Oracle alert ELSA-2021-2725 (kernel)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2021-2725 Important: Oracle Linux 7 kernel security and bug fix update | |
| Date: | Wed, 21 Jul 2021 20:56:39 -0700 | |
| Message-ID: | <60f8ec77.BcXi+7Zw0cxEzGli%keshav.sharma@oracle.com> |
Oracle Linux Security Advisory ELSA-2021-2725 http://linux.oracle.com/errata/ELSA-2021-2725.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-116... Related CVEs: CVE-2019-20934 CVE-2020-11668 CVE-2021-33033 CVE-2021-33034 CVE-2021-33909 Description of changes: [3.10.0-1160.36.2.el7.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9.el7 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.36.2.el7] - seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975251] [3.10.0-1160.36.1.el7] - cipso,calipso: resolve a number of problems with the DOI refcounts (Antoine Tenart) [1967720] - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Alaa Hleihel) [1962406] - sched/debug: Fix cgroup_path[] serialization (Waiman Long) [1912221] - sched/debug: Reset watchdog on all CPUs while processing sysrq-t (Waiman Long) [1912221] - vt: vt_ioctl: fix use-after-free in vt_in_use() (Vladis Dronov) [1872778] - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Vladis Dronov) [1872778] - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (Vladis Dronov) [1872778] - vt: selection, introduce vc_is_sel (Vladis Dronov) [1872778] - redhat: genspec: generate changelog entries since last release (Augusto Caringi) [3.10.0-1160.35.1.el7] - CI: Merge configuration (Veronika Kabatova) - [pci/aer] Work around use-after-free in pcie_do_fatal_recovery() (Al Stone) [1933663] - [pci/aer] do not invoke error recovery with non-fatal errors (Al Stone) [1933663] [3.10.0-1160.34.1.el7] - futex: remove lockdep_assert_held() in pi_state_update_owner() (Donghai Qiao) [1965495] - video: hyperv_fb: Add ratelimit on error message (Mohammed Gamal) [1957803] - Drivers: hv: vmbus: Increase wait time for VMbus unload (Mohammed Gamal) [1957803] - Drivers: hv: vmbus: Initialize unload_event statically (Mohammed Gamal) [1957803] - blk-mq: always allow reserved allocation in hctx_may_queue (Ming Lei) [1926825] - s390/pci: fix out of bounds access during irq setup (Philipp Rudo) [1917943] - s390/pci: improve irq number check for msix (Philipp Rudo) [1917943] [3.10.0-1160.33.1.el7] - CI: Disable result checking for realtime check (Veronika Kabatova) - CI: Explicitly disable result checking for private CI (Veronika Kabatova) - CI: Rename variable (Veronika Kabatova) - mm: memcontrol: switch to rcu protection in drain_all_stock() (Waiman Long) [1957719] - sctp: Don't add the shutdown timer if its already been added (Xin Long) [1953052] - media: xirlink_cit: add missing descriptor sanity checks (Mark Langsdorf) [1826877] {CVE-2020-11668} [3.10.0-1160.32.1.el7] - Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962532] {CVE-2021-33034} - net: ipv4: route: Fix sending IGMP messages with link address (Hangbin Liu) [1958339] - hv_netvsc: remove ndo_poll_controller (Mohammed Gamal) [1953075] - Fix double free in nvme_trans_log_temperature (Gopal Tiwari) [1946793] - rcu: Call touch_nmi_watchdog() while printing stall warnings (Artem Savkov) [1924688] - sched/fair: Use RCU accessors consistently for ->numa_group (Rafael Aquini) [1915635] {CVE-2019-20934} - sched/fair: Don't free p->numa_faults with concurrent readers (Rafael Aquini) [1915635] {CVE-2019-20934} - sched/numa: Simplify task_numa_compare() (Rafael Aquini) [1915635] {CVE-2019-20934} - sched/numa: Fix task_numa_free() lockdep splat (Rafael Aquini) [1915635] {CVE-2019-20934} - sched/numa: Move task_numa_free() to __put_task_struct() (Rafael Aquini) [1915635] {CVE-2019-20934} - [s390] s390/dasd: fix diag 0x250 inline assembly (Philipp Rudo) [1910395] - vsock/vmci: log once the failed queue pair allocation (Stefano Garzarella) [1892237] - VMCI: Stop log spew when qp allocation isn't possible (Stefano Garzarella) [1892237] _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata