drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
| Name: |
Mehrere Probleme in Linux |
|
| ID: |
RHSA-2024:1881 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux AppStream EUS (v.9.2), Red Hat Enterprise Linux BaseOS EUS (v.9.2), Red Hat CodeReady Linux Builder EUS (v.9.2) |
|
| Datum: |
Do, 18. April 2024, 19:49 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2265645
https://bugzilla.redhat.com/show_bug.cgi?id=2265518
https://access.redhat.com/errata/RHSA-2024:1881
https://access.redhat.com/security/cve/CVE-2023-6240
https://access.redhat.com/security/cve/CVE-2024-26582
https://bugzilla.redhat.com/show_bug.cgi?id=2265519
https://bugzilla.redhat.com/show_bug.cgi?id=2250843
https://access.redhat.com/security/cve/CVE-2024-26586
https://access.redhat.com/security/cve/CVE-2024-26584 |
|
| Applikationen: |
Linux |
|
Originalnachricht |
An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating
system.
Security Fix(es):
* kernel: Marvin vulnerability side-channel leakage in the RSA decryption
operation (CVE-2023-6240)
* kernel: tls: use-after-free with partial reads and async decrypt
(CVE-2024-26582)
* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)
* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
Bug Fix(es):
* [Lenovo RHEL9] Realtek patch for P1 G6 Audio (BZ#2208068)
* Please integrate commit b949ee6801f4 ("powerpc/fadump: invoke ibm,os-term
with rtas_call_unlocked()") (JIRA:RHEL-17106)
* PVT:1050:XM:Nimitz Linux EEH Nimitz - After FATAL Injection BIT 13 on D10
Register, unable to see the htx traffic status after long time (JIRA:RHEL-22413)
* RHEL9.2 - Performance Degradation in the Case of Asymmetric Scheduler Domains
in Linux (JIRA:RHEL-24862)
* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (JIRA:RHEL-29186)
* kernel NULL pointer dereference from nvme_fc_io_getuuid+0xc/0x30 [nvme_fc]
(JIRA:RHEL-29221)
* sched_setaffinity(2) returns undocumented error ENODEV (JIRA:RHEL-21140)
* kernel: tls: use-after-free with partial reads and async decrypt
(JIRA:RHEL-26396)
* kernel: Marvin vulnerability side-channel leakage in the RSA decryption
operation (JIRA:RHEL-27840)
* sched_setaffinity(2) doesn't return -1 for an empty mask
(JIRA:RHEL-29540)
* [EMR] [TBOOT OS] SUT could not go to S3 state with RHEL 9.2 Tboot OS One CPU
return -16 running BUSY (JIRA:RHEL-29665)
* ipoib mcast lockup fix (JIRA:RHEL-29923)
* ice 0000:6f:00.0: PTP failed to get time (JIRA:RHEL-30108)
* blk-mq: don't schedule blk-mq kworkers on isolated CPUs (JIRA:RHEL-30418)
* kernel: tls: handle backlogging of crypto requests (JIRA:RHEL-30450)
* Kernel panic in skb_segment (JIRA:RHEL-30561)
* [IBM 9.4 FEAT] Update IBM vNIC Driver (ibmvnic) (JIRA:RHEL-28648)
* SCTP OOTB scenario in OVS/Netfilter where the SCTP connection can not be
recovered by HB_REQ/HB_ACK (JIRA:RHEL-29949)
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2023-6240: Observable Discrepancy (CWE-203)
CVE-2024-26582: Use After Free (CWE-416)
CVE-2024-26584: Return of Wrong Status Code (CWE-393)
CVE-2024-26586
|
|
|
|
