ELSA-2022-0063

ELSA-2022-0063 - kernel security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2022-01-11

Description


[3.10.0-1160.53.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.53.1]
- fuse: fix live lock in fuse_iget() (Miklos Szeredi) [1952046]
- fuse: fix bad inode (Miklos Szeredi) [1952046]
- GFS2: Truncate address space mapping when deleting an inode (Bob Peterson) [1364234]
- gfs2: Fix gfs2_testbit to use clone bitmaps (Bob Peterson) [1364234]
- gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (Bob Peterson) [1364234]
- gfs2: Fix oversight in gfs2_ail1_flush (Bob Peterson) [1364234]
- gfs2: Additional information when gfs2_ail1_flush withdraws (Bob Peterson) [1364234]
- gfs2: leaf_dealloc needs to allocate one more revoke (Bob Peterson) [1364234]
- gfs2: allow journal replay to hold sd_log_flush_lock (Bob Peterson) [1364234]
- gfs2: don't allow releasepage to free bd still used for revokes (Bob Peterson) [1364234]
- gfs2: flesh out delayed withdraw for gfs2_log_flush (Bob Peterson) [1364234]
- gfs2: Do proper error checking for go_sync family of glops functions (Bob Peterson) [1364234]
- gfs2: drain the ail2 list after io errors (Bob Peterson) [1364234]
- gfs2: Withdraw in gfs2_ail1_flush if write_cache_pages fails (Bob Peterson) [1364234]
- gfs2: Do log_flush in gfs2_ail_empty_gl even if ail list is empty (Bob Peterson) [1364234]
- gfs2: Check for log write errors before telling dlm to unlock (Bob Peterson) [1364234]
- gfs2: Prepare to withdraw as soon as an IO error occurs in log write (Bob Peterson) [1364234]
- gfs2: Issue revokes more intelligently (Bob Peterson) [1364234]
- gfs2: Add verbose option to check_journal_clean (Bob Peterson) [1364234]
- gfs2: fix infinite loop when checking ail item count before go_inval (Bob Peterson) [1364234]
- gfs2: Force withdraw to replay journals and wait for it to finish (Bob Peterson) [1364234]
- gfs2: Allow some glocks to be used during withdraw (Bob Peterson) [1364234]
- gfs2: move check_journal_clean to util.c for future use (Bob Peterson) [1364234]
- gfs2: Ignore dlm recovery requests if gfs2 is withdrawn (Bob Peterson) [1364234]
- gfs2: Only complain the first time an io error occurs in quota or log (Bob Peterson) [1364234]
- gfs2: log error reform (Bob Peterson) [1364234]
- gfs2: Rework how rgrp buffer_heads are managed (Bob Peterson) [1364234]
- gfs2: clear ail1 list when gfs2 withdraws (Bob Peterson) [1364234]
- gfs2: Introduce concept of a pending withdraw (Bob Peterson) [1364234]
- gfs2: Return bool from gfs2_assert functions (Bob Peterson) [1364234]
- gfs2: Turn gfs2_consist into void functions (Bob Peterson) [1364234]
- gfs2: Remove usused cluster_wide arguments of gfs2_consist functions (Bob Peterson) [1364234]
- gfs2: Report errors before withdraw (Bob Peterson) [1364234]
- gfs2: Split gfs2_lm_withdraw into two functions (Bob Peterson) [1364234]
- gfs2: Fix incorrect variable name (Bob Peterson) [1364234]
- gfs2: Don't write log headers after file system withdraw (Bob Peterson) [1364234]
- gfs2: clean up iopen glock mess in gfs2_create_inode (Bob Peterson) [1364234]
- gfs2: Close timing window with GLF_INVALIDATE_IN_PROGRESS (Bob Peterson) [1364234]
- gfs2: fix infinite loop in gfs2_ail1_flush on io error (Bob Peterson) [1364234]
- gfs2: Introduce function gfs2_withdrawn (Bob Peterson) [1364234]
- gfs2: replace more printk with calls to fs_info and friends (Bob Peterson) [1364234]
- gfs2: dump fsid when dumping glock problems (Bob Peterson) [1364234]
- gfs2: simplify gfs2_freeze by removing case (Bob Peterson) [1364234]
- gfs2: Rename SDF_SHUTDOWN to SDF_WITHDRAWN (Bob Peterson) [1364234]
- gfs2: Warn when a journal replay overwrites a rgrp with buffers (Bob Peterson) [1364234]
- gfs2: log which portion of the journal is replayed (Bob Peterson) [1364234]
- gfs2: slow the deluge of io error messages (Bob Peterson) [1364234]
- gfs2: Don't withdraw under a spin lock (Bob Peterson) [1364234]
- GFS2: Clear gl_object when deleting an inode in gfs2_delete_inode (Bob Peterson) [1364234]
- gfs2: Use fs_* functions instead of pr_* function where we can (Bob Peterson) [1364234]
more consistently (Bob Peterson) [1364234]

[3.10.0-1160.52.1]
- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (David Arcari) [2019588]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [2019218]
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (David Arcari) [2019218]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Stefan Assmann) [1977246]
- i40e: Fix virtchnl_queue_select bitmap validation (Stefan Assmann) [1977246]

[3.10.0-1160.51.1]
- mm, fs: Fix do_generic_file_read() error return (Carlos Maiolino) [2020857]
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (Michael Petlan) [1901932]

[3.10.0-1160.50.1]
- tcp: grow window for OOO packets only for SACK flows (Guillaume Nault) [1990665]
- scsi: mpt3sas: Fix unlock imbalance (Tomas Henzl) [2006536]
- pci-hyperv: Fix setting CPU affinity on Azure (Vitaly Kuznetsov) [2019272]
- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Lucas Zampieri) [1956471] {CVE-2021-42739}


Related CVEs


CVE-2020-25704
CVE-2020-36322
CVE-2021-42739

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-1160.53.1.el7.src.rpm4284f349945bc75462645936583eaa56-
bpftool-3.10.0-1160.53.1.el7.x86_64.rpmefb60cb755a4101c4ec163d246c3b56b-
kernel-3.10.0-1160.53.1.el7.x86_64.rpm68782ed753682e1d4747175454486e77-
kernel-abi-whitelists-3.10.0-1160.53.1.el7.noarch.rpm2eb644d97993c2a92bb7f586c9a42329-
kernel-debug-3.10.0-1160.53.1.el7.x86_64.rpm1814d269093a836af00149b2deabd5de-
kernel-debug-devel-3.10.0-1160.53.1.el7.x86_64.rpm43e3549ab842be9a25b72eaadcfd591f-
kernel-devel-3.10.0-1160.53.1.el7.x86_64.rpmf2b164311d1c5591303b95a0f45dce0c-
kernel-doc-3.10.0-1160.53.1.el7.noarch.rpm8ca6d296db1b4944e1c9fbccfe80d54d-
kernel-headers-3.10.0-1160.53.1.el7.x86_64.rpmb169d67b6632c86e117cdfb04a68089b-
kernel-tools-3.10.0-1160.53.1.el7.x86_64.rpme11a41edf924e4420af1d63fdfe01c81-
kernel-tools-libs-3.10.0-1160.53.1.el7.x86_64.rpmed064485513cd7ff7ef4d84965de04d5-
kernel-tools-libs-devel-3.10.0-1160.53.1.el7.x86_64.rpm935a683f5eabd857bb51ec2409862a4c-
perf-3.10.0-1160.53.1.el7.x86_64.rpmfba27089f4ccc6b1cade9ba8dbf62eeb-
python-perf-3.10.0-1160.53.1.el7.x86_64.rpm8d9471c06828eb089df196e4a4c5c322-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete