ELSA-2020-3218

ELSA-2020-3218 - kernel security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2020-07-30

Description


[4.18.0-193.14.3_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-193.14.3_2]
- Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713}

[4.18.0-193.14.2_2]
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

[4.18.0-193.14.1_2]
- [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975]
- [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975]
- [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975]
- [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975]
- [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975]
- [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775]
- [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980]


Related CVEs


CVE-2019-20908
CVE-2020-15780

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-193.14.3.el8_2.src.rpma74ab4629036cf5fdf54e1b60609b95e-
bpftool-4.18.0-193.14.3.el8_2.aarch64.rpm5870c1894934164d474b45021baf0790-
kernel-cross-headers-4.18.0-193.14.3.el8_2.aarch64.rpm9641d51c8c9afcdae083dc0a97b2c237-
kernel-headers-4.18.0-193.14.3.el8_2.aarch64.rpm50a008bed867435a8db3bbd6561ecfe7-
kernel-tools-4.18.0-193.14.3.el8_2.aarch64.rpmbb05294dd5bdd970ffe73d59a70728e0-
kernel-tools-libs-4.18.0-193.14.3.el8_2.aarch64.rpm2c7cc8a267ca4281579bf39720f78b10-
perf-4.18.0-193.14.3.el8_2.aarch64.rpm25ee39a3bd2867bd804b89274724d8a2-
python3-perf-4.18.0-193.14.3.el8_2.aarch64.rpm08da628ee4fbffc49e36e6d496968b45-
Oracle Linux 8 (x86_64) kernel-4.18.0-193.14.3.el8_2.src.rpma74ab4629036cf5fdf54e1b60609b95e-
bpftool-4.18.0-193.14.3.el8_2.x86_64.rpm60c3ff0120aa1f9b201af4b4486bbe92-
kernel-4.18.0-193.14.3.el8_2.x86_64.rpm21a144fa6c5bdbc6128e680234f3f606-
kernel-abi-whitelists-4.18.0-193.14.3.el8_2.noarch.rpm288df2902f393fcff3e9467c23580110-
kernel-core-4.18.0-193.14.3.el8_2.x86_64.rpm02681a4e7ee169679d5a2761ba507a6a-
kernel-cross-headers-4.18.0-193.14.3.el8_2.x86_64.rpm95c539b8804c9815062ab3b45e426c20-
kernel-debug-4.18.0-193.14.3.el8_2.x86_64.rpmbb0afe314caac65cb5b1bb604ec87f12-
kernel-debug-core-4.18.0-193.14.3.el8_2.x86_64.rpm9651fcd798065b7b464279d105e60d76-
kernel-debug-devel-4.18.0-193.14.3.el8_2.x86_64.rpmfd32e424364cd13725585400bbb16945-
kernel-debug-modules-4.18.0-193.14.3.el8_2.x86_64.rpm91221d2ad4f30ec5ecec9813673feae5-
kernel-debug-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm674b03c6bb62c0c939237fe7483fff0a-
kernel-devel-4.18.0-193.14.3.el8_2.x86_64.rpme66a954769dd9baa7fb10c3cb48b737b-
kernel-doc-4.18.0-193.14.3.el8_2.noarch.rpmb185cc400711e6defce8caebbdc23781-
kernel-headers-4.18.0-193.14.3.el8_2.x86_64.rpmb860ffa246eec7bfde69a167b8110f57-
kernel-modules-4.18.0-193.14.3.el8_2.x86_64.rpm14a5649bb6ab94068f06c3fbc4b9f836-
kernel-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpme9946486a76a88a3be39a7e008847a1a-
kernel-tools-4.18.0-193.14.3.el8_2.x86_64.rpmdc0c3db57f1e0399f38d6475e35567ec-
kernel-tools-libs-4.18.0-193.14.3.el8_2.x86_64.rpmf8a7483a50c9bb101b715734e0a48be4-
kernel-tools-libs-devel-4.18.0-193.14.3.el8_2.x86_64.rpmdd33d0934c2812375694e67b95ebfee8-
perf-4.18.0-193.14.3.el8_2.x86_64.rpm6c073075ebcf1c8e9a2672c8dc3b3e1c-
python3-perf-4.18.0-193.14.3.el8_2.x86_64.rpm22ff7ecfb0b95c336095aa996450ee6d-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete