|
|
Subscribe / Log in / New account

Oracle alert ELSA-2021-9141 (kernel-container)



From:
              Errata Announcements for Oracle Linux <el-errata@oss.oracle.com>


To:
              "el-errata@oss.oracle.com" <el-errata@oss.oracle.com>


Subject:
              [El-errata] ELSA-2021-9141 Important: Oracle Linux 7 Unbreakable Enterprise kernel-container security update


Date:
              Wed, 31 Mar 2021 23:19:30 +0000


Message-ID:
               <BYAPR10MB31756A9CA1CC5DAE24C269A69A7C9@BYAPR10MB3175.namprd10.prod.outlook.com>


Oracle Linux Security Advisory ELSA-2021-9141



http://linux.oracle.com/errata/ELSA-2021-9141.html



The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



x86_64:

kernel-uek-container-5.4.17-2102.200.13.el7.x86_64.rpm

kernel-uek-container-debug-5.4.17-2102.200.13.el7.x86_64.rpm



aarch64:





SRPMS:

http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-contai...







Description of changes:



[5.4.17-2102.200.13.el7]

- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk)  [Orabug:
32656761]  {CVE-2020-27170} {CVE-2020-27171}

- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk)  [Orabug: 32656761]  {CVE-2020-27170}
{CVE-2020-27171}

- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk)  [Orabug: 32656761]
{CVE-2020-27170} {CVE-2020-27171}

- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk)  [Orabug: 32656761]
{CVE-2020-27170} {CVE-2020-27171}

- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk)  [Orabug:
32656761]  {CVE-2020-27170} {CVE-2020-27171}

- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov)  [Orabug: 32656761]
{CVE-2020-27170} {CVE-2020-27171}

- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann)  [Orabug: 32673813]
{CVE-2021-3444}

- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann)  [Orabug: 32673813]
{CVE-2021-3444}



[5.4.17-2102.200.12.el7]

- Revert "x86/platform/uv: Update UV MMRs for UV5" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Add UV5 direct references" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Add and decode Arch Type in UVsystab" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Update MMIOH references based on new UV5 MMRs" (Jack Vogel)  [Orabug:
32651197]

- Revert "x86/platform/uv: Adjust GAM MMR references affected by UV5 updates" (Jack Vogel)
[Orabug: 32651197]

- Revert "x86/platform/uv: Update UV5 MMR references in UV GRU" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Update node present counting" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Update UV5 TSC checking" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Update for UV5 NMI MMR changes" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Update Copyrights to conform to HPE standards" (Jack Vogel)  [Orabug:
32651197]

- Revert "x86/platform/uv: Fix missing OEM_TABLE_ID" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Remove spaces from OEM IDs" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Recognize UV5 hubless system identifier" (Jack Vogel)  [Orabug:
32651197]

- Revert "x86/tlb/uv: Add a forward declaration for struct flush_tlb_info" (Jack Vogel)  [Orabug:
32651197]

- Revert "x86/platform/uv: Drop last traces of uv_flush_tlb_others" (Jack Vogel)  [Orabug:
32651197]

- Revert "x86/platform/uv: Fix copied UV5 output archtype" (Jack Vogel)  [Orabug: 32651197]

- Revert "x86/platform/uv: Fix UV4 hub revision adjustment" (Jack Vogel)  [Orabug: 32651197]



[5.4.17-2102.200.11.el7]

- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang)  [Orabug: 32620155]

- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech)  [Orabug: 32603378]
{CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}

- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech)  [Orabug: 32603378]
{CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}

- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi)  [Orabug: 32603378]
{CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}

- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches)  [Orabug: 32603378]
{CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}

- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan)  [Orabug: 32603378]
{CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}

- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata)  [Orabug:
32591559]  {CVE-2020-25639}

- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye)  [Orabug:
32613823]

- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko)  [Orabug: 32613823]

- mm/sparse: consistently do not zero memmap (Vincent Whitchurch)  [Orabug: 32613823]



[5.4.17-2102.200.10.el7]

- scsi: target: core: Make completion affinity configurable



[4.14.14-2.el7]

- BUILDINFO: commit=6bb6e206facd0c0277275ac8b9e82737380c9040

- Bump release to 4.14.14-2.



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds