ELBA-2020-5954

ELBA-2020-5954 - conmon bug fix update

Type:BUG
Severity:NA
Release Date:2020-11-26

Description


conmon
[2.0.20-3]
- Add symlink for conmon under bin dir to satisfy latest podman

[2.0.20-2]
- Update for building OL8 RPMs.

[2.0.20-1]
- Added build scripts

conmon
[3:2.0.21-3]
- Define a epoch

[2.0.21-3]
- Provides symlink for /usr/bin/conmon

[2.0.21-2]
- Update for building OL8 RPMs.

[2.0.21-1]
- Added build scripts

coredns
[1.6.7-1]
- Added Oracle specific build files

cri-o
[1.18.3-4]
- Use conmon with epoch for OLCNE

[1.18.3-3]
- Update conmon to 2.0.21-3

[1.18.3-2]
- Pinned down the 2.0.21-1.el8 to avaid the conflict with 2.0.15-1.0.1.el7_8 (ol7_developer)

[1.18.3-1]
- Added Oracle Specifile Files for cri-o

cri-tools
[1.18.0-1]
- Added Oracle Specific Build Files for cri-tools

etcd
[3.4.3-1.0.4]
- bump version to support the release of ol8 image

[3.4.3-1.0.3]
- support building on ol8

[3.4.3-1.0.2]
- Address CVE-2020-16845

[3.4.3-1.0.1]
- Added Oracle specific build files

flannel
[0.10.0-2.1.12]
- Address CVE-2020-16845

[0.10.0-2.1.11]
- Resize flannel image

[0.10.0-2.1.10]
- Fix image location

[0.10.0-2.1.9]
flannel
[0.11.0-4]
- add ol8 support

[0.11.0-3]
- Added THIRD_PARTY_LICENSES.txt

[0.11.0-2]
- CVE-2019-16276 fix (bumpup golang to 1.12.10)

[0.11.0-1]
- Release of flannel-0.11.0-1

flannel
[0.12.0-1]
- Release of flannel-0.12.0-1

grafana
[6.7.4-1.0.4]
- bump version to support the release of ol8 image

[6.7.4-1.0.3]
- Add OL8 Build Template

[6.7.4-1.0.2]
- Address CVE-2020-16845

[6.7.4-1.0.1]
- Added Oracle Specific Build Files for grafana

helm
[3.3.4-1]
- Added Oracle Specific build Files

istio
istio-envoy
[1.7.3-1.0.1]
- Added Oracle specific files

istio-proxy
kata
[1.11.3-4]
- Use kernel-uek-container-5.4.17-2036.100.6.1

[1.11.3-3]
- Bump OL8 qemu-kvm-min

[1.11.3-2]
- Added OL8 changes

[1.11.3-1]
- Update to kata 1.11.3

kata-agent
[1.11.3-3]
- Fix kata-image build

[1.11.3-2]
- Added OL8 build changes

[1.11.3-1]
- Added Oracle Specific Build Files for kata-agent

kata-image
[1.11.3-3]
- Fix kata-image build

[1.11.3-2]
- Added OL8 build changes

[1.11.3-1]
- Added Oracle Specific Build Files for kata-image

kata-ksm-throttler
[1.11.3-2]
- Added OL8 changes

[1.11.3-1]
- Added Oracle Specific Build Files for kata-ksm-throttler

kata-proxy
[1.11.3-2]
- Added OL8 changes

[1.11.3-1]
- Added Oracle Specific Build Files for kata-proxy

kata-runtime
[1.11.3-3]
- DEFAULT_QEMU for OL8

[1.11.3-2]
- Added OL8 changes

[1.11.3-1]
- Added Oracle Specific Files For kata-runtime

kata-shim
[1.11.3-2]
- Added OL8 changes

[1.11.3-1]
- Added Oracle Specific Build Files for kata-shim

kernel-uek-container
[5.4.17-2036.100.6.1.el8]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:
32040802] {CVE-2020-8694} {CVE-2020-8695}

[5.4.17-2036.100.6.el8]
- KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152}
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339]
- x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]

[5.4.17-2036.100.5.el8]
- uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114]
- uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}
- dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688]
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}
- nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181]
- KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433]
- cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221]
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}
- bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051]
- bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051]
- bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051]
- bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051]
- bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: Convert pr_ uses to a more typical style (Joe Perches) [Orabug: 30210051]
- bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051]
- bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051]
- bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051]
- bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051]
- bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051]
- bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051]
- bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051]
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051]
- bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051]
- bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051]
- bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051]
- bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051]
- bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051]
- bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051]
- bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051]
- bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051]
- bcache: dont export symbols (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051]
- bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051]
- bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051]
- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051]
- bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051]
- bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051]
- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969]
- PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596]
- kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906]
- kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906]
- x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906]
- x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906]
- block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023]
- block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023]
- dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023]
- dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}

kubernetes
[1.18.10-2]
- Patch Corefile correctly during coreDNS upgrade from older version

[1.18.10-1]
- Added Oracle specific build files for Kubernetes

kubernetes-cni
[0.8.0-2]
- Changes to support OL8 builds

[0.8.0-1]
- Added Oracle specific build files for Kubernetes CNI

kubernetes-cni-plugins
[0.8.7-1]
- Added Oracle specific build files for Kubernetes CNI Plugins

kubernetes-dashboard
[2.0.3-1]
- Added Oracle Specific Build Files for kubernetes-dashboard

libgcrypt
[1.8.5-4]
- add PBKDF2 selftest for FIPS POST

[1.8.5-3]
- new upstream version 1.8.5
- AES performance improvements backported from master branch
- FIPS module is implicit with kernel FIPS flag
- always run the FIPS selftests if FIPS module is installed

[1.8.3-4]
- improve the continuous FIPS entropy test

[1.8.3-3]
- add CMAC selftest for FIPS POST
- add continuous FIPS entropy test
- disable non-approved FIPS hashes in the enforced FIPS mode

[1.8.3-2]
- make only_urandom a default in non-presence of configuration file
- run the full FIPS selftests only when the library is called from
application

[1.8.3-1]
- new upstream version 1.8.3

[1.8.2-2]
- fix behavior when getrandom syscall is not present (#1542453)

[1.8.2-1]
- new upstream version 1.8.2

[1.8.1-3]
- do not try to access() /dev/urandom either if getrandom() works

[1.8.1-2]
- do not try to open /dev/urandom if getrandom() works (#1380866)

[1.8.1-1]
- new upstream version 1.8.1

[1.8.0-1]
- new upstream version 1.8.0

[1.7.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1.7.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1.7.8-1]
- new upstream version 1.7.8

[1.7.7-1]
- new upstream version 1.7.7
- GOST is now enabled

[1.7.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[1.7.6-1]
- new upstream version 1.7.6

[1.7.5-1]
- new upstream version 1.7.5

[1.7.3-1]
- new upstream version 1.7.3

[1.6.6-1]
- new upstream version with important security fix (CVE-2016-6316)

[1.6.5-1]
- new upstream version fixing low impact issue CVE-2015-7511

[1.6.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[1.6.4-1]
- new upstream version

[1.6.3-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[1.6.3-4]
- deinitialize the RNG after the selftest is run

[1.6.3-3]
- touch only urandom in the selftest and when /dev/random is
unavailable for example by SELinux confinement
- fix the RSA selftest key (p q swap) (#1204517)

[1.6.3-2]
- do not use strict aliasing for bufhelp functions (#1201219)

[1.6.3-1]
- new upstream version

[1.6.2-4]
- do not initialize secure memory during the selftest (#1195850)

[1.6.2-3]
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

[1.6.2-2]
- fix buildability of programs using gcrypt.h with -ansi (#1182200)

[1.6.2-1]
- new upstream version

[1.6.1-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[1.6.1-6]
- fix license handling

[1.6.1-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[1.6.1-4]
- Re-enable below algos, apply patch from upstream list to make
that code -fPIC friendly. (rhbz#1069792)

[1.6.1-3]
- Disable rijndael, cast5, camellia ARM assembly, as its non-PIC as
presently written, which results in .text relocations in the shared
library. (rhbz#1069792)

[1.6.1-2]
- drop the temporary compat shared library version
- fix the soname version in -use-fipscheck.patch

[1.6.1-1]
- new upstream version breaking ABI compatibility
- this release temporarily includes old compatibility .so

[1.5.3-3]
- add back the nistp521r1 EC curve
- fix a bug in the Whirlpool hash implementation
- speed up the PBKDF2 computation

[1.5.3-2]
- add cleared ECC support

[1.5.3-1]
- new upstream version fixing cache side-channel attack on RSA private keys

[1.5.2-3]
- silence false error detected by valgrind (#968288)

[1.5.2-2]
- silence strict aliasing warning in Rijndael
- apply UsrMove
- spec file cleanups

[1.5.2-1]
- new upstream version

[1.5.1-1]
- new upstream version

[1.5.0-11]
- use poll() instead of select() when gathering randomness (#913773)

[1.5.0-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[1.5.0-9]
- allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)

[1.5.0-8]
- fix multilib conflict in libgcrypt-config
- fix minor memory leaks and other bugs found by Coverity scan

[1.5.0-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1.5.0-5]
- Correctly rebuild the info documentation

[1.5.0-4]
- Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command

[1.5.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[1.5.0-2]
- Rebuilt for rpm bug #728707

[1.5.0-1]
- new upstream version

[1.4.6-4]
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed

[1.4.6-3]
- Make the FIPS-186-3 DSA implementation CAVS testable
- add configurable source of RNG seed /etc/gcrypt/rngseed
in the FIPS mode (#700388)

[1.4.6-1]
- new upstream version with minor changes

[1.4.5-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[1.4.5-6]
- fix a bug in the fips-186-3 dsa parameter generation code

[1.4.5-5]
- use /dev/urandom for seeding in the FIPS mode
- make the tests to pass in the FIPS mode also fixing
the FIPS-186-3 DSA keygen

[1.4.5-4]
- FTBFS libgcrypt-1.4.5-3.fc13: ImplicitDSOLinking (#564973)

[1.4.5-3]
- drop the S390 build workaround as it is no longer needed
- additional spec file cleanups for merge review (#226008)

[1.4.5-1]
- workaround for build on S390 (#548825)
- spec file cleanups
- upgrade to new minor upstream release

[1.4.4-8]
- fix warning when installed with --excludedocs (#515961)

[1.4.4-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[1.4.4-6]
- and now really apply the padlock patch

[1.4.4-5]
- fix VIA padlock RNG inline assembly call (#505724)

[1.4.4-4]
- with the integrity verification check the library needs to link to libdl
(#488702)

[1.4.4-3]
- add hmac FIPS integrity verification check

[1.4.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

[1.4.4-1]
- update to 1.4.4
- do not abort when the fips mode kernel flag is inaccessible
due to permissions (#470219)
- hobble the library to drop the ECC support

[1.4.3-2]
- disable asm on sparc64

[1.4.3-1]
- update to 1.4.3
- own /etc/gcrypt

* Mon Sep 15 2008 Nalin Dahyabhai
- invoke make with %{?_smp_mflags} to build faster on multi-processor
systems (Steve Grubb)

[1.4.2-1]
- update to 1.4.2

[1.4.1-1]
- update to 1.4.1
- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced
by the configure script

[1.4.0-3]
- add patch from upstream to fix severe performance regression
in entropy gathering

[1.4.0-2]
- Autorebuild for GCC 4.3

[1.4.0-1]
- update to 1.4.0

[1.2.4-6]
- use ldconfig to build the soname symlink for packaging along with the
shared library (#334731)

[1.2.4-5]
- add missing gawk buildrequirement
- switch from explicitly specifying the /dev/random RNG to just verifying
that the non-LGPL ones were disabled by the configure script

[1.2.4-4]
- clarify license
- force use of the linux /dev/random RNG, to avoid accidentally falling back
to others which would affect the license of the resulting library

[1.2.4-3]
- disable static libraries (part of #249815)

[1.2.4-2]
- move libgcrypt shared library to /%{_lib} (#249815)

[1.2.4-1]
- update to 1.2.4

[1.2.3-2]
- make use of install-info more failsafe (Ville Skytta, #223705)

[1.2.3-1]
- update to 1.2.3

[1.2.2-3.1]
- rebuild

[1.2.2-3]
- Added missing buildreq pkgconfig

[1.2.2-2]
- remove file conflicts in libgcrypt-config by making the 64-bit version
think the libraries are in /usr/lib (which is wrong, but which it also
prunes from the suggest --libs output, so no harm done, hopefully)

[1.2.2-1.2.1]
- bump again for double-long bug on ppc(64)

[1.2.2-1.2]
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating
- rebuilt

[1.2.2-1]
- update to 1.2.2

[1.2.1-1]
- update to 1.2.1

* Fri Jul 30 2004 Florian La Roche
- another try to package the symlink

* Tue Jun 15 2004 Elliot Lee
- rebuilt

[1.2.0-1]
- update to official 1.2.0

[1.1.94-1]
- update to 1.1.94

* Tue Mar 02 2004 Elliot Lee
- rebuilt

* Sat Feb 21 2004 Florian La Roche
- add symlinks to shared libs at compile time

* Fri Feb 13 2004 Elliot Lee
- rebuilt

* Wed Jun 04 2003 Elliot Lee
- rebuilt

[1.1.12-1]
- upgrade to 1.1.12 (beta).

* Fri Jun 21 2002 Tim Powers
- automated rebuild

* Sun May 26 2002 Tim Powers
- automated rebuild

* Tue May 21 2002 Jeff Johnson
- update to 1.1.7
- change license to LGPL.
- include splint annotations patch.
- install info pages.

[1.1.6-1]
- update to 1.1.6

[1.1.5-1]
- fix the Source tag so that its a real URL

* Thu Dec 20 2001 Nalin Dahyabhai
- initial package

olcne-selinux
olcne
[1.2.0-3]
- Fix keepalived version pin down issue

[1.2.0-2]
- Fix an issue where removing nodes from a Kubernetes cluster would improperly edit the crio.conf file on the remaining nodes

[1.2.0-1]
- Add support for Oracle Linux 8
- Include Kubernetes 1.18.10
- Include Helm 3.3.4
- Include Istio 1.7.3
- Add support for SELinux enforcing mode
- Enable configuration of TLS parameters for Kubernetes and OLCNE Platform components
- Allow Kubernetes worker nodes to be deployed behind NAT
- Enable using FIPS-compliant OpenSSL cryptography when running in FIPS mode on Oracle Linux 8

prometheus
qemu-kvm
[15:4.2.1-3.el8]
- qemu-kvm.spec: Install block storage module RPMs by default

sgabios
[1:0.20170427git-3]
- Rebuild all virt packages to fix RHELs upgrade path
- Resolves: rhbz#1695587
(Ensure modular RPM upgrade path)

yq
[3.4.0-1]
- Added Oracle specific build files




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete