ELSA-2021-9141

ELSA-2021-9141 - Unbreakable Enterprise kernel-container security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2021-03-31

Description


[5.4.17-2102.200.13.el7]
- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}
- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}

[5.4.17-2102.200.12.el7]
- Revert 'x86/platform/uv: Update UV MMRs for UV5' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Add UV5 direct references' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Add and decode Arch Type in UVsystab' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update MMIOH references based on new UV5 MMRs' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Adjust GAM MMR references affected by UV5 updates' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update UV5 MMR references in UV GRU' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update node present counting' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update UV5 TSC checking' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update for UV5 NMI MMR changes' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update Copyrights to conform to HPE standards' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Fix missing OEM_TABLE_ID' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Remove spaces from OEM IDs' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Recognize UV5 hubless system identifier' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/tlb/uv: Add a forward declaration for struct flush_tlb_info' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Drop last traces of uv_flush_tlb_others' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Fix copied UV5 output archtype' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Fix UV4 hub revision adjustment' (Jack Vogel) [Orabug: 32651197]

[5.4.17-2102.200.11.el7]
- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155]
- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}
- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823]
- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823]
- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]

[5.4.17-2102.200.10.el7]
- scsi: target: core: Make completion affinity configurable

[4.14.14-2.el7]
- BUILDINFO: commit=6bb6e206facd0c0277275ac8b9e82737380c9040
- Bump release to 4.14.14-2.


Related CVEs


CVE-2020-25639
CVE-2020-27170
CVE-2020-27171
CVE-2020-28588
CVE-2021-3444
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-uek-container-5.4.17-2102.200.13.el7.src.rpm502bc4e74e5954f3191995b4771607d3ELSA-2021-9221
kernel-uek-container-5.4.17-2102.200.13.el7.x86_64.rpmcd9ec4713139d140c934791ba536f0ceELSA-2021-9221
kernel-uek-container-debug-5.4.17-2102.200.13.el7.x86_64.rpm8cf622aa222b724523b67ea692c678bbELSA-2021-9221
Oracle Linux 8 (x86_64) kernel-uek-container-5.4.17-2102.200.13.el8.src.rpm635912886de139704f2071ef1e1af31e-
kernel-uek-container-5.4.17-2102.200.13.el8.x86_64.rpm263fa876a7e6af761a043f3f660a1338-
kernel-uek-container-debug-5.4.17-2102.200.13.el8.x86_64.rpm7bc0a7769d78b2819916080365c912d6-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete