Stay Connected:

ELSA-2021-2570

ELSA-2021-2570 - kernel security and bug fix update

Type:SECURITY
Impact:IMPORTANT
Release Date:2021-07-01

Description


[4.18.0-305.7.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.7.1_4]
- net: zero-initialize tc skb extension on allocation (Ivan Vecera) [1965457 1946986]
- net/sched: cls_flower: fix only mask bit check in the validate_ct_state (Ivan Vecera) [1965457 1946986]
- net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (Ivan Vecera) [1965457 1946986]
- net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct (Ivan Vecera) [1965457 1946986]
- net/sched: cls_flower: validate ct_state for invalid and reply flags (Ivan Vecera) [1965457 1946986]
- flow_dissector: fix TTL and TOS dissection on IPv4 fragments (Paolo Abeni) [1963952 1950288]
- Revert 'sctp: Fix SHUTDOWN CTSN Ack in the peer restart case' (Xin Long) [1965632 1953839]
- sctp: do asoc update earlier in sctp_sf_do_dupcook_b (Xin Long) [1965632 1953839]
- sctp: do asoc update earlier in sctp_sf_do_dupcook_a (Xin Long) [1965632 1953839]
- Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962544 1962546] {CVE-2021-33034}
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Disable all PV features on crash (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Disable kvmclock on all CPUs on shutdown (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Teardown PV features on boot CPU as well (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Fix pr_info() for async PF setup/teardown (Lenny Szubowicz) [1964930 1934273]
- net/sched: act_ct: Fix ct template allocation for zone 0 (Marcelo Ricardo Leitner) [1965150 1881824]

[4.18.0-305.6.1_4]
- openvswitch: fix stack OOB read while fragmenting IPv4 packets (Davide Caratti) [1963940 1924608]
- net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets (Davide Caratti) [1963940 1924608]
- net/sched: act_ct: fix wild memory access when clearing fragments (Davide Caratti) [1963940 1924608]
- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT (Ivan Vecera)
- redhat/configs: Add CONFIG_SYSTEM_REVOCATION_KEYS and CONFIG_SYSTEM_REVOCATION_LIST (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: add 'x509_revocation_list' to gitignore (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- integrity: Load mokx variables into the blacklist keyring (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: Add ability to preload revocation certs (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: Move load_system_certificate_list to a common function (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- net/sched: cls_api: increase max_reclassify_loop (Davide Caratti) [1965148 1955136]
- dm writecache: fix performance degradation in ssd mode (Mike Snitzer) [1962241 1961859]
- scsi: fnic: Use scsi_host_busy_iter() to traverse commands (Ewan D. Milne) [1961705 1949250]
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (Ewan D. Milne) [1961705 1949250]

[4.18.0-305.5.1_4]
- gfs2: report 'already frozen/thawed' errors (Bob Peterson) [1961849 1932236]
- gfs2: move freeze glock outside the make_fs_rw and _ro functions (Bob Peterson) [1961849 1932236]
- gfs2: Add common helper for holding and releasing the freeze glock (Bob Peterson) [1961849 1932236]
- gfs2: in signal_our_withdraw wait for unfreeze of _this_ fs only (Bob Peterson) [1961849 1932236]
- gfs2: Don't freeze the file system during unmount (Bob Peterson) [1961849 1932236]
- gfs2: Fix regression in freeze_go_sync (Bob Peterson) [1961849 1932236]
- gfs2: The freeze glock should never be frozen (Bob Peterson) [1961849 1932236]
- gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE (Bob Peterson) [1961849 1932236]
- gfs2: read-only mounts should grab the sd_freeze_gl glock (Bob Peterson) [1961849 1932236]
- gfs2: freeze should work on read-only mounts (Bob Peterson) [1961849 1932236]
- gfs2: Abort gfs2_freeze if io error is seen (Bob Peterson) [1961849 1932236]
- CI: Disable result checking for realtime check (Veronika Kabatova)
- CI: Explicitly disable result checking for private CI (Veronika Kabatova)
- CI: Rename variable (Veronika Kabatova)
- CI: Update builder containers (Veronika Kabatova)

[4.18.0-305.4.1_4]
- vmxnet3: Set the default of vxlan overlay offload to disabled (Cathy Avery) [1960702 1941714]


Related CVEs


CVE-2020-26541
CVE-2021-33034

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) kernel-4.18.0-305.7.1.el8_4.src.rpm1a17b782a4a9f7ae64d3bae99afa9e37e4786408c6c8f7a81328612147746f95-ol8_aarch64_baseos_latest
kernel-4.18.0-305.7.1.el8_4.src.rpm1a17b782a4a9f7ae64d3bae99afa9e37e4786408c6c8f7a81328612147746f95-ol8_aarch64_codeready_builder
kernel-4.18.0-305.7.1.el8_4.src.rpm1a17b782a4a9f7ae64d3bae99afa9e37e4786408c6c8f7a81328612147746f95-ol8_aarch64_u4_baseos_patch
bpftool-4.18.0-305.7.1.el8_4.aarch64.rpmdaf549d426faf4a9ea048209a202ed1f6304e7840f39dee64514a0107e5528f3-ol8_aarch64_baseos_latest
bpftool-4.18.0-305.7.1.el8_4.aarch64.rpmdaf549d426faf4a9ea048209a202ed1f6304e7840f39dee64514a0107e5528f3-ol8_aarch64_u4_baseos_patch
kernel-cross-headers-4.18.0-305.7.1.el8_4.aarch64.rpm1e95cb5b1bb62912db28e7a5786416d0796dcd63aca749506aa0ed7213948b8f-ol8_aarch64_baseos_latest
kernel-cross-headers-4.18.0-305.7.1.el8_4.aarch64.rpm1e95cb5b1bb62912db28e7a5786416d0796dcd63aca749506aa0ed7213948b8f-ol8_aarch64_u4_baseos_patch
kernel-headers-4.18.0-305.7.1.el8_4.aarch64.rpm7f4b3296b256a0347e3fd743de1c8e6b729955c96b94a25de3d194fefde2671c-ol8_aarch64_baseos_latest
kernel-headers-4.18.0-305.7.1.el8_4.aarch64.rpm7f4b3296b256a0347e3fd743de1c8e6b729955c96b94a25de3d194fefde2671c-ol8_aarch64_u4_baseos_patch
kernel-tools-4.18.0-305.7.1.el8_4.aarch64.rpm12570f81c45283caa6ef2918d528d07827748c1eb66a50a7b61e492df8766efd-ol8_aarch64_baseos_latest
kernel-tools-4.18.0-305.7.1.el8_4.aarch64.rpm12570f81c45283caa6ef2918d528d07827748c1eb66a50a7b61e492df8766efd-ol8_aarch64_u4_baseos_patch
kernel-tools-libs-4.18.0-305.7.1.el8_4.aarch64.rpm7ef515def1b4c96196b7597b38091ebb2e70f65b135518203569efe3d87965a0-ol8_aarch64_baseos_latest
kernel-tools-libs-4.18.0-305.7.1.el8_4.aarch64.rpm7ef515def1b4c96196b7597b38091ebb2e70f65b135518203569efe3d87965a0-ol8_aarch64_u4_baseos_patch
kernel-tools-libs-devel-4.18.0-305.7.1.el8_4.aarch64.rpmb582981486587eba78aa640c260a3505c1179ae19ccb4a835a5bed8e1f3d6fc0-ol8_aarch64_codeready_builder
perf-4.18.0-305.7.1.el8_4.aarch64.rpm93907bfe6e321ba4c408a139c97dd3ca1dd08e1746de848a4a4ab3ee5b252f58-ol8_aarch64_baseos_latest
perf-4.18.0-305.7.1.el8_4.aarch64.rpm93907bfe6e321ba4c408a139c97dd3ca1dd08e1746de848a4a4ab3ee5b252f58-ol8_aarch64_u4_baseos_patch
python3-perf-4.18.0-305.7.1.el8_4.aarch64.rpm466e9a2ced454fece2c0c4ef11c9256202ae22d50b258533800e3fd376f96583-ol8_aarch64_baseos_latest
python3-perf-4.18.0-305.7.1.el8_4.aarch64.rpm466e9a2ced454fece2c0c4ef11c9256202ae22d50b258533800e3fd376f96583-ol8_aarch64_u4_baseos_patch
Oracle Linux 8 (x86_64) kernel-4.18.0-305.7.1.el8_4.src.rpm1a17b782a4a9f7ae64d3bae99afa9e37e4786408c6c8f7a81328612147746f95-ol8_x86_64_baseos_latest
kernel-4.18.0-305.7.1.el8_4.src.rpm1a17b782a4a9f7ae64d3bae99afa9e37e4786408c6c8f7a81328612147746f95-ol8_x86_64_codeready_builder
kernel-4.18.0-305.7.1.el8_4.src.rpm1a17b782a4a9f7ae64d3bae99afa9e37e4786408c6c8f7a81328612147746f95-ol8_x86_64_u4_baseos_patch
bpftool-4.18.0-305.7.1.el8_4.x86_64.rpm1772f9e830419bd7a7ecfcf265e0cc101312c41c9c952c054f67fa54a429f879-ol8_x86_64_baseos_latest
bpftool-4.18.0-305.7.1.el8_4.x86_64.rpm1772f9e830419bd7a7ecfcf265e0cc101312c41c9c952c054f67fa54a429f879-ol8_x86_64_u4_baseos_patch
kernel-4.18.0-305.7.1.el8_4.x86_64.rpm5b6be0ea1cc4b414e9a4fbcba86354193f05b9c7908b3fbe186c7fe1bb31780b-ol8_x86_64_baseos_latest
kernel-4.18.0-305.7.1.el8_4.x86_64.rpm5b6be0ea1cc4b414e9a4fbcba86354193f05b9c7908b3fbe186c7fe1bb31780b-ol8_x86_64_u4_baseos_patch
kernel-abi-stablelists-4.18.0-305.7.1.el8_4.noarch.rpm175298896fc91d936f2c1341c5589b7a80caf4ca6a65e5a536e1759360e8d2ad-ol8_x86_64_baseos_latest
kernel-abi-stablelists-4.18.0-305.7.1.el8_4.noarch.rpm175298896fc91d936f2c1341c5589b7a80caf4ca6a65e5a536e1759360e8d2ad-ol8_x86_64_u4_baseos_patch
kernel-core-4.18.0-305.7.1.el8_4.x86_64.rpm9c9d25892383fe030f46fec35cc6ae0cd9f4d377d9066a38411c522e7952763d-ol8_x86_64_baseos_latest
kernel-core-4.18.0-305.7.1.el8_4.x86_64.rpm9c9d25892383fe030f46fec35cc6ae0cd9f4d377d9066a38411c522e7952763d-ol8_x86_64_u4_baseos_patch
kernel-cross-headers-4.18.0-305.7.1.el8_4.x86_64.rpm472863f113b8931cdd4d7e1b8996291592aa21b5c66b41eab2a178432b3e4a24-ol8_x86_64_baseos_latest
kernel-cross-headers-4.18.0-305.7.1.el8_4.x86_64.rpm472863f113b8931cdd4d7e1b8996291592aa21b5c66b41eab2a178432b3e4a24-ol8_x86_64_u4_baseos_patch
kernel-debug-4.18.0-305.7.1.el8_4.x86_64.rpm5ca96fb1bc40190a1db3755ff0afc513ebd2d5cbc065e540be0d60163771a44a-ol8_x86_64_baseos_latest
kernel-debug-4.18.0-305.7.1.el8_4.x86_64.rpm5ca96fb1bc40190a1db3755ff0afc513ebd2d5cbc065e540be0d60163771a44a-ol8_x86_64_u4_baseos_patch
kernel-debug-core-4.18.0-305.7.1.el8_4.x86_64.rpmfc965051d94d86b794dfa1a346b31cb909cef6408c54ac2af81646b0d27b6be8-ol8_x86_64_baseos_latest
kernel-debug-core-4.18.0-305.7.1.el8_4.x86_64.rpmfc965051d94d86b794dfa1a346b31cb909cef6408c54ac2af81646b0d27b6be8-ol8_x86_64_u4_baseos_patch
kernel-debug-devel-4.18.0-305.7.1.el8_4.x86_64.rpm2af1daeb493b407ede1ff25256754c3ec5b1674c5570c49ff0a246a0ab3be1ec-ol8_x86_64_baseos_latest
kernel-debug-devel-4.18.0-305.7.1.el8_4.x86_64.rpm2af1daeb493b407ede1ff25256754c3ec5b1674c5570c49ff0a246a0ab3be1ec-ol8_x86_64_u4_baseos_patch
kernel-debug-modules-4.18.0-305.7.1.el8_4.x86_64.rpm91d5198b43e40fbf372c89ecf41f04e1065ccf872852ee4b36dff4ad4fe24300-ol8_x86_64_baseos_latest
kernel-debug-modules-4.18.0-305.7.1.el8_4.x86_64.rpm91d5198b43e40fbf372c89ecf41f04e1065ccf872852ee4b36dff4ad4fe24300-ol8_x86_64_u4_baseos_patch
kernel-debug-modules-extra-4.18.0-305.7.1.el8_4.x86_64.rpm639446dfb78722509ad89fb6bacb9f26803fbedd1af0b5623f575e9fe28a0c52-ol8_x86_64_baseos_latest
kernel-debug-modules-extra-4.18.0-305.7.1.el8_4.x86_64.rpm639446dfb78722509ad89fb6bacb9f26803fbedd1af0b5623f575e9fe28a0c52-ol8_x86_64_u4_baseos_patch
kernel-devel-4.18.0-305.7.1.el8_4.x86_64.rpm079f6b7abf6a957b6474025a48da79589199d833ef877829f9f8d40d663e56f2-ol8_x86_64_baseos_latest
kernel-devel-4.18.0-305.7.1.el8_4.x86_64.rpm079f6b7abf6a957b6474025a48da79589199d833ef877829f9f8d40d663e56f2-ol8_x86_64_u4_baseos_patch
kernel-doc-4.18.0-305.7.1.el8_4.noarch.rpm15be56f17d54e7aa11644c2ef2b48fe6c7c6d3659a683930b717ffad7d543161-ol8_x86_64_baseos_latest
kernel-doc-4.18.0-305.7.1.el8_4.noarch.rpm15be56f17d54e7aa11644c2ef2b48fe6c7c6d3659a683930b717ffad7d543161-ol8_x86_64_u4_baseos_patch
kernel-headers-4.18.0-305.7.1.el8_4.x86_64.rpmb9ae529b1701006f1c4dde855705dad272c3abadeefee9cbcef440f09c6022ae-ol8_x86_64_baseos_latest
kernel-headers-4.18.0-305.7.1.el8_4.x86_64.rpmb9ae529b1701006f1c4dde855705dad272c3abadeefee9cbcef440f09c6022ae-ol8_x86_64_u4_baseos_patch
kernel-modules-4.18.0-305.7.1.el8_4.x86_64.rpm065c261186d6f574990152a1369f3149ca88a7fd2256901b0141d0717388a605-ol8_x86_64_baseos_latest
kernel-modules-4.18.0-305.7.1.el8_4.x86_64.rpm065c261186d6f574990152a1369f3149ca88a7fd2256901b0141d0717388a605-ol8_x86_64_u4_baseos_patch
kernel-modules-extra-4.18.0-305.7.1.el8_4.x86_64.rpm8417dff508e2998a9e62e26e31ec283ab68edc32574cad3b5630f62cffccbe43-ol8_x86_64_baseos_latest
kernel-modules-extra-4.18.0-305.7.1.el8_4.x86_64.rpm8417dff508e2998a9e62e26e31ec283ab68edc32574cad3b5630f62cffccbe43-ol8_x86_64_u4_baseos_patch
kernel-tools-4.18.0-305.7.1.el8_4.x86_64.rpm3533cac12e254218171846b875b79b5222024a12022d8a28e25e48652fc2fef2-ol8_x86_64_baseos_latest
kernel-tools-4.18.0-305.7.1.el8_4.x86_64.rpm3533cac12e254218171846b875b79b5222024a12022d8a28e25e48652fc2fef2-ol8_x86_64_u4_baseos_patch
kernel-tools-libs-4.18.0-305.7.1.el8_4.x86_64.rpmee23b4096b6f3920c9e536fcceba9842ed02491cfcaba27d51a0e2c2558c7643-ol8_x86_64_baseos_latest
kernel-tools-libs-4.18.0-305.7.1.el8_4.x86_64.rpmee23b4096b6f3920c9e536fcceba9842ed02491cfcaba27d51a0e2c2558c7643-ol8_x86_64_u4_baseos_patch
kernel-tools-libs-devel-4.18.0-305.7.1.el8_4.x86_64.rpm51df8c7c41189c48f89eedff0971e1c8709d9f8a1f068d60c70d6ab6a1dcc2a5-ol8_x86_64_codeready_builder
perf-4.18.0-305.7.1.el8_4.x86_64.rpm2145c0d5cc177f8322db7d9e095990f579f369ff3988c4122e66ac0bfd22bdda-ol8_x86_64_baseos_latest
perf-4.18.0-305.7.1.el8_4.x86_64.rpm2145c0d5cc177f8322db7d9e095990f579f369ff3988c4122e66ac0bfd22bdda-ol8_x86_64_u4_baseos_patch
python3-perf-4.18.0-305.7.1.el8_4.x86_64.rpm57efb2815b02348d1da46b6986843599c1ea535022b47be4474f18d3539ced1c-ol8_x86_64_baseos_latest
python3-perf-4.18.0-305.7.1.el8_4.x86_64.rpm57efb2815b02348d1da46b6986843599c1ea535022b47be4474f18d3539ced1c-ol8_x86_64_u4_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights