ELSA-2020-3218

ELSA-2020-3218 - kernel security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2020-07-30

Description


[4.18.0-193.14.3_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-193.14.3_2]
- Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713}

[4.18.0-193.14.2_2]
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

[4.18.0-193.14.1_2]
- [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975]
- [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975]
- [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975]
- [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975]
- [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975]
- [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775]
- [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980]


Related CVEs


CVE-2019-20908
CVE-2020-15780

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) kernel-4.18.0-193.14.3.el8_2.src.rpm02d359ea4f680a89a0f6c950cc675de3b5aa7c902e72e4342dd4ff83fc1d8f35-ol8_aarch64_baseos_latest
kernel-4.18.0-193.14.3.el8_2.src.rpm02d359ea4f680a89a0f6c950cc675de3b5aa7c902e72e4342dd4ff83fc1d8f35-ol8_aarch64_codeready_builder
kernel-4.18.0-193.14.3.el8_2.src.rpm02d359ea4f680a89a0f6c950cc675de3b5aa7c902e72e4342dd4ff83fc1d8f35-ol8_aarch64_u2_baseos_patch
bpftool-4.18.0-193.14.3.el8_2.aarch64.rpmfdab4d11d47a49cb790c64d6a8a8607bced6dad8e20ef7baef51fa5e84650c90-ol8_aarch64_baseos_latest
bpftool-4.18.0-193.14.3.el8_2.aarch64.rpmfdab4d11d47a49cb790c64d6a8a8607bced6dad8e20ef7baef51fa5e84650c90-ol8_aarch64_u2_baseos_patch
kernel-cross-headers-4.18.0-193.14.3.el8_2.aarch64.rpme01b52507b9729a6b9cf9be13fc42b9f2f579dff8e2be628463aa7edf189392d-ol8_aarch64_baseos_latest
kernel-cross-headers-4.18.0-193.14.3.el8_2.aarch64.rpme01b52507b9729a6b9cf9be13fc42b9f2f579dff8e2be628463aa7edf189392d-ol8_aarch64_u2_baseos_patch
kernel-headers-4.18.0-193.14.3.el8_2.aarch64.rpmd4d2239208ab4a4b90ee3761938b329b3ede24359562e6360fed13d9ecf51a64-ol8_aarch64_baseos_latest
kernel-headers-4.18.0-193.14.3.el8_2.aarch64.rpmd4d2239208ab4a4b90ee3761938b329b3ede24359562e6360fed13d9ecf51a64-ol8_aarch64_u2_baseos_patch
kernel-tools-4.18.0-193.14.3.el8_2.aarch64.rpm87ee0e727bf6ac1122f6a96d2d236af901e8a256da228725642c174216e8b48e-ol8_aarch64_baseos_latest
kernel-tools-4.18.0-193.14.3.el8_2.aarch64.rpm87ee0e727bf6ac1122f6a96d2d236af901e8a256da228725642c174216e8b48e-ol8_aarch64_u2_baseos_patch
kernel-tools-libs-4.18.0-193.14.3.el8_2.aarch64.rpmc82bda36f8e7cd4661363cb9f65f67ab281fae9791a1ae666d4affba59d0f8b0-ol8_aarch64_baseos_latest
kernel-tools-libs-4.18.0-193.14.3.el8_2.aarch64.rpmc82bda36f8e7cd4661363cb9f65f67ab281fae9791a1ae666d4affba59d0f8b0-ol8_aarch64_u2_baseos_patch
kernel-tools-libs-devel-4.18.0-193.14.3.el8_2.aarch64.rpmb69ccf4316d765cd442a6cbd8d038e784e1162f95e1d4e85cabc239360d89669-ol8_aarch64_codeready_builder
perf-4.18.0-193.14.3.el8_2.aarch64.rpmcf777c6847f75d15373ab4fa3b61e0871be8f92ade83d076ef7f0008816bdf5e-ol8_aarch64_baseos_latest
perf-4.18.0-193.14.3.el8_2.aarch64.rpmcf777c6847f75d15373ab4fa3b61e0871be8f92ade83d076ef7f0008816bdf5e-ol8_aarch64_u2_baseos_patch
python3-perf-4.18.0-193.14.3.el8_2.aarch64.rpm28fc937e2a97a0db22f0a3e1c935e4a8d027375d9a5c69762d215c053b224f41-ol8_aarch64_baseos_latest
python3-perf-4.18.0-193.14.3.el8_2.aarch64.rpm28fc937e2a97a0db22f0a3e1c935e4a8d027375d9a5c69762d215c053b224f41-ol8_aarch64_u2_baseos_patch
Oracle Linux 8 (x86_64) kernel-4.18.0-193.14.3.el8_2.src.rpm02d359ea4f680a89a0f6c950cc675de3b5aa7c902e72e4342dd4ff83fc1d8f35-ol8_x86_64_baseos_latest
kernel-4.18.0-193.14.3.el8_2.src.rpm02d359ea4f680a89a0f6c950cc675de3b5aa7c902e72e4342dd4ff83fc1d8f35-ol8_x86_64_codeready_builder
kernel-4.18.0-193.14.3.el8_2.src.rpm02d359ea4f680a89a0f6c950cc675de3b5aa7c902e72e4342dd4ff83fc1d8f35-ol8_x86_64_u2_baseos_patch
bpftool-4.18.0-193.14.3.el8_2.x86_64.rpmba77139661c71c36a5e2d85f635ce73dd5f96d8a0321f56a072b4b540256ffe5-ol8_x86_64_baseos_latest
bpftool-4.18.0-193.14.3.el8_2.x86_64.rpmba77139661c71c36a5e2d85f635ce73dd5f96d8a0321f56a072b4b540256ffe5-ol8_x86_64_u2_baseos_patch
kernel-4.18.0-193.14.3.el8_2.x86_64.rpm7020cff349ea40c80730ca99e732e46429ec0ba2d8106fbb90014a7130126180-ol8_x86_64_baseos_latest
kernel-4.18.0-193.14.3.el8_2.x86_64.rpm7020cff349ea40c80730ca99e732e46429ec0ba2d8106fbb90014a7130126180-ol8_x86_64_u2_baseos_patch
kernel-abi-whitelists-4.18.0-193.14.3.el8_2.noarch.rpmd6f0add28cc8531ba3e73c8e2f7476c82d6ed80f0cfa56eed3a077f795759c24-ol8_x86_64_baseos_latest
kernel-abi-whitelists-4.18.0-193.14.3.el8_2.noarch.rpmd6f0add28cc8531ba3e73c8e2f7476c82d6ed80f0cfa56eed3a077f795759c24-ol8_x86_64_u2_baseos_patch
kernel-core-4.18.0-193.14.3.el8_2.x86_64.rpmd35d9f2ace2fc927c177adb8c1ea283d90c2f4683e437aaffa0a60efc5775b15-ol8_x86_64_baseos_latest
kernel-core-4.18.0-193.14.3.el8_2.x86_64.rpmd35d9f2ace2fc927c177adb8c1ea283d90c2f4683e437aaffa0a60efc5775b15-ol8_x86_64_u2_baseos_patch
kernel-cross-headers-4.18.0-193.14.3.el8_2.x86_64.rpm469ca41ea3f1fb89b6bcddad37f608ee57d4d2f0444954505ed88becf11a560a-ol8_x86_64_baseos_latest
kernel-cross-headers-4.18.0-193.14.3.el8_2.x86_64.rpm469ca41ea3f1fb89b6bcddad37f608ee57d4d2f0444954505ed88becf11a560a-ol8_x86_64_u2_baseos_patch
kernel-debug-4.18.0-193.14.3.el8_2.x86_64.rpm18a0e46175cd687d7a968d1c1b255edb15f4f08a37f4fc6a2ef9184c7018d48f-ol8_x86_64_baseos_latest
kernel-debug-4.18.0-193.14.3.el8_2.x86_64.rpm18a0e46175cd687d7a968d1c1b255edb15f4f08a37f4fc6a2ef9184c7018d48f-ol8_x86_64_u2_baseos_patch
kernel-debug-core-4.18.0-193.14.3.el8_2.x86_64.rpm2f292f25aad8176fe985e1f74a7ba4171ba6802f09939108880cc928735994be-ol8_x86_64_baseos_latest
kernel-debug-core-4.18.0-193.14.3.el8_2.x86_64.rpm2f292f25aad8176fe985e1f74a7ba4171ba6802f09939108880cc928735994be-ol8_x86_64_u2_baseos_patch
kernel-debug-devel-4.18.0-193.14.3.el8_2.x86_64.rpm00ee3be5ec2f90bbad80f9f9df1a266321ca10f348bc00821f59efabd86123e8-ol8_x86_64_baseos_latest
kernel-debug-devel-4.18.0-193.14.3.el8_2.x86_64.rpm00ee3be5ec2f90bbad80f9f9df1a266321ca10f348bc00821f59efabd86123e8-ol8_x86_64_u2_baseos_patch
kernel-debug-modules-4.18.0-193.14.3.el8_2.x86_64.rpm5d6ad2ec5b6d2dd89b12fc8532768cd17341505e932f4e8238cc8479e68ba1a2-ol8_x86_64_baseos_latest
kernel-debug-modules-4.18.0-193.14.3.el8_2.x86_64.rpm5d6ad2ec5b6d2dd89b12fc8532768cd17341505e932f4e8238cc8479e68ba1a2-ol8_x86_64_u2_baseos_patch
kernel-debug-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm63ef79dbf77a7fec8a5dc96ef7dcd8fb2aa3a9e3312c657b81b5bd68eac1c7d6-ol8_x86_64_baseos_latest
kernel-debug-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm63ef79dbf77a7fec8a5dc96ef7dcd8fb2aa3a9e3312c657b81b5bd68eac1c7d6-ol8_x86_64_u2_baseos_patch
kernel-devel-4.18.0-193.14.3.el8_2.x86_64.rpm885ae73e60327999bae4e831730fe12745f2662ffbace2c3e5aebfdc5eae4587-ol8_x86_64_baseos_latest
kernel-devel-4.18.0-193.14.3.el8_2.x86_64.rpm885ae73e60327999bae4e831730fe12745f2662ffbace2c3e5aebfdc5eae4587-ol8_x86_64_u2_baseos_patch
kernel-doc-4.18.0-193.14.3.el8_2.noarch.rpm4fe611e9a17e72c45b4567f3e1cbee1103ca13b9ad960716676a349e59b766ae-ol8_x86_64_baseos_latest
kernel-doc-4.18.0-193.14.3.el8_2.noarch.rpm4fe611e9a17e72c45b4567f3e1cbee1103ca13b9ad960716676a349e59b766ae-ol8_x86_64_u2_baseos_patch
kernel-headers-4.18.0-193.14.3.el8_2.x86_64.rpm71a52b13924af89a05546fbcfcbb3f6b865d19a933e81520656fa097b4586838-ol8_x86_64_baseos_latest
kernel-headers-4.18.0-193.14.3.el8_2.x86_64.rpm71a52b13924af89a05546fbcfcbb3f6b865d19a933e81520656fa097b4586838-ol8_x86_64_u2_baseos_patch
kernel-modules-4.18.0-193.14.3.el8_2.x86_64.rpm52da4b8cea2b3946be8ffaac7746935aa1a0cb7a3d3794bc24c75fe628232f89-ol8_x86_64_baseos_latest
kernel-modules-4.18.0-193.14.3.el8_2.x86_64.rpm52da4b8cea2b3946be8ffaac7746935aa1a0cb7a3d3794bc24c75fe628232f89-ol8_x86_64_u2_baseos_patch
kernel-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm85ac41ea5b6f70d6e31523397802824768919117baf4e579ed019a54e019f50a-ol8_x86_64_baseos_latest
kernel-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm85ac41ea5b6f70d6e31523397802824768919117baf4e579ed019a54e019f50a-ol8_x86_64_u2_baseos_patch
kernel-tools-4.18.0-193.14.3.el8_2.x86_64.rpm910ff43db4f2bc74904ca03d616233484f08ca80eaebdc450c7a78e090d0e912-ol8_x86_64_baseos_latest
kernel-tools-4.18.0-193.14.3.el8_2.x86_64.rpm910ff43db4f2bc74904ca03d616233484f08ca80eaebdc450c7a78e090d0e912-ol8_x86_64_u2_baseos_patch
kernel-tools-libs-4.18.0-193.14.3.el8_2.x86_64.rpm7a7189f404e69d1fee0bb5d224a0c842c532fddee042bd4e49dba240e2cd2c0d-ol8_x86_64_baseos_latest
kernel-tools-libs-4.18.0-193.14.3.el8_2.x86_64.rpm7a7189f404e69d1fee0bb5d224a0c842c532fddee042bd4e49dba240e2cd2c0d-ol8_x86_64_u2_baseos_patch
kernel-tools-libs-devel-4.18.0-193.14.3.el8_2.x86_64.rpmac4312e94d92e039de643e4c54322d268c9e273d2342fd89de3367463d98a702-ol8_x86_64_codeready_builder
perf-4.18.0-193.14.3.el8_2.x86_64.rpmbc6b9b10bb70ee7c14a99994cb349e6001c9ac0f4f93f1965725a66e05484bb5-ol8_x86_64_baseos_latest
perf-4.18.0-193.14.3.el8_2.x86_64.rpmbc6b9b10bb70ee7c14a99994cb349e6001c9ac0f4f93f1965725a66e05484bb5-ol8_x86_64_u2_baseos_patch
python3-perf-4.18.0-193.14.3.el8_2.x86_64.rpm1a934330a418cac442f6027d198c4c60e6b15616b083fc1763e25672ab43a819-ol8_x86_64_baseos_latest
python3-perf-4.18.0-193.14.3.el8_2.x86_64.rpm1a934330a418cac442f6027d198c4c60e6b15616b083fc1763e25672ab43a819-ol8_x86_64_u2_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete