ELBA-2020-3652

ELBA-2020-3652 - kernel bug fix update

Type:BUG
Severity:NA
Release Date:2020-09-09

Description


[4.18.0-193.19.1_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-193.19.1_2]
- [net] tcp: add sanity tests in tcp_add_backlog() (Guillaume Nault) [1861378 1790843]
- [net] tcp: implement coalescing on backlog queue (Guillaume Nault) [1861378 1790843]
- [include] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1861378 1790843]
- [net] tcp: take care of compressed acks in tcp_add_reno_sack() (Guillaume Nault) [1861378 1790843]
- [include] tcp: hint compiler about sack flows (Guillaume Nault) [1861378 1790843]
- [net] tcp: drop dst in tcp_add_backlog() (Guillaume Nault) [1861378 1790843]

[4.18.0-193.18.1_2]
- [security] selinux: allow reading labels before policy is loaded (Ondrej Mosnacek) [1861721 1839819]
- [security] selinux: allow labeling before policy is loaded (Ondrej Mosnacek) [1861722 1777525]
- [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Baoquan He) [1854207 1838809]

[4.18.0-193.17.1_2]
- [net] netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag (Phil Sutter) [1854531 1847553]
- [net] netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type (Phil Sutter) [1854531 1847553]
- [s390] s390: prevent leaking kernel address in BEAR (Claudio Imbrenda) [1854986 1850907]
- [s390] scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (Philipp Rudo) [1861355 1857312]

[4.18.0-193.16.1_2]
- [infiniband] IB/rdmavt: Free kernel completion queue when done (Gopal Tiwari) [1857757 1805036]
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

[4.18.0-193.15.1_2]
- [wireless] iwlwifi: pcie: handle QuZ configs with killer NICs as well (Jarod Wilson) [1857773 1844129]
- [wireless] iwlwifi: pcie: move power gating workaround earlier in the flow (Jarod Wilson) [1857773 1844129]
- [nvme] nvme: fix possible deadlock when nvme_update_formats fails (Gopal Tiwari) [1857115 1781927]
- [iommu] iommu: move flags field before ids in iommu_fwspec (Jerry Snitselaar) [1856966 1833512]
- [x86] kvm: x86: only do L1TF workaround on affected processors (Vitaly Kuznetsov) [1857796 1800673]
- [x86] kvm: x86: create mmu/ subdirectory (Vitaly Kuznetsov) [1857796 1800673]
- [kvm] KVM: SVM: Override default MMIO mask if memory encryption is enabled (Wei Huang) [1857796 1800673]




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete