ELSA-2021-3447

ELSA-2021-3447 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2021-09-08

Description


[4.18.0-305.17.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.17.1_4]
- ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1998002 1982954]
- netfilter: conntrack: remove offload_pickup sysctl again (Florian Westphal) [1995555 1987101]
- netfilter: flowtable: Set offload timeouts according to proto values (Phil Sutter) [1995554 1979184]
- netfilter: conntrack: Introduce udp offload timeout configuration (Phil Sutter) [1995554 1979184]
- netfilter: conntrack: Introduce tcp offload timeout configuration (Phil Sutter) [1995554 1979184]
- powerpc/64s: Fix crashes when toggling stf barrier (Desnes A. Nunes do Rosario) [1989174 1964484]
- iavf: fix locking of critical sections (Stefan Assmann) [1997534 1975245]
- iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1997534 1975245]

[4.18.0-305.16.1_4]
- kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1994879 1939133]
- kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1994879 1939133]
- kernfs: switch kernfs to use an rwsem (Ian Kent) [1994879 1939133]
- kernfs: use VFS negative dentry caching (Ian Kent) [1994879 1939133]
- kernfs: add a revision to identify directory node changes (Ian Kent) [1994879 1939133]
- kernfs: move revalidate to be near lookup (Ian Kent) [1994879 1939133]
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (Jan Stancek) [1948608 1923762]
- net: sched: act_mirred: Reset ct info when mirror/redirect skb (C. Erastus Toe) [1992226 1980532]
- usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1993894 1972139]
- usb: ehci: do not initialise static variables (Torez Smith) [1993894 1972139]
- usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1993894 1972139]
- USB: ehci: drop workaround for forced irq threading (Torez Smith) [1993894 1972139]
- usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1993894 1972139]
- NFS: Only change the cookie verifier if the directory page cache is empty (Benjamin Coddington) [1993895 1982825]
- NFS: Fix handling of cookie verifier in uncached_readdir() (Benjamin Coddington) [1993895 1982825]
- nfs: Subsequent READDIR calls should carry non-zero cookieverifier (Benjamin Coddington) [1993895 1982825]
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988225 1988226] {CVE-2021-37576}

[4.18.0-305.15.1_4]
- sched: Fix data-race in wakeup (Phil Auld) [1987296 1937103]
- mm/page_alloc: bail out on fatal signal during reclaim/compaction retry attempt (Aaron Tomlin) [1984085 1919765]
- sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base() (Benjamin Coddington) [1990404 1969751]

[4.18.0-305.14.1_4]
- tick/nohz: Kick only _queued_ task whose tick dependency is updated (Waiman Long) [1981336 1922901]
- tick/nohz: Change signal tick dependency to wake up CPUs of member tasks (Waiman Long) [1981336 1922901]
- tick/nohz: Only wake up a single target cpu when kicking a task (Waiman Long) [1981336 1922901]
- tick/nohz: Narrow down noise while setting current task's tick dependency (Waiman Long) [1981336 1922901]
- mlx5: net: zero-initialize tc skb extension on allocation (Jan Stancek) [1982220 1965418]
- scsi: qedf: Update the max_id value in host structure (Nilesh Javali) [1989097 1954876]
- scsi: qla2xxx: Reserve extra IRQ vectors (Nilesh Javali) [1986156 1964834]

[4.18.0-305.13.1_4]
- xfrm: Fix wraparound in xfrm_policy_addr_delta() (Sabrina Dubroca) [1981840 1951965]
- VMCI: Release resource if the work is already queued (Cathy Avery) [1982042 1978518]


Related CVEs


CVE-2021-37576
CVE-2021-38201

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-305.17.1.el8_4.src.rpm7d226219830980f55f4777e4bbb164bb-
bpftool-4.18.0-305.17.1.el8_4.aarch64.rpm4a8241c9e8cc2a2cf33eb241e230a53a-
kernel-headers-4.18.0-305.17.1.el8_4.aarch64.rpm831e25da40f5797660be4d8ea673f173-
kernel-tools-4.18.0-305.17.1.el8_4.aarch64.rpm4d2e52d5f3744b625d73cb2818dd89a9-
kernel-tools-libs-4.18.0-305.17.1.el8_4.aarch64.rpm5b5b00877c7deefdb3d7fca8dda5d406-
kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.aarch64.rpm16712eb7735c2d1a64e1c0b207b11314-
perf-4.18.0-305.17.1.el8_4.aarch64.rpm0333c5d6b743a18a4df03d9597dac4d3-
python3-perf-4.18.0-305.17.1.el8_4.aarch64.rpmcde4dcf3596d4c654572481a16afcf20-
Oracle Linux 8 (x86_64) kernel-4.18.0-305.17.1.el8_4.src.rpm7d226219830980f55f4777e4bbb164bb-
bpftool-4.18.0-305.17.1.el8_4.x86_64.rpma3569907a53e9e2cdbf8c82f847a470e-
kernel-4.18.0-305.17.1.el8_4.x86_64.rpm1a1878296a357ece9f7989656f24d4c8-
kernel-abi-stablelists-4.18.0-305.17.1.el8_4.noarch.rpmf13e0c6199470dcef89b821d4a81d8fd-
kernel-core-4.18.0-305.17.1.el8_4.x86_64.rpma840adf28a49964627ad604cf67ead57-
kernel-cross-headers-4.18.0-305.17.1.el8_4.x86_64.rpm24bfae99b36e4fdabfe4d9d274bb9cec-
kernel-debug-4.18.0-305.17.1.el8_4.x86_64.rpm6dddf9e928d6bce1a476bf2026d11c80-
kernel-debug-core-4.18.0-305.17.1.el8_4.x86_64.rpmcf24b20bd13f426f17b26e755e6e512b-
kernel-debug-devel-4.18.0-305.17.1.el8_4.x86_64.rpmd61f9aba7e717a9f34c8a9b77d633278-
kernel-debug-modules-4.18.0-305.17.1.el8_4.x86_64.rpm8df4253856b5569c8d312ced4026b21a-
kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm3a8c19615415da5d93cc26492112eb6f-
kernel-devel-4.18.0-305.17.1.el8_4.x86_64.rpmfad60cb1c5c2311d976f0c9f136c1c1e-
kernel-doc-4.18.0-305.17.1.el8_4.noarch.rpm1a1593b97139a8a7f5b3af258d32378b-
kernel-headers-4.18.0-305.17.1.el8_4.x86_64.rpmd44423c7fd574256936eea7b4c16e5ba-
kernel-modules-4.18.0-305.17.1.el8_4.x86_64.rpmd5737dcc7ae94894c85a6ebf0eb12416-
kernel-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpmffae6ae86b10653304b93b9c8ed65d98-
kernel-tools-4.18.0-305.17.1.el8_4.x86_64.rpm4e8777f3a80553ae4f9b7c40f66d6ad2-
kernel-tools-libs-4.18.0-305.17.1.el8_4.x86_64.rpmfb9d7aa0001eff211eddc02f9ed4df36-
kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.x86_64.rpmc6616c75d6e91b0fdd222d9ae8863691-
perf-4.18.0-305.17.1.el8_4.x86_64.rpme364944d89bb8c0e1afa5ea4797cc5e3-
python3-perf-4.18.0-305.17.1.el8_4.x86_64.rpma56f034e3c875597387aac45c7aa1a53-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete