--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d16d94b00d
2024-02-28 01:07:06.086832
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 39
Version : 6.7.6
Release : 200.fc39
URL :
https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package
--------------------------------------------------------------------------------
Update Information:
The 6.7.6 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 23 2024 Justin M. Forbes <jforbes(a)fedoraproject.org> [6.7.6-0]
- Add CVE fix for 6.7.6 (Justin M. Forbes)
- Linux v6.7.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2260044 - CVE-2024-23850 kernel: btrfs_get_root_ref has an assertion failure
and crash because a subvolume can be read out too soon after its root item is inserted
upon subvolume creation
https://bugzilla.redhat.com/show_bug.cgi?id=2260044
[ 2 ] Bug #2260046 - CVE-2024-23851 kernel: copy_params can attempt to allocate more
than INT_MAX bytes and crash
https://bugzilla.redhat.com/show_bug.cgi?id=2260046
[ 3 ] Bug #2265269 - CVE-2023-52437 kernel: Revert "md/raid5: Wait for
MD_SB_CHANGE_PENDING in raid5d"
https://bugzilla.redhat.com/show_bug.cgi?id=2265269
[ 4 ] Bug #2265517 - CVE-2024-26585 kernel: tls: race between tx work scheduling and
socket close
https://bugzilla.redhat.com/show_bug.cgi?id=2265517
[ 5 ] Bug #2265518 - CVE-2024-26582 kernel: tls: use-after-free with partial reads and
async decrypt
https://bugzilla.redhat.com/show_bug.cgi?id=2265518
[ 6 ] Bug #2265519 - CVE-2024-26584 kernel: tls: handle backlogging of crypto requests
https://bugzilla.redhat.com/show_bug.cgi?id=2265519
[ 7 ] Bug #2265520 - CVE-2024-26583 kernel: tls: race between async notify and socket
close
https://bugzilla.redhat.com/show_bug.cgi?id=2265520
[ 8 ] Bug #2265646 - CVE-2024-26593 kernel: i2c: i801: Fix block process call
transactions
https://bugzilla.redhat.com/show_bug.cgi?id=2265646
[ 9 ] Bug #2265833 - CVE-2024-26603 kernel: x86/fpu: Stop relying on userspace for info
to fault in xsave buffer
https://bugzilla.redhat.com/show_bug.cgi?id=2265833
[ 10 ] Bug #2266257 - CVE-2024-26604 kernel: null pointer dereference in kobject
https://bugzilla.redhat.com/show_bug.cgi?id=2266257
[ 11 ] Bug #2266286 - CVE-2024-26606 kernel: signal epoll threads of self-work
https://bugzilla.redhat.com/show_bug.cgi?id=2266286
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d16d94b00d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------