OVMSA-2023-0007

OVMSA-2023-0007 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2023-04-05

Description


[4.1.12-124.73.2]
- netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [Orabug: 35181628] {CVE-2023-1095}
- sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) [Orabug: 35181461] {CVE-2023-1074}
- HID: check empty report_list in hid_validate_values() (Pietro Borrello) [Orabug: 35181168] {CVE-2023-1073}
- media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (Will Deacon) [Orabug: 35180270] {CVE-2020-0404}

[4.1.12-124.73.1]
- mm/mincore.c: make mincore() more conservative (Jiri Kosina) [Orabug: 35133279] {CVE-2019-5489}
- mm: introduce vma_is_anonymous(vma) helper (Oleg Nesterov) [Orabug: 35133279]
- Revert 'Change mincore() to count 'mapped' pages rather than 'cached' pages' (Linus Torvalds) [Orabug: 35124616]
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005831] {CVE-2023-0394}


Related CVEs


CVE-2020-0404
CVE-2023-1073
CVE-2023-0394
CVE-2019-5489
CVE-2023-1074
CVE-2023-1095

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3 (x86_64) kernel-uek-4.1.12-124.73.2.el6uek.src.rpm347670a1d18fabc0a7b528f5e40b4668-
kernel-uek-4.1.12-124.73.2.el6uek.x86_64.rpm53fcf51c02827ea68bc9aa71abd46260-
kernel-uek-firmware-4.1.12-124.73.2.el6uek.noarch.rpm09b8dbf9cfa187d37097c6e0dc6df772-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete