[ELSA-2023-4819] kernel security and bug fix update
[3.10.0-1160.99.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}
[3.10.0-1160.99.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)
[3.10.0-1160.99.1]
- x86/cpu/amd: Add a Zenbleed fix (Waiman Long) [2226841] {CVE-2023-20593}
- x86/cpu/amd: Move the errata checking functionality up (Waiman Long) [2226841] {CVE-2023-20593}
- x86/cpu: Restore AMD's DE_CFG MSR after resume (Waiman Long) [2226841] {CVE-2023-20593}
[3.10.0-1160.98.1]
- GFS2: gfs2_dir_get_hash_table(): avoiding deferred vfree() is easy here... (Andrew Price) [2190450]
- GFS2: use kvfree() instead of open-coding it (Andrew Price) [2190450]
[3.10.0-1160.97.1]
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (Davide Caratti) [2216982] {CVE-2023-35788}
- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) [2188190]
- netfilter: conntrack: handle tcp challenge acks during connection reuse (Florian Westphal) [2128262]
- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2128262]
- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2128262]
- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2128262]
- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2128262]
- netfilter: conntrack: connection timeout after re-register (Florian Westphal) [2128262]
- netfilter: conntrack: always store window size un-scaled (Florian Westphal) [2128262]
- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2128262]
- netfilter: conntrack: avoid misleading 'invalid' in log message (Florian Westphal) [2128262]
- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: re-init for syn packets only (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (Florian Westphal) [2128262]
- netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [2128262]
- netfilter: conntrack: move synack init code to helper (Florian Westphal) [2128262]
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [2128262]
- netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (Florian Westphal) [2128262]
[3.10.0-1160.96.1]
- sched/fair: Eliminate bandwidth race between throttling and distribution (Phil Auld) [2180681]
- sched/fair: Fix race between runtime distribution and assignment (Phil Auld) [2180681]
- sched/fair: Don't assign runtime for throttled cfs_rq (Phil Auld) [2180681]
- ID
- ELSA-2023-4819
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2023-4819.html
- Published
-
2023-08-31T00:00:00
(12 months ago) - Modified
-
2023-08-31T00:00:00
(12 months ago) - Rights
- Copyright 2023 Oracle, Inc.
- Other Advisories
-
- ALAS2-2023-2190
- ALPINE:CVE-2023-20593
- ALSA-2023:4377
- ALSA-2023:5068
- ALSA-2023:5069
- ALSA-2023:5244
- ALSA-2023:5245
- DSA-5448-1
- DSA-5459-1
- DSA-5461-1
- DSA-5462-1
- DSA-5480-1
- ELSA-2023-12654
- ELSA-2023-12655
- ELSA-2023-12656
- ELSA-2023-12657
- ELSA-2023-12689
- ELSA-2023-12690
- ELSA-2023-12691
- ELSA-2023-12692
- ELSA-2023-12836
- ELSA-2023-12839
- ELSA-2023-4377
- ELSA-2023-5068
- ELSA-2023-5244
- FEDORA-2023-04473fc41e
- FEDORA-2023-0d6aa10621
- FEDORA-2023-7228464f28
- RHSA-2023:4377
- RHSA-2023:4378
- RHSA-2023:4380
- RHSA-2023:4819
- RHSA-2023:4821
- RHSA-2023:4834
- RHSA-2023:5068
- RHSA-2023:5069
- RHSA-2023:5091
- RHSA-2023:5221
- RHSA-2023:5244
- RHSA-2023:5245
- RHSA-2023:5255
- RHSA-2023:7513
- RLSA-2023:5244
- SSA:2023-205-01
- SSA:2023-325-01
- SUSE-SU-2023:2782-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2810-1
- SUSE-SU-2023:2820-1
- SUSE-SU-2023:2831-1
- SUSE-SU-2023:2834-1
- SUSE-SU-2023:2859-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2023:2892-1
- SUSE-SU-2023:2986-1
- SUSE-SU-2023:3001-1
- SUSE-SU-2023:3006-1
- SUSE-SU-2023:3019-1
- SUSE-SU-2023:3020-1
- SUSE-SU-2023:3022-1
- SUSE-SU-2023:3035-1
- SUSE-SU-2023:3036-1
- SUSE-SU-2023:3041-1
- SUSE-SU-2023:3055-1
- SUSE-SU-2023:3063-1
- SUSE-SU-2023:3075-1
- SUSE-SU-2023:3076-1
- SUSE-SU-2023:3079-1
- SUSE-SU-2023:3081-1
- SUSE-SU-2023:3107-1
- SUSE-SU-2023:3111-1
- SUSE-SU-2023:3115-1
- SUSE-SU-2023:3116-1
- SUSE-SU-2023:3153-1
- SUSE-SU-2023:3171-1
- SUSE-SU-2023:3172-1
- SUSE-SU-2023:3180-1
- SUSE-SU-2023:3182-1
- SUSE-SU-2023:3206-1
- SUSE-SU-2023:3302-1
- SUSE-SU-2023:3309-1
- SUSE-SU-2023:3318-1
- SUSE-SU-2023:3324-1
- SUSE-SU-2023:3333-1
- SUSE-SU-2023:3349-1
- SUSE-SU-2023:3390-1
- SUSE-SU-2023:3391-1
- SUSE-SU-2023:3392-1
- SUSE-SU-2023:3395-1
- SUSE-SU-2023:3421-1
- SUSE-SU-2023:3446-1
- SUSE-SU-2023:3447-1
- SUSE-SU-2023:3494-1
- SUSE-SU-2023:3495-1
- SUSE-SU-2023:3496-1
- SUSE-SU-2023:3894-1
- SUSE-SU-2023:3895-1
- SUSE-SU-2023:3902-1
- SUSE-SU-2023:3903-1
- SUSE-SU-2024:0884-1
- SUSE-SU-2024:0885-1
- USN-6192-1
- USN-6193-1
- USN-6194-1
- USN-6205-1
- USN-6206-1
- USN-6212-1
- USN-6220-1
- USN-6223-1
- USN-6234-1
- USN-6235-1
- USN-6244-1
- USN-6256-1
- USN-6315-1
- USN-6316-1
- USN-6317-1
- USN-6318-1
- USN-6321-1
- USN-6324-1
- USN-6325-1
- USN-6328-1
- USN-6329-1
- USN-6330-1
- USN-6331-1
- USN-6332-1
- USN-6342-1
- USN-6342-2
- USN-6346-1
- USN-6348-1
- USN-6357-1
- USN-6385-1
- USN-6397-1
- USN-6532-1
- XSA-433
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2023-4819 | https://linux.oracle.com/errata/ELSA-2023-4819.html | |
CVE | CVE-2023-20593 | https://linux.oracle.com/cve/CVE-2023-20593.html | |
CVE | CVE-2023-35788 | https://linux.oracle.com/cve/CVE-2023-35788.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux | bpftool | < 3.10.0-1160.99.1.0.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |