-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d16d94b00d 2024-02-28 01:07:06.086832 --------------------------------------------------------------------------------
Name : kernel Product : Fedora 39 Version : 6.7.6 Release : 200.fc39 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package
-------------------------------------------------------------------------------- Update Information:
The 6.7.6 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 23 2024 Justin M. Forbes jforbes@fedoraproject.org [6.7.6-0] - Add CVE fix for 6.7.6 (Justin M. Forbes) - Linux v6.7.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2260044 - CVE-2024-23850 kernel: btrfs_get_root_ref has an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation https://bugzilla.redhat.com/show_bug.cgi?id=2260044 [ 2 ] Bug #2260046 - CVE-2024-23851 kernel: copy_params can attempt to allocate more than INT_MAX bytes and crash https://bugzilla.redhat.com/show_bug.cgi?id=2260046 [ 3 ] Bug #2265269 - CVE-2023-52437 kernel: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" https://bugzilla.redhat.com/show_bug.cgi?id=2265269 [ 4 ] Bug #2265517 - CVE-2024-26585 kernel: tls: race between tx work scheduling and socket close https://bugzilla.redhat.com/show_bug.cgi?id=2265517 [ 5 ] Bug #2265518 - CVE-2024-26582 kernel: tls: use-after-free with partial reads and async decrypt https://bugzilla.redhat.com/show_bug.cgi?id=2265518 [ 6 ] Bug #2265519 - CVE-2024-26584 kernel: tls: handle backlogging of crypto requests https://bugzilla.redhat.com/show_bug.cgi?id=2265519 [ 7 ] Bug #2265520 - CVE-2024-26583 kernel: tls: race between async notify and socket close https://bugzilla.redhat.com/show_bug.cgi?id=2265520 [ 8 ] Bug #2265646 - CVE-2024-26593 kernel: i2c: i801: Fix block process call transactions https://bugzilla.redhat.com/show_bug.cgi?id=2265646 [ 9 ] Bug #2265833 - CVE-2024-26603 kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer https://bugzilla.redhat.com/show_bug.cgi?id=2265833 [ 10 ] Bug #2266257 - CVE-2024-26604 kernel: null pointer dereference in kobject https://bugzilla.redhat.com/show_bug.cgi?id=2266257 [ 11 ] Bug #2266286 - CVE-2024-26606 kernel: signal epoll threads of self-work https://bugzilla.redhat.com/show_bug.cgi?id=2266286 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d16d94b00d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------