El-errata: ELSA-2021-4056 Important: Oracle Linux 8 kernel security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2021-4056
http://linux.oracle.com/errata/ELSA-2021-4056.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-abi-stablelists-4.18.0-305.25.1.el8_4.noarch.rpm
kernel-core-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-cross-headers-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-debug-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-debug-core-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-debug-devel-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-debug-modules-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-debug-modules-extra-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-devel-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-doc-4.18.0-305.25.1.el8_4.noarch.rpm
kernel-headers-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-modules-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-modules-extra-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-tools-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-tools-libs-4.18.0-305.25.1.el8_4.x86_64.rpm
perf-4.18.0-305.25.1.el8_4.x86_64.rpm
python3-perf-4.18.0-305.25.1.el8_4.x86_64.rpm
kernel-tools-libs-devel-4.18.0-305.25.1.el8_4.x86_64.rpm
aarch64:
bpftool-4.18.0-305.25.1.el8_4.aarch64.rpm
kernel-cross-headers-4.18.0-305.25.1.el8_4.aarch64.rpm
kernel-headers-4.18.0-305.25.1.el8_4.aarch64.rpm
kernel-tools-4.18.0-305.25.1.el8_4.aarch64.rpm
kernel-tools-libs-4.18.0-305.25.1.el8_4.aarch64.rpm
perf-4.18.0-305.25.1.el8_4.aarch64.rpm
python3-perf-4.18.0-305.25.1.el8_4.aarch64.rpm
kernel-tools-libs-devel-4.18.0-305.25.1.el8_4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-305.25.1.el8_4.src.rpm
Related CVEs:
CVE-2020-36385
CVE-2021-0512
CVE-2021-3656
Description of changes:
[4.18.0-305.25.1.el8_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 csum update in inet_proto_csum_replace16(). (Balazs Nemeth) [2005980 1975193]
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
- RDMA/ucma: Fix locking for ctx->events_reported (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
- RDMA/ucma: Fix the locking of ctx->file (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
- RDMA/cma: Add missing locking to rdma_accept() (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
[4.18.0-305.21.1.el8_4]
- HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974941 1974942] {CVE-2021-0512}
- y2038: remove CONFIG_64BIT_TIME (Waiman Long) [2003569 1965360]
[4.18.0-305.20.1.el8_4]
- net/mlx5: E-Switch, Allow setting GUID for host PF vport (Alaa Hleihel) [1986837 1967488]
- net/mlx5: E-Switch, Read PF mac address (Alaa Hleihel) [1986837 1967488]
- ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [2000128 1999743]
- ice: restart periodic outputs around time changes (Ken Cox) [1997572 1992750]
- ice: Fix perout start time rounding (Ken Cox) [1997572 1992750]
- ice: add support for auxiliary input/output pins (Jonathan Toppins) [1998221 1956913]
- ice: enable transmit timestamps for E810 devices (Jonathan Toppins) [1998220 1944818]
- ice: enable receive hardware timestamping (Jonathan Toppins) [1998220 1944818]
- ice: report the PTP clock index in ethtool .get_ts_info (Jonathan Toppins) [1998220 1944818]
- ice: register 1588 PTP clock device object for E810 devices (Jonathan Toppins) [1998220 1944818]
- ice: add low level PTP clock access functions (Jonathan Toppins) [1998220 1944818]
- ice: add support for set/get of driver-stored firmware parameters (Jonathan Toppins) [1998220 1944818]
- ice: process 1588 PTP capabilities during initialization (Jonathan Toppins) [1998220 1944818]
- ice: add support for sideband messages (Jonathan Toppins) [1998220 1944818]
- ice: Prevent probing virtual functions (Ken Cox) [1997539 1952810]
- vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU (Gustavo Walbon) [2000602 1891589]
- powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (Gustavo Walbon) [2000602 1891589]
_______________________________________________
A kernel security, bug fix, and enhancement update has been released for Oracle Linux 8.