Stay Connected:

ELSA-2023-4819

ELSA-2023-4819 - kernel security and bug fix update

Type:SECURITY
Impact:IMPORTANT
Release Date:2023-08-31

Description


[3.10.0-1160.99.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.99.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.99.1]
- x86/cpu/amd: Add a Zenbleed fix (Waiman Long) [2226841] {CVE-2023-20593}
- x86/cpu/amd: Move the errata checking functionality up (Waiman Long) [2226841] {CVE-2023-20593}
- x86/cpu: Restore AMD's DE_CFG MSR after resume (Waiman Long) [2226841] {CVE-2023-20593}

[3.10.0-1160.98.1]
- GFS2: gfs2_dir_get_hash_table(): avoiding deferred vfree() is easy here... (Andrew Price) [2190450]
- GFS2: use kvfree() instead of open-coding it (Andrew Price) [2190450]

[3.10.0-1160.97.1]
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (Davide Caratti) [2216982] {CVE-2023-35788}
- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) [2188190]
- netfilter: conntrack: handle tcp challenge acks during connection reuse (Florian Westphal) [2128262]
- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2128262]
- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2128262]
- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2128262]
- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2128262]
- netfilter: conntrack: connection timeout after re-register (Florian Westphal) [2128262]
- netfilter: conntrack: always store window size un-scaled (Florian Westphal) [2128262]
- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2128262]
- netfilter: conntrack: avoid misleading 'invalid' in log message (Florian Westphal) [2128262]
- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: re-init for syn packets only (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (Florian Westphal) [2128262]
- netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [2128262]
- netfilter: conntrack: move synack init code to helper (Florian Westphal) [2128262]
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (Florian Westphal) [2128262]

[3.10.0-1160.96.1]
- sched/fair: Eliminate bandwidth race between throttling and distribution (Phil Auld) [2180681]
- sched/fair: Fix race between runtime distribution and assignment (Phil Auld) [2180681]
- sched/fair: Don't assign runtime for throttled cfs_rq (Phil Auld) [2180681]


Related CVEs


CVE-2023-20593
CVE-2023-35788

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (x86_64) kernel-3.10.0-1160.99.1.0.1.el7.src.rpmfbfdcc4275e45c932632a0dc301202d479af2489fdf16060deb55fc9ac763f83ELSA-2025-1281ol7_x86_64_latest
kernel-3.10.0-1160.99.1.0.1.el7.src.rpmfbfdcc4275e45c932632a0dc301202d479af2489fdf16060deb55fc9ac763f83ELSA-2025-1281ol7_x86_64_optional_latest
kernel-3.10.0-1160.99.1.0.1.el7.src.rpmfbfdcc4275e45c932632a0dc301202d479af2489fdf16060deb55fc9ac763f83ELSA-2025-1281ol7_x86_64_u9_patch
bpftool-3.10.0-1160.99.1.0.1.el7.x86_64.rpma8f3cbb9d585c552d883dc09dd38dbbde2a307f863a479bcb41bcfbf9da02fb2ELSA-2025-1281ol7_x86_64_latest
bpftool-3.10.0-1160.99.1.0.1.el7.x86_64.rpma8f3cbb9d585c552d883dc09dd38dbbde2a307f863a479bcb41bcfbf9da02fb2ELSA-2025-1281ol7_x86_64_u9_patch
kernel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm9c4fef42195467330294145bb760243950b3965fd01cb6ff40479de5826ab8b3ELSA-2025-1281ol7_x86_64_latest
kernel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm9c4fef42195467330294145bb760243950b3965fd01cb6ff40479de5826ab8b3ELSA-2025-1281ol7_x86_64_u9_patch
kernel-abi-whitelists-3.10.0-1160.99.1.0.1.el7.noarch.rpm406a5702d754e4bb30937c4d5aab1c6f5a257fecd0cb140319804702845d18a9ELSA-2025-1281ol7_x86_64_latest
kernel-abi-whitelists-3.10.0-1160.99.1.0.1.el7.noarch.rpm406a5702d754e4bb30937c4d5aab1c6f5a257fecd0cb140319804702845d18a9ELSA-2025-1281ol7_x86_64_u9_patch
kernel-debug-3.10.0-1160.99.1.0.1.el7.x86_64.rpm2ebe85f0c676cafd870175f2c6d35d84f0a48faca3069c23d06f9f83ae93e691ELSA-2025-1281ol7_x86_64_latest
kernel-debug-3.10.0-1160.99.1.0.1.el7.x86_64.rpm2ebe85f0c676cafd870175f2c6d35d84f0a48faca3069c23d06f9f83ae93e691ELSA-2025-1281ol7_x86_64_u9_patch
kernel-debug-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm499a30a082d01fcee220fbdef08cedc3455195d3cd9fcb18c1f3fe278d7fcf19ELSA-2025-1281ol7_x86_64_latest
kernel-debug-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm499a30a082d01fcee220fbdef08cedc3455195d3cd9fcb18c1f3fe278d7fcf19ELSA-2025-1281ol7_x86_64_u9_patch
kernel-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpmd959dd1b828b7a1724c99e3e9fcb3a0c8de797b0dc681b83750a8ef8ca00eb89ELSA-2025-1281ol7_x86_64_latest
kernel-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpmd959dd1b828b7a1724c99e3e9fcb3a0c8de797b0dc681b83750a8ef8ca00eb89ELSA-2025-1281ol7_x86_64_u9_patch
kernel-doc-3.10.0-1160.99.1.0.1.el7.noarch.rpma38b66e65dfeb5d47b5cb28a8e24ffa3ba1d09ba16a20027104b9514b9c73e94ELSA-2025-1281ol7_x86_64_latest
kernel-doc-3.10.0-1160.99.1.0.1.el7.noarch.rpma38b66e65dfeb5d47b5cb28a8e24ffa3ba1d09ba16a20027104b9514b9c73e94ELSA-2025-1281ol7_x86_64_u9_patch
kernel-headers-3.10.0-1160.99.1.0.1.el7.x86_64.rpm39d1669fdbd6a7976538d146b0973741b3946ae8f594103e6baaac7036f26e42ELSA-2025-1281exadata_dbserver_22.1.16.0.0_x86_64_base
kernel-headers-3.10.0-1160.99.1.0.1.el7.x86_64.rpm39d1669fdbd6a7976538d146b0973741b3946ae8f594103e6baaac7036f26e42ELSA-2025-1281ol7_x86_64_latest
kernel-headers-3.10.0-1160.99.1.0.1.el7.x86_64.rpm39d1669fdbd6a7976538d146b0973741b3946ae8f594103e6baaac7036f26e42ELSA-2025-1281ol7_x86_64_u9_patch
kernel-tools-3.10.0-1160.99.1.0.1.el7.x86_64.rpm1016c692ef61292a70f1f28d177a6fa63825086ceba2e219bde73747f75910cdELSA-2025-1281exadata_dbserver_22.1.16.0.0_x86_64_base
kernel-tools-3.10.0-1160.99.1.0.1.el7.x86_64.rpm1016c692ef61292a70f1f28d177a6fa63825086ceba2e219bde73747f75910cdELSA-2025-1281ol7_x86_64_latest
kernel-tools-3.10.0-1160.99.1.0.1.el7.x86_64.rpm1016c692ef61292a70f1f28d177a6fa63825086ceba2e219bde73747f75910cdELSA-2025-1281ol7_x86_64_u9_patch
kernel-tools-libs-3.10.0-1160.99.1.0.1.el7.x86_64.rpm7a48244aa2e044fc05b84d2111520a6cb3b100adbe77694187647635e9f33ca1ELSA-2025-1281exadata_dbserver_22.1.16.0.0_x86_64_base
kernel-tools-libs-3.10.0-1160.99.1.0.1.el7.x86_64.rpm7a48244aa2e044fc05b84d2111520a6cb3b100adbe77694187647635e9f33ca1ELSA-2025-1281ol7_x86_64_latest
kernel-tools-libs-3.10.0-1160.99.1.0.1.el7.x86_64.rpm7a48244aa2e044fc05b84d2111520a6cb3b100adbe77694187647635e9f33ca1ELSA-2025-1281ol7_x86_64_u9_patch
kernel-tools-libs-devel-3.10.0-1160.99.1.0.1.el7.x86_64.rpm4e25eb5605bfe1ffb2bd7851fc2985091f7751c3c4d8cab5ad541194355c7c08ELSA-2025-1281ol7_x86_64_optional_latest
perf-3.10.0-1160.99.1.0.1.el7.x86_64.rpmb4d05d09ce595a0a8a5a075e29a683da0030a14a3fff687fc798a8e6dafa3a2cELSA-2025-20019ol7_x86_64_latest
perf-3.10.0-1160.99.1.0.1.el7.x86_64.rpmb4d05d09ce595a0a8a5a075e29a683da0030a14a3fff687fc798a8e6dafa3a2cELSA-2025-20019ol7_x86_64_u9_patch
python-perf-3.10.0-1160.99.1.0.1.el7.x86_64.rpmdac16cf3b7996193361e2ea951e417b6b03be3871b56e1bfe3774308c6b1f0e7ELSA-2025-20019ol7_x86_64_latest
python-perf-3.10.0-1160.99.1.0.1.el7.x86_64.rpmdac16cf3b7996193361e2ea951e417b6b03be3871b56e1bfe3774308c6b1f0e7ELSA-2025-20019ol7_x86_64_u9_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights