Oracle Linux 6261 Published by

An unbreakable Enterprise kernel security update has been released for Oracle Linux 7.



El-errata: ELSA-2021-9346 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2021-9346

  http://linux.oracle.com/errata/ELSA-2021-9346.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.52.4.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.52.4.el7uek.noarch.rpm
kernel-uek-4.1.12-124.52.4.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.52.4.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.52.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.52.4.el7uek.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.52.4.el7uek.src.rpm

Related CVEs:

CVE-2020-12352
CVE-2020-36386
CVE-2021-31916
CVE-2021-33034



Description of changes:

[4.1.12-124.52.4.el7uek]
- IB/core: Only update PKEY and GID caches on respective events (Håkon Bugge) [Orabug: 32816368]
- Revert "Allow mce to reset instead of panic on UE" (William Roche) [Orabug: 32820278]
- Bluetooth: verify AMP hci_chan before amp_destroy (Archie Pusaka) [Orabug: 32912103] {CVE-2021-33034}
- Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (Peilin Ye) [Orabug: 33013890] {CVE-2020-36386}
- qla2xxx: update version to 9.00.00.00.42.0-k1-v5 (Quinn Tran) [Orabug: 33015884]
- scsi: qla2xxx: v2: Fix login retry count (Quinn Tran) [Orabug: 29411891] [Orabug: 33015884]
- scsi: qla2xxx: Properly extract ADISC error codes (Quinn Tran) [Orabug: 33015884]
- scsi: qla2xxx: Replace GPDB with async ADISC command (Quinn Tran) [Orabug: 33015884]
- qla2xxx: update version to 9.00.00.00.42.0-k1-v4 (Quinn Tran) [Orabug: 33015884]
- qla2xxx: fix relogin stalled. (Quinn Tran) [Orabug: 27700529] [Orabug: 33015884]
- net/mlx4: Treat VFs fair when handling comm_channel_events (Hans Westgaard Ry) [Orabug: 33017263]

[4.1.12-124.52.3.el7uek]
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Bartosz Golaszewski) [Orabug: 32974492]
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (David Woodhouse) [Orabug: 32974492]
- secureboot: make sure kernel-signing.cer is copied to kernel-keys dir (Brian Maly) [Orabug: 32978042]

[4.1.12-124.52.2.el7uek]
- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021289] {CVE-2020-12352}
- RDS tcp loopback connection can hang (Rao Shoaib) [Orabug: 32926868]

[4.1.12-124.52.1.el7uek]
- dm ioctl: fix out of bounds array access when no devices (Mikulas Patocka) [Orabug: 32860494] {CVE-2021-31916}