[El-errata] ELSA-2023-13019 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Dec 7 12:00:45 UTC 2023
Oracle Linux Security Advisory ELSA-2023-13019
http://linux.oracle.com/errata/ELSA-2023-13019.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.81.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.81.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.81.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.81.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.81.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.81.2.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.81.2.el7uek.src.rpm
Related CVEs:
CVE-2023-39192
CVE-2023-39193
CVE-2023-4207
CVE-2023-45862
Description of changes:
[4.1.12-124.81.2.el7uek]
- rebuild bumping release
[4.1.12-124.81.1.el7uek]
- netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923500] {CVE-2023-39193}
- USB: ene_usb6250: Allocate enough memory for full object (Kees Cook) [Orabug: 35924058] {CVE-2023-45862}
- netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923470] {CVE-2023-39192}
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707466] {CVE-2023-4207}
More information about the El-errata
mailing list