Release Info

Advisory: CLSA-2023:1693426883

OS: CentOS 8.4 ELS

Public date: 2023-08-30 16:21:25

Project: kernel

Version: 4.18.0-305.25.1.el8_4.tuxcare.els10

Errata link: https://errata.cloudlinux.com/centos8.4-els/CLSA-2023-1693426883.html

Changelog

- netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004} - net: tun: fix bugs for oversize packet when napi frags enabled {CVE-2023-3812} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue {CVE-2023-3611} - net/sched: sch_qfq: refactor parsing of netlink parameters - ipvlan:Fix out-of-bounds caused by unclear skb->cb {CVE-2023-3090} - media: saa7134: fix use after free bug in saa7134_finidev due to race condition {CVE-2023-35823} - media: dm1105: Fix use after free bug in dm1105_remove due to race condition {CVE-2023-35824} - memstick: r592: Fix UAF bug in r592_remove due to race condition {CVE-2023-3141} - ovl: fix use after free in struct ovl_aio_req {CVE-2023-1252} - xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037} - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() {CVE-2022-23042} - xen/netfront: don't trust the backend response data blindly {CVE-2022-23042} - xen/netfront: disentangle tx_skb_freelist {CVE-2022-23042} - xen: sync include/xen/interface/io/ring.h with Xen's newest version {CVE-2022-23042} - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() {CVE-2023-35788} - rds: rds_rm_zerocopy_callback() use list_first_entry() {CVE-2023-1078} - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os {CVE-2022-3424} - mac80211: do not accept/forward invalid EAPOL frames {CVE-2020-26139} - bpf: Fix 32 bit src register truncation on div/mod {CVE-2021-3600} - NFSD: Cap rsize_bop result based on send buffer size {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv3 READ {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_encode's buflen calculation {CVE-2022-43945} - KVM: x86: do not report a vCPU as preempted outside instruction boundaries {CVE-2022-39189} - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() {CVE-2023-28466} - tee: handle lookup of shm with reference count 0 {CVE-2021-44733}

Update

Update command: dnf update kernel*

Packages list

bpftool-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-core-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-cross-headers-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-debug-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-debug-core-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-debug-devel-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-debug-modules-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-debug-modules-internal-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-devel-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-headers-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-ipaclones-internal-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-modules-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-modules-extra-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-modules-internal-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-selftests-internal-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-tools-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-tools-libs-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm perf-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm python3-perf-4.18.0-305.25.1.el8_4.tuxcare.els10.x86_64.rpm

CVEs

CVE-2023-3776
CVE-2022-3424
CVE-2023-3812
CVE-2023-28466
CVE-2023-3611
CVE-2023-4004
CVE-2023-3090
CVE-2023-35824
CVE-2022-23042
CVE-2021-3600
CVE-2023-1252
CVE-2022-39189
CVE-2022-43945
CVE-2020-26139
CVE-2023-3141
CVE-2023-35788
CVE-2022-23037
CVE-2023-1078
CVE-2023-35823
CVE-2021-44733