ELSA-2021-3057

ULN >
Oracle Linux Errata repository >
ELSA-2021-3057

ELSA-2021-3057 - kernel security, bug fix, and enhancement update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2021-08-11

Description

[4.18.0-305.12.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.12.1_4]
- Revert 'nvme-pci: remove last_sq_tail' (Gopal Tiwari) [1965415 1921591]
- tc-testing: add test for ct DNAT tuple collision (Marcelo Ricardo Leitner) [1982494 1964578]
- tc-testing: add support for sending various scapy packets (Marcelo Ricardo Leitner) [1982494 1964578]
- tc-testing: fix list handling (Marcelo Ricardo Leitner) [1982494 1964578]
- net/sched: act_ct: handle DNAT tuple collision (Marcelo Ricardo Leitner) [1982494 1964578]
- mm/memcg: Relocate tcpmem to below memory in struct mem_cgroup (Waiman Long) [1980314 1959772]
- mm/memcg: optimize user context object stock access (Waiman Long) [1980314 1959772]
- mm/memcg: improve refill_obj_stock() performance (Waiman Long) [1980314 1959772]
- mm/memcg: cache vmstat data in percpu memcg_stock_pcp (Waiman Long) [1980314 1959772]
- mm/memcg: move mod_objcg_state() to memcontrol.c (Waiman Long) [1980314 1959772]
- mm: memcontrol: use obj_cgroup APIs to charge kmem pages (Waiman Long) [1980314 1959772]
- mm: memcontrol: change ug->dummy_page only if memcg changed (Waiman Long) [1980314 1959772]
- mm: memcontrol: directly access page->memcg_data in mm/page_alloc.c (Waiman Long) [1980314 1959772]
- mm: memcontrol: introduce obj_cgroup_{un}charge_pages (Waiman Long) [1980314 1959772]
- mm: memcontrol: slab: fix obtain a reference to a freeing memcg (Waiman Long) [1980314 1959772]
- mm: move lruvec stats update functions to vmstat.h (Waiman Long) [1980314 1959772]
- mm: memcg/slab: rename *_lruvec_slab_state to *_lruvec_kmem_state (Waiman Long) [1980314 1959772]
- mm: Convert page kmemcg type to a page memcg flag (Waiman Long) [1980314 1959772]
- mm: Introduce page memcg flags (Waiman Long) [1980314 1959772]
- mm: memcontrol/slab: Use helpers to access slab page's memcg_data (Waiman Long) [1980314 1959772]
- mm: memcontrol: Use helpers to read page's memcg data (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: extract check_[new|free]_page_bad() common part to page_bad_reason() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: rename free_pages_check() to check_free_page() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: rename free_pages_check_bad() to check_free_page_bad() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: bad_flags is not necessary for bad_page() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: bad_[reason|flags] is not necessary when PageHWPoison (Waiman Long) [1980314 1959772]

[4.18.0-305.11.1_4]
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (Scott Mayhew) [1980613 1979070]
- net/mlx5e: Disable TLS device offload in kdump mode (Alaa Hleihel) [1969909 1946647]
- net/mlx5e: Disable TX MPWQE in kdump mode (Alaa Hleihel) [1969909 1946647]
- drm/i915: Add an encoder hook to sanitize its state during init/resume (Imre Deak) [1981250 1961122]
- netfilter: x_tables: fix compat match/target pad out-of-bound write (Florian Westphal) [1980500 1980501] {CVE-2021-22555}
- Bluetooth: btusb: Fix the autosuspend enable and disable (Gopal Tiwari) [1972564 1927375]
- cifs: handle empty list of targets in cifs_reconnect() (Ronnie Sahlberg) [1973637 1952263]
- tick/nohz: Update idle_exittime on actual idle exit (Phil Auld) [1978710 1962632]
- tick/nohz: Remove superflous check for CONFIG_VIRT_CPU_ACCOUNTING_NATIVE (Phil Auld) [1978710 1962632]
- tick/nohz: Conditionally restart tick on idle exit (Phil Auld) [1978710 1962632]
- can: bcm: delay release of struct bcm_op after synchronize_rcu() (Hangbin Liu) [1975058 1975059]
- redhat/configs: Re-enable dptf_power module (Prarit Bhargava) [1968381 1962349]
- KVM: do not allow mapping valid but non-reference-counted pages (Jon Maloy) [1975514 1975515] {CVE-2021-22543}
- seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975181 1975182] {CVE-2021-33909}

Related CVEs

CVE-2021-22555

CVE-2021-3609

CVE-2021-22543

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	kernel-4.18.0-305.12.1.el8_4.src.rpm	0d8dd8302b35cdd8e582ba84cab836ce	-
	bpftool-4.18.0-305.12.1.el8_4.aarch64.rpm	bb3586ec96556266b92f6d34a2a5d2ec	-
	kernel-headers-4.18.0-305.12.1.el8_4.aarch64.rpm	fd6ec4c4b9139701a45dd676069a5a2a	-
	kernel-tools-4.18.0-305.12.1.el8_4.aarch64.rpm	ab94d36db409249cc167ec190fe5e4ef	-
	kernel-tools-libs-4.18.0-305.12.1.el8_4.aarch64.rpm	b32e5c19c7de43e9da95274b62ae4f89	-
	kernel-tools-libs-devel-4.18.0-305.12.1.el8_4.aarch64.rpm	7094b21e7cd31a5627fd4b7de47001c2	-
	perf-4.18.0-305.12.1.el8_4.aarch64.rpm	536d8e1de4525350cac84925f8195a6b	-
	python3-perf-4.18.0-305.12.1.el8_4.aarch64.rpm	5c56dc649d6d32a3315b32862e07ddb8	-

Oracle Linux 8 (x86_64)	kernel-4.18.0-305.12.1.el8_4.src.rpm	0d8dd8302b35cdd8e582ba84cab836ce	-
	bpftool-4.18.0-305.12.1.el8_4.x86_64.rpm	a5cafbfc28ec433e565c02c372d8943d	-
	kernel-4.18.0-305.12.1.el8_4.x86_64.rpm	5c58d57244328960027a006302671091	-
	kernel-abi-stablelists-4.18.0-305.12.1.el8_4.noarch.rpm	c15067ec55465fe2689675fac9486f28	-
	kernel-core-4.18.0-305.12.1.el8_4.x86_64.rpm	a76d274e0becc3ad4d5091afb8f78c8a	-
	kernel-cross-headers-4.18.0-305.12.1.el8_4.x86_64.rpm	d06d6ef9bef639b2c00f455f8b8b3cf1	-
	kernel-debug-4.18.0-305.12.1.el8_4.x86_64.rpm	ecdac3e4f061621993ea7042bdf19751	-
	kernel-debug-core-4.18.0-305.12.1.el8_4.x86_64.rpm	89eb816396b26fe675202eda926b63af	-
	kernel-debug-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	5088b61ddb71342b9db87d5b6a73d88c	-
	kernel-debug-modules-4.18.0-305.12.1.el8_4.x86_64.rpm	704ca336f913ead3f17fd5638e076d25	-
	kernel-debug-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm	2f12174d32d01cfbb58a19a1faf92d3b	-
	kernel-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	8d903a78e4effd11d2ed00b0972d54cf	-
	kernel-doc-4.18.0-305.12.1.el8_4.noarch.rpm	d78ece7f103515feb6487dce0c718fa2	-
	kernel-headers-4.18.0-305.12.1.el8_4.x86_64.rpm	bd5cf88c30ac50cb3e87eff4c23d41a9	-
	kernel-modules-4.18.0-305.12.1.el8_4.x86_64.rpm	d511e80629496e18bdccef8981f4690c	-
	kernel-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm	406f50cc5f93799446bfeb0c97ba5136	-
	kernel-tools-4.18.0-305.12.1.el8_4.x86_64.rpm	8ac8ba369c77b446d8e00a8946b922a3	-
	kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64.rpm	0a7c177ff072415c75749f0ad5c34a32	-
	kernel-tools-libs-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	a6ee5df94bf85d7e0b749bf74a829e7c	-
	perf-4.18.0-305.12.1.el8_4.x86_64.rpm	465125cf546f9356f64d3ded23ccfe6a	-
	python3-perf-4.18.0-305.12.1.el8_4.x86_64.rpm	9bab8e5ef21380d136b7293474a57903	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691