El-errata: ELSA-2020-5473 Moderate: Oracle Linux 8 kernel security and bug fix update
Oracle Linux Security Advisory ELSA-2020-5473
http://linux.oracle.com/errata/ELSA-2020-5473.html
The following updated rpms for Oracle Linux 8 have been uploaded to the
Unbreakable Linux Network:
x86_64:
bpftool-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-abi-whitelists-4.18.0-240.8.1.el8_3.noarch.rpm
kernel-core-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-cross-headers-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-core-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-devel-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-modules-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-devel-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-doc-4.18.0-240.8.1.el8_3.noarch.rpm
kernel-headers-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-modules-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-tools-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-tools-libs-4.18.0-240.8.1.el8_3.x86_64.rpm
perf-4.18.0-240.8.1.el8_3.x86_64.rpm
python3-perf-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-tools-libs-devel-4.18.0-240.8.1.el8_3.x86_64.rpm
aarch64:
bpftool-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-cross-headers-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-headers-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-tools-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-tools-libs-4.18.0-240.8.1.el8_3.aarch64.rpm
perf-4.18.0-240.8.1.el8_3.aarch64.rpm
python3-perf-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-tools-libs-devel-4.18.0-240.8.1.el8_3.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-240.8.1.el8_3.src.rpm
Description of changes:
[4.18.0-240.8.1.el8_3.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted
keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 i_io_list with inode->i_lock (Waiman
Long) [1901547 1860031]
- [fs] fs: Introduce DCACHE_DONTCACHE (Waiman Long) [1901547 1860031]
- [fs] fs: Lift XFS_IDONTCACHE to the VFS layer (Waiman Long) [1901547
1860031]
- [fs] dcache: sort the freeing-without-RCU-delay mess for good (Waiman
Long) [1901547 1860031]
- [net] ip_tunnel_core: Fix build for archs without _HAVE_ARCH_IPV6_CSUM
(Aaron Conole) [1885766 1849736]
- [tools] selftests: pmtu.sh: Add tests for UDP tunnels handled by Open
vSwitch (Aaron Conole) [1885766 1849736]
- [tools] selftests: pmtu.sh: Add tests for bridged UDP tunnels (Aaron
Conole) [1885766 1849736]
- [net] geneve: Support for PMTU discovery on directly bridged links
(Aaron Conole) [1885766 1849736]
- [net] vxlan: Support for PMTU discovery on directly bridged links
(Aaron Conole) [1885766 1849736]
- [net] tunnels: PMTU discovery support for directly bridged IP packets
(Aaron Conole) [1885766 1849736]
- [net] ipv4: route: Ignore output interface in FIB lookup for PMTU
route (Aaron Conole) [1885766 1849736]
- [netdrv] geneve: add transport ports in route lookup for geneve (Mark
Gray) [1891818 1884481] {CVE-2020-25645}
- [kernel] PM: hibernate: Batch hibernate and resume IO requests (Lenny
Szubowicz) [1894629 1868096]
- [md] dm: fix comment in __dm_suspend() (Mike Snitzer) [1890233 1881531]
- [md] dm: fold dm_process_bio() into dm_make_request() (Mike Snitzer)
[1890233 1881531]
- [md] dm: fix missing imposition of queue_limits from dm_wq_work()
thread (Mike Snitzer) [1890233 1881531]
- [md] dm: optimize max_io_len() by inlining
max_io_len_target_boundary() (Mike Snitzer) [1890233 1881531]
- [md] dm: push md->immutable_target optimization down to
__process_bio() (Mike Snitzer) [1890233 1881531]
- [md] dm: change max_io_len() to use blk_max_size_offset() (Mike
Snitzer) [1890233 1881531]
- [md] dm table: stack 'chunk_sectors' limit to account for
target-specific splitting (Mike Snitzer) [1890233 1881531]
- [block] block: allow 'chunk_sectors' to be non-power-of-2 (Mike
Snitzer) [1890233 1881531]
- [block] block: use lcm_not_zero() when stacking chunk_sectors (Mike
Snitzer) [1890233 1881531]
- [md] dm: fix bio splitting and its bio completion order for regular IO
(Mike Snitzer) [1890233 1881531]
[4.18.0-240.6.1.el8_3]
- [arm64] paravirt: Initialize steal time when cpu is online (Andrew
Jones) [1898758 1879137]
- [kvm] Revert "x86/kvm: Move context tracking where it belongs" (Nitesh
Narayan Lal) [1897716 1890284]
- [pci] hv: Fix hibernation in case interrupts are not re-created
(Mohammed Gamal) [1896435 1846838]
- [hv] hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume()
(Mohammed Gamal) [1896434 1876519]
- [netdrv] hv_netvsc: Cache the current data path to avoid duplicate
call and message (Mohammed Gamal) [1896433 1876527]
- [netdrv] hv_netvsc: Switch the data path at the right time during
hibernation (Mohammed Gamal) [1896433 1876527]
- [netdrv] hv_netvsc: Fix hibernation for mlx5 VF driver (Mohammed
Gamal) [1896433 1876527]
- [tools] selftests/powerpc: Make alignment handler test P9N DD2.1
vector CI load workaround (Gustavo Duarte) [1897278 1887442]
- [powerpc] powerpc: Fix undetected data corruption with P9N DD2.1 VSX
CI load emulation (Gustavo Duarte) [1897278 1887442]
[4.18.0-240.5.1.el8_3]
- [crypto] crypto: testmgr - mark cts(cbc(aes)) as FIPS allowed (Vladis
Dronov) [1886189 1855161]
[4.18.0-240.4.1.el8_3]
- [kernel] sched/features: Fix !CONFIG_JUMP_LABEL case (Daniel Bristot
de Oliveira) [1894073 1885850]
[4.18.0-240.3.1.el8_3]
- [iommu] iommu/amd: Fix the overwritten field in IVMD header (Baoquan
He) [1888113 1869148]
- [fs] xfs: trim IO to found COW extent limit (Eric Sandeen) [1886895
1882549]
- [char] random32: update the net random state on interrupt and activity
(Donghai Qiao) [1888233 1867569] {CVE-2020-16166}
- [net] openvswitch: fixes crash if nf_conncount_init() fails (Eelco
Chaudron) [1879935 1876445]
[4.18.0-240.2.1.el8_3]
- [tools] selftests: rtnetlink: Test bridge enslavement with different
parent IDs (Jonathan Toppins) [1886017 1860479]
- [tools] selftests: rtnetlink: correct the final return value for the
test (Jonathan Toppins) [1886017 1860479]
- [net] Fix bridge enslavement failure (Jonathan Toppins) [1886017 1860479]
- [net] netfilter: conntrack: proc: rename stat column (Florian
Westphal) [1882094 1875681]
- [net] netfilter: conntrack: add clash resolution stat counter (Florian
Westphal) [1882094 1875681]
- [net] netfilter: conntrack: remove ignore stats (Florian Westphal)
[1882094 1875681]
- [net] netfilter: conntrack: do not increment two error counters at
same time (Florian Westphal) [1882094 1875681]
- [net] netfilter: conntrack: do not auto-delete clash entries on reply
(Florian Westphal) [1882094 1875681]
- [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep
complaint (Alexey Klimov) [1880080 1877380]
A kernel security and bug fix update has been released for Oracle Linux 8.