[ELSA-2020-4286] kernel security and bug fix update
[4.18.0-193.28.1_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7
[4.18.0-193.28.1_2]
- [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888256 1888258] {CVE-2020-12351}
- [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888906 1888807] {CVE-2020-12352}
[4.18.0-193.27.1_2]
- [powerpc] powerpc/pseries: Do not initiate shutdown when system is running on UPS (Diego Domingos) [1882243 1870477]
- [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859471 1859472] {CVE-2020-14331}
[4.18.0-193.26.1_2]
- [firmware] efi: don't reserve MOK config table memory region (Kairui Song) [1879988 1878584]
- [security] integrity: Load certs from the EFI MOK config table (Lenny Szubowicz) [1877528 1868306]
- [security] integrity: Move import of MokListRT certs to a separate routine (Lenny Szubowicz) [1877528 1868306]
- [firmware] efi: Support for MOK variable config table (Lenny Szubowicz) [1877528 1868306]
- [security] efi: Only print errors about failing to get certs if EFI vars are found (Lenny Szubowicz) [1877528 1804969]
- [fs] ceph: fix inode number handling on arches with 32-bit ino_t (Jeff Layton) [1875787 1866018]
- [fs] ceph: handle zero-length feature mask in session messages (Jeff Layton) [1875787 1866018]
- [fs] ceph: fix endianness bug when handling MDS session feature bits (Jeff Layton) [1875787 1866018]
- [netdrv] net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup (Alaa Hleihel) [1857777 1856660]
[4.18.0-193.25.1_2]
- [net] netfilter: conntrack: proc: rename stat column (Florian Westphal) [1882095 1875681]
- [net] netfilter: conntrack: add clash resolution stat counter (Florian Westphal) [1882095 1875681]
- [net] netfilter: conntrack: remove ignore stats (Florian Westphal) [1882095 1875681]
- [net] netfilter: conntrack: do not increment two error counters at same time (Florian Westphal) [1882095 1875681]
- [net] netfilter: conntrack: do not auto-delete clash entries on reply (Florian Westphal) [1882095 1875681]
- [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1881085 1875316] {CVE-2020-14385}
- [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint (Alexey Klimov) [1880081 1877380]
- [net] atomics/treewide: Rename __atomic_add_unless() => atomic_fetch_add_unless() (Yauheni Kaliuta) [1880081 1813370]
- [kernel] timers: Lower base clock forwarding threshold (Phil Auld) [1877417 1833096]
[4.18.0-193.24.1_2]
- [kernel] timers: Remove must_forward_clk (Phil Auld) [1877417 1833096]
- [kernel] timers: Spare timer softirq until next expiry (Phil Auld) [1877417 1833096]
- [kernel] timers: Expand clk forward logic beyond nohz (Phil Auld) [1877417 1833096]
- [kernel] timers: Reuse next expiry cache after nohz exit (Phil Auld) [1877417 1833096]
- [kernel] timers: Always keep track of next expiry (Phil Auld) [1877417 1833096]
- [kernel] timers: Optimize _next_timer_interrupt() level iteration (Phil Auld) [1877417 1833096]
- [kernel] timers: Add comments about calc_index() ceiling work (Phil Auld) [1877417 1833096]
- [kernel] timers: Move trigger_dyntick_cpu() to enqueue_timer() (Phil Auld) [1877417 1833096]
- [kernel] timers: Use only bucket expiry for base->next_expiry value (Phil Auld) [1877417 1833096]
- [kernel] timers: Preserve higher bits of expiration on index calculation (Phil Auld) [1877417 1833096]
- [kernel] timer: Fix wheel index calculation on last level (Phil Auld) [1877417 1833096]
- [kernel] timer: Prevent base->clk from moving backward (Phil Auld) [1877417 1833096]
- [kernel] timer: Read jiffies once when forwarding base clk (Phil Auld) [1877417 1833096]
- [infiniband] RDMA/umem: Fix ib_umem_find_best_pgsz() (Kamal Heib) [1872424 1856158]
- [net] net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus (Nitesh Narayan Lal) [1870181 1868433]
- [net] net: Restrict receive packets queuing to housekeeping CPUs (Nitesh Narayan Lal) [1867174 1844520]
- [pci] PCI: Restrict probe functions to housekeeping CPUs (Nitesh Narayan Lal) [1867174 1844520]
- [lib] lib: Restrict cpumask_local_spread to houskeeping CPUs (Nitesh Narayan Lal) [1867174 1844520]
- [s390] s390/pci: Fix unexpected write combine on resource (Philipp Rudo) [1869276 1827311]
[4.18.0-193.23.1_2]
- [net] packet: fix overflow in tpacket_rcv (Hangbin Liu) [1876223 1876224] {CVE-2020-14386}
- [net] packet: make tp_drops atomic (Hangbin Liu) [1876223 1876224] {CVE-2020-14386}
[4.18.0-193.22.1_2]
- [crypto] pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1877530 1862072]
- [crypto] Revert 'pefile: Tolerate other pefile signatures after first' (Bruno Meneguele)
- [infiniband] IB/hfi1: Fix another case where pq is left on waitlist (Kamal Heib) [1872766 1859209]
- [infiniband] IB/hfi1: Ensure pq is not left on waitlist (Kamal Heib) [1872766 1859209]
[4.18.0-193.21.1_2]
- [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1866371 1810653]
- [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1866371 1810653]
[4.18.0-193.20.1_2]
- [infiniband] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (Kamal Heib) [1872771 1850314]
- [block] blk-mq: Rerun dispatching in the case of budget contention (Ming Lei) [1869779 1824037]
- [block] blk-mq: Add blk_mq_delay_run_hw_queues() API call (Ming Lei) [1869779 1824037]
- [block] blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (Ming Lei) [1869779 1824037]
- [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1869779 1824037]
- [md] dm mpath: use double checked locking in fast path (Mike Snitzer) [1869386 1848651]
- [md] dm mpath: rename current_pgpath to pgpath in multipath_prepare_ioctl (Mike Snitzer) [1869386 1848651]
- [md] dm mpath: rework __map_bio() (Mike Snitzer) [1869386 1848651]
- [md] dm mpath: factor out multipath_queue_bio (Mike Snitzer) [1869386 1848651]
- [md] dm mpath: push locking down to must_push_back_rq() (Mike Snitzer) [1869386 1848651]
- [md] dm mpath: take m->lock spinlock when testing QUEUE_IF_NO_PATH (Mike Snitzer) [1869386 1848651]
- [md] dm mpath: changes from initial m->flags locking audit (Mike Snitzer) [1869386 1848651]
- [md] dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Mike Snitzer) [1869386 1848651]
- [md] dm: do not use waitqueue for request-based DM (Mike Snitzer) [1869386 1848651]
- [block] blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (Mike Snitzer) [1869386 1848651]
- [kernel] sched/deadline: Initialize ->dl_boosted (Phil Auld) [1867612 1854179]
- [kernel] sched/core: Fix PI boosting between RT and DEADLINE tasks (Phil Auld) [1867612 1854179]
- [net] net/smc: tolerate future SMCD versions (Philipp Rudo) [1866390 1854992]
- [net] openvswitch: fixes potential deadlock in dp cleanup code (Eelco Chaudron) [1859216 1845662]
- [net] openvswitch: reorder masks array based on usage (Eelco Chaudron) [1859216 1845662]
- [net] openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (Lorenzo Bianconi) [1860169 1851888]
- ID
- ELSA-2020-4286
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-4286.html
- Published
-
2020-10-21T00:00:00
(3 years ago) - Modified
-
2020-10-21T00:00:00
(3 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1430
- ALAS-2020-1437
- ALAS-2020-1446
- ALAS2-2020-1488
- ALAS2-2020-1495
- ALAS2-2020-1556
- ASA-202010-2
- ASA-202010-3
- ASA-202010-4
- ASA-202010-9
- DSA-4774-1
- ELSA-2020-4276
- ELSA-2020-5023
- ELSA-2020-5437
- ELSA-2020-5841
- ELSA-2020-5844
- ELSA-2020-5845
- ELSA-2020-5848
- ELSA-2020-5866
- ELSA-2020-5878
- ELSA-2020-5884
- ELSA-2020-5885
- ELSA-2020-5913
- ELSA-2020-5995
- ELSA-2020-5996
- ELSA-2021-9346
- FEDORA-2020-00e872744f
- FEDORA-2020-468121099e
- FEDORA-2020-5081eec059
- FEDORA-2020-708b23f2ce
- FEDORA-2020-ad980d282f
- FEDORA-2020-b858b48b23
- FEDORA-2020-ce117eff51
- FEDORA-2020-e288acda9a
- MS:CVE-2020-14331
- MS:CVE-2020-14385
- MS:CVE-2020-14386
- openSUSE-SU-2020:1153-1
- openSUSE-SU-2020:1236-1
- openSUSE-SU-2020:1325-1
- openSUSE-SU-2020:1379-1
- openSUSE-SU-2020:1382-1
- openSUSE-SU-2020:1586-1
- openSUSE-SU-2020:1655-1
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:4276
- RHSA-2020:4280
- RHSA-2020:4286
- RHSA-2020:4289
- RHSA-2020:4331
- RHSA-2020:5023
- RHSA-2020:5026
- RHSA-2020:5050
- RHSA-2020:5437
- RHSA-2020:5441
- SSA:2020-295-01
- SUSE-SU-2020:2102-1
- SUSE-SU-2020:2119-1
- SUSE-SU-2020:2122-1
- SUSE-SU-2020:2486-1
- SUSE-SU-2020:2491-1
- SUSE-SU-2020:2492-1
- SUSE-SU-2020:2497-1
- SUSE-SU-2020:2498-1
- SUSE-SU-2020:2499-1
- SUSE-SU-2020:2502-1
- SUSE-SU-2020:2505-1
- SUSE-SU-2020:2506-1
- SUSE-SU-2020:2507-1
- SUSE-SU-2020:2508-1
- SUSE-SU-2020:2509-1
- SUSE-SU-2020:2513-1
- SUSE-SU-2020:2515-1
- SUSE-SU-2020:2517-1
- SUSE-SU-2020:2524-1
- SUSE-SU-2020:2525-1
- SUSE-SU-2020:2526-1
- SUSE-SU-2020:2531-1
- SUSE-SU-2020:2534-1
- SUSE-SU-2020:2537-1
- SUSE-SU-2020:2540-1
- SUSE-SU-2020:2541-1
- SUSE-SU-2020:2574-1
- SUSE-SU-2020:2575-1
- SUSE-SU-2020:2576-1
- SUSE-SU-2020:2577-1
- SUSE-SU-2020:2578-1
- SUSE-SU-2020:2579-1
- SUSE-SU-2020:2580-1
- SUSE-SU-2020:2582-1
- SUSE-SU-2020:2605-1
- SUSE-SU-2020:2610-1
- SUSE-SU-2020:2623-1
- SUSE-SU-2020:2631-1
- SUSE-SU-2020:2879-1
- SUSE-SU-2020:2908-1
- SUSE-SU-2020:2972-1
- SUSE-SU-2020:2980-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:2999-1
- SUSE-SU-2020:3014-1
- SUSE-SU-2020:3180-1
- SUSE-SU-2020:3186-1
- SUSE-SU-2020:3187-1
- SUSE-SU-2020:3190-1
- SUSE-SU-2020:3204-1
- SUSE-SU-2020:3210-1
- SUSE-SU-2020:3225-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3389-1
- SUSE-SU-2020:3400-1
- SUSE-SU-2020:3402-1
- SUSE-SU-2020:3441-1
- SUSE-SU-2020:3449-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- USN-4489-1
- USN-4576-1
- USN-4591-1
- USN-4592-1
- USN-4657-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-4286 | https://linux.oracle.com/errata/ELSA-2020-4286.html | |
CVE | CVE-2020-14331 | https://linux.oracle.com/cve/CVE-2020-14331.html | |
CVE | CVE-2020-14385 | https://linux.oracle.com/cve/CVE-2020-14385.html | |
CVE | CVE-2020-12351 | https://linux.oracle.com/cve/CVE-2020-12351.html | |
CVE | CVE-2020-14386 | https://linux.oracle.com/cve/CVE-2020-14386.html | |
CVE | CVE-2020-12352 | https://linux.oracle.com/cve/CVE-2020-12352.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.2 | oraclelinux | python3-perf | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.2 | oraclelinux | perf | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.2 | oraclelinux | kernel | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.2 | oraclelinux | kernel-tools | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.2 | oraclelinux | kernel-tools-libs | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.2 | oraclelinux | kernel-modules | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.2 | oraclelinux | kernel-modules-extra | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.2 | oraclelinux | kernel-headers | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.2 | oraclelinux | kernel-doc | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.2 | oraclelinux | kernel-devel | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.2 | oraclelinux | kernel-debug | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.2 | oraclelinux | kernel-debug-modules | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.2 | oraclelinux | kernel-debug-modules-extra | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.2 | oraclelinux | kernel-debug-devel | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.2 | oraclelinux | kernel-debug-core | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.2 | oraclelinux | kernel-cross-headers | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.2 | oraclelinux | kernel-core | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.2 | oraclelinux | kernel-abi-whitelists | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.2 | oraclelinux | bpftool | < 4.18.0-193.28.1.el8_2 | oraclelinux-8.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |