[ELSA-2022-0063] kernel security and bug fix update
[3.10.0-1160.53.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)
[3.10.0-1160.53.1]
- fuse: fix live lock in fuse_iget() (Miklos Szeredi) [1952046]
- fuse: fix bad inode (Miklos Szeredi) [1952046]
- GFS2: Truncate address space mapping when deleting an inode (Bob Peterson) [1364234]
- gfs2: Fix gfs2_testbit to use clone bitmaps (Bob Peterson) [1364234]
- gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (Bob Peterson) [1364234]
- gfs2: Fix oversight in gfs2_ail1_flush (Bob Peterson) [1364234]
- gfs2: Additional information when gfs2_ail1_flush withdraws (Bob Peterson) [1364234]
- gfs2: leaf_dealloc needs to allocate one more revoke (Bob Peterson) [1364234]
- gfs2: allow journal replay to hold sd_log_flush_lock (Bob Peterson) [1364234]
- gfs2: don't allow releasepage to free bd still used for revokes (Bob Peterson) [1364234]
- gfs2: flesh out delayed withdraw for gfs2_log_flush (Bob Peterson) [1364234]
- gfs2: Do proper error checking for go_sync family of glops functions (Bob Peterson) [1364234]
- gfs2: drain the ail2 list after io errors (Bob Peterson) [1364234]
- gfs2: Withdraw in gfs2_ail1_flush if write_cache_pages fails (Bob Peterson) [1364234]
- gfs2: Do log_flush in gfs2_ail_empty_gl even if ail list is empty (Bob Peterson) [1364234]
- gfs2: Check for log write errors before telling dlm to unlock (Bob Peterson) [1364234]
- gfs2: Prepare to withdraw as soon as an IO error occurs in log write (Bob Peterson) [1364234]
- gfs2: Issue revokes more intelligently (Bob Peterson) [1364234]
- gfs2: Add verbose option to check_journal_clean (Bob Peterson) [1364234]
- gfs2: fix infinite loop when checking ail item count before go_inval (Bob Peterson) [1364234]
- gfs2: Force withdraw to replay journals and wait for it to finish (Bob Peterson) [1364234]
- gfs2: Allow some glocks to be used during withdraw (Bob Peterson) [1364234]
- gfs2: move check_journal_clean to util.c for future use (Bob Peterson) [1364234]
- gfs2: Ignore dlm recovery requests if gfs2 is withdrawn (Bob Peterson) [1364234]
- gfs2: Only complain the first time an io error occurs in quota or log (Bob Peterson) [1364234]
- gfs2: log error reform (Bob Peterson) [1364234]
- gfs2: Rework how rgrp buffer_heads are managed (Bob Peterson) [1364234]
- gfs2: clear ail1 list when gfs2 withdraws (Bob Peterson) [1364234]
- gfs2: Introduce concept of a pending withdraw (Bob Peterson) [1364234]
- gfs2: Return bool from gfs2_assert functions (Bob Peterson) [1364234]
- gfs2: Turn gfs2_consist into void functions (Bob Peterson) [1364234]
- gfs2: Remove usused cluster_wide arguments of gfs2_consist functions (Bob Peterson) [1364234]
- gfs2: Report errors before withdraw (Bob Peterson) [1364234]
- gfs2: Split gfs2_lm_withdraw into two functions (Bob Peterson) [1364234]
- gfs2: Fix incorrect variable name (Bob Peterson) [1364234]
- gfs2: Don't write log headers after file system withdraw (Bob Peterson) [1364234]
- gfs2: clean up iopen glock mess in gfs2_create_inode (Bob Peterson) [1364234]
- gfs2: Close timing window with GLF_INVALIDATE_IN_PROGRESS (Bob Peterson) [1364234]
- gfs2: fix infinite loop in gfs2_ail1_flush on io error (Bob Peterson) [1364234]
- gfs2: Introduce function gfs2_withdrawn (Bob Peterson) [1364234]
- gfs2: replace more printk with calls to fs_info and friends (Bob Peterson) [1364234]
- gfs2: dump fsid when dumping glock problems (Bob Peterson) [1364234]
- gfs2: simplify gfs2_freeze by removing case (Bob Peterson) [1364234]
- gfs2: Rename SDF_SHUTDOWN to SDF_WITHDRAWN (Bob Peterson) [1364234]
- gfs2: Warn when a journal replay overwrites a rgrp with buffers (Bob Peterson) [1364234]
- gfs2: log which portion of the journal is replayed (Bob Peterson) [1364234]
- gfs2: slow the deluge of io error messages (Bob Peterson) [1364234]
- gfs2: Don't withdraw under a spin lock (Bob Peterson) [1364234]
- GFS2: Clear gl_object when deleting an inode in gfs2_delete_inode (Bob Peterson) [1364234]
- gfs2: Use fs_* functions instead of pr_* function where we can (Bob Peterson) [1364234]
more consistently (Bob Peterson) [1364234]
[3.10.0-1160.52.1]
- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (David Arcari) [2019588]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [2019218]
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (David Arcari) [2019218]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Stefan Assmann) [1977246]
- i40e: Fix virtchnl_queue_select bitmap validation (Stefan Assmann) [1977246]
[3.10.0-1160.51.1]
- mm, fs: Fix do_generic_file_read() error return (Carlos Maiolino) [2020857]
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (Michael Petlan) [1901932]
[3.10.0-1160.50.1]
- tcp: grow window for OOO packets only for SACK flows (Guillaume Nault) [1990665]
- scsi: mpt3sas: Fix unlock imbalance (Tomas Henzl) [2006536]
- pci-hyperv: Fix setting CPU affinity on Azure (Vitaly Kuznetsov) [2019272]
- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Lucas Zampieri) [1956471] {CVE-2021-42739}
- ID
- ELSA-2022-0063
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2022-0063.html
- Published
-
2022-01-11T00:00:00
(2 years ago) - Modified
-
2022-01-11T00:00:00
(2 years ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
-
ALAS-2021-1461
-
ALAS-2022-1571
-
ALAS2-2020-1566
-
ALAS2-2022-1761
-
ALSA-2021:1578
-
ALSA-2022:1988
-
ASA-202011-10
-
DSA-5096-1
-
ELSA-2020-5995
-
ELSA-2020-5996
-
ELSA-2021-1578
-
ELSA-2021-9458
-
ELSA-2021-9460
-
ELSA-2021-9485
-
ELSA-2021-9488
-
ELSA-2022-1988
-
ELSA-2022-9969
-
FEDORA-2020-98ccae320c
-
FEDORA-2020-e211716d08
-
FEDORA-2021-7de33b7016
-
FEDORA-2021-8364530ebf
-
FEDORA-2021-fdef34e26f
-
MS:CVE-2020-25704
-
MS:CVE-2021-42739
-
openSUSE-SU-2020:1906-1
-
openSUSE-SU-2020:2034-1
-
openSUSE-SU-2020:2112-1
-
openSUSE-SU-2020:2260-1
-
openSUSE-SU-2021:0242-1
-
openSUSE-SU-2021:0579-1
-
openSUSE-SU-2021:1477-1
-
openSUSE-SU-2021:1975-1
-
openSUSE-SU-2021:1977-1
-
openSUSE-SU-2021:3641-1
-
openSUSE-SU-2021:3675-1
-
openSUSE-SU-2021:3876-1
-
RHSA-2021:1578
-
RHSA-2021:1739
-
RHSA-2022:0063
-
RHSA-2022:0065
-
RHSA-2022:1975
-
RHSA-2022:1988
-
RLSA-2022:1988
-
SUSE-SU-2020:3484-1
-
SUSE-SU-2020:3507-1
-
SUSE-SU-2020:3512-1
-
SUSE-SU-2020:3513-1
-
SUSE-SU-2020:3522-1
-
SUSE-SU-2020:3532-1
-
SUSE-SU-2020:3544-1
-
SUSE-SU-2020:3713-1
-
SUSE-SU-2020:3715-1
-
SUSE-SU-2020:3717-1
-
SUSE-SU-2020:3748-1
-
SUSE-SU-2021:1238-1
-
SUSE-SU-2021:1572-1
-
SUSE-SU-2021:1573-1
-
SUSE-SU-2021:1595-1
-
SUSE-SU-2021:1596-1
-
SUSE-SU-2021:1605-1
-
SUSE-SU-2021:1617-1
-
SUSE-SU-2021:1623-1
-
SUSE-SU-2021:1624-1
-
SUSE-SU-2021:1715-1
-
SUSE-SU-2021:1724-1
-
SUSE-SU-2021:1728-1
-
SUSE-SU-2021:1733-1
-
SUSE-SU-2021:1865-1
-
SUSE-SU-2021:1870-1
-
SUSE-SU-2021:1975-1
-
SUSE-SU-2021:1977-1
-
SUSE-SU-2021:2198-1
-
SUSE-SU-2021:2577-1
-
SUSE-SU-2021:3640-1
-
SUSE-SU-2021:3641-1
-
SUSE-SU-2021:3642-1
-
SUSE-SU-2021:3658-1
-
SUSE-SU-2021:3675-1
-
SUSE-SU-2021:3723-1
-
SUSE-SU-2021:3748-1
-
SUSE-SU-2021:3754-1
-
SUSE-SU-2021:3876-1
-
SUSE-SU-2021:3929-1
-
SUSE-SU-2021:3935-1
-
SUSE-SU-2021:3972-1
-
SUSE-SU-2022:0234-1
-
SUSE-SU-2022:0237-1
-
SUSE-SU-2022:0238-1
-
SUSE-SU-2022:0241-1
-
SUSE-SU-2022:0242-1
-
SUSE-SU-2022:0243-1
-
SUSE-SU-2022:0246-1
-
SUSE-SU-2022:0254-1
-
SUSE-SU-2022:0255-1
-
SUSE-SU-2022:0257-1
-
SUSE-SU-2022:0263-1
-
SUSE-SU-2022:0267-1
-
SUSE-SU-2022:0270-1
-
SUSE-SU-2022:0291-1
-
SUSE-SU-2022:0292-1
-
SUSE-SU-2022:0293-1
-
SUSE-SU-2022:0295-1
-
SUSE-SU-2022:0296-1
-
SUSE-SU-2022:0298-1
-
SUSE-SU-2022:0325-1
-
SUSE-SU-2022:0327-1
-
SUSE-SU-2022:0328-1
-
USN-4679-1
-
USN-4710-1
-
USN-4711-1
-
USN-4751-1
-
USN-4752-1
-
USN-5136-1
-
USN-5165-1
-
USN-5207-1
-
USN-5265-1
-
USN-5266-1
-
USN-5267-1
-
USN-5267-3
-
USN-5268-1
-
USN-5343-1
-
USN-5361-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2022-0063 |
|
|
| CVE | CVE-2020-25704 |
|
|
| CVE | CVE-2020-36322 |
|
|
| CVE | CVE-2021-42739 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
 python-perf
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux |
kernel
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux |
kernel-tools
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-tools-libs
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux |
kernel-tools-libs-devel
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux |
kernel-headers
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux |
kernel-doc
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux |
kernel-devel
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux |
kernel-debug
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-debug-devel
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux |
kernel-abi-whitelists
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux |
bpftool
|
< 3.10.0-1160.53.1.el7 | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |