[El-errata] ELSA-2020-3218 Moderate: Oracle Linux 8 kernel security and bug fix update

Fri Jul 31 07:17:59 PDT 2020

Oracle Linux Security Advisory ELSA-2020-3218

http://linux.oracle.com/errata/ELSA-2020-3218.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-abi-whitelists-4.18.0-193.14.3.el8_2.noarch.rpm
kernel-core-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-cross-headers-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-debug-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-debug-core-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-debug-devel-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-debug-modules-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-debug-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-devel-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-doc-4.18.0-193.14.3.el8_2.noarch.rpm
kernel-headers-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-modules-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-modules-extra-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-tools-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-tools-libs-4.18.0-193.14.3.el8_2.x86_64.rpm
perf-4.18.0-193.14.3.el8_2.x86_64.rpm
python3-perf-4.18.0-193.14.3.el8_2.x86_64.rpm
kernel-tools-libs-devel-4.18.0-193.14.3.el8_2.x86_64.rpm

aarch64:
bpftool-4.18.0-193.14.3.el8_2.aarch64.rpm
kernel-cross-headers-4.18.0-193.14.3.el8_2.aarch64.rpm
kernel-headers-4.18.0-193.14.3.el8_2.aarch64.rpm
kernel-tools-4.18.0-193.14.3.el8_2.aarch64.rpm
kernel-tools-libs-4.18.0-193.14.3.el8_2.aarch64.rpm
perf-4.18.0-193.14.3.el8_2.aarch64.rpm
python3-perf-4.18.0-193.14.3.el8_2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-193.14.3.el8_2.src.rpm

Description of changes:

[4.18.0-193.14.3.el8_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted 
keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-193.14.3.el8_2]
- Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 
1837434] {CVE-2020-10713}

[4.18.0-193.14.2.el8_2]
- [kernel] Move to dual-signing to split signing keys up better (pjones) 
[1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny 
Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down 
(Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked 
down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

[4.18.0-193.14.1.el8_2]
- [md] dm mpath: add DM device name to Failing/Reinstating path log 
messages (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) 
[1852050 1822975]
- [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) 
[1852050 1822975]
- [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975]
- [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike 
Snitzer) [1852050 1822975]
- [include] dm: use dynamic debug instead of compile-time config option 
(Mike Snitzer) [1852050 1822975]
- [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) 
[1852050 1822975]
- [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for 
bio-based mpath (Mike Snitzer) [1852050 1822975]
- [md] dm: bump version of core and various targets (Mike Snitzer) 
[1852050 1822975]
- [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike 
Snitzer) [1852050 1822975]
- [md] dm mpath: use true_false for bool variable (Mike Snitzer) 
[1852050 1822975]
- [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) 
[1852050 1822975]
- [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio 
Lombardi) [1852048 1825775]
- [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) 
[1853336 1816980]