode_buffer() (Chuck Lever) - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) - bpf, arm64: Clear prog-> jited_len along prog-> jited (Eric Dumazet) - af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) - netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) - netfilter: nat: really support inet nat without l3 address (Florian Westphal) - xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) - video: fbdev: pxa3xx-gcu: release the resources correctly inpxa3xx_gcu_probe/remove() (Yang Yingliang) - NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) - m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) - m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) - i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) - f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) - tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) - tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) - tipc: check attribute length for bearer name (Hoang Le) - afs: Fix infinite loop found by xfstest generic/676 (David Howells) - tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) - net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) - net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) - net/mlx5: Don't use already freed action pointer (Leon Romanovsky) - nfp: only report pause frame configuration for physical device (Yu Xiao) - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) - jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) - modpost: fix removing numeric suffixes (Alexander Lobakin) - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) -watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) - driver core: fix deadlock in __device_attach (Zhang Wensheng) - driver: base: fix UAF when driver_attach failed (Schspa Shi) - bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) - serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Järvinen) - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Järvinen) - serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Järvinen) - serial: sh-sci: Don't allow CS5-6 (Ilpo Järvinen) - serial: txx9: Don't allow CS5-6 (Ilpo Järvinen) - serial: rda-uart: Don't allow CS5-6 (Ilpo Järvinen) - serial: digicolor-usart: Don't allow CS5-6 (Ilpo Järvinen) - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Järvinen) - serial: meson: acquire port-> lock in startup() (John Ogness) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: lp3943: Fix dutycalculation in case period was clamped (Uwe Kleine-König) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - phy: qcom-qmp: fix struct clkleak on probe errors (Johan Hovold) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: don't overwrite xmit-> buf[0] by x_char (Jiri Slaby) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohár) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (DaveAirlie) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: fix plock invalid read (Alexander Aring) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address inf2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Björn Ardö) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) - tty: fix deadlock caused by calling printk() under tty_port-> lock (Qi Zheng) - PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) - ipc/mqueue: use get_tree_nodev() inmqueue_get_tree() (Waiman Long) - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (Alexey Dobriyan) - powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) - powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) - powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) - dax: fix cache flush on PMD-mapped pages (Muchun Song) - drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) - powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) - arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) - crypto: marvell/cesa - ECB does not IV (Corentin Labbe) - misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) - can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) - PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) - PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) - ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phyon rk3399 (Shawn Lin) - net/smc: postpone sk_refcnt increment in connect() (liuyacan) - rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) - rxrpc: Don't let ack.previousPacket regress (David Howells) - rxrpc: Fix overlapping ACK accounting (David Howells) - rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) - rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) - ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) - media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) - sctp: read sk-> sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) - m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) - media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) - media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) - media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) - media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) - scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) - perf/amd/ibs: Use interrupt regs ip for stack unwinding(Ravi Bangoria) - Revert "cpufreq: Fix possible race in cpufreq online error path" (Viresh Kumar) - iomap: iomap_write_failed fix (Andreas Gruenbacher) - media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) - x86: Fix return value of __setup handlers (Randy Dunlap) - virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) - drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) - perf tools: Add missing headers needed by util/data.h (Yang Jihong) - ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) - x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) - x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) - scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) - of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sá) - fsnotify: fix wrong lockdep annotations (Amir Goldstein) - inotify: show inotify mask flagsin proc fdinfo (Amir Goldstein) - ath9k_htc: fix potential out of bounds access with invalid rxstatus-> rs_keyix (Dan Carpenter) - spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) - drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) - HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) - HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) - drbd: fix duplicate array initializer (Arnd Bergmann) - efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) - NFC: NULL out the dev-> rfkill to prevent UAF (Lin Ma) - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) - drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) - nl80211: show SSID for P2P_GO interfaces (Johannes Berg) - bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) - drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) - drm/mediatek: Fix mtk_cec_mask() (Miles Chen) - x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) - drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) - drm/edid: fix invalid EDID extension block filtering (Jani Nikula) - ath9k: fix ar9003_get_eepmisc (Wenli Looi) - drm: fix EDID struct for old ARM OABI format (Linus Torvalds) - RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) - powerpc/powernv: fix missing of_node_put in uv_init() (LvRuyi) - powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) - ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) - ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) - fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) - powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) - ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) - fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) - PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) - ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) - IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) - selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) - eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) - rxrpc: Return an error to sendmsg if call failed (David Howells) - hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) - ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) - media: exynos4-is: Fix compile warning (Kwanghoon Son) - net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) - nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) - ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) - openrisc: start CPU timer early in boot (Jason A. Donenfeld) - media: cec-adap.c: fix is_configuring state (Hans Verkuil) - media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) - rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) - ipmi: Fix pr_fmt toavoid compilation issues (Corey Minyard) - ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) - mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) - ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) - net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) - drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) - drm/amd/pm: fix the compile warning (Evan Quan) - drm/plane: Move range check for format_count earlier (Steven Price) - scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) - mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) - md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) - media: cx25821: Fix the warning when removing the module (Zheyu Ma) - media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) - media: venus: hfi: avoid null dereference in deinit (Luca Weiss) - ath9k: fix QCA9561 PA bias level (Thibaut VARÈNE) - drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) - tools/power turbostat: fix ICX DRAM power numbers (Len Brown) - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based onDMA direction (Biju Das) - ALSA: jack: Access input_dev under mutex (Amadeusz Sławiński) - drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) - ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) - fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) - ipv6: fix locking issues with loops over idev-> addr_list (Niels Dossche) - ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) - b43: Fix assigning negative value to unsigned variable (Haowen Bai) - b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) - btrfs: repair super block num_devices automatically (Qu Wenruo) - btrfs: add "0x" prefix for unsupported optional features (Qu Wenruo) - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) - ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) - perf/x86/intel: Fix event constraints for ICL (Kan Liang) - USB: new quirk for Dell Gen 2 devices (Monish Kumar R) - USB: serial: option: add Quectel BG95 modem (Carl Yin(殷张成)) - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) - LTS tag: v5.4.197 (Sherry Yang) - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) - NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) - NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) - docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) - tpm: Fix buffer access in tpm2_get_tpm_pt() (StefanMahnke-Hartmann) - HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maślanka) - raid5: introduce MD_BROKEN (Mariusz Tkaczyk) - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) - dm stats: add cond_resched when looping over entries (Mikulas Patocka) - dm crypt: make printing of the key constant-time (Mikulas Patocka) - dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) - zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) - crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) - netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) - exec: Force single empty string when argv is empty (Kees Cook) {CVE-2021-4034} - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) - cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) - net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) - net: af_key: check encryption module availability consistency (Thomas Bartschies) - pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) - ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) - ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) - media: vim2m: initialize the media device earlier (Hans Verkuil) - media: vim2m: Register video device after setting up internals (Sakari Ailus) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - tcp: change source port randomizarion at connect() time (Eric Dumazet) - Input: goodix - fix spurious key release events (Dmitry Mastykin) - staging: rtl8723bs: prevent -> Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) [5.4.17-2136.310.1.el7] - intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] - intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] - intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] - Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug:34081688] - cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] - cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] - cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] - Revert "intel_idle: Use ACPI _CST for processor models without C-state tables" (Thomas Tai) [Orabug: 34081688] . Debian 10 introduces a critical package upgrade addressing several key vulnerabilities, bolstering both performance and security.. Oracle Linux, Kernel Update, Security Update, Memory Optimization. . Severity: Important. LinuxSecurity.com Team
Aug 15, 2022
•Important
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!