Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: RHSA-2024:6753
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6)
Datum: Mi, 18. September 2024, 23:40
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2278258
https://bugzilla.redhat.com/show_bug.cgi?id=2282401
https://access.redhat.com/security/cve/CVE-2024-27019
https://bugzilla.redhat.com/show_bug.cgi?id=2298412
https://bugzilla.redhat.com/show_bug.cgi?id=2273242
https://bugzilla.redhat.com/show_bug.cgi?id=2273174
https://access.redhat.com/security/cve/CVE-2024-35898
https://bugzilla.redhat.com/show_bug.cgi?id=2273236
https://access.redhat.com/security/cve/CVE-2024-27020
https://access.redhat.com/security/cve/CVE-2024-26773
https://access.redhat.com/security/cve/CVE-2024-26772
https://access.redhat.com/security/cve/CVE-2022-48687
https://access.redhat.com/security/cve/CVE-2021-47352
https://bugzilla.redhat.com/show_bug.cgi?id=2278930
https://access.redhat.com/security/cve/CVE-2024-41009
https://bugzilla.redhat.com/show_bug.cgi?id=2281669
https://access.redhat.com/security/cve/CVE-2024-26704
https://bugzilla.redhat.com/show_bug.cgi?id=2278256
https://access.redhat.com/errata/RHSA-2024:6753
https://access.redhat.com/security/cve/CVE-2021-47492
https://bugzilla.redhat.com/show_bug.cgi?id=2282924
Applikationen: Linux

Originalnachricht

 
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced
 Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of
 Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
 system.

Security Fix(es):

* kernel: ext4: fix double-free of blocks due to wrong extents moved_len
 (CVE-2024-26704)

* kernel: ext4: avoid allocating blocks from corrupted group in
 ext4_mb_try_best_found() (CVE-2024-26773)

* kernel: ext4: avoid allocating blocks from corrupted group in
 ext4_mb_find_by_goal() (CVE-2024-26772)

* kernel: netfilter: nf_tables: Fix potential data-race in
 __nft_expr_type_get() (CVE-2024-27020)

* kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
 (CVE-2024-27019)

* kernel: ipv6: sr: fix out-of-bounds read when setting HMAC data.
 (CVE-2022-48687)

* kernel: netfilter: nf_tables: Fix potential data-race in
 __nft_flowtable_type_get() (CVE-2024-35898)

* kernel: virtio-net: Add validation for used length (CVE-2021-47352)

* kernel: mm, thp: bail out early in collapse_file for writeback page
 (CVE-2021-47492)

* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-47352: Improper Input Validation (CWE-20)
CVE-2021-47492: Incomplete Internal State Distinction (CWE-372)
CVE-2022-48687
CVE-2024-26704: Double Free (CWE-415)
CVE-2024-26772: Improper Handling of Values (CWE-229)
CVE-2024-26773: Improper Handling of Values (CWE-229)
CVE-2024-27019
CVE-2024-27020
CVE-2024-35898
CVE-2024-41009: Stack-based Buffer Overflow (CWE-121)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung