[ELSA-2021-2570] kernel security and bug fix update
[4.18.0-305.7.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
[4.18.0-305.7.1_4]
- net: zero-initialize tc skb extension on allocation (Ivan Vecera) [1965457 1946986]
- net/sched: cls_flower: fix only mask bit check in the validate_ct_state (Ivan Vecera) [1965457 1946986]
- net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (Ivan Vecera) [1965457 1946986]
- net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct (Ivan Vecera) [1965457 1946986]
- net/sched: cls_flower: validate ct_state for invalid and reply flags (Ivan Vecera) [1965457 1946986]
- flow_dissector: fix TTL and TOS dissection on IPv4 fragments (Paolo Abeni) [1963952 1950288]
- Revert 'sctp: Fix SHUTDOWN CTSN Ack in the peer restart case' (Xin Long) [1965632 1953839]
- sctp: do asoc update earlier in sctp_sf_do_dupcook_b (Xin Long) [1965632 1953839]
- sctp: do asoc update earlier in sctp_sf_do_dupcook_a (Xin Long) [1965632 1953839]
- Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962544 1962546] {CVE-2021-33034}
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Disable all PV features on crash (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Disable kvmclock on all CPUs on shutdown (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Teardown PV features on boot CPU as well (Lenny Szubowicz) [1964930 1934273]
- x86/kvm: Fix pr_info() for async PF setup/teardown (Lenny Szubowicz) [1964930 1934273]
- net/sched: act_ct: Fix ct template allocation for zone 0 (Marcelo Ricardo Leitner) [1965150 1881824]
[4.18.0-305.6.1_4]
- openvswitch: fix stack OOB read while fragmenting IPv4 packets (Davide Caratti) [1963940 1924608]
- net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets (Davide Caratti) [1963940 1924608]
- net/sched: act_ct: fix wild memory access when clearing fragments (Davide Caratti) [1963940 1924608]
- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT (Ivan Vecera)
- redhat/configs: Add CONFIG_SYSTEM_REVOCATION_KEYS and CONFIG_SYSTEM_REVOCATION_LIST (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: add 'x509_revocation_list' to gitignore (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- integrity: Load mokx variables into the blacklist keyring (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: Add ability to preload revocation certs (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: Move load_system_certificate_list to a common function (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}
- net/sched: cls_api: increase max_reclassify_loop (Davide Caratti) [1965148 1955136]
- dm writecache: fix performance degradation in ssd mode (Mike Snitzer) [1962241 1961859]
- scsi: fnic: Use scsi_host_busy_iter() to traverse commands (Ewan D. Milne) [1961705 1949250]
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (Ewan D. Milne) [1961705 1949250]
[4.18.0-305.5.1_4]
- gfs2: report 'already frozen/thawed' errors (Bob Peterson) [1961849 1932236]
- gfs2: move freeze glock outside the make_fs_rw and _ro functions (Bob Peterson) [1961849 1932236]
- gfs2: Add common helper for holding and releasing the freeze glock (Bob Peterson) [1961849 1932236]
- gfs2: in signal_our_withdraw wait for unfreeze of this fs only (Bob Peterson) [1961849 1932236]
- gfs2: Don't freeze the file system during unmount (Bob Peterson) [1961849 1932236]
- gfs2: Fix regression in freeze_go_sync (Bob Peterson) [1961849 1932236]
- gfs2: The freeze glock should never be frozen (Bob Peterson) [1961849 1932236]
- gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE (Bob Peterson) [1961849 1932236]
- gfs2: read-only mounts should grab the sd_freeze_gl glock (Bob Peterson) [1961849 1932236]
- gfs2: freeze should work on read-only mounts (Bob Peterson) [1961849 1932236]
- gfs2: Abort gfs2_freeze if io error is seen (Bob Peterson) [1961849 1932236]
- CI: Disable result checking for realtime check (Veronika Kabatova)
- CI: Explicitly disable result checking for private CI (Veronika Kabatova)
- CI: Rename variable (Veronika Kabatova)
- CI: Update builder containers (Veronika Kabatova)
[4.18.0-305.4.1_4]
- vmxnet3: Set the default of vxlan overlay offload to disabled (Cathy Avery) [1960702 1941714]
- ID
- ELSA-2021-2570
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-2570.html
- Published
-
2021-07-01T00:00:00
(3 years ago) - Modified
-
2021-07-01T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
- ALAS2-2021-1685
- ALSA-2021:2570
- ELSA-2020-5912
- ELSA-2020-5913
- ELSA-2021-2725
- ELSA-2021-9346
- ELSA-2021-9349
- ELSA-2021-9351
- ELSA-2021-9362
- ELSA-2021-9363
- FEDORA-2021-bae582b42c
- MS:CVE-2020-26541
- MS:CVE-2021-33034
- openSUSE-SU-2021:0843-1
- openSUSE-SU-2021:0947-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- openSUSE-SU-2022:2173-1
- openSUSE-SU-2022:2177-1
- RHSA-2021:2563
- RHSA-2021:2570
- RHSA-2021:2599
- RHSA-2021:2725
- RHSA-2021:2726
- RHSA-2021:2727
- RLSA-2021:2570
- SSA:2021-202-01
- SUSE-SU-2021:1887-1
- SUSE-SU-2021:1888-1
- SUSE-SU-2021:1889-1
- SUSE-SU-2021:1890-1
- SUSE-SU-2021:1891-1
- SUSE-SU-2021:1899-1
- SUSE-SU-2021:1912-1
- SUSE-SU-2021:1913-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- SUSE-SU-2021:2020-1
- SUSE-SU-2021:2025-1
- SUSE-SU-2021:2026-1
- SUSE-SU-2021:2027-1
- SUSE-SU-2021:2042-1
- SUSE-SU-2021:2057-1
- SUSE-SU-2021:2060-1
- SUSE-SU-2021:2067-1
- SUSE-SU-2021:2198-1
- SUSE-SU-2021:2208-1
- SUSE-SU-2021:2406-1
- SUSE-SU-2021:2421-1
- SUSE-SU-2021:2451-1
- SUSE-SU-2021:2577-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:2172-1
- SUSE-SU-2022:2173-1
- SUSE-SU-2022:2177-1
- SUSE-SU-2022:2377-1
- SUSE-SU-2022:2382-1
- SUSE-SU-2022:2393-1
- SUSE-SU-2022:2407-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4611-1
- USN-4997-1
- USN-4997-2
- USN-5000-1
- USN-5000-2
- USN-5001-1
- USN-5016-1
- USN-5018-1
- USN-5070-1
- USN-5106-1
- USN-5120-1
- USN-5210-1
- USN-5299-1
- USN-5343-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2021-2570 | https://linux.oracle.com/errata/ELSA-2021-2570.html | |
CVE | CVE-2020-26541 | https://linux.oracle.com/cve/CVE-2020-26541.html | |
CVE | CVE-2021-33034 | https://linux.oracle.com/cve/CVE-2021-33034.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.4 | oraclelinux | python3-perf | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.4 | oraclelinux | perf | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.4 | oraclelinux | kernel | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.4 | oraclelinux | kernel-tools | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.4 | oraclelinux | kernel-tools-libs | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-tools-libs-devel | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.4 | oraclelinux | kernel-modules | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.4 | oraclelinux | kernel-modules-extra | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.4 | oraclelinux | kernel-headers | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.4 | oraclelinux | kernel-doc | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-devel | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.4 | oraclelinux | kernel-debug | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-modules | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-modules-extra | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-devel | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-core | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.4 | oraclelinux | kernel-cross-headers | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.4 | oraclelinux | kernel-core | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-8.4 | oraclelinux | kernel-abi-stablelists | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.4 | oraclelinux | bpftool | < 4.18.0-305.7.1.el8_4 | oraclelinux-8.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |