ELSA-2021-3447

ULN >
Oracle Linux Errata repository >
ELSA-2021-3447

ELSA-2021-3447 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2021-09-08

Description

[4.18.0-305.17.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.17.1_4]
- ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1998002 1982954]
- netfilter: conntrack: remove offload_pickup sysctl again (Florian Westphal) [1995555 1987101]
- netfilter: flowtable: Set offload timeouts according to proto values (Phil Sutter) [1995554 1979184]
- netfilter: conntrack: Introduce udp offload timeout configuration (Phil Sutter) [1995554 1979184]
- netfilter: conntrack: Introduce tcp offload timeout configuration (Phil Sutter) [1995554 1979184]
- powerpc/64s: Fix crashes when toggling stf barrier (Desnes A. Nunes do Rosario) [1989174 1964484]
- iavf: fix locking of critical sections (Stefan Assmann) [1997534 1975245]
- iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1997534 1975245]

[4.18.0-305.16.1_4]
- kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1994879 1939133]
- kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1994879 1939133]
- kernfs: switch kernfs to use an rwsem (Ian Kent) [1994879 1939133]
- kernfs: use VFS negative dentry caching (Ian Kent) [1994879 1939133]
- kernfs: add a revision to identify directory node changes (Ian Kent) [1994879 1939133]
- kernfs: move revalidate to be near lookup (Ian Kent) [1994879 1939133]
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (Jan Stancek) [1948608 1923762]
- net: sched: act_mirred: Reset ct info when mirror/redirect skb (C. Erastus Toe) [1992226 1980532]
- usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1993894 1972139]
- usb: ehci: do not initialise static variables (Torez Smith) [1993894 1972139]
- usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1993894 1972139]
- USB: ehci: drop workaround for forced irq threading (Torez Smith) [1993894 1972139]
- usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1993894 1972139]
- NFS: Only change the cookie verifier if the directory page cache is empty (Benjamin Coddington) [1993895 1982825]
- NFS: Fix handling of cookie verifier in uncached_readdir() (Benjamin Coddington) [1993895 1982825]
- nfs: Subsequent READDIR calls should carry non-zero cookieverifier (Benjamin Coddington) [1993895 1982825]
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988225 1988226] {CVE-2021-37576}

[4.18.0-305.15.1_4]
- sched: Fix data-race in wakeup (Phil Auld) [1987296 1937103]
- mm/page_alloc: bail out on fatal signal during reclaim/compaction retry attempt (Aaron Tomlin) [1984085 1919765]
- sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base() (Benjamin Coddington) [1990404 1969751]

[4.18.0-305.14.1_4]
- tick/nohz: Kick only _queued_ task whose tick dependency is updated (Waiman Long) [1981336 1922901]
- tick/nohz: Change signal tick dependency to wake up CPUs of member tasks (Waiman Long) [1981336 1922901]
- tick/nohz: Only wake up a single target cpu when kicking a task (Waiman Long) [1981336 1922901]
- tick/nohz: Narrow down noise while setting current task's tick dependency (Waiman Long) [1981336 1922901]
- mlx5: net: zero-initialize tc skb extension on allocation (Jan Stancek) [1982220 1965418]
- scsi: qedf: Update the max_id value in host structure (Nilesh Javali) [1989097 1954876]
- scsi: qla2xxx: Reserve extra IRQ vectors (Nilesh Javali) [1986156 1964834]

[4.18.0-305.13.1_4]
- xfrm: Fix wraparound in xfrm_policy_addr_delta() (Sabrina Dubroca) [1981840 1951965]
- VMCI: Release resource if the work is already queued (Cathy Avery) [1982042 1978518]

Related CVEs

CVE-2021-37576

CVE-2021-38201

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-305.17.1.el8_4.src.rpm	20329c152efb44e738ab159f08852ebb559a9ca8746fd47661d11d42844d35a1	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-305.17.1.el8_4.src.rpm	20329c152efb44e738ab159f08852ebb559a9ca8746fd47661d11d42844d35a1	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-305.17.1.el8_4.src.rpm	20329c152efb44e738ab159f08852ebb559a9ca8746fd47661d11d42844d35a1	-	ol8_aarch64_u4_baseos_patch
	bpftool-4.18.0-305.17.1.el8_4.aarch64.rpm	38c6179019a13242fea13300d746527d4bce8129b183392a5a5d903d249702db	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-305.17.1.el8_4.aarch64.rpm	38c6179019a13242fea13300d746527d4bce8129b183392a5a5d903d249702db	-	ol8_aarch64_u4_baseos_patch
	kernel-headers-4.18.0-305.17.1.el8_4.aarch64.rpm	6681c0c61a1ffb3ed3ef97623ba4bf1a8236d3a95b8b22bb4dd84ff7ec6f73c3	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-305.17.1.el8_4.aarch64.rpm	6681c0c61a1ffb3ed3ef97623ba4bf1a8236d3a95b8b22bb4dd84ff7ec6f73c3	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-4.18.0-305.17.1.el8_4.aarch64.rpm	c8792189e84dbe0021a8dae864c6d4193b6e31b48afde1f2ce1f540ff8545175	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-305.17.1.el8_4.aarch64.rpm	c8792189e84dbe0021a8dae864c6d4193b6e31b48afde1f2ce1f540ff8545175	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-libs-4.18.0-305.17.1.el8_4.aarch64.rpm	1c809e80f2728a471c7b1e7bd5748d012b08d7ccbf591c19e0f60174e747c6cd	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-305.17.1.el8_4.aarch64.rpm	1c809e80f2728a471c7b1e7bd5748d012b08d7ccbf591c19e0f60174e747c6cd	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.aarch64.rpm	3cd4ac7b6fc01ddbc72d7e763829fc6b8aa6689c6f685f567aafd79ab2eaa19c	-	ol8_aarch64_codeready_builder
	perf-4.18.0-305.17.1.el8_4.aarch64.rpm	ffdbde8b63d4b49edfc4df4e38662e392a8261b0d778457a19f6fbc175526824	-	ol8_aarch64_baseos_latest
	perf-4.18.0-305.17.1.el8_4.aarch64.rpm	ffdbde8b63d4b49edfc4df4e38662e392a8261b0d778457a19f6fbc175526824	-	ol8_aarch64_u4_baseos_patch
	python3-perf-4.18.0-305.17.1.el8_4.aarch64.rpm	2dd0dd4c7d341a12b1e9741773fd824bdcdc71cf7d242d3adc69dafa3025b41d	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-305.17.1.el8_4.aarch64.rpm	2dd0dd4c7d341a12b1e9741773fd824bdcdc71cf7d242d3adc69dafa3025b41d	-	ol8_aarch64_u4_baseos_patch

Oracle Linux 8 (x86_64)	kernel-4.18.0-305.17.1.el8_4.src.rpm	20329c152efb44e738ab159f08852ebb559a9ca8746fd47661d11d42844d35a1	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-305.17.1.el8_4.src.rpm	20329c152efb44e738ab159f08852ebb559a9ca8746fd47661d11d42844d35a1	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-305.17.1.el8_4.src.rpm	20329c152efb44e738ab159f08852ebb559a9ca8746fd47661d11d42844d35a1	-	ol8_x86_64_u4_baseos_patch
	bpftool-4.18.0-305.17.1.el8_4.x86_64.rpm	ac6a0ff52f63dbaa8659d774bacad3b9c1e6b311083c1eaf86f3ad4f3d31474c	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-305.17.1.el8_4.x86_64.rpm	ac6a0ff52f63dbaa8659d774bacad3b9c1e6b311083c1eaf86f3ad4f3d31474c	-	ol8_x86_64_u4_baseos_patch
	kernel-4.18.0-305.17.1.el8_4.x86_64.rpm	79213431c6e68713d890fa41c1a595b26dde6210b6a6694594b4caabda6ba203	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-305.17.1.el8_4.x86_64.rpm	79213431c6e68713d890fa41c1a595b26dde6210b6a6694594b4caabda6ba203	-	ol8_x86_64_u4_baseos_patch
	kernel-abi-stablelists-4.18.0-305.17.1.el8_4.noarch.rpm	ad343ef0a0aeaa0855297ff01eca7b5f5dab1c2b6778cecf56b61ebe1488a15b	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-305.17.1.el8_4.noarch.rpm	ad343ef0a0aeaa0855297ff01eca7b5f5dab1c2b6778cecf56b61ebe1488a15b	-	ol8_x86_64_u4_baseos_patch
	kernel-core-4.18.0-305.17.1.el8_4.x86_64.rpm	a6079c5a71a72198f5943a21f4abffbcc9ace64816c14042ddcbccf872df53ae	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-305.17.1.el8_4.x86_64.rpm	a6079c5a71a72198f5943a21f4abffbcc9ace64816c14042ddcbccf872df53ae	-	ol8_x86_64_u4_baseos_patch
	kernel-cross-headers-4.18.0-305.17.1.el8_4.x86_64.rpm	110d4e7efd8cf185bc5973c009448b07af13d5d78906b2a5786f5b8488ed2064	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-305.17.1.el8_4.x86_64.rpm	110d4e7efd8cf185bc5973c009448b07af13d5d78906b2a5786f5b8488ed2064	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-4.18.0-305.17.1.el8_4.x86_64.rpm	3152ef9ababb9dd83b6c867c2c88e8584dff1e01ae753fa80ee603509b39271b	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-305.17.1.el8_4.x86_64.rpm	3152ef9ababb9dd83b6c867c2c88e8584dff1e01ae753fa80ee603509b39271b	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-core-4.18.0-305.17.1.el8_4.x86_64.rpm	fbfdd9ecbefa0add985792e9009a19a758494373469251903d17082768467ea2	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-305.17.1.el8_4.x86_64.rpm	fbfdd9ecbefa0add985792e9009a19a758494373469251903d17082768467ea2	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-devel-4.18.0-305.17.1.el8_4.x86_64.rpm	7ce484250d79f97fe2273adf0c9e128f201e03098ee110449d2cb41ac7307d79	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-305.17.1.el8_4.x86_64.rpm	7ce484250d79f97fe2273adf0c9e128f201e03098ee110449d2cb41ac7307d79	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-modules-4.18.0-305.17.1.el8_4.x86_64.rpm	8fcde2190493cc4410f9c684df1874e7f467f91382c7f3d9652d8de798b2e79a	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-305.17.1.el8_4.x86_64.rpm	8fcde2190493cc4410f9c684df1874e7f467f91382c7f3d9652d8de798b2e79a	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm	b3349087e5002a565428723a59d6d3eb40d58f201e889b498426e3fcd4d0c613	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm	b3349087e5002a565428723a59d6d3eb40d58f201e889b498426e3fcd4d0c613	-	ol8_x86_64_u4_baseos_patch
	kernel-devel-4.18.0-305.17.1.el8_4.x86_64.rpm	e1089ba445aa2c74beb48df2e850cd4d2e5135a7b3a70aa3ecc21dff34479746	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-305.17.1.el8_4.x86_64.rpm	e1089ba445aa2c74beb48df2e850cd4d2e5135a7b3a70aa3ecc21dff34479746	-	ol8_x86_64_u4_baseos_patch
	kernel-doc-4.18.0-305.17.1.el8_4.noarch.rpm	d3c8722f7874caf6bcbb09727d90a0366aa5584226fea07a856cdf413d8dcb3f	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-305.17.1.el8_4.noarch.rpm	d3c8722f7874caf6bcbb09727d90a0366aa5584226fea07a856cdf413d8dcb3f	-	ol8_x86_64_u4_baseos_patch
	kernel-headers-4.18.0-305.17.1.el8_4.x86_64.rpm	1c41dea641ac09f5dc0b3530b97a504646fecbc718b2fe744dae30a5c245211d	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-305.17.1.el8_4.x86_64.rpm	1c41dea641ac09f5dc0b3530b97a504646fecbc718b2fe744dae30a5c245211d	-	ol8_x86_64_u4_baseos_patch
	kernel-modules-4.18.0-305.17.1.el8_4.x86_64.rpm	bb8f891775694b8d90e1f7d593b446df95cf5ce550385504f7f4b613a8ffe55c	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-305.17.1.el8_4.x86_64.rpm	bb8f891775694b8d90e1f7d593b446df95cf5ce550385504f7f4b613a8ffe55c	-	ol8_x86_64_u4_baseos_patch
	kernel-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm	6d4a29d792698628c91263bfdc655925eade35e6c342090db002c114ad636c94	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm	6d4a29d792698628c91263bfdc655925eade35e6c342090db002c114ad636c94	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-4.18.0-305.17.1.el8_4.x86_64.rpm	8f6e6b13d14b864381a5b3b6cbc8a54c376784743fa349ecdc8330ab7026c6a2	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-305.17.1.el8_4.x86_64.rpm	8f6e6b13d14b864381a5b3b6cbc8a54c376784743fa349ecdc8330ab7026c6a2	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-libs-4.18.0-305.17.1.el8_4.x86_64.rpm	f59800c1df185654f375f6200a60419054be6a2f1e462b07559a79a7c5d03783	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-305.17.1.el8_4.x86_64.rpm	f59800c1df185654f375f6200a60419054be6a2f1e462b07559a79a7c5d03783	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.x86_64.rpm	4cf45581c351b40d014cd5a0e269a558609d5010ad0ea74a0540df26c8d09cae	-	ol8_x86_64_codeready_builder
	perf-4.18.0-305.17.1.el8_4.x86_64.rpm	435f95378da7f4cf12a2dbbf6e9ea3bab2c20032b6560cc346540720dd51ec00	-	ol8_x86_64_baseos_latest
	perf-4.18.0-305.17.1.el8_4.x86_64.rpm	435f95378da7f4cf12a2dbbf6e9ea3bab2c20032b6560cc346540720dd51ec00	-	ol8_x86_64_u4_baseos_patch
	python3-perf-4.18.0-305.17.1.el8_4.x86_64.rpm	a8c6b856409c6f0bd9f8a4d6d97a9c428a74b80911f5aa377f2effcb10f6fecd	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-305.17.1.el8_4.x86_64.rpm	a8c6b856409c6f0bd9f8a4d6d97a9c428a74b80911f5aa377f2effcb10f6fecd	-	ol8_x86_64_u4_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691