-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-2cfbe17910 2022-10-14 12:57:09.362809 --------------------------------------------------------------------------------
Name : kernel Product : Fedora 36 Version : 5.19.15 Release : 201.fc36 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package
-------------------------------------------------------------------------------- Update Information:
The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless network vulnerabilities and a couple of important arm bug fixes. ---- The 5.19.15 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 13 2022 Justin M. Forbes jforbes@fedoraproject.org [5.19.15-1] - Bump for build (Justin M. Forbes) - mctp: prevent double key removal and unref (Jeremy Kerr) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg) - wifi: mac80211: fix crash in beacon protection for P2P-device (Johannes Berg) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg) - wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg) - wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg) - wifi: cfg80211: ensure length byte is present before access (Johannes Berg) - wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg) - wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg) - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg) - drm/vc4: hdmi: Check the HSM rate at runtime_resume (Maxime Ripard) - drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (Maxime Ripard) - phy: rockchip-inno-usb2: Return zero after otg sync (Peter Geis) * Wed Oct 12 2022 Justin M. Forbes jforbes@fedoraproject.org [5.19.15-0] - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) - ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern) - Linux v5.19.15 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2128462 - CVE-2022-40768 kernel: leak of sensitive information due to uninitialized data in stex_queuecommand_lck() in drivers/scsi/stex.c https://bugzilla.redhat.com/show_bug.cgi?id=2128462 [ 2 ] Bug #2133490 - CVE-2022-3435 kernel: an out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c https://bugzilla.redhat.com/show_bug.cgi?id=2133490 [ 3 ] Bug #2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() https://bugzilla.redhat.com/show_bug.cgi?id=2134377 [ 4 ] Bug #2134440 - CVE-2022-42719 kernel: A use-after-free problem observed in multi-BSSID element when parsing https://bugzilla.redhat.com/show_bug.cgi?id=2134440 [ 5 ] Bug #2134451 - CVE-2022-42720 kernel: A use-after-free problem was observed in bss_ref_get in net/wireless/scan.c https://bugzilla.redhat.com/show_bug.cgi?id=2134451 [ 6 ] Bug #2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c https://bugzilla.redhat.com/show_bug.cgi?id=2134506 [ 7 ] Bug #2134517 - CVE-2022-42722 Kernel: Denial of service in beacon protection for P2P-device https://bugzilla.redhat.com/show_bug.cgi?id=2134517 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-2cfbe17910' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------