[ELSA-2021-3447] kernel security and bug fix update
[4.18.0-305.17.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
[4.18.0-305.17.1_4]
- ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1998002 1982954]
- netfilter: conntrack: remove offload_pickup sysctl again (Florian Westphal) [1995555 1987101]
- netfilter: flowtable: Set offload timeouts according to proto values (Phil Sutter) [1995554 1979184]
- netfilter: conntrack: Introduce udp offload timeout configuration (Phil Sutter) [1995554 1979184]
- netfilter: conntrack: Introduce tcp offload timeout configuration (Phil Sutter) [1995554 1979184]
- powerpc/64s: Fix crashes when toggling stf barrier (Desnes A. Nunes do Rosario) [1989174 1964484]
- iavf: fix locking of critical sections (Stefan Assmann) [1997534 1975245]
- iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1997534 1975245]
[4.18.0-305.16.1_4]
- kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1994879 1939133]
- kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1994879 1939133]
- kernfs: switch kernfs to use an rwsem (Ian Kent) [1994879 1939133]
- kernfs: use VFS negative dentry caching (Ian Kent) [1994879 1939133]
- kernfs: add a revision to identify directory node changes (Ian Kent) [1994879 1939133]
- kernfs: move revalidate to be near lookup (Ian Kent) [1994879 1939133]
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (Jan Stancek) [1948608 1923762]
- net: sched: act_mirred: Reset ct info when mirror/redirect skb (C. Erastus Toe) [1992226 1980532]
- usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1993894 1972139]
- usb: ehci: do not initialise static variables (Torez Smith) [1993894 1972139]
- usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1993894 1972139]
- USB: ehci: drop workaround for forced irq threading (Torez Smith) [1993894 1972139]
- usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1993894 1972139]
- NFS: Only change the cookie verifier if the directory page cache is empty (Benjamin Coddington) [1993895 1982825]
- NFS: Fix handling of cookie verifier in uncached_readdir() (Benjamin Coddington) [1993895 1982825]
- nfs: Subsequent XXXXXXX calls should carry non-zero cookieverifier (Benjamin Coddington) [1993895 1982825]
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988225 1988226] {CVE-2021-37576}
[4.18.0-305.15.1_4]
- sched: Fix data-race in wakeup (Phil Auld) [1987296 1937103]
- mm/page_alloc: bail out on fatal signal during reclaim/compaction retry attempt (Aaron Tomlin) [1984085 1919765]
- sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base() (Benjamin Coddington) [1990404 1969751]
[4.18.0-305.14.1_4]
- tick/nohz: Kick only queued task whose tick dependency is updated (Waiman Long) [1981336 1922901]
- tick/nohz: Change signal tick dependency to wake up CPUs of member tasks (Waiman Long) [1981336 1922901]
- tick/nohz: Only wake up a single target cpu when kicking a task (Waiman Long) [1981336 1922901]
- tick/nohz: Narrow down noise while setting current task's tick dependency (Waiman Long) [1981336 1922901]
- mlx5: net: zero-initialize tc skb extension on allocation (Jan Stancek) [1982220 1965418]
- scsi: qedf: Update the max_id value in host structure (Nilesh Javali) [1989097 1954876]
- scsi: qla2xxx: Reserve extra IRQ vectors (Nilesh Javali) [1986156 1964834]
[4.18.0-305.13.1_4]
- xfrm: Fix wraparound in xfrm_policy_addr_delta() (Sabrina Dubroca) [1981840 1951965]
- VMCI: Release resource if the work is already queued (Cathy Avery) [1982042 1978518]
- ID
- ELSA-2021-3447
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-3447.html
- Published
-
2021-09-08T00:00:00
(3 years ago) - Modified
-
2021-09-08T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
- ALAS-2021-1539
- ALSA-2021:3447
- DSA-4978-1
- ELSA-2021-3801
- FEDORA-2021-12618d9b08
- FEDORA-2021-817b3d47d2
- openSUSE-SU-2021:1142-1
- openSUSE-SU-2021:2645-1
- openSUSE-SU-2021:2687-1
- openSUSE-SU-2021:3876-1
- RHSA-2021:3436
- RHSA-2021:3440
- RHSA-2021:3447
- RHSA-2021:3768
- RHSA-2021:3801
- RLSA-2021:3447
- SSA:2022-031-01
- SUSE-SU-2021:2643-1
- SUSE-SU-2021:2644-1
- SUSE-SU-2021:2645-1
- SUSE-SU-2021:2646-1
- SUSE-SU-2021:2647-1
- SUSE-SU-2021:2678-1
- SUSE-SU-2021:2687-1
- SUSE-SU-2021:2695-1
- SUSE-SU-2021:2746-1
- SUSE-SU-2021:2756-1
- SUSE-SU-2021:2842-1
- SUSE-SU-2021:2846-1
- SUSE-SU-2021:3876-1
- SUSE-SU-2021:3929-1
- SUSE-SU-2021:3935-1
- SUSE-SU-2021:3969-1
- SUSE-SU-2021:3972-1
- USN-5091-1
- USN-5092-1
- USN-5092-2
- USN-5094-1
- USN-5096-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2021-3447 | https://linux.oracle.com/errata/ELSA-2021-3447.html | |
CVE | CVE-2021-37576 | https://linux.oracle.com/cve/CVE-2021-37576.html | |
CVE | CVE-2021-38201 | https://linux.oracle.com/cve/CVE-2021-38201.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.4 | oraclelinux | python3-perf | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.4 | oraclelinux | perf | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.4 | oraclelinux | kernel | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.4 | oraclelinux | kernel-tools | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.4 | oraclelinux | kernel-tools-libs | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-tools-libs-devel | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.4 | oraclelinux | kernel-modules | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.4 | oraclelinux | kernel-modules-extra | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.4 | oraclelinux | kernel-headers | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.4 | oraclelinux | kernel-doc | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-devel | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.4 | oraclelinux | kernel-debug | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-modules | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-modules-extra | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-devel | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-core | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.4 | oraclelinux | kernel-cross-headers | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.4 | oraclelinux | kernel-core | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-8.4 | oraclelinux | kernel-abi-stablelists | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.4 | oraclelinux | bpftool | < 4.18.0-305.17.1.el8_4 | oraclelinux-8.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |