[El-errata] ELSA-2020-5473 Moderate: Oracle Linux 8 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Dec 16 22:07:26 PST 2020 

Oracle Linux Security Advisory ELSA-2020-5473

http://linux.oracle.com/errata/ELSA-2020-5473.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-abi-whitelists-4.18.0-240.8.1.el8_3.noarch.rpm
kernel-core-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-cross-headers-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-core-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-devel-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-modules-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-debug-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-devel-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-doc-4.18.0-240.8.1.el8_3.noarch.rpm
kernel-headers-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-modules-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-modules-extra-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-tools-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-tools-libs-4.18.0-240.8.1.el8_3.x86_64.rpm
perf-4.18.0-240.8.1.el8_3.x86_64.rpm
python3-perf-4.18.0-240.8.1.el8_3.x86_64.rpm
kernel-tools-libs-devel-4.18.0-240.8.1.el8_3.x86_64.rpm

aarch64:
bpftool-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-cross-headers-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-headers-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-tools-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-tools-libs-4.18.0-240.8.1.el8_3.aarch64.rpm
perf-4.18.0-240.8.1.el8_3.aarch64.rpm
python3-perf-4.18.0-240.8.1.el8_3.aarch64.rpm
kernel-tools-libs-devel-4.18.0-240.8.1.el8_3.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-240.8.1.el8_3.src.rpm



Description of changes:

[4.18.0-240.8.1.el8_3.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted 
keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-240.8.1.el8_3]
- [s390] s390/dasd: Fix zero write for FBA devices (Ming Lei) [1896787 
1881760]
- [s390] mm/gup: fix gup_fast with dynamic page table folding (Philipp 
Rudo) [1896351 1883266]
- [netdrv] ibmveth: Identify ingress large send packets (Gustavo Duarte) 
[1896299 1887038]
- [netdrv] ibmveth: Switch order of ibmveth_helper calls (Gustavo 
Duarte) [1896299 1887038]

[4.18.0-240.7.1.el8_3]
- [fs] writeback: Drop I_DIRTY_TIME_EXPIRE (Waiman Long) [1901547 1860031]
- [fs] writeback: Fix sync livelock due to b_dirty_time processing 
(Waiman Long) [1901547 1860031]
- [fs] writeback: Avoid skipping inode writeback (Waiman Long) [1901547 
1860031]
- [fs] writeback: Protect inode->i_io_list with inode->i_lock (Waiman 
Long) [1901547 1860031]
- [fs] fs: Introduce DCACHE_DONTCACHE (Waiman Long) [1901547 1860031]
- [fs] fs: Lift XFS_IDONTCACHE to the VFS layer (Waiman Long) [1901547 
1860031]
- [fs] dcache: sort the freeing-without-RCU-delay mess for good (Waiman 
Long) [1901547 1860031]
- [net] ip_tunnel_core: Fix build for archs without _HAVE_ARCH_IPV6_CSUM 
(Aaron Conole) [1885766 1849736]
- [tools] selftests: pmtu.sh: Add tests for UDP tunnels handled by Open 
vSwitch (Aaron Conole) [1885766 1849736]
- [tools] selftests: pmtu.sh: Add tests for bridged UDP tunnels (Aaron 
Conole) [1885766 1849736]
- [net] geneve: Support for PMTU discovery on directly bridged links 
(Aaron Conole) [1885766 1849736]
- [net] vxlan: Support for PMTU discovery on directly bridged links 
(Aaron Conole) [1885766 1849736]
- [net] tunnels: PMTU discovery support for directly bridged IP packets 
(Aaron Conole) [1885766 1849736]
- [net] ipv4: route: Ignore output interface in FIB lookup for PMTU 
route (Aaron Conole) [1885766 1849736]
- [netdrv] geneve: add transport ports in route lookup for geneve (Mark 
Gray) [1891818 1884481] {CVE-2020-25645}
- [kernel] PM: hibernate: Batch hibernate and resume IO requests (Lenny 
Szubowicz) [1894629 1868096]
- [md] dm: fix comment in __dm_suspend() (Mike Snitzer) [1890233 1881531]
- [md] dm: fold dm_process_bio() into dm_make_request() (Mike Snitzer) 
[1890233 1881531]
- [md] dm: fix missing imposition of queue_limits from dm_wq_work() 
thread (Mike Snitzer) [1890233 1881531]
- [md] dm: optimize max_io_len() by inlining 
max_io_len_target_boundary() (Mike Snitzer) [1890233 1881531]
- [md] dm: push md->immutable_target optimization down to 
__process_bio() (Mike Snitzer) [1890233 1881531]
- [md] dm: change max_io_len() to use blk_max_size_offset() (Mike 
Snitzer) [1890233 1881531]
- [md] dm table: stack 'chunk_sectors' limit to account for 
target-specific splitting (Mike Snitzer) [1890233 1881531]
- [block] block: allow 'chunk_sectors' to be non-power-of-2 (Mike 
Snitzer) [1890233 1881531]
- [block] block: use lcm_not_zero() when stacking chunk_sectors (Mike 
Snitzer) [1890233 1881531]
- [md] dm: fix bio splitting and its bio completion order for regular IO 
(Mike Snitzer) [1890233 1881531]

[4.18.0-240.6.1.el8_3]
- [arm64] paravirt: Initialize steal time when cpu is online (Andrew 
Jones) [1898758 1879137]
- [kvm] Revert "x86/kvm: Move context tracking where it belongs" (Nitesh 
Narayan Lal) [1897716 1890284]
- [pci] hv: Fix hibernation in case interrupts are not re-created 
(Mohammed Gamal) [1896435 1846838]
- [hv] hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() 
(Mohammed Gamal) [1896434 1876519]
- [netdrv] hv_netvsc: Cache the current data path to avoid duplicate 
call and message (Mohammed Gamal) [1896433 1876527]
- [netdrv] hv_netvsc: Switch the data path at the right time during 
hibernation (Mohammed Gamal) [1896433 1876527]
- [netdrv] hv_netvsc: Fix hibernation for mlx5 VF driver (Mohammed 
Gamal) [1896433 1876527]
- [tools] selftests/powerpc: Make alignment handler test P9N DD2.1 
vector CI load workaround (Gustavo Duarte) [1897278 1887442]
- [powerpc] powerpc: Fix undetected data corruption with P9N DD2.1 VSX 
CI load emulation (Gustavo Duarte) [1897278 1887442]

[4.18.0-240.5.1.el8_3]
- [crypto] crypto: testmgr - mark cts(cbc(aes)) as FIPS allowed (Vladis 
Dronov) [1886189 1855161]

[4.18.0-240.4.1.el8_3]
- [kernel] sched/features: Fix !CONFIG_JUMP_LABEL case (Daniel Bristot 
de Oliveira) [1894073 1885850]

[4.18.0-240.3.1.el8_3]
- [iommu] iommu/amd: Fix the overwritten field in IVMD header (Baoquan 
He) [1888113 1869148]
- [fs] xfs: trim IO to found COW extent limit (Eric Sandeen) [1886895 
1882549]
- [char] random32: update the net random state on interrupt and activity 
(Donghai Qiao) [1888233 1867569] {CVE-2020-16166}
- [net] openvswitch: fixes crash if nf_conncount_init() fails (Eelco 
Chaudron) [1879935 1876445]

[4.18.0-240.2.1.el8_3]
- [tools] selftests: rtnetlink: Test bridge enslavement with different 
parent IDs (Jonathan Toppins) [1886017 1860479]
- [tools] selftests: rtnetlink: correct the final return value for the 
test (Jonathan Toppins) [1886017 1860479]
- [net] Fix bridge enslavement failure (Jonathan Toppins) [1886017 1860479]
- [net] netfilter: conntrack: proc: rename stat column (Florian 
Westphal) [1882094 1875681]
- [net] netfilter: conntrack: add clash resolution stat counter (Florian 
Westphal) [1882094 1875681]
- [net] netfilter: conntrack: remove ignore stats (Florian Westphal) 
[1882094 1875681]
- [net] netfilter: conntrack: do not increment two error counters at 
same time (Florian Westphal) [1882094 1875681]
- [net] netfilter: conntrack: do not auto-delete clash entries on reply 
(Florian Westphal) [1882094 1875681]
- [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep 
complaint (Alexey Klimov) [1880080 1877380]

More information about the El-errata mailing list