ELSA-2022-5819

ULN >
Oracle Linux Errata repository >
ELSA-2022-5819

ELSA-2022-5819 - kernel security and bug fix update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-08-08

Description

[4.18.0-372.19.1.0.1_6.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}

[4.18.0-372.19.1_6]
- net/mlx5: CT: Fix header-rewrite re-use for tupels (Amir Tzin) [2104013 2101162]
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2104012 2100474]
- netfilter: flowtable: fix TCP flow teardown (Florian Westphal) [2104002 2088234]
- netfilter: conntrack: annotate data-races around ct->timeout (Florian Westphal) [2104002 2088234]
- netfilter: conntrack: initialize ct->timeout (Florian Westphal) [2104002 2088234]
- net/sched: act_police: more accurate MTU policing (Davide Caratti) [2102333 2100893]
- bpf: Fix request_sock leak in sk lookup helpers (Antoine Tenart) [2104670 2085313]

[4.18.0-372.18.1_6]
- redhat: flesh out rpminspect config file (Jarod Wilson)
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (Steve Best) [2100150 2056080]
- vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [2093416 2048009]
- vdpa: mlx5: prevent cvq work from hogging CPU (Jason Wang) [2093416 2048009]
- vdpa/mlx5: Avoid processing works if workqueue was destroyed (Cindy Lu) [2093416 2048009]
- cifs: fix potential double free during failed mount (Ronnie Sahlberg) [2102251 2088799]

[4.18.0-372.17.1_6]
- tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: add small random increments to the source port (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: add some entropy in __inet_hash_connect() (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- tcp: change source port randomizarion at connect() time (Guillaume Nault) [2087130 2064876] {CVE-2022-1012}
- hrtimer: Unbreak hrtimer_force_reprogram() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Use raw_cpu_ptr() in clock_was_set() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Avoid more SMP function calls in clock_was_set() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Avoid unnecessary SMP function calls in clock_was_set() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Add bases argument to clock_was_set() (Fernando Pacheco) [2090484 2071776]
- time/timekeeping: Avoid invoking clock_was_set() twice (Fernando Pacheco) [2090484 2071776]
- timekeeping: Distangle resume and clock-was-set events (Fernando Pacheco) [2090484 2071776]
- timerfd: Provide timerfd_resume() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case (Fernando Pacheco) [2090484 2071776]
- hrtimer: Ensure timerfd notification for HIGHRES=n (Fernando Pacheco) [2090484 2071776]
- hrtimer: Consolidate reprogramming code (Fernando Pacheco) [2090484 2071776]
- hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event() (Fernando Pacheco) [2090484 2071776]
- hrtimer: Annotate lockless access to timer->state (Fernando Pacheco) [2090484 2071776]
- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rafael Aquini) [2100529 2067130]
- lib/sbitmap: fix sb->map leak (Ming Lei) [2100254 2093549]
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (Ewan D. Milne) [2100254 2071831]
- lib/sbitmap: allocate sb->map via kvzalloc_node (Ewan D. Milne) [2100254 2071831]
- mm: move kvmalloc-related functions to slab.h (Ewan D. Milne) [2100254 2071831]
- scsi: core: Reallocate device's budget map on queue depth change (Ewan D. Milne) [2100254 2071831]
- scsi: core: Fix scsi_device_max_queue_depth() (Ewan D. Milne) [2100254 2071831]
- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092986 2092987] {CVE-2022-32250}
- audit: improve audit queue handling when 'audit=1' on cmdline (Richard Guy Briggs) [2095434 2035123]
- audit: improve robustness of the audit queue handling (Richard Guy Briggs) [2095434 2035123]

Related CVEs

CVE-2022-1012

CVE-2022-32250

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	d17a5358c344d36b56f3cbab12fba63c	-
	bpftool-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	acfe756a1363e6316121b7199e7d0dbc	-
	kernel-cross-headers-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	adb8b004bdaf85d1616143e8a99813ca	-
	kernel-headers-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	76b458f2736cef50c48715df76458d40	-
	kernel-tools-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	a673f110d825da7728978c11af0e9a93	-
	kernel-tools-libs-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	0f187177474dfe8abed8896bff148c29	-
	kernel-tools-libs-devel-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	a8b23895e0b93e5fd836a2d6a1058248	-
	perf-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	e0b48be35507fca6fddde2ff4d4586ef	-
	python3-perf-4.18.0-372.19.1.0.1.el8_6.aarch64.rpm	32d4eaaa74e364f78dfc3f2fc728590b	-

Oracle Linux 8 (x86_64)	kernel-4.18.0-372.19.1.0.1.el8_6.src.rpm	d17a5358c344d36b56f3cbab12fba63c	-
	bpftool-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	26147edb03fff4c97d80b6ae29cc6080	-
	kernel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	9614b444a7392cfaae2c9d210186b939	-
	kernel-abi-stablelists-4.18.0-372.19.1.0.1.el8_6.noarch.rpm	52ccfd5391f3e85fe0a41bcb948f04e4	-
	kernel-core-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	374abb69f5b91a4406605141b5833425	-
	kernel-cross-headers-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	8f6f5d9178530803d516b0036d32cc51	-
	kernel-debug-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	1dda922085fb062568cb823a5b4189e5	-
	kernel-debug-core-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	f3b7f0c67a0d232aefd9244e7bb6cf5c	-
	kernel-debug-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	285568d3cc9b295ae467a947966fada0	-
	kernel-debug-modules-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	01f97e31859228bf96ad82c447939dd7	-
	kernel-debug-modules-extra-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	b7c1482f8c113968d3672c35bdd4c320	-
	kernel-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	1a5404bffa3d9beb8bef094b3221ac4e	-
	kernel-doc-4.18.0-372.19.1.0.1.el8_6.noarch.rpm	4b61aa722a1756f33cb7d16a79325715	-
	kernel-headers-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	456db1d2923892f000fa7e2bde70f982	-
	kernel-modules-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	ce3d4811e1d53bf48bea4a91c2184925	-
	kernel-modules-extra-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	3dc5c8db44f97a208afecfde1cf3d90c	-
	kernel-tools-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	45984fed9a126d63e3a4832e9dfbd815	-
	kernel-tools-libs-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	e536fb33aabdb1c8617dfea3f34868e4	-
	kernel-tools-libs-devel-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	54609282dca6c9ae60e76fb551037944	-
	perf-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	34f3822ebf34501dc4ef3ff2f9005814	-
	python3-perf-4.18.0-372.19.1.0.1.el8_6.x86_64.rpm	4a5a00058590e350bdf857cfeb7caa66	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691