[El-errata] ELSA-2023-12109 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Feb 7 21:50:40 UTC 2023
Oracle Linux Security Advisory ELSA-2023-12109
http://linux.oracle.com/errata/ELSA-2023-12109.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.71.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.71.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.71.3.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.71.3.el7uek.src.rpm
Related CVEs:
CVE-2022-3524
CVE-2022-3564
CVE-2022-3628
CVE-2022-42895
CVE-2022-42896
CVE-2022-4662
Description of changes:
[4.1.12-124.71.3.el7uek]
- USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662}
- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896}
- Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307]
- ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035]
[4.1.12-124.71.2.el7uek]
- scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763]
- check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865]
- KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564}
- Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564}
[4.1.12-124.71.1.el7uek]
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895}
- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628}
- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524}
More information about the El-errata
mailing list