ELSA-2022-5819

ULN >
Oracle Linux Errata repository >
ELSA-2022-5819

ELSA-2022-5819 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-08-08

Description

[4.18.0-372.19.1.0.1_6.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}

[4.18.0-372.19.1_6]
- net/mlx5: CT: Fix header-rewrite re-use for tupels (Amir Tzin) [2104013 2101162]
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2104012 2100474]
- netfilter: flowtable: fix TCP flow teardown (Florian Westphal) [2104002 2088234]
- netfilter: conntrack: annotate data-races around ct->timeout (Florian Westphal) [2104002 2088234]
- netfilter: conntrack: initialize ct->timeout (Florian Westphal) [2104002 2088234]
- net/sched: act_police: more accurate MTU policing (Davide Caratti) [2102333 2100893]
- bpf: Fix request_sock leak in sk lookup helpers (Antoine Tenart) [2104670 2085313]

[4.18.0-372.18.1_6]
- redhat: flesh out rpminspect config file (Jarod Wilson)
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (Steve Best) [2100150 2056080]
- vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [2093416 2048009]
- vdpa: mlx5: prevent cvq work from hogging CPU (Jason Wang) [2093416 2048009]
- vdpa/mlx5: Avoid processing works if workqueue was destroyed (Cindy Lu) [2093416 2048009]
- cifs: fix potential double free during failed mount (Ronnie Sahlberg) [2102251 2088799]

[4.18.0-372.17.1_6]
- tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: add small random increments to the source port (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: add some entropy in __inet_hash_connect() (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: change source port randomizarion at connect() time (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- hrtimer: Unbreak hrtimer_force_reprogram() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Use raw_cpu_ptr() in clock_was_set() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Avoid more SMP function calls in clock_was_set() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Avoid unnecessary SMP function calls in clock_was_set() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Add bases argument to clock_was_set() (Fernando Pacheco) [2090484 2071776]
- time/timekeeping: Avoid invoking clock_was_set() twice (Fernando Pacheco) [2090484 2071776]
- timekeeping: Distangle resume and clock-was-set events (Fernando Pacheco) [2090484 2071776]
- timerfd: Provide timerfd_resume() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case (Fernando Pacheco) [2090484 2071776]
- hrtimer: Ensure timerfd notification for HIGHRES=n (Fernando Pacheco) [2090484 2071776]
- hrtimer: Consolidate reprogramming code (Fernando Pacheco) [2090484 2071776]
- hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Annotate lockless access to timer->state (Fernando Pacheco) [2090484 2071776]
- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rafael Aquini) [2100529 2067130]
- lib/sbitmap: fix sb->map leak (Ming Lei) [2100254 2093549]
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (Ewan D. Milne) [2100254 2071831]
- lib/sbitmap: allocate sb->map via kvzalloc_node (Ewan D. Milne) [2100254 2071831]
- mm: move kvmalloc-related functions to slab.h (Ewan D. Milne) [2100254 2071831]
- scsi: core: Reallocate device's budget map on queue depth change (Ewan D. Milne) [2100254 2071831]
- scsi: core: Fix scsi_device_max_queue_depth() (Ewan D. Milne) [2100254 2071831]
- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092986 2092987] {CVE-2022-32250}
- audit: improve audit queue handling when 'audit=1' on cmdline (Richard Guy Briggs) [2095434 2035123]
- audit: improve robustness of the audit queue handling (Richard Guy Briggs) [2095434 2035123]

Related CVEs

CVE-2022-32250

CVE-2022-1012

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	859274e299326fdeff272695a83ec321b3b4702fb1778b6868424bb68b734066	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	859274e299326fdeff272695a83ec321b3b4702fb1778b6868424bb68b734066	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	859274e299326fdeff272695a83ec321b3b4702fb1778b6868424bb68b734066	-	ol8_aarch64_u6_baseos_patch
	bpftool-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	0ee6aaa5ec55ad11a2e07948b12f48a397a1ff0f7068899ca889a998bcc60c08	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	0ee6aaa5ec55ad11a2e07948b12f48a397a1ff0f7068899ca889a998bcc60c08	-	ol8_aarch64_u6_baseos_patch
	kernel-cross-headers-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	4e491ce80c434176c08e14869843a2340dc21df3cc2f6c07cef78786b2667a15	-	ol8_aarch64_baseos_latest
	kernel-cross-headers-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	4e491ce80c434176c08e14869843a2340dc21df3cc2f6c07cef78786b2667a15	-	ol8_aarch64_u6_baseos_patch
	kernel-headers-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	f08133bb310b829e7f205b66bfe43067f6d3c2ac3cfef844e5727f1b22d527ed	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	f08133bb310b829e7f205b66bfe43067f6d3c2ac3cfef844e5727f1b22d527ed	-	ol8_aarch64_u6_baseos_patch
	kernel-tools-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	be5da66711ae2296a42dee5e2dc56fb39e6f6935bc8548dabc8f56864d948b2d	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	be5da66711ae2296a42dee5e2dc56fb39e6f6935bc8548dabc8f56864d948b2d	-	ol8_aarch64_u6_baseos_patch
	kernel-tools-libs-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	ee11f9671ac25dc8e7426553cc4b34b15fe6414a3b8921bef3008c1945bb6c56	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	ee11f9671ac25dc8e7426553cc4b34b15fe6414a3b8921bef3008c1945bb6c56	-	ol8_aarch64_u6_baseos_patch
	kernel-tools-libs-devel-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	aa31b7cdb286f31e2ccfc1d03076197150d8c28d608f52dc9d280c019afe7f1e	-	ol8_aarch64_codeready_builder
	perf-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	f456e992739cb01d01b66ed2c1a8785430f81384be600ba516760e8e99110c32	-	ol8_aarch64_baseos_latest
	perf-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	f456e992739cb01d01b66ed2c1a8785430f81384be600ba516760e8e99110c32	-	ol8_aarch64_u6_baseos_patch
	python3-perf-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	aedda8d3f08fe50f0b1206f0f581d666a1ff76367811756708fc8e47f7a08e5c	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	aedda8d3f08fe50f0b1206f0f581d666a1ff76367811756708fc8e47f7a08e5c	-	ol8_aarch64_u6_baseos_patch

Oracle Linux 8 (x86_64)	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	859274e299326fdeff272695a83ec321b3b4702fb1778b6868424bb68b734066	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	859274e299326fdeff272695a83ec321b3b4702fb1778b6868424bb68b734066	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	859274e299326fdeff272695a83ec321b3b4702fb1778b6868424bb68b734066	-	ol8_x86_64_u6_baseos_patch
	bpftool-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	440f95a203fa05f80fa17dc7b83d5bb64bee427aab5b67c1d56d3ddcb19b02b3	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	440f95a203fa05f80fa17dc7b83d5bb64bee427aab5b67c1d56d3ddcb19b02b3	-	ol8_x86_64_u6_baseos_patch
	kernel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	172fca69f89057a6d749314d0cc9957f66029755732062fdb7f51468ce58e704	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	172fca69f89057a6d749314d0cc9957f66029755732062fdb7f51468ce58e704	-	ol8_x86_64_u6_baseos_patch
	kernel-abi-stablelists-4.18.0-372.19.1.0.1.el8_6.noarch.rpm	44408426eff4a15e928e52ee1080a56e306675cb35a2bb1892dfcbce46f8c01c	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-372.19.1.0.1.el8_6.noarch.rpm	44408426eff4a15e928e52ee1080a56e306675cb35a2bb1892dfcbce46f8c01c	-	ol8_x86_64_u6_baseos_patch
	kernel-core-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	0689eb8a9c655d293580705ebf9ccee86b7609ac94a04437329d664341c09c91	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	0689eb8a9c655d293580705ebf9ccee86b7609ac94a04437329d664341c09c91	-	ol8_x86_64_u6_baseos_patch
	kernel-cross-headers-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	4705117217314e7161f5901a08fa69fc254c65bac0793ab998b61ed81bf0df12	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	4705117217314e7161f5901a08fa69fc254c65bac0793ab998b61ed81bf0df12	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	92da7f82c382984ec452ea9439a6a499edbc0cc907bf8ad4bcdd16a94b26becd	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	92da7f82c382984ec452ea9439a6a499edbc0cc907bf8ad4bcdd16a94b26becd	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-core-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	96dfdaa69298895fc47c2fd418623140bc8ddd6cf5f646332737dfd47d26f42d	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	96dfdaa69298895fc47c2fd418623140bc8ddd6cf5f646332737dfd47d26f42d	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	d37b1a842cd07a7f68403463147996c4b8fc61442a7aa316c54edb64923cd78a	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	d37b1a842cd07a7f68403463147996c4b8fc61442a7aa316c54edb64923cd78a	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-modules-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	59bcb4ec6cc52b462a0e0d6a35e96cebba5de69a7bada260ab36b557a10911bb	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	59bcb4ec6cc52b462a0e0d6a35e96cebba5de69a7bada260ab36b557a10911bb	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-modules-extra-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	f86470d117ef8811afe42c23fcd3fa46fcf6d2ee3b34f03277b3b66577386acd	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	f86470d117ef8811afe42c23fcd3fa46fcf6d2ee3b34f03277b3b66577386acd	-	ol8_x86_64_u6_baseos_patch
	kernel-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	c15cd9e74768e8d6c90c653ca4341bb669f905c93fb3fa8eebd9c01970994a27	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	c15cd9e74768e8d6c90c653ca4341bb669f905c93fb3fa8eebd9c01970994a27	-	ol8_x86_64_u6_baseos_patch
	kernel-doc-4.18.0-372.19.1.0.1.el8_6.noarch.rpm	1c81ad3a9fb53486f11b43b832b619f0f7a17e749ea6760ad7e39cbb48807e84	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-372.19.1.0.1.el8_6.noarch.rpm	1c81ad3a9fb53486f11b43b832b619f0f7a17e749ea6760ad7e39cbb48807e84	-	ol8_x86_64_u6_baseos_patch
	kernel-headers-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	d94a1ef61f14cb84bcf7c4f43a21101e4e0bfc1454926066ada7e55e472868c7	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	d94a1ef61f14cb84bcf7c4f43a21101e4e0bfc1454926066ada7e55e472868c7	-	ol8_x86_64_u6_baseos_patch
	kernel-modules-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	ce1cf9989e79f2fb4f4c0e0436f052c4db10f89b77152dd626542e3777c63bfe	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	ce1cf9989e79f2fb4f4c0e0436f052c4db10f89b77152dd626542e3777c63bfe	-	ol8_x86_64_u6_baseos_patch
	kernel-modules-extra-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	9a124f63c382b0ba0e322d0e629b35cdf3b839a203e3f7f2dcbdb30386c94121	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	9a124f63c382b0ba0e322d0e629b35cdf3b839a203e3f7f2dcbdb30386c94121	-	ol8_x86_64_u6_baseos_patch
	kernel-tools-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	de167cfd8d6d65215c8c481aea6155a11864eeb50f4b98ce3d7651d56519792e	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	de167cfd8d6d65215c8c481aea6155a11864eeb50f4b98ce3d7651d56519792e	-	ol8_x86_64_u6_baseos_patch
	kernel-tools-libs-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	9451bb975a3aef82de5a10f478dcb1de759175e6b154823effe0c31edb0b3d27	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	9451bb975a3aef82de5a10f478dcb1de759175e6b154823effe0c31edb0b3d27	-	ol8_x86_64_u6_baseos_patch
	kernel-tools-libs-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	5dad0c76b3e45610260d83ea4a2ea1dbbb5b7835996446e2e4877a7554ff7588	-	ol8_x86_64_codeready_builder
	perf-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	752e5f528146c29ccf56a19ab4b1bd7931cc551660a4177259749d07e82a6bc2	-	ol8_x86_64_baseos_latest
	perf-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	752e5f528146c29ccf56a19ab4b1bd7931cc551660a4177259749d07e82a6bc2	-	ol8_x86_64_u6_baseos_patch
	python3-perf-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	f3e72757aff4b8d3f3cb6dc8821da570f6a40c275406979c4f9789aa286bd9a7	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	f3e72757aff4b8d3f3cb6dc8821da570f6a40c275406979c4f9789aa286bd9a7	-	ol8_x86_64_u6_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691