Oracle Linux 6279 Published by

An Oracle Linux Cloud Native Environment 1.1 Unbreakable Enterprise kernel-container security update has been released.



El-errata: ELSA-2022-9011 Important: Oracle Linux Cloud Native Environment 1.1 Unbreakable Enterprise kernel-container security update


Oracle Linux Cloud Native Environment Security Advisory ELSA-2022-9011

  http://linux.oracle.com/errata/ELSA-2022-9011.html

The following updated rpms for Oracle Linux Cloud Native Environment 1.1 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-container-4.14.35-2047.510.5.2.el7.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-container-4.14.35-2047.510.5.2.el7.src.rpm

Related CVEs:

CVE-2021-0920
CVE-2021-4155



Description of changes:

[4.14.35-2047.510.5.2.el7]
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
(Darrick J. Wong) [Orabug: 33722441] {CVE-2021-4155}

[4.14.35-2047.510.5.1.el7]
- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920}
- fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805]

[4.14.35-2047.510.5.el7]
- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585476]
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501677]
- rds: ib: Ack seq not always received in monotonic increasing order (Håkon Bugge) [Orabug: 33620419]
- net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33265955]
- arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33590080]
- arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33590080]
- arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33590080]
- take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33473949]
- net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33525560]
- ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33525560]
- net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33651549]
- uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33651431]
- x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33651433]
- x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825]
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33651434]
- net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33651436]
- uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33651437]
- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33651440]
- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33651444]
- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33651442]

_______________________________________________