ELSA-2020-5473

ELSA-2020-5473 - kernel security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-12-17

Description

[4.18.0-240.8.1_3.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-240.8.1_3]
- [s390] s390/dasd: Fix zero write for FBA devices (Ming Lei) [1896787 1881760]
- [s390] mm/gup: fix gup_fast with dynamic page table folding (Philipp Rudo) [1896351 1883266]
- [netdrv] ibmveth: Identify ingress large send packets (Gustavo Duarte) [1896299 1887038]
- [netdrv] ibmveth: Switch order of ibmveth_helper calls (Gustavo Duarte) [1896299 1887038]

[4.18.0-240.7.1_3]
- [fs] writeback: Drop I_DIRTY_TIME_EXPIRE (Waiman Long) [1901547 1860031]
- [fs] writeback: Fix sync livelock due to b_dirty_time processing (Waiman Long) [1901547 1860031]
- [fs] writeback: Avoid skipping inode writeback (Waiman Long) [1901547 1860031]
- [fs] writeback: Protect inode->i_io_list with inode->i_lock (Waiman Long) [1901547 1860031]
- [fs] fs: Introduce DCACHE_DONTCACHE (Waiman Long) [1901547 1860031]
- [fs] fs: Lift XFS_IDONTCACHE to the VFS layer (Waiman Long) [1901547 1860031]
- [fs] dcache: sort the freeing-without-RCU-delay mess for good (Waiman Long) [1901547 1860031]
- [net] ip_tunnel_core: Fix build for archs without _HAVE_ARCH_IPV6_CSUM (Aaron Conole) [1885766 1849736]
- [tools] selftests: pmtu.sh: Add tests for UDP tunnels handled by Open vSwitch (Aaron Conole) [1885766 1849736]
- [tools] selftests: pmtu.sh: Add tests for bridged UDP tunnels (Aaron Conole) [1885766 1849736]
- [net] geneve: Support for PMTU discovery on directly bridged links (Aaron Conole) [1885766 1849736]
- [net] vxlan: Support for PMTU discovery on directly bridged links (Aaron Conole) [1885766 1849736]
- [net] tunnels: PMTU discovery support for directly bridged IP packets (Aaron Conole) [1885766 1849736]
- [net] ipv4: route: Ignore output interface in FIB lookup for PMTU route (Aaron Conole) [1885766 1849736]
- [netdrv] geneve: add transport ports in route lookup for geneve (Mark Gray) [1891818 1884481] {CVE-2020-25645}
- [kernel] PM: hibernate: Batch hibernate and resume IO requests (Lenny Szubowicz) [1894629 1868096]
- [md] dm: fix comment in __dm_suspend() (Mike Snitzer) [1890233 1881531]
- [md] dm: fold dm_process_bio() into dm_make_request() (Mike Snitzer) [1890233 1881531]
- [md] dm: fix missing imposition of queue_limits from dm_wq_work() thread (Mike Snitzer) [1890233 1881531]
- [md] dm: optimize max_io_len() by inlining max_io_len_target_boundary() (Mike Snitzer) [1890233 1881531]
- [md] dm: push md->immutable_target optimization down to __process_bio() (Mike Snitzer) [1890233 1881531]
- [md] dm: change max_io_len() to use blk_max_size_offset() (Mike Snitzer) [1890233 1881531]
- [md] dm table: stack 'chunk_sectors' limit to account for target-specific splitting (Mike Snitzer) [1890233 1881531]
- [block] block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [1890233 1881531]
- [block] block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [1890233 1881531]
- [md] dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [1890233 1881531]

[4.18.0-240.6.1_3]
- [arm64] paravirt: Initialize steal time when cpu is online (Andrew Jones) [1898758 1879137]
- [kvm] Revert 'x86/kvm: Move context tracking where it belongs' (Nitesh Narayan Lal) [1897716 1890284]
- [pci] hv: Fix hibernation in case interrupts are not re-created (Mohammed Gamal) [1896435 1846838]
- [hv] hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (Mohammed Gamal) [1896434 1876519]
- [netdrv] hv_netvsc: Cache the current data path to avoid duplicate call and message (Mohammed Gamal) [1896433 1876527]
- [netdrv] hv_netvsc: Switch the data path at the right time during hibernation (Mohammed Gamal) [1896433 1876527]
- [netdrv] hv_netvsc: Fix hibernation for mlx5 VF driver (Mohammed Gamal) [1896433 1876527]
- [tools] selftests/powerpc: Make alignment handler test P9N DD2.1 vector CI load workaround (Gustavo Duarte) [1897278 1887442]
- [powerpc] powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (Gustavo Duarte) [1897278 1887442]

[4.18.0-240.5.1_3]
- [crypto] crypto: testmgr - mark cts(cbc(aes)) as FIPS allowed (Vladis Dronov) [1886189 1855161]

[4.18.0-240.4.1_3]
- [kernel] sched/features: Fix !CONFIG_JUMP_LABEL case (Daniel Bristot de Oliveira) [1894073 1885850]

[4.18.0-240.3.1_3]
- [iommu] iommu/amd: Fix the overwritten field in IVMD header (Baoquan He) [1888113 1869148]
- [fs] xfs: trim IO to found COW extent limit (Eric Sandeen) [1886895 1882549]
- [char] random32: update the net random state on interrupt and activity (Donghai Qiao) [1888233 1867569] {CVE-2020-16166}
- [net] openvswitch: fixes crash if nf_conncount_init() fails (Eelco Chaudron) [1879935 1876445]

[4.18.0-240.2.1_3]
- [tools] selftests: rtnetlink: Test bridge enslavement with different parent IDs (Jonathan Toppins) [1886017 1860479]
- [tools] selftests: rtnetlink: correct the final return value for the test (Jonathan Toppins) [1886017 1860479]
- [net] Fix bridge enslavement failure (Jonathan Toppins) [1886017 1860479]
- [net] netfilter: conntrack: proc: rename stat column (Florian Westphal) [1882094 1875681]
- [net] netfilter: conntrack: add clash resolution stat counter (Florian Westphal) [1882094 1875681]
- [net] netfilter: conntrack: remove ignore stats (Florian Westphal) [1882094 1875681]
- [net] netfilter: conntrack: do not increment two error counters at same time (Florian Westphal) [1882094 1875681]
- [net] netfilter: conntrack: do not auto-delete clash entries on reply (Florian Westphal) [1882094 1875681]
- [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint (Alexey Klimov) [1880080 1877380]

Related CVEs

CVE-2020-16166

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	kernel-4.18.0-240.8.1.el8_3.src.rpm	378f5e1316475e2507e63a57fe5f857804cb86e3163a9487915d93f7d9409a35	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-240.8.1.el8_3.src.rpm	378f5e1316475e2507e63a57fe5f857804cb86e3163a9487915d93f7d9409a35	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-240.8.1.el8_3.src.rpm	378f5e1316475e2507e63a57fe5f857804cb86e3163a9487915d93f7d9409a35	-	ol8_aarch64_u3_baseos_patch
	bpftool-4.18.0-240.8.1.el8_3.aarch64.rpm	a6fbabadfc40d24b365903aaacfa524be1ff1eae6def14ba6b8a168cae06f2f5	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-240.8.1.el8_3.aarch64.rpm	a6fbabadfc40d24b365903aaacfa524be1ff1eae6def14ba6b8a168cae06f2f5	-	ol8_aarch64_u3_baseos_patch
	kernel-cross-headers-4.18.0-240.8.1.el8_3.aarch64.rpm	196d435254814062a7a3fb45e16526c0ca78a58ea6f4aa9319c833c3502a1546	-	ol8_aarch64_baseos_latest
	kernel-cross-headers-4.18.0-240.8.1.el8_3.aarch64.rpm	196d435254814062a7a3fb45e16526c0ca78a58ea6f4aa9319c833c3502a1546	-	ol8_aarch64_u3_baseos_patch
	kernel-headers-4.18.0-240.8.1.el8_3.aarch64.rpm	489efe1bef9593a4708598118d1ddc39945d079e9e74efc621e9981dd90d13fb	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-240.8.1.el8_3.aarch64.rpm	489efe1bef9593a4708598118d1ddc39945d079e9e74efc621e9981dd90d13fb	-	ol8_aarch64_u3_baseos_patch
	kernel-tools-4.18.0-240.8.1.el8_3.aarch64.rpm	887e5c9d23776ba0b19f9e0e1a34c5c5824c568157c87e0b7631a5be3d2a1d07	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-240.8.1.el8_3.aarch64.rpm	887e5c9d23776ba0b19f9e0e1a34c5c5824c568157c87e0b7631a5be3d2a1d07	-	ol8_aarch64_u3_baseos_patch
	kernel-tools-libs-4.18.0-240.8.1.el8_3.aarch64.rpm	6a9e6a701bff2c7cdcf0bdce43c777faa79cf3145fba334206c1756bc9870d07	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-240.8.1.el8_3.aarch64.rpm	6a9e6a701bff2c7cdcf0bdce43c777faa79cf3145fba334206c1756bc9870d07	-	ol8_aarch64_u3_baseos_patch
	kernel-tools-libs-devel-4.18.0-240.8.1.el8_3.aarch64.rpm	0035154ddbdf695f3fb79259416f0676c4a024fce74a75ba371661ed60e6f688	-	ol8_aarch64_codeready_builder
	perf-4.18.0-240.8.1.el8_3.aarch64.rpm	5d1d50f10120ffaa1f9a6678260f9a227d293bf308f6dd897e32e3e6c000cdea	-	ol8_aarch64_baseos_latest
	perf-4.18.0-240.8.1.el8_3.aarch64.rpm	5d1d50f10120ffaa1f9a6678260f9a227d293bf308f6dd897e32e3e6c000cdea	-	ol8_aarch64_u3_baseos_patch
	python3-perf-4.18.0-240.8.1.el8_3.aarch64.rpm	b66e6301fed9cd462f80e457a2f5e251c662c62739fca71b1277ce7423e4998d	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-240.8.1.el8_3.aarch64.rpm	b66e6301fed9cd462f80e457a2f5e251c662c62739fca71b1277ce7423e4998d	-	ol8_aarch64_u3_baseos_patch
Oracle Linux 8 (x86_64)	kernel-4.18.0-240.8.1.el8_3.src.rpm	378f5e1316475e2507e63a57fe5f857804cb86e3163a9487915d93f7d9409a35	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-240.8.1.el8_3.src.rpm	378f5e1316475e2507e63a57fe5f857804cb86e3163a9487915d93f7d9409a35	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-240.8.1.el8_3.src.rpm	378f5e1316475e2507e63a57fe5f857804cb86e3163a9487915d93f7d9409a35	-	ol8_x86_64_u3_baseos_patch
	bpftool-4.18.0-240.8.1.el8_3.x86_64.rpm	499e981e636277f5aad79bdd8fa0eee77aa4128af550646c8c8321a8638fbeb3	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-240.8.1.el8_3.x86_64.rpm	499e981e636277f5aad79bdd8fa0eee77aa4128af550646c8c8321a8638fbeb3	-	ol8_x86_64_u3_baseos_patch
	kernel-4.18.0-240.8.1.el8_3.x86_64.rpm	9aaafc68258046ab603b9feee95ba6645786864099224df8ace89d109c933658	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-240.8.1.el8_3.x86_64.rpm	9aaafc68258046ab603b9feee95ba6645786864099224df8ace89d109c933658	-	ol8_x86_64_u3_baseos_patch
	kernel-abi-whitelists-4.18.0-240.8.1.el8_3.noarch.rpm	6ba604547630cc1b3b320e9bf973c5cd2db57e9e814738f53324eef70d646086	-	ol8_x86_64_baseos_latest
	kernel-abi-whitelists-4.18.0-240.8.1.el8_3.noarch.rpm	6ba604547630cc1b3b320e9bf973c5cd2db57e9e814738f53324eef70d646086	-	ol8_x86_64_u3_baseos_patch
	kernel-core-4.18.0-240.8.1.el8_3.x86_64.rpm	fef558e3097dd77acda566c2ab76736eb1ce4cd1a3d418cb2566aec78124dbb9	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-240.8.1.el8_3.x86_64.rpm	fef558e3097dd77acda566c2ab76736eb1ce4cd1a3d418cb2566aec78124dbb9	-	ol8_x86_64_u3_baseos_patch
	kernel-cross-headers-4.18.0-240.8.1.el8_3.x86_64.rpm	5b72dd6b4cbf1c5848751efa03166f51b6c6783cc9c10e6bff8306d921b199dd	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-240.8.1.el8_3.x86_64.rpm	5b72dd6b4cbf1c5848751efa03166f51b6c6783cc9c10e6bff8306d921b199dd	-	ol8_x86_64_u3_baseos_patch
	kernel-debug-4.18.0-240.8.1.el8_3.x86_64.rpm	c9b825ef55e9a82f394eae20219c20da499309e44d88d809dcd010e13d349377	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-240.8.1.el8_3.x86_64.rpm	c9b825ef55e9a82f394eae20219c20da499309e44d88d809dcd010e13d349377	-	ol8_x86_64_u3_baseos_patch
	kernel-debug-core-4.18.0-240.8.1.el8_3.x86_64.rpm	7d5ad2649526bb58a21ae04ba2d174a59f822ce497936209dd84edb5eeefd28d	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-240.8.1.el8_3.x86_64.rpm	7d5ad2649526bb58a21ae04ba2d174a59f822ce497936209dd84edb5eeefd28d	-	ol8_x86_64_u3_baseos_patch
	kernel-debug-devel-4.18.0-240.8.1.el8_3.x86_64.rpm	9287ab07e81fd831af5dbd497f91df4c1e4102554bb48428f2d742a0685f2bf3	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-240.8.1.el8_3.x86_64.rpm	9287ab07e81fd831af5dbd497f91df4c1e4102554bb48428f2d742a0685f2bf3	-	ol8_x86_64_u3_baseos_patch
	kernel-debug-modules-4.18.0-240.8.1.el8_3.x86_64.rpm	23870979f0349aaa0e94946fe35d0c52964371d808a1acfe976ef0ffc0d2b77f	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-240.8.1.el8_3.x86_64.rpm	23870979f0349aaa0e94946fe35d0c52964371d808a1acfe976ef0ffc0d2b77f	-	ol8_x86_64_u3_baseos_patch
	kernel-debug-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm	c9325484651c8c00f86b93b6e62f5ebc98dad97a74afa8244d6d993d7ba1274d	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm	c9325484651c8c00f86b93b6e62f5ebc98dad97a74afa8244d6d993d7ba1274d	-	ol8_x86_64_u3_baseos_patch
	kernel-devel-4.18.0-240.8.1.el8_3.x86_64.rpm	aaea11622f0c41e215e05fea25e54f90ff17ae87b6be6752ed5497ce0adb247b	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-240.8.1.el8_3.x86_64.rpm	aaea11622f0c41e215e05fea25e54f90ff17ae87b6be6752ed5497ce0adb247b	-	ol8_x86_64_u3_baseos_patch
	kernel-doc-4.18.0-240.8.1.el8_3.noarch.rpm	f65d2e1334df00027df1ae967e1c87ce5bb49b3b205b47eff39ee897774fc0e5	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-240.8.1.el8_3.noarch.rpm	f65d2e1334df00027df1ae967e1c87ce5bb49b3b205b47eff39ee897774fc0e5	-	ol8_x86_64_u3_baseos_patch
	kernel-headers-4.18.0-240.8.1.el8_3.x86_64.rpm	41d2bf9e5b8e38a2111ac5217d13142b2aec9035798607ba07467180bcaccc69	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-240.8.1.el8_3.x86_64.rpm	41d2bf9e5b8e38a2111ac5217d13142b2aec9035798607ba07467180bcaccc69	-	ol8_x86_64_u3_baseos_patch
	kernel-modules-4.18.0-240.8.1.el8_3.x86_64.rpm	8b63b7ecc2965bfae16b50143f7735b40535547fecc766d048f8d9e7708df1a4	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-240.8.1.el8_3.x86_64.rpm	8b63b7ecc2965bfae16b50143f7735b40535547fecc766d048f8d9e7708df1a4	-	ol8_x86_64_u3_baseos_patch
	kernel-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm	dae0ad5e775f1a5b04ec87f62c3ab5e12de55e6c4400a6e646658291d5b805d8	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm	dae0ad5e775f1a5b04ec87f62c3ab5e12de55e6c4400a6e646658291d5b805d8	-	ol8_x86_64_u3_baseos_patch
	kernel-tools-4.18.0-240.8.1.el8_3.x86_64.rpm	f09bf1e078dd9a36e42d2413519333ca702663a83b77eca6763b9397fcd372eb	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-240.8.1.el8_3.x86_64.rpm	f09bf1e078dd9a36e42d2413519333ca702663a83b77eca6763b9397fcd372eb	-	ol8_x86_64_u3_baseos_patch
	kernel-tools-libs-4.18.0-240.8.1.el8_3.x86_64.rpm	9a798ccff8ed550716338cfa174e14c87725b89b1b798df3fefb8c1c5d627d78	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-240.8.1.el8_3.x86_64.rpm	9a798ccff8ed550716338cfa174e14c87725b89b1b798df3fefb8c1c5d627d78	-	ol8_x86_64_u3_baseos_patch
	kernel-tools-libs-devel-4.18.0-240.8.1.el8_3.x86_64.rpm	a8fd693b2ebd488c3b5b8db76de5a712551b2b84e5d84162072e1a43f4fc4b16	-	ol8_x86_64_codeready_builder
	perf-4.18.0-240.8.1.el8_3.x86_64.rpm	187fdb9698ffa403f2890a36805e8c726fa89a3d3b4b88a91af5833d9abe96a8	-	ol8_x86_64_baseos_latest
	perf-4.18.0-240.8.1.el8_3.x86_64.rpm	187fdb9698ffa403f2890a36805e8c726fa89a3d3b4b88a91af5833d9abe96a8	-	ol8_x86_64_u3_baseos_patch
	python3-perf-4.18.0-240.8.1.el8_3.x86_64.rpm	1cdec7cf324e5c66178bc49601e3d2ce3ec12dcc209014cf0f60b69bc31130e6	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-240.8.1.el8_3.x86_64.rpm	1cdec7cf324e5c66178bc49601e3d2ce3ec12dcc209014cf0f60b69bc31130e6	-	ol8_x86_64_u3_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team