ELSA-2023-4819
- ULN >
- Oracle Linux Errata repository >
- ELSA-2023-4819
ELSA-2023-4819 - kernel security and bug fix update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2023-08-31 |
Description
[3.10.0-1160.99.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}
[3.10.0-1160.99.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)
[3.10.0-1160.99.1]
- x86/cpu/amd: Add a Zenbleed fix (Waiman Long) [2226841] {CVE-2023-20593}
- x86/cpu/amd: Move the errata checking functionality up (Waiman Long) [2226841] {CVE-2023-20593}
- x86/cpu: Restore AMD's DE_CFG MSR after resume (Waiman Long) [2226841] {CVE-2023-20593}
[3.10.0-1160.98.1]
- GFS2: gfs2_dir_get_hash_table(): avoiding deferred vfree() is easy here... (Andrew Price) [2190450]
- GFS2: use kvfree() instead of open-coding it (Andrew Price) [2190450]
[3.10.0-1160.97.1]
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (Davide Caratti) [2216982] {CVE-2023-35788}
- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) [2188190]
- netfilter: conntrack: handle tcp challenge acks during connection reuse (Florian Westphal) [2128262]
- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2128262]
- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2128262]
- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2128262]
- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2128262]
- netfilter: conntrack: connection timeout after re-register (Florian Westphal) [2128262]
- netfilter: conntrack: always store window size un-scaled (Florian Westphal) [2128262]
- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2128262]
- netfilter: conntrack: avoid misleading 'invalid' in log message (Florian Westphal) [2128262]
- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: re-init for syn packets only (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (Florian Westphal) [2128262]
- netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [2128262]
- netfilter: conntrack: move synack init code to helper (Florian Westphal) [2128262]
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (Florian Westphal) [2128262]
[3.10.0-1160.96.1]
- sched/fair: Eliminate bandwidth race between throttling and distribution (Phil Auld) [2180681]
- sched/fair: Fix race between runtime distribution and assignment (Phil Auld) [2180681]
- sched/fair: Don't assign runtime for throttled cfs_rq (Phil Auld) [2180681]
Related CVEs
| CVE-2023-20593 |
| CVE-2023-35788 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (x86_64) | kernel-3.10.0-1160.99.1.0.1.el7.src.rpm | 6ab23b3a29761afb59e811fe94c7fefc | - |
| bpftool-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | ab2427931dece42a08947b1b1dd2f076 | - | |
| kernel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | dc58b20b35d7f059429ea22ed70106a4 | - | |
| kernel-abi-whitelists-3.10.0-1160.99.1.0.1.el7.noarch.rpm | a100afae1c7c576edde59ce7c61e4762 | - | |
| kernel-debug-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | c395bb16cd561c26d52bf747596c3141 | - | |
| kernel-debug-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | 7f14e1ec88bebfe6184d434fd18d7449 | - | |
| kernel-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | bd85e9ccb79a92d112e0f1da7108de2f | - | |
| kernel-doc-3.10.0-1160.99.1.0.1.el7.noarch.rpm | ccfce74ed737016e6d369e73c5810fec | - | |
| kernel-headers-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | f148611e2f2128598d8bc2550e7211f9 | - | |
| kernel-tools-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | 661eeda34eb659afc38a24ea63e4ca6f | - | |
| kernel-tools-libs-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | 082b7edb124fec4aae992a7a32f86aa4 | - | |
| kernel-tools-libs-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | c2cb7fc2b85033faecad94d807be031d | - | |
| perf-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | a5472a0dde1dedca9feca910b385e39a | - | |
| python-perf-3.10.0-1160.99.1.0.1.el7.x86_64.rpm | 068ac8d7b7718607760856bce9f2b770 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
