* mantic/linux-oracle: 6.5.0-1025.25 -proposed tracker (LP: #2068176)
* mantic/linux: 6.5.0-42.42 -proposed tracker (LP: #2068188)
* CVE-2024-26925
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26924
- netfilter: nft_set_pipapo: do not free live element
* CVE-2024-26809
- netfilter: nft_set_pipapo: release elements in clone only from destroy path
* Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) //
CVE-2024-26809
- netfilter: nft_set_pipapo: store index in scratch maps
- netfilter: nft_set_pipapo: add helper to release pcpu scratch area
- netfilter: nft_set_pipapo: remove scratch_aligned pointer
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
* CVE-2024-21823
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
- dmaengine: idxd: add a new security check to deal with a hardware erratum
- dmaengine: idxd: add a write() method for applications to submit work
-- Stefan Bader <email address hidden> Fri, 14 Jun 2024 10:43:35 +0200
This bug was fixed in the package linux-oracle-6.5 - 6.5.0-1025. 25~22.04. 1
--------------- 1025.25~ 22.04.1) jammy; urgency=medium
linux-oracle-6.5 (6.5.0-
* jammy/linux- oracle- 6.5: 6.5.0-1025. 25~22.04. 1 -proposed tracker
(LP: #2068175)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
[ Ubuntu: 6.5.0-1025.25 ]
* mantic/ linux-oracle: 6.5.0-1025.25 -proposed tracker (LP: #2068176)
* mantic/linux: 6.5.0-42.42 -proposed tracker (LP: #2068188)
* CVE-2024-26925
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26924
- netfilter: nft_set_pipapo: do not free live element
* CVE-2024-26809
- netfilter: nft_set_pipapo: release elements in clone only from destroy path
* Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) //
CVE-2024-26809
- netfilter: nft_set_pipapo: store index in scratch maps
- netfilter: nft_set_pipapo: add helper to release pcpu scratch area
- netfilter: nft_set_pipapo: remove scratch_aligned pointer
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
* CVE-2024-21823
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
- dmaengine: idxd: add a new security check to deal with a hardware erratum
- dmaengine: idxd: add a write() method for applications to submit work
-- Stefan Bader <email address hidden> Fri, 14 Jun 2024 10:43:35 +0200