[CLSA-2024:1716269479] Fix of 42 CVEs

Type:

security

Severity:

Important

Release date:

2024-05-21 05:31:22 UTC

Description:

   * CVE-url: https://ubuntu.com/security/CVE-2023-47233
     - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
   * CVE-url: https://ubuntu.com/security/CVE-2023-52601
     - jfs: Fix memleak in dbAdjCtl
   * CVE-url: https://ubuntu.com/security/CVE-2024-26801
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
   * CVE-url: https://ubuntu.com/security/CVE-2024-26805
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
   * CVE-url: https://ubuntu.com/security/CVE-2023-52566
     - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
   * CVE-url: https://ubuntu.com/security/CVE-2024-26622
     - tomoyo: fix UAF write bug in tomoyo_write_control()
   * CVE-url: https://ubuntu.com/security/CVE-2024-26614
     - tcp: make sure init the accept_queue's spinlocks once
     - ipv6: init the accept_queue's spinlocks in inet6_create
   * CVE-url: https://ubuntu.com/security/CVE-2023-52530
     - wifi: mac80211: fix potential key use-after-free
   * CVE-url: https://ubuntu.com/security/CVE-2023-52524
     - net: nfc: llcp: Add lock when modifying device list
   * CVE-url: https://ubuntu.com/security/CVE-2021-47173
     - misc/uss720: fix memory leak in uss720_probe
   * Bionic update: upstream stable patchset 2021-07-14 (LP: #1936231) // CVE-
     url: https://ubuntu.com/security/CVE-2021-47171
     - net: usb: fix possible use-after-free in smsc75xx_bind
   * Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740) // CVE-
     url: https://ubuntu.com/security/CVE-2021-47171
     - net: usb: fix memory leak in smsc75xx_bind
   * CVE-url: https://ubuntu.com/security/CVE-2024-26910
     - timers: Get rid of del_singleshot_timer_sync()
   * CVE-url: https://ubuntu.com/security/CVE-2023-52595
     - rt2x00: clear IV's on start to fix AP mode regression
     - wifi: rt2x00: restart beacon queue when hardware reset
   * CVE-url: https://ubuntu.com/security/CVE-2024-26696
     - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
   * CVE-url: https://ubuntu.com/security/CVE-2024-26685
     - nilfs2: fix potential bug in end_buffer_async_write
   * CVE-url: https://ubuntu.com/security/CVE-2024-26625
     - llc: call sock_orphan() at release time
   * CVE-url: https://ubuntu.com/security/CVE-2023-52615
     - hwrng: core - Fix page fault dead lock on mmap-ed hwrng
   * CVE-url: https://ubuntu.com/security/CVE-2023-52486
     - drm: Don't unref the same fb many times by mistake due to deadlock handling
   * CVE-url: https://ubuntu.com/security/CVE-2024-26697
     - nilfs2: fix data corruption in dsync block recovery for small block sizes
   * CVE-url: https://ubuntu.com/security/CVE-2024-26679
     - inet: read sk->sk_family once in inet_recv_error()
   * CVE-url: https://ubuntu.com/security/CVE-2023-52622
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
   * CVE-url: https://ubuntu.com/security/CVE-2024-26635
     - llc: Drop support for ETH_P_TR_802_2.
   * CVE-url: https://ubuntu.com/security/CVE-2023-52594
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
   * CVE-url: https://ubuntu.com/security/CVE-2024-26720
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
   * CVE-url: https://ubuntu.com/security/CVE-2024-26825
     - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
   * CVE-url: https://ubuntu.com/security/CVE-2024-26671
     - blk-mq: fix IO hang from sbitmap wakeup race
   * CVE-url: https://ubuntu.com/security/CVE-2024-26675
     - ppp_async: limit MRU to 64K
   * CVE-url: https://ubuntu.com/security/CVE-2023-52602
     - jfs: fix slab-out-of-bounds Read in dtSearch
   * CVE-url: https://ubuntu.com/security/CVE-2024-26704
     - ext4: fix double-free of blocks due to wrong extents moved_len
   * CVE-url: https://ubuntu.com/security/CVE-2023-52619
     - linux/kernel.h: Add ALIGN_DOWN macro
     - pstore: Make ramoops_init_przs generic for other prz arrays
     - pstore/ram: Fix crash when setting number of cpus to an odd number
   * CVE-url: https://ubuntu.com/security/CVE-2024-26636
     - llc: make llc_ui_sendmsg() more robust against bonding changes
   * CVE-url: https://ubuntu.com/security/CVE-2023-52587
     - IB/ipoib: Fix mcast list locking
   * CVE-url: https://ubuntu.com/security/CVE-2023-52601 // CVE-url:
     https://ubuntu.com/security/CVE-2023-52604
     - jfs: fix array-index-out-of-bounds in dbAdjTree
   * CVE-url: https://ubuntu.com/security/CVE-2023-52604
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
   * CVE-url: https://ubuntu.com/security/CVE-2023-52599
     - jfs: fix array-index-out-of-bounds in diNewExt
   * Bionic update: upstream stable patchset 2022-11-15 (LP: #1996650) // CVE-
     url: https://ubuntu.com/security/CVE-2022-48659
     - mm/slub: fix to return errno if kmalloc() fails
   * CVE-url: https://ubuntu.com/security/CVE-2024-26884
     - bpf: Fix hashtab overflow check on 32-bit arches
   * CVE-url: https://ubuntu.com/security/CVE-2024-26882
     - net: add atomic_long_t to net_device_stats fields
     - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
   * Bionic update: upstream stable patchset 2019-07-19 (LP: #1837257) // CVE-
     url: https://ubuntu.com/security/CVE-2024-26882
     - ip: validate header length on virtual device xmit
   * CVE-url: https://ubuntu.com/security/CVE-2024-26908
     - x86/xen: Add some null pointer checking to smp.c
   * CVE-url: https://ubuntu.com/security/CVE-2024-26904
     - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
   * CVE-url: https://ubuntu.com/security/CVE-2024-26903
     - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
   * CVE-url: https://ubuntu.com/security/CVE-2024-26901
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
   * CVE-url: https://ubuntu.com/security/CVE-2024-26898
     - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

Updated packages:

linux-buildinfo-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:0d1339bf83411568801a79fc82c0bf426be4789d
linux-buildinfo-4.4.0-256-tuxcare.els27-lowlatency_4.4.0-256.290_amd64.deb
sha:6def5fa67d05752c14fb36a0453f1fd9e64b1f84
linux-cloud-tools-4.4.0-256-tuxcare.els27_4.4.0-256.290_amd64.deb
sha:751ec5fd75ec993f6c542a20234087019b25868e
linux-cloud-tools-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:ad1b577272b39fd1518f7b9f7d0c0e6557789f9a
linux-cloud-tools-4.4.0-256-tuxcare.els27-lowlatency_4.4.0-256.290_amd64.deb
sha:6bd9da1e672c98d4f921baed6d95faf3e3f754a3
linux-cloud-tools-common_4.4.0-256.290_all.deb
sha:21e87da2ab63cc9b603bbd8c0cc4766e2a4a0288
linux-cloud-tools-generic_4.4.0.256.290_amd64.deb
sha:733180fbfdc58d9a97dca1d28bfd94e5ea85737d
linux-cloud-tools-lowlatency_4.4.0.256.290_amd64.deb
sha:2851be57a2768c4a47adea8cecefa7b2889503f4
linux-crashdump_4.4.0.256.290_amd64.deb
sha:5607a2d2032e22179be27c76ed6344842e5292c2
linux-doc_4.4.0-256.290_all.deb
sha:3d52b0f37276e7e3ca67e8157985878d8103fe98
linux-generic_4.4.0.256.290_amd64.deb
sha:781cc7d7f9d9678260db6ad027ff52fcc424ba06
linux-headers-4.4.0-256-tuxcare.els27_4.4.0-256.290_all.deb
sha:453484c4a3e1725e1252832b506d0d6001b668ca
linux-headers-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:56e2e4400eabd3a17f7a0e9cca34c7b41d5371e1
linux-headers-4.4.0-256-tuxcare.els27-lowlatency_4.4.0-256.290_amd64.deb
sha:1994a04ae659446d709281269135b0325635f8b3
linux-headers-generic_4.4.0.256.290_amd64.deb
sha:b5534da2ecffd78e3eca0cf8a9ca673230fa8382
linux-headers-lowlatency_4.4.0.256.290_amd64.deb
sha:99c6755a18a2e120e190a502658e6ead9f35f996
linux-image-generic_4.4.0.256.290_amd64.deb
sha:207dd21bd0b2dc9f05d41b25d297265418cd83ce
linux-image-lowlatency_4.4.0.256.290_amd64.deb
sha:371301a929f3a35372b8492bd0d11209f3ec9b4e
linux-image-unsigned-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:06dcd9ced38bcdba38bef9795e2a3946c5c8eccd
linux-image-unsigned-4.4.0-256-tuxcare.els27-lowlatency_4.4.0-256.290_amd64.deb
sha:6950ea743eb5a6ab86d6ce95d4f2b2edd0bab4d3
linux-libc-dev_4.4.0-256.290_amd64.deb
sha:c443592e1c6159e2b14322d316bc722d1f679150
linux-lowlatency_4.4.0.256.290_amd64.deb
sha:7074ba1c0d2b93f6984ca50ef9cd7dd0adef77e9
linux-modules-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:712bd0cc707fb46d1a842da2882efccfe07b9a46
linux-modules-4.4.0-256-tuxcare.els27-lowlatency_4.4.0-256.290_amd64.deb
sha:52546b569ac17e7c49ef656f908baa8189b13908
linux-modules-extra-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:de3000a67a46159c6696d12551d7f35e5c79929c
linux-source_4.4.0.256.290_all.deb
sha:50536eadcc6d84e62a03773014a82743f0acfc4b
linux-source-4.4.0_4.4.0-256.290_all.deb
sha:0aa3e5d01e70cdd0ca6c19a8c33dede0ccfca06d
linux-tools-4.4.0-256-tuxcare.els27_4.4.0-256.290_amd64.deb
sha:ca32e60de99762d5d2bab55a0e8e2ac4f852f4f9
linux-tools-4.4.0-256-tuxcare.els27-generic_4.4.0-256.290_amd64.deb
sha:d9b4ab57deb92c44e3b28666aaaf41783b82fba0
linux-tools-4.4.0-256-tuxcare.els27-lowlatency_4.4.0-256.290_amd64.deb
sha:f38abca6c4e17be8e75d5bd846e27cfe06fe9d4c
linux-tools-common_4.4.0-256.290_all.deb
sha:9ba67f20fedb1d63c3af17eb654e21e612be81bb
linux-tools-generic_4.4.0.256.290_amd64.deb
sha:00dfb75aa2021509bfd5ed1a204b9a4b301f2288
linux-tools-host_4.4.0-256.290_all.deb
sha:9c7af7d816c7e333edbbdd5bec8325f566c13545
linux-tools-lowlatency_4.4.0.256.290_amd64.deb
sha:dd4bd08d5aab3f2f33748310f04730d2b896da0a

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.