CLSA-2023:1700591071

[CLSA-2023:1700591071] kernel: Fix of 10 CVEs

Type:

security

Severity:

Important

Release date:

2023-11-21

Description:

- openvswitch: fix OOB access in reserve_sfa_size() {CVE-2022-2639}
- xen/blkfront: fix leaking data in shared pages {CVE-2022-26365}
- Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() {CVE-2020-36386}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space {CVE-2019-19448}
- filldir[64]: remove WARN_ON_ONCE() for bad directory entries {CVE-2019-10220}
- Make filldir[64]() verify the directory entry filename is valid {CVE-2019-10220}
- ath9k: release allocated buffer if timed out {CVE-2019-19074}
- net: sched: sch_qfq: prevent slab-out-of-bounds in {CVE-2023-31436}
- memstick: r592: Fix UAF bug in r592_remove due to race {CVE-2023-3141}
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid {CVE-2023-23559}
- ext4: fix kernel infoleak via ext4_extent_header {CVE-2022-0850}

Updated packages:

kernel-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:f9185a3211dcbc6078e9db6dabbaf58d31d4ad2a
kernel-debug-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:732209e078780c9abf873a2abaef15928bc7b377
kernel-debug-devel-2.6.32-754.35.8.el6.tuxcare.els13.i686.rpm
sha:1bc1d894c3dd6ff2c541d789cba7fbc9a72ef74a
kernel-debug-devel-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:9dd40e7ac966fa6e850df82a2fb4e0f9ae70c9c0
kernel-devel-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:91d9d2536760a99f7fbead425d639dd7ca7771bb
kernel-headers-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:3d3393287b636b99dbbb9d292c545f729c6f2d68
perf-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:4e92d8e8cdc44620d07ad728c222d400f448c30c
python-perf-2.6.32-754.35.8.el6.tuxcare.els13.x86_64.rpm
sha:7f9d988821212107ce186caea9f6031674db0128

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.