ELBA-2020-3652

ELBA-2020-3652 - kernel bug fix update

Type:BUG
Severity:NA
Release Date:2020-09-09

Description


[4.18.0-193.19.1_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-193.19.1_2]
- [net] tcp: add sanity tests in tcp_add_backlog() (Guillaume Nault) [1861378 1790843]
- [net] tcp: implement coalescing on backlog queue (Guillaume Nault) [1861378 1790843]
- [include] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1861378 1790843]
- [net] tcp: take care of compressed acks in tcp_add_reno_sack() (Guillaume Nault) [1861378 1790843]
- [include] tcp: hint compiler about sack flows (Guillaume Nault) [1861378 1790843]
- [net] tcp: drop dst in tcp_add_backlog() (Guillaume Nault) [1861378 1790843]

[4.18.0-193.18.1_2]
- [security] selinux: allow reading labels before policy is loaded (Ondrej Mosnacek) [1861721 1839819]
- [security] selinux: allow labeling before policy is loaded (Ondrej Mosnacek) [1861722 1777525]
- [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Baoquan He) [1854207 1838809]

[4.18.0-193.17.1_2]
- [net] netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag (Phil Sutter) [1854531 1847553]
- [net] netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type (Phil Sutter) [1854531 1847553]
- [s390] s390: prevent leaking kernel address in BEAR (Claudio Imbrenda) [1854986 1850907]
- [s390] scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (Philipp Rudo) [1861355 1857312]

[4.18.0-193.16.1_2]
- [infiniband] IB/rdmavt: Free kernel completion queue when done (Gopal Tiwari) [1857757 1805036]
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

[4.18.0-193.15.1_2]
- [wireless] iwlwifi: pcie: handle QuZ configs with killer NICs as well (Jarod Wilson) [1857773 1844129]
- [wireless] iwlwifi: pcie: move power gating workaround earlier in the flow (Jarod Wilson) [1857773 1844129]
- [nvme] nvme: fix possible deadlock when nvme_update_formats fails (Gopal Tiwari) [1857115 1781927]
- [iommu] iommu: move flags field before ids in iommu_fwspec (Jerry Snitselaar) [1856966 1833512]
- [x86] kvm: x86: only do L1TF workaround on affected processors (Vitaly Kuznetsov) [1857796 1800673]
- [x86] kvm: x86: create mmu/ subdirectory (Vitaly Kuznetsov) [1857796 1800673]
- [kvm] KVM: SVM: Override default MMIO mask if memory encryption is enabled (Wei Huang) [1857796 1800673]




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-193.19.1.el8_2.src.rpmfde7014fc011d1bb2ccc325c6abb310a-
bpftool-4.18.0-193.19.1.el8_2.aarch64.rpm23c315fda9010bb83e544dbe329514bf-
kernel-cross-headers-4.18.0-193.19.1.el8_2.aarch64.rpm23e1c57a17d3f88bd30ce8c3ebcef33b-
kernel-headers-4.18.0-193.19.1.el8_2.aarch64.rpm7c685ff201e9cd8c98b6b62b61789634-
kernel-tools-4.18.0-193.19.1.el8_2.aarch64.rpmc4ed2d02a26f887fc0852d33e6084256-
kernel-tools-libs-4.18.0-193.19.1.el8_2.aarch64.rpm3db996c62fe6fdeb0c3bb144518924c9-
perf-4.18.0-193.19.1.el8_2.aarch64.rpm8e54bf99ef828b616df7f6ab05c0ed2a-
python3-perf-4.18.0-193.19.1.el8_2.aarch64.rpm1f827441296aec05de187ffe20d89121-
Oracle Linux 8 (x86_64) kernel-4.18.0-193.19.1.el8_2.src.rpmfde7014fc011d1bb2ccc325c6abb310a-
bpftool-4.18.0-193.19.1.el8_2.x86_64.rpm6ab95bc4a95ad58d9087f98353a51e17-
kernel-4.18.0-193.19.1.el8_2.x86_64.rpm0f4f89e05ec429623872f6ac21de0b73-
kernel-abi-whitelists-4.18.0-193.19.1.el8_2.noarch.rpm4be2094579d51c01af3bbb5efd11cff3-
kernel-core-4.18.0-193.19.1.el8_2.x86_64.rpm6ed3fda9208d92783db56744769eb570-
kernel-cross-headers-4.18.0-193.19.1.el8_2.x86_64.rpmfd6662f7aab06da1c6bc1125251b9cfb-
kernel-debug-4.18.0-193.19.1.el8_2.x86_64.rpm2c855ec5b7299456c8438541b50d637c-
kernel-debug-core-4.18.0-193.19.1.el8_2.x86_64.rpmd461eaf11b8076d36552ecfcabcc684a-
kernel-debug-devel-4.18.0-193.19.1.el8_2.x86_64.rpmc5b659c798f410a3c2e68b92e88bcc6f-
kernel-debug-modules-4.18.0-193.19.1.el8_2.x86_64.rpm201540fb52e57ecb4b2ce798b3573568-
kernel-debug-modules-extra-4.18.0-193.19.1.el8_2.x86_64.rpm039f0cb1d43fa3ba69d64d5510499dfc-
kernel-devel-4.18.0-193.19.1.el8_2.x86_64.rpm6eef7123633776c8fa3872b4a1f77486-
kernel-doc-4.18.0-193.19.1.el8_2.noarch.rpm61fb0cda92e1181dacf297aa479e21ad-
kernel-headers-4.18.0-193.19.1.el8_2.x86_64.rpm4678cb69fee14c76c08e82c3c6edcbd3-
kernel-modules-4.18.0-193.19.1.el8_2.x86_64.rpmc7d02f88574959793d4918336e15ec98-
kernel-modules-extra-4.18.0-193.19.1.el8_2.x86_64.rpm16a82d3e4a557563172dde53abbbb61e-
kernel-tools-4.18.0-193.19.1.el8_2.x86_64.rpm1386f63185aba3b221f0423709d9d37b-
kernel-tools-libs-4.18.0-193.19.1.el8_2.x86_64.rpmce0014ddb62ea8d98b21b9f68fa1bd5f-
kernel-tools-libs-devel-4.18.0-193.19.1.el8_2.x86_64.rpm395eb8fc887af75ff11e7a5b7c70d418-
perf-4.18.0-193.19.1.el8_2.x86_64.rpm14f0267e8d234fee27830845581b0d99-
python3-perf-4.18.0-193.19.1.el8_2.x86_64.rpm6366ab560b01724a61586876a64df51d-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete