Stay Connected:

ELSA-2023-12842

ELSA-2023-12842 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2023-10-03

Description


[4.1.12-124.79.2]
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814273] {CVE-2023-4206}
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636291] {CVE-2023-3611}
- rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35741584] [Orabug: 35818110] {CVE-2023-22024}

[4.1.12-124.79.1]
- xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754509] {CVE-2023-3772}
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) [Orabug: 35732892] {CVE-2023-4459}
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) [Orabug: 35732764] {CVE-2023-4387}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636313] {CVE-2023-3776}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609787] {CVE-2023-35001}
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) [Orabug: 35382025] {CVE-2023-2513}
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) [Orabug: 35382025] {CVE-2023-2513}
- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) [Orabug: 34362008] {CVE-2022-34918}


Related CVEs


CVE-2022-34918
CVE-2023-2513
CVE-2023-4387
CVE-2023-22024
CVE-2023-3772
CVE-2023-35001
CVE-2023-4206
CVE-2023-3611
CVE-2023-4459
CVE-2023-3776

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 6 (x86_64) kernel-uek-4.1.12-124.79.2.el6uek.src.rpm3e606a9c9912b664a4da3ec407e336f9-ol6_x86_64_UEKR4_ELS
kernel-uek-4.1.12-124.79.2.el6uek.x86_64.rpme672ddc52f7b286114869984db2af01b-ol6_x86_64_UEKR4_ELS
kernel-uek-debug-4.1.12-124.79.2.el6uek.x86_64.rpm49023a73d5b59360c00a5a3660a13f0f-ol6_x86_64_UEKR4_ELS
kernel-uek-debug-devel-4.1.12-124.79.2.el6uek.x86_64.rpm2897383fdf6e65b1c826608171818ab9-ol6_x86_64_UEKR4_ELS
kernel-uek-devel-4.1.12-124.79.2.el6uek.x86_64.rpm6a1f8ade0cb70fe219471688db720cfc-ol6_x86_64_UEKR4_ELS
kernel-uek-doc-4.1.12-124.79.2.el6uek.noarch.rpmdea97845d2d1fb6a7bfe3d9fc6f958d2-ol6_x86_64_UEKR4_ELS
kernel-uek-firmware-4.1.12-124.79.2.el6uek.noarch.rpm0079a9a09ab015f87706e314530f0f65-ol6_x86_64_UEKR4_ELS
Oracle Linux 7 (x86_64) kernel-uek-4.1.12-124.79.2.el7uek.src.rpm72d06075943be2f107cbf1acb656e125-ol7_x86_64_UEKR4
kernel-uek-4.1.12-124.79.2.el7uek.x86_64.rpmed4eae893c0324e8582c4e1f97531b1f-ol7_x86_64_UEKR4
kernel-uek-debug-4.1.12-124.79.2.el7uek.x86_64.rpm0e4c191e7294caedaddf84c48730d973-ol7_x86_64_UEKR4
kernel-uek-debug-devel-4.1.12-124.79.2.el7uek.x86_64.rpm492f9817601eb407a17e3d9c01a0a9e4-ol7_x86_64_UEKR4
kernel-uek-devel-4.1.12-124.79.2.el7uek.x86_64.rpm297c9f552a9d366b44384dcce738ca5e-ol7_x86_64_UEKR4
kernel-uek-doc-4.1.12-124.79.2.el7uek.noarch.rpm88485b569a7fa7e917ca8ec9e7962dae-ol7_x86_64_UEKR4
kernel-uek-firmware-4.1.12-124.79.2.el7uek.noarch.rpmad21b8a2120c8ba96f37d210b2c5231e-ol7_x86_64_UEKR4



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights