Oracle Linux 6253 Published by

A kernel security, bug fix, and enhancement update has been released for Oracle Linux 8.



El-errata: ELSA-2022-7110 Important: Oracle Linux 8 kernel security, bug fix, and enhancement update


Oracle Linux Security Advisory ELSA-2022-7110

  http://linux.oracle.com/errata/ELSA-2022-7110.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-abi-stablelists-4.18.0-372.32.1.0.1.el8_6.noarch.rpm
kernel-core-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-cross-headers-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-debug-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-debug-core-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-debug-devel-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-debug-modules-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-devel-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-doc-4.18.0-372.32.1.0.1.el8_6.noarch.rpm
kernel-headers-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-modules-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-modules-extra-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-tools-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-tools-libs-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
perf-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
python3-perf-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.32.1.0.1.el8_6.x86_64.rpm

aarch64:
bpftool-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
kernel-cross-headers-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
kernel-headers-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
kernel-tools-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
kernel-tools-libs-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
perf-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
python3-perf-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.32.1.0.1.el8_6.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-372.32.1.0.1.el8_6.src.rpm

Related CVEs:

CVE-2022-0494
CVE-2022-1353
CVE-2022-2588
CVE-2022-23816
CVE-2022-23825
CVE-2022-29900
CVE-2022-29901



Description of changes:

- [4.18.0-372.32.1.0.1.el8_6.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 "ctx_based" (John Meneghini) [2120611 2040267]
- qed: fix ll2 establishment during load of RDMA driver (John Meneghini) [2120611 2040267]
- qed: Update the TCP active termination 2 MSL timer ("TIME_WAIT") (John Meneghini) [2120611 2040267]
- qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (John Meneghini) [2120611 2040267]
- qed: Update debug related changes (John Meneghini) [2120611 2040267]
- qed: Add '_GTT' suffix to the IRO RAM macros (John Meneghini) [2120611 2040267]
- qed: Update FW init functions to support FW 8.59.1.0 (John Meneghini) [2120611 2040267]
- qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (John Meneghini) [2120611 2040267]
- qed: Update qed_hsi.h for fw 8.59.1.0 (John Meneghini) [2120611 2040267]
- qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]
- qed: Update common_hsi for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]
- qed: Split huge qed_hsi.h header file (John Meneghini) [2120611 2040267]
- qed: Remove e4_ and _e4 from FW HSI (John Meneghini) [2120611 2040267]
- qed: Fix kernel-doc warnings (John Meneghini) [2120611 2040267]
- qed: Don't ignore devlink allocation failures (John Meneghini) [2120611 2040267]
- qed: Improve the stack space of filter_config() (John Meneghini) [2120611 2040267]
- RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (John Meneghini) [2120611 2040267]
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (John Meneghini) [2119122 2051524]

[4.18.0-372.30.1.el8_6]
- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Xin Long) [2107611 2075181] {CVE-2022-1353}
- SUNRPC: avoid race between mod_timer() and del_timer_sync() (Benjamin Coddington) [2126184 2104507]
- powerpc/fadump: print start of preserved area (Diego Domingos) [2107488 2075092]
- powerpc/fadump: align destination address to pagesize (Diego Domingos) [2107488 2075092]
- powerpc/fadump: fix PT_LOAD segment for boot memory area (Diego Domingos) [2107488 2075092]
- drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Michel Dänzer) [2091065 2066918]
- drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching (Michel Dänzer) [2091065 2066918]
- drm/amd: Refactor amdgpu_aspm to be evaluated per device (Michel Dänzer) [2091065 2066918]
- drm/amd: Check if ASPM is enabled from PCIe subsystem (Michel Dänzer) [2091065 2066918]

[4.18.0-372.29.1.el8_6]
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ewan D. Milne) [2107627 2049198] {CVE-2022-0494}
- cpufreq: Specify default governor on command line (Prarit Bhargava) [2109996 2083766]
- cpufreq: Fix locking issues with governors (Prarit Bhargava) [2109996 2083766]
- cpufreq: Register governors at core_initcall (Prarit Bhargava) [2109996 2083766]
- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2121817 2116328] {CVE-2022-2588}

[4.18.0-372.28.1.el8_6]
- powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2112820 2064104]
- iavf: Fix reset error handling (Petr Oros) [2120225 2119759]
- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2120225 2119759]
- iavf: Fix adminq error handling (Petr Oros) [2120225 2119759]
- iavf: Fix missing state logs (Petr Oros) [2120225 2119759]
- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (Tomas Henzl) [2111140 2106413]
- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2120197 2117098]
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2106017 2078806]
- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2106017 2078806]
- nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2106017 2078806]
- nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2106017 2078806]
- nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2106017 2078806]
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (Dick Kennedy) [2112103 2034425]

[4.18.0-372.27.1.el8_6]
- [s390] s390/pci: add s390_iommu_aperture kernel parameter (Claudio Imbrenda) [2081324 2039181]
- ipv6: take care of disable_policy when restoring routes (Andrea Claudi) [2109971 2103894]
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Eelco Chaudron) [2106703 2101537]
- scsi: ch: Make it possible to open a ch device multiple times again (Ewan D. Milne) [2115965 2108649]
- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [2112354 2101548]
- iommu/vt-d: Calculate mask for non-aligned flushes (Jerry Snitselaar) [2111692 2072179]

_______________________________________________