Re: Security ERRATA Important: kernel on SL7.x x86_64 (and possibly unrelated update packages)

Thu, 31 Aug 2023 07:21:26 -0700

When I try to run "yum update" now, I get the following dependency errors (below). I suspect some packages unrelated to the kernel update were released from "fastbugs" prematurely, without their dependencies coming along for the ride... 

Gilbert

------------

Resolving Dependencies
--> Running transaction check
---> Package python2-ipaclient.noarch 0:4.6.8-5.sl7_9.10 will be updated
--> Processing Dependency: python2-ipaclient = 4.6.8-5.sl7_9.10 for package: ipa-client-4.6.8-5.sl7_9.10.x86_64 
---> Package python2-ipaclient.noarch 0:4.6.8-5.sl7_9.15 will be an update
--> Processing Dependency: ipa-client-common = 4.6.8-5.sl7_9.15 for package: python2-ipaclient-4.6.8-5.sl7_9.15.noarch --> Processing Dependency: ipa-common = 4.6.8-5.sl7_9.15 for package: python2-ipaclient-4.6.8-5.sl7_9.15.noarch 
---> Package python2-ipalib.noarch 0:4.6.8-5.sl7_9.10 will be updated
---> Package python2-ipalib.noarch 0:4.6.8-5.sl7_9.15 will be an update
--> Processing Dependency: ipa-common = 4.6.8-5.sl7_9.15 for package: python2-ipalib-4.6.8-5.sl7_9.15.noarch 
--> Finished Dependency Resolution
Error: Package: ipa-client-4.6.8-5.sl7_9.10.x86_64 (@sl-security)
           Requires: python2-ipaclient = 4.6.8-5.sl7_9.10
Removing: python2-ipaclient-4.6.8-5.sl7_9.10.noarch (@sl-security) 
               python2-ipaclient = 4.6.8-5.sl7_9.10
Updated By: python2-ipaclient-4.6.8-5.sl7_9.15.noarch (sl-security) 
               python2-ipaclient = 4.6.8-5.sl7_9.15
           Available: python2-ipaclient-4.6.8-5.sl7.noarch (sl)
               python2-ipaclient = 4.6.8-5.sl7
Available: python2-ipaclient-4.6.8-5.sl7_9.4.noarch (sl-security) 
               python2-ipaclient = 4.6.8-5.sl7_9.4
Available: python2-ipaclient-4.6.8-5.sl7_9.9.noarch (sl-security) 
               python2-ipaclient = 4.6.8-5.sl7_9.9
Error: Package: python2-ipaclient-4.6.8-5.sl7_9.15.noarch (sl-security)
           Requires: ipa-common = 4.6.8-5.sl7_9.15
           Installed: ipa-common-4.6.8-5.sl7_9.10.noarch (@sl-security)
               ipa-common = 4.6.8-5.sl7_9.10
           Available: ipa-common-4.6.8-5.sl7.noarch (sl)
               ipa-common = 4.6.8-5.sl7
           Available: ipa-common-4.6.8-5.sl7_9.4.noarch (sl-security)
               ipa-common = 4.6.8-5.sl7_9.4
           Available: ipa-common-4.6.8-5.sl7_9.9.noarch (sl-security)
               ipa-common = 4.6.8-5.sl7_9.9
Error: Package: python2-ipalib-4.6.8-5.sl7_9.15.noarch (sl-security)
           Requires: ipa-common = 4.6.8-5.sl7_9.15
           Installed: ipa-common-4.6.8-5.sl7_9.10.noarch (@sl-security)
               ipa-common = 4.6.8-5.sl7_9.10
           Available: ipa-common-4.6.8-5.sl7.noarch (sl)
               ipa-common = 4.6.8-5.sl7
           Available: ipa-common-4.6.8-5.sl7_9.4.noarch (sl-security)
               ipa-common = 4.6.8-5.sl7_9.4
           Available: ipa-common-4.6.8-5.sl7_9.9.noarch (sl-security)
               ipa-common = 4.6.8-5.sl7_9.9
Error: Package: python2-ipaclient-4.6.8-5.sl7_9.15.noarch (sl-security)
           Requires: ipa-client-common = 4.6.8-5.sl7_9.15
Installed: ipa-client-common-4.6.8-5.sl7_9.10.noarch (@sl-security) 
               ipa-client-common = 4.6.8-5.sl7_9.10
           Available: ipa-client-common-4.6.8-5.sl7.noarch (sl)
               ipa-client-common = 4.6.8-5.sl7
Available: ipa-client-common-4.6.8-5.sl7_9.4.noarch (sl-security) 
               ipa-client-common = 4.6.8-5.sl7_9.4
Available: ipa-client-common-4.6.8-5.sl7_9.9.noarch (sl-security) 
               ipa-client-common = 4.6.8-5.sl7_9.9
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

On 2023-08-30 2:53 p.m., Farhan Ahmed wrote:

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       SLSA-2023:4819-1
Issue Date:        2023-08-30
CVE Numbers:       CVE-2023-35788
                    CVE-2023-20593
--

Security Fix(es):

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
(CVE-2023-35788)

* hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* nf_conntrack causing nfs to stall

* Request to backport upstream commit 5e2d2cc2588b, 26a8b12747c9, and
e98fa02c4f2e for SL 7.9.z

* Fix soft lockup happens in gfs2_dir_get_hash_table()
--

SL7
   x86_64
     bpftool-3.10.0-1160.99.1.el7.x86_64.rpm
     bpftool-debuginfo-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-debug-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-debug-debuginfo-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-debug-devel-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-debuginfo-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-debuginfo-common-x86_64-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-devel-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-headers-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-tools-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-tools-debuginfo-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-tools-libs-3.10.0-1160.99.1.el7.x86_64.rpm
     perf-3.10.0-1160.99.1.el7.x86_64.rpm
     perf-debuginfo-3.10.0-1160.99.1.el7.x86_64.rpm
     python-perf-3.10.0-1160.99.1.el7.x86_64.rpm
     python-perf-debuginfo-3.10.0-1160.99.1.el7.x86_64.rpm
     kernel-tools-libs-devel-3.10.0-1160.99.1.el7.x86_64.rpm
   noarch
     kernel-abi-whitelists-3.10.0-1160.99.1.el7.noarch.rpm
     kernel-doc-3.10.0-1160.99.1.el7.noarch.rpm

- Scientific Linux Development Team

Reply via email to