[ELSA-2020-3220] kernel security and bug fix update

Severity Important

Affected Packages 13

CVEs 4

[3.10.0-1127.18.2.OL7]
- Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3

[3.10.0-1127.18.2]
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837429 1837430] {CVE-2020-10713}
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837429 1837430] {CVE-2020-10713}

[3.10.0-1127.18.1]
- [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1838602 1830606]
- [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1838602 1830606]

[3.10.0-1127.17.1]
- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1852245 1820632]
- [fs] aio: fix inconsistent ring state (Jeff Moyer) [1850055 1845326]
- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844069 1844070] {CVE-2020-12654}
- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844025 1844026] {CVE-2020-12653}
- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
- [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
- [mm] mm: mremap: streamline move_page_tables()'s move_huge_pmd() corner case (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
- [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}

[3.10.0-1127.16.1]
- [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1850500 1752067]
- [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1842994 1818001]
- [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1842994 1818001]

[3.10.0-1127.15.1]
- [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1847343 1663720]
- [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1847343 1663720]
- [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1847343 1663720]
- [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1847343 1663720]
- [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1847343 1663720]
- [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1847343 1663720]
- [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847333 1834278]
- [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1841825 1837127]
- [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1830889 1810643]
- [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1830889 1810643]
- [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1803448 1814257] {CVE-2019-19527}
- [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1803448 1814257] {CVE-2019-19527}

[3.10.0-1127.14.1]
- [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1845520 1813803]
- [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Don't hold the inode lock across fsync() (Benjamin Coddington) [1845520 1813803]
- [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1845520 1813803]
- [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1845520 1813803]
- [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1845520 1813803]
- [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (Jonathan Toppins) [1834190 1823679]

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7
pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7	< 3.10.0-1127.18.2.el7

ID

ELSA-2020-3220

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2020-3220.html

Published

2020-07-30T00:00:00
(4 years ago)

Modified

2020-07-30T00:00:00
(4 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2020-3220	https://linux.oracle.com/errata/ELSA-2020-3220.html
CVE	CVE-2020-10757	https://linux.oracle.com/cve/CVE-2020-10757.html
CVE	CVE-2019-19527	https://linux.oracle.com/cve/CVE-2019-19527.html
CVE	CVE-2020-12653	https://linux.oracle.com/cve/CVE-2020-12653.html
CVE	CVE-2020-12654	https://linux.oracle.com/cve/CVE-2020-12654.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	oraclelinux	python-perf	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	oraclelinux	perf	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7	oraclelinux	kernel	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7	oraclelinux	kernel-tools	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7	oraclelinux	kernel-tools-libs	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7	oraclelinux	kernel-tools-libs-devel	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7	oraclelinux	kernel-headers	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7	oraclelinux	kernel-doc	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7	oraclelinux	kernel-devel	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7	oraclelinux	kernel-debug	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-debug-devel	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7	oraclelinux	kernel-abi-whitelists	< 3.10.0-1127.18.2.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7	oraclelinux	bpftool	< 3.10.0-1127.18.2.el7	oraclelinux-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date