Oracle Linux Security Advisory ELSA-2023-12109

https://linux.oracle.com/errata/ELSA-2023-12109.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.71.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.71.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.71.3.el7uek.x86_64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.1.12-124.71.3.el7uek.src.rpm

Related CVEs:

CVE-2022-3524
CVE-2022-3564
CVE-2022-3628
CVE-2022-42895
CVE-2022-42896
CVE-2022-4662




Description of changes:

[4.1.12-124.71.3.el7uek]
- USB: core: Prevent nested device-reset calls (Alan Stern)  [Orabug: 34951641]  {CVE-2022-4662}
- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz)  [Orabug: 34833307]  {CVE-2022-42896} {CVE-2022-42896}
- Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg)  [Orabug: 34833307]
- ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner)  [Orabug: 34190035]

[4.1.12-124.71.2.el7uek]
- scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran)  [Orabug: 34970763]
- check-kabi provides exception on broken symbols (Alok Tiwari)  [Orabug: 34742865]
- KABI validation broken on UEK4 for symbols change (Alok Tiwari)  [Orabug: 34742865]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy)  [Orabug: 34719829]  {CVE-2022-3564}
- Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik)  [Orabug: 34719829]  {CVE-2022-3564}

[4.1.12-124.71.1.el7uek]
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz)  [Orabug: 34951662]  {CVE-2022-42895} {CVE-2022-42895}
- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song)  [Orabug: 34951546]  {CVE-2022-3628}
- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima)  [Orabug: 34719347]  {CVE-2022-3524}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle7: ELSA-2023-12109: kernel Important Security Update

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[4.1.12-124.71.3.el7uek] - USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896} - Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307] - ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035] [4.1.12-124.71.2.el7uek] - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763] - check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865] - KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865] - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564} - Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564} [4.1.12-124.71.1.el7uek] - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895} - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628} - tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524}

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.1.12-124.71.3.el7uek.src.rpm

x86_64

kernel-uek-doc-4.1.12-124.71.3.el7uek.noarch.rpm kernel-uek-firmware-4.1.12-124.71.3.el7uek.noarch.rpm kernel-uek-4.1.12-124.71.3.el7uek.x86_64.rpm kernel-uek-devel-4.1.12-124.71.3.el7uek.x86_64.rpm kernel-uek-debug-4.1.12-124.71.3.el7uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.71.3.el7uek.x86_64.rpm

aarch64

i386

Severity
Related CVEs: CVE-2022-3524 CVE-2022-3564 CVE-2022-3628 CVE-2022-42895 CVE-2022-42896 CVE-2022-4662

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved