Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
217
security advisorykernel updatecritical fixOracle Linux 8 ELSA-2023-12255 Critical: Kernel Security Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12255 https://linux.oracle.com/errata/ELSA-2023-12255.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.318.7.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.318.7.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.318.7.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.318.7.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.318.7.1.el8uek.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.318.7.1.el8uek.src.rpm Related CVEs: CVE-2022-2196 CVE-2022-27672 CVE-2022-3108 CVE-2022-4129 CVE-2023-23559 Description of changes: [5.4.17-2136.318.7.1.el8uek] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time (Alexandre Chartre) [Orabug: 33312587] - KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P is set (Alexandru Elisei) [Orabug: 33312587] - KVM: arm64: pmu: Only handle supported event counters (Eric Auger) [Orabug: 33312587] [5.4.17-2136.318.7.el8uek] - mm, compaction: Skip all pinned pages during scan (Khalid Aziz) [Orabug: 35251798] - xfs: add missing cmap-> br_state = XFS_EXT_NORM update (Gao Xiang) [Orabug: 35214060] - rds/ib: Fix the softlock-up in RDS cache GC worker (Arumugam Kolappan) [Orabug: 35146761] - uek-rpm: Update linux-firmware dependency (Somasundaram Krishnasamy) [Orabug: 33755589] [5.4.17-2136.318.6.el8uek] - net/rds: Flip the default value of "rds_wq_strictly_ordered" (Gerd Rausch) [Orabug: 35197635] [5.4.17-2136.318.5.el8uek] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192763] - selftests/ftrace: Fix bash specific "==" operator (Masami Hiramatsu (Google)) [Orabug: 35192763] - arm64: kdump: Increase reserved memory for larger machines (Henry Willard) [Orabug: 35051468] - KVM: x86/pmu: Update AMD PMC sample period to fixguest NMI-watchdog (Like Xu) [Orabug: 34729426] - KVM: x86/pmu: Introduce pmc-> is_paused to reduce the call time of perf interfaces (Like Xu) [Orabug: 34729426] - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35053343] - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35053343] - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35053343] - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35053343] - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35053343] - Revert "perf/x86/uncore: Factor out uncore_device_to_die()" (Thomas Tai) [Orabug: 35053343] - Revert "perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name" (Thomas Tai) [Orabug: 35053343] - Revert "perf/x86/uncore: Ignore broken units in discovery table" (Thomas Tai) [Orabug: 35053343] - Revert "perf/x86/uncore: Add a quirk for UPI on SPR" (Thomas Tai) [Orabug: 35053343] - Revert "perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table" (Thomas Tai) [Orabug: 35053343] - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions (Tom Lendacky) [Orabug: 35166671] {CVE-2022-27672} - KVM: x86: Mitigate the cross-thread return address predictions bug (Tom Lendacky) [Orabug: 35166671] {CVE-2022-27672} - x86/speculation: Identify processors vulnerable to SMT RSB predictions (Tom Lendacky) [Orabug: 35166671] {CVE-2022-27672} - uek-rpm: aarch64: embedded: Enable CONFIG_RANDOMIZE_BASE to support ksplice for T93 (Thomas Tai) [Orabug: 35180981] - drm/amdkfd: Check for null pointer after calling kmemdup (Jiasheng Jiang) [Orabug: 34951503] {CVE-2022-3108} - mm: use padata for copying page ranges in vma_dup() (Anthony Yznaga) [Orabug: 35054622] - mm: parallelize unmap_page_range() for some large VMAs (Anthony Yznaga) [Orabug: 35054622] - net/rds: serialize up+down-work to relax strict ordering (Gerd Rausch) [Orabug: 35094723] - rds: ib: Fixnon-parenthetical mutex/semaphore use (HÃ¥kon Bugge) [Orabug: 35155114] - Revert "btrfs: free device in btrfs_close_devices for a single device filesystem" (Vijayendra Suman) [Orabug: 35161536] [5.4.17-2136.318.4.el8uek] - ipc: update semtimedop() to use hrtimer (Prakash Sangappa) [Orabug: 35069807] - rds: ib: Destroy fastreg resources correctly (HÃ¥kon Bugge) [Orabug: 35140658] - rds: ib: Use one-bit booleans in struct rds_ib_device and keep them adjacent (HÃ¥kon Bugge) [Orabug: 35140648] - mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 35159790] - net: mana: Fix IRQ name - add PCI and queue number (Haiyang Zhang) [Orabug: 35084730] - uek-rpm: Add opbmc to nano rpm (Somasundaram Krishnasamy) [Orabug: 35145857] [5.4.17-2136.318.3.el8uek] - vc_screen: don't clobber return value in vcs_read (Thomas WeiÃschuh) - LTS tag: v5.4.233 (Sherry Yang) - bpf: add missing header file include (Linus Torvalds) - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" (Vladimir Oltean) - ext4: Fix function prototype mismatch for ext4_feat_ktype (Kees Cook) - wifi: mwifiex: Add missing compatible string for SD8787 (Lukas Wunner) - uaccess: Add speculation barrier to copy_from_user() (Dave Hansen) - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh (Pavel Skripkin) - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (Zheng Wang) - alarmtimer: Prevent starvation by small intervals and SIG_IGN (Thomas Gleixner) - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 (Sean Anderson) - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len (Marc Kleine-Budde) - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (Jim Mattson) [Orabug: 34982694] {CVE-2022-2196} - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (Sean Christopherson) - random: always mix cycle counter in add_latent_entropy() (Jason A. Donenfeld) - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G (Sean Anderson) - wifi: rtl8xxxu: gen2: Turn on the rate control (Bitterblue Smith) - drm/etnaviv: don't truncate physical page address (Lucas Stach) - drm: etnaviv: fix common struct sg_table related issues (Marek Szyprowski) - scatterlist: add generic wrappers for iterating over sgtable objects (Marek Szyprowski) - dma-mapping: add generic helpers for mapping sgtable objects (Marek Szyprowski) - LTS tag: v5.4.232 (Sherry Yang) - net: sched: sch: Fix off by one in htb_activate_prios() (Dan Carpenter) - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak (Pierre-Louis Bossart) - nilfs2: fix underflow in second superblock position calculations (Ryusuke Konishi) - kvm: initialize all of the kvm_debugregs structure before sending it to userspace (Greg Kroah-Hartman) - i40e: Add checking for null for nlmsg_find_attr() (Natalia Petrova) - ipv6: Fix tcp socket connection with DSCP. (Guillaume Nault) - ipv6: Fix datagram socket connection with DSCP. (Guillaume Nault) - ixgbe: add double of VLAN header when computing the max MTU (Jason Xing) - net: mpls: fix stale pointer if allocation fails during device rename (Jakub Kicinski) - net: stmmac: Restrict warning on disabling DMA store and fwd mode (Cristian Ciocaltea) - bnxt_en: Fix mqprio and XDP ring checking logic (Michael Chan) - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence (Johannes Zink) - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Miko Larsson) - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. (Kuniyuki Iwashima) - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (Pietro Borrello) - net: bgmac: fix BCM5358 support by setting correct flags (RafaÅ MiÅecki) - i40e: add double of VLAN header when computing the max MTU (Jason Xing) - ixgbe: allow to increase MTU to 3K with XDP enabled (Jason Xing) - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (Andrew Morton) - net: Fix unwanted sign extension in netdev_stats_to_stats64() (Felix Riemann) -Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." (Aaron Thompson) - hugetlb: check for undefined shift on 32 bit architectures (Mike Kravetz) - sched/psi: Fix use-after-free in ep_remove_wait_queue() (Munehisa Kamata) - ALSA: hda/realtek - fixed wrong gpio assigned (Kailang Yang) - ALSA: hda/conexant: add a new hda codec SN6180 (Bo Liu) - mmc: mmc_spi: fix error handling in mmc_spi_probe() (Yang Yingliang) - mmc: sdio: fix possible resource leaks in some error paths (Yang Yingliang) - ipv4: Fix incorrect route flushing when source address is deleted (Ido Schimmel) - Revert "ipv4: Fix incorrect route flushing when source address is deleted" (Shaoying Xu) - xfs: sync lazy sb accounting on quiesce of read-only mounts (Brian Foster) - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (Darrick J. Wong) - xfs: ensure inobt record walks always make forward progress (Darrick J. Wong) - xfs: fix missing CoW blocks writeback conversion retry (Darrick J. Wong) - xfs: fix finobt btree block recovery ordering (Dave Chinner) - xfs: remove the xfs_inode_log_item_t typedef (Christoph Hellwig) - xfs: remove the xfs_efd_log_item_t typedef (Christoph Hellwig) - xfs: remove the xfs_efi_log_item_t typedef (Christoph Hellwig) - netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) - btrfs: free device in btrfs_close_devices for a single device filesystem (Anand Jain) - aio: fix mremap after fork null-deref (Seth Jenkins) - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (Amit Engel) - s390/decompressor: specify __decompress() buf len to avoid overflow (Vasily Gorbik) - net: sched: sch: Bounds check priority (Kees Cook) - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC (Andrey Konovalov) - net/rose: Fix to not accept on connected socket (Hyunwoo Kim) - tools/virtio: fix the vringh test for virtio ring changes (Shunsuke Mie) - ASoC: cs42l56: fix DT probe (Arnd Bergmann) - selftests/bpf: Verifycopy_register_state() preserves parent/live fields (Eduard Zingerman) - migrate: hugetlb: check for hugetlb shared PMD in node migration (Mike Kravetz) - bpf: Always return target ifindex in bpf_fib_lookup (Toke Høiland-Jørgensen) - nvme-pci: Move enumeration by class to be last in the table (Andy Shevchenko) - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (Heiner Kallweit) - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (Heiner Kallweit) - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (Heiner Kallweit) - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte (Guo Ren) - ceph: flush cap releases when the session is flushed (Xiubo Li) - usb: typec: altmodes/displayport: Fix probe pin assign check (Prashant Malani) - usb: core: add quirk for Alcor Link AK9563 smartcard reader (Mark Pearson) - net: USB: Fix wrong-direction WARNING in plusb.c (Alan Stern) - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (Andy Shevchenko) - pinctrl: single: fix potential NULL dereference (Maxim Korotkov) - pinctrl: aspeed: Fix confusing types in return value (Joel Stanley) - ALSA: pci: lx6464es: fix a debug loop (Dan Carpenter) - selftests: forwarding: lib: quote the sysctl values (Hangbin Liu) - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (Anirudh Venkataramanan) - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (Heiner Kallweit) - bonding: fix error checking in bond_debug_reregister() (Qi Zheng) - xfrm: fix bug with DSCP copy to v6 from v4 tunnel (Christian Hopps) - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (Dragos Tatulea) - IB/hfi1: Restore allocated resources on failed copyout (Dean Luick) - can: j1939: do not wait 250 ms if the same addr was already claimed (Devid Antonio Filoni) - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (Shiju Jose) - ALSA: emux: Avoid potential array out-of-bound insnd_emux_xg_control() (Artemii Karasev) - btrfs: zlib: zero-initialize zlib workspace (Alexander Potapenko) - btrfs: limit device extents to the device size (Josef Bacik) - iio:adc:twl6030: Enable measurement of VAC (Andreas Kemnade) - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads (Minsuk Kang) - f2fs: fix to do sanity check on i_extra_isize in is_alive() (Chao Yu) - fbdev: smscufx: fix error handling code in ufx_usb_probe (Dongliang Mu) - powerpc/imc-pmu: Revert nest_init_lock to being a mutex (Michael Ellerman) - serial: 8250_dma: Fix DMA Rx rearm race (Ilpo Järvinen) - serial: 8250_dma: Fix DMA Rx completion race (Ilpo Järvinen) - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (Zhang Xiaoxu) - mm: swap: properly update readahead statistics in unuse_pte_range() (Andrea Righi) - nvmem: core: fix cell removal on error (Michael Walle) - Squashfs: fix handling and sanity checking of xattr_ids count (Phillip Lougher) - mm/swapfile: add cond_resched() in get_swap_pages() (Longlong Xia) - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (Zheng Yongjun) - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps (Mike Kravetz) - riscv: disable generation of unwind tables (Andreas Schwab) - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case (Helge Deller) - parisc: Fix return code of pdc_iodc_print() (Helge Deller) - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (Andreas Kemnade) - iio: adc: berlin2-adc: Add missing of_node_put() in error path (Xiongfeng Wang) - iio: hid: fix the retval in accel_3d_capture_sample (Dmitry Perchanov) - efi: Accept version 2 of memory attributes table (Ard Biesheuvel) - watchdog: diag288_wdt: fix __diag288() inline assembly (Alexander Egorenkov) - watchdog: diag288_wdt: do not use stack buffers for hardware data (Alexander Egorenkov) - fbcon: Check font dimension limits (Samuel Thibault) - Input: i8042 - add Clevo PCX0DX to i8042 quirk table (WernerSembach) - Input: i8042 - add TUXEDO devices to i8042 quirk tables (Werner Sembach) - Input: i8042 - merge quirk tables (Werner Sembach) - Input: i8042 - move __initconst to fix code styling warning (Werner Sembach) - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (Udipto Goswami) - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (Neil Armstrong) - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (Wesley Cheng) - iio: adc: stm32-dfsdm: fill module aliases (Olivier Moysan) - net/x25: Fix to not accept on connected socket (Hyunwoo Kim) - i2c: rk3x: fix a bunch of kernel-doc warnings (Randy Dunlap) - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Mike Christie) - scsi: target: core: Fix warning on RT kernels (Maurizio Lombardi) - efi: fix potential NULL deref in efi_mem_reserve_persistent (Anton Gusev) - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new (Fedor Pchelkin) - virtio-net: Keep stop() to follow mirror sequence of open() (Parav Pandit) - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (Andrei Gherzan) - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (Andrei Gherzan) - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (Andrei Gherzan) - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (Andrei Gherzan) - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (Damien Le Moal) - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (Ziyang Xuan) - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (Chris Healy) - squashfs: harden sanity check in squashfs_read_xattr_id_table (Fedor Pchelkin) - netfilter: br_netfilter: disable sabotage_in hook after first suppression (Florian Westphal) - netrom: Fix use-after-free caused by accept on already connected socket (HyunwooKim) - fix "direction" argument of iov_iter_kvec() (Al Viro) - fix iov_iter_bvec() "direction" argument (Al Viro) - WRITE is "data source", not destination... (Al Viro) - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (Martin K. Petersen) - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (Pierluigi Passaro) - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (Artemii Karasev) - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (Andy Shevchenko) - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (Yuan Can) - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (Takashi Sakamoto) - LTS tag: v5.4.231 (Sherry Yang) - usb: host: xhci-plat: add wakeup entry at sysfs (Peter Chen) - Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (Soenke Huster) - ipv6: ensure sane device mtu in tunnels (Eric Dumazet) - exit: Use READ_ONCE() for all oops/warn limit reads (Kees Cook) - docs: Fix path paste-o for /sys/kernel/warn_count (Kees Cook) - panic: Expose "warn_count" to sysfs (Kees Cook) - panic: Introduce warn_limit (Kees Cook) - panic: Consolidate open-coded panic_on_warn checks (Kees Cook) - exit: Allow oops_limit to be disabled (Kees Cook) - exit: Expose "oops_count" to sysfs (Kees Cook) - exit: Put an upper limit on how often we can oops (Jann Horn) - ia64: make IA64_MCA_RECOVERY bool instead of tristate (Randy Dunlap) - csky: Fix function name in csky_alignment() and die() (Nathan Chancellor) - h8300: Fix build errors from do_exit() to make_task_dead() transition (Nathan Chancellor) - hexagon: Fix function name in die() (Nathan Chancellor) - objtool: Add a missing comma to avoid string concatenation (Eric W. Biederman) - exit: Add and use make_task_dead. (Eric W. Biederman) - mm: kasan: do not panic if both panic_on_warn and kasan_multishot set (David Gow) - panic: unset panic_on_warn inside panic() (Tiezhu Yang) - sysctl: add a new register_sysctl_init()interface (Xiaoming Ni) - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (Hui Wang) - blk-cgroup: fix missing pd_online_fn() while activating policy (Yu Kuai) - bpf: Skip task with pid=1 in send_signal_common() (Hao Sun) - ARM: dts: imx: Fix pca9547 i2c-mux node name (Geert Uytterhoeven) - x86/asm: Fix an assembler warning with current binutils (Mikulas Patocka) - clk: Fix pointer casting to prevent oops in devm_clk_release() (Uwe Kleine-König) - perf/x86/amd: fix potential integer overflow on shift of a int (Colin Ian King) - netfilter: conntrack: unify established states for SCTP paths (Sriram Yagnaraman) - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (Thomas Gleixner) - block: fix and cleanup bio_check_ro (Christoph Hellwig) - nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted (Trond Myklebust) - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (Dmitry Torokhov) - net: mdio-mux-meson-g12a: force internal PHY off on mux switch (Jerome Brunet) - net: xgene: Move shared header file into include/linux (Andrew Lunn) - net/phy/mdio-i2c: Move header file to include/linux/mdio (Andrew Lunn) - net/tg3: resolve deadlock in tg3_reset_task() during EEH (David Christensen) - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (Rafael J. Wysocki) - net: ravb: Fix possible hang if RIS2_QFF1 happen (Yoshihiro Shimoda) - sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) - net/sched: sch_taprio: do not schedule in taprio_reset() (Eric Dumazet) - netrom: Fix use-after-free of a listening socket. (Kuniyuki Iwashima) - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (Sriram Yagnaraman) - ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (Eric Dumazet) - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (Eric Dumazet) - netlink: annotate data races around sk_state (Eric Dumazet) - netlink: annotate data races arounddst_portid and dst_group (Eric Dumazet) - netlink: annotate data races around nlk-> portid (Eric Dumazet) - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Pablo Neira Ayuso) - net: fix UaF in netns ops registration error path (Paolo Abeni) - netlink: prevent potential spectre v1 gadgets (Eric Dumazet) - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (Manivannan Sadhasivam) - EDAC/device: Respect any driver-supplied workqueue polling value (Manivannan Sadhasivam) - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (Giulio Benetti) - thermal: intel: int340x: Protect trip temperature from concurrent updates (Srinivas Pandruvada) - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (Hendrik Borghorst) - cifs: Fix oops due to uncleared server-> smbd_conn in reconnect (David Howells) - ftrace/scripts: Update the instructions for ftrace-bisect.sh (Steven Rostedt (Google)) - trace_events_hist: add check for return value of 'create_hist_field' (Natalia Petrova) - tracing: Make sure trace_printk() can output as soon as it can be used (Steven Rostedt (Google)) - module: Don't wait for GOING modules (Petr Pavlu) - scsi: hpsa: Fix allocation size for scsi_host_alloc() (Alexey V. Vissarionov) - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (Archie Pusaka) - Revert "Revert "xhci: Set HCD flag to defer primary roothub registration"" (Sasha Levin) - fs: reiserfs: remove useless new_opts in reiserfs_remount (Dongliang Mu) - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (Haibo Chen) - mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning (Haibo Chen) - mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci (Haibo Chen) - lockref: stop doing cpu_relax in the cmpxchg loop (Mateusz Guzik) - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (Hans de Goede) - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (Michael Klein) -scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (Yihang Li) - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (Heiko Carstens) - spi: spidev: remove debug messages that access spidev-> spi without locking (Bartosz Golaszewski) - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (Mark Brown) - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (Mark Brown) - cpufreq: armada-37xx: stop using 0 as NULL pointer (Miles Chen) - s390/debug: add _ASM_S390_ prefix to header guard (Niklas Schnelle) - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (Patrick Thompson) - ASoC: fsl_micfil: Correct the number of steps on SX controls (Chancel Liu) - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (Sumit Gupta) - tcp: fix rate_app_limited to default to 1 (David Morley) - net: dsa: microchip: ksz9477: port map correction in ALU table entry register (Rakesh Sankaranarayanan) - driver core: Fix test_async_probe_init saves device in wrong array (Chen Zhongjin) - w1: fix WARNING after calling w1_process() (Yang Yingliang) - w1: fix deadloop in __w1_remove_master_device() (Yang Yingliang) - tcp: avoid the lookup process failing to get sk in ehash table (Jason Xing) - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (Liu Shixin) - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (Swati Agarwal) - dmaengine: xilinx_dma: use devm_platform_ioremap_resource() (Radhey Shyam Pandey) - HID: betop: check shape of output reports (Pietro Borrello) - net: macb: fix PTP TX timestamp failure due to packet padding (Robert Hancock) - dmaengine: Fix double increment of client_count in dma_chan_get() (Koba Ko) - drm/panfrost: fix GENERIC_ATOMIC64 dependency (Arnd Bergmann) - net: mlx5: eliminate anonymous module_init & module_exit (Randy Dunlap) - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (Udipto Goswami) - usb: gadget: f_fs: Prevent race duringffs_ep0_queue_wait (Udipto Goswami) - HID: revert CHERRY_MOUSE_000C quirk (Jiri Kosina) - net: stmmac: fix invalid call to mdiobus_get_phy() (Heiner Kallweit) - HID: check empty report_list in bigben_probe() (Pietro Borrello) - HID: check empty report_list in hid_validate_values() (Pietro Borrello) - net: mdio: validate parameter addr in mdiobus_get_phy() (Heiner Kallweit) - net: usb: sr9700: Handle negative len (Szymon Heidrich) - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (Jakub Sitnicki) - l2tp: Serialize access to sk_user_data with sk_callback_lock (Jakub Sitnicki) [Orabug: 34951575] {CVE-2022-4129} - net: fix a concurrency bug in l2tp_tunnel_register() (Gong, Sishuai) - net/sched: sch_taprio: fix possible use-after-free (Eric Dumazet) - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037713] {CVE-2023-23559} - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (Marek Vasut) - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (Esina Ekaterina) - net: nfc: Fix use-after-free in local_cleanup() (Jisoo Jang) - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (Shang XiaoJing) - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (Luis Gerhorst) - amd-xgbe: Delay AN timeout during KR training (Raju Rangoju) - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (Raju Rangoju) - affs: initialize fsdata in affs_truncate() (Alexander Potapenko) - IB/hfi1: Fix expected receive setup error exit issues (Dean Luick) - IB/hfi1: Reserve user expected TIDs (Dean Luick) - IB/hfi1: Reject a zero-length user expected buffer (Dean Luick) - RDMA/core: Fix ib block iterator counter overflow (Yonatan Nachum) - tomoyo: fix broken dependency on *.conf.default (Masahiro Yamada) - EDAC/highbank: Fix memory leak in highbank_mc_probe() (Miaoqian Lin) - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (Jiasheng Jiang) - ARM: imx: addmissing of_node_put() (Dario Binacchi) - ARM: imx35: Retrieve the IIM base address from devicetree (Fabio Estevam) - ARM: imx31: Retrieve the IIM base address from devicetree (Fabio Estevam) - ARM: imx27: Retrieve the SYSCTRL base address from devicetree (Fabio Estevam) - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (Fabio Estevam) - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (Gaosheng Cui) - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (Gaosheng Cui) - clk: Provide new devm_clk helpers for prepared and enabled clocks (Uwe Kleine-König) - clk: generalize devm_clk_get() a bit (Uwe Kleine-König) [5.4.17-2136.318.2.el8uek] - iommu/amd: Increase kdump command sync timeout to 2secs (Joao Martins) [Orabug: 35117313] [5.4.17-2136.318.1.el8uek] - uek-rpm: aarch64: embedded: Clean up T93 config file v2 (Henry Willard) [Orabug: 35029259] - uek-rpm: aarch64 embedded: make some modules built-in (Dave Kleikamp) [Orabug: 35029259] - uek-rpm: aarch64: pensando: config file update for January 2023 update (Dave Kleikamp) [Orabug: 35089950] - drivers/mtd/spi-nor: Winbond w25q02nw flash support. (Hiren Mehta) [Orabug: 35089950] - drivers/i2c: Reset Lattice RD1173 master for i2c_busy set. (Hiren Mehta) [Orabug: 35089950] - drivers/soc/pensando: boot_count to sysfs for kdump.log (Hiren Mehta) [Orabug: 35089950] - drivers/soc/pensando sbus driver (Hiren Mehta) [Orabug: 35089950] - drivers/reset: Add emmc hardware reset (Hiren Mehta) [Orabug: 35089950] - uek-rpm: Add missing dax_pmem_compat.ko to nano rpm (Somasundaram Krishnasamy) [Orabug: 35094871] _______________________________________________ El-errata mailing list
Apr 18, 2023
•Critical
Oracle
89
security advisorydenial of servicefedoraFedora 37: 2023-a990c93ed0 Major: Python 2.7 Denial Of Service Issue
Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-a990c93ed0 2023-01-07 01:20:48.821709 --------------------------------------------------------------------------------Name : python2.7 Product : Fedora 37 Version : 2.7.18 Release : 26.fc37 URL : https://www.python.org/ Summary : Version 2.7 of the Python interpreter Description : Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed in the 3.x line. Note that Python 2 is not supported upstream after 2020-01-01, please use the python3 package instead if you can. This package also provides the "python2" executable. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder --------------------------------------------------------------------------------ChangeLog: * Mon Dec 19 2022 Charalampos Stratakis - 2.7.18-26 - Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder Related: rhbz#2144072 --------------------------------------------------------------------------------References: [ 1 ] Bug #2144418 - CVE-2022-45061 python2.7: Python: CPU denial of service via inefficient IDNA decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2144418 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a990c93ed0' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 07, 2023
•Critical
Fedora
91
security advisorydenial of servicegentooGentoo: GLSA-202310-15 Normal: LibXML2 Denial of Service Vulnerability
Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Expat: Multiple vulnerabilities Date: September 24, 2012 Bugs: #280615, #303727, #407519 ID: 201209-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service. Background ========= Expat is a set of XML parsing libraries. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.1.0_beta3 > = 2.1.0_beta3 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to open a specially crafted XML file in an application linked against Expat, possibly resulting in a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/expat-2.1.0_beta3" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========= [ 1 ] CVE-2009-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 [ 2 ] CVE-2009-3720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720 [ 3 ] CVE-2012-0876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876 [ 4 ] CVE-2012-1147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147 [ 5 ] CVE-2012-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201209-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 24, 2012
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!