drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
| Name: |
Mehrere Probleme in Linux |
|
| ID: |
RHSA-2024:0432 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux BaseOS EUS (v.9.0), Red Hat Enterprise Linux AppStream EUS (v.9.0), Red Hat CodeReady Linux Builder EUS (v.9.0) |
|
| Datum: |
Do, 25. Januar 2024, 22:21 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2237757
https://bugzilla.redhat.com/show_bug.cgi?id=2241924
https://access.redhat.com/security/cve/CVE-2023-3567
https://access.redhat.com/security/cve/CVE-2022-36879
https://access.redhat.com/errata/RHSA-2024:0432
https://bugzilla.redhat.com/show_bug.cgi?id=2144379
https://access.redhat.com/security/cve/CVE-2023-1195
https://bugzilla.redhat.com/show_bug.cgi?id=2246944
https://bugzilla.redhat.com/show_bug.cgi?id=2119855
https://access.redhat.com/security/cve/CVE-2023-3777
https://access.redhat.com/security/cve/CVE-2023-5178
https://bugzilla.redhat.com/show_bug.cgi?id=2237750
https://access.redhat.com/security/cve/CVE-2023-46813
https://access.redhat.com/security/cve/CVE-2023-45871
https://bugzilla.redhat.com/show_bug.cgi?id=2221463
https://access.redhat.com/security/cve/CVE-2022-41858
https://bugzilla.redhat.com/show_bug.cgi?id=2154171
https://bugzilla.redhat.com/show_bug.cgi?id=2244723
https://access.redhat.com/security/cve/CVE-2023-2162
https://bugzilla.redhat.com/show_bug.cgi?id=2187773
https://access.redhat.com/security/cve/CVE-2023-4623 |
|
| Applikationen: |
Linux |
|
Originalnachricht |
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating
system.
Security Fix(es):
* kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount
to be dropped twice (CVE-2022-36879)
* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
(CVE-2022-41858)
* kernel: use-after-free caused by invalid pointer hostname in
fs/cifs/connect.c
(CVE-2023-1195)
* kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
* kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
(CVE-2023-3567)
* kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777)
* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)
* kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
* kernel: IGB driver inadequate buffer size for frames larger than MTU
(CVE-2023-45871)
* kernel: SEV-ES local priv escalation (CVE-2023-46813)
Bug Fix(es):
* RHEL 9 Hyper-V: Excessive hv_storvsc driver logging with srb_status
SRB_STATUS_INTERNAL_ERROR (0x30)
* RHEL9.0 - s390/qeth: NET2016 - fix use-after-free in HSCI
* DM multipath showing failed path for an nvme-o-FC LUN when performing I/O
operations
* XFS: sync to upstream v5.15
* AMDSERVER 9.4 Bug, Turin: Support larger microcode patches
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2022-36879: Improper Update of Reference Count (CWE-911)
CVE-2022-41858: Use After Free (CWE-416)
CVE-2023-1195: Use After Free (CWE-416)
CVE-2023-2162: Use After Free (CWE-416)
CVE-2023-3567: Use After Free (CWE-416)
CVE-2023-3777: Use After Free (CWE-416)
CVE-2023-4623: Use After Free (CWE-416)
CVE-2023-5178: Use After Free (CWE-416)
CVE-2023-45871: Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') (CWE-120)
CVE-2023-46813: Improper Privilege Management (CWE-269)
|
|
|
|
