[El-errata] ELBA-2020-3652 Oracle Linux 8 kernel bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Sep 10 07:09:03 PDT 2020 

Oracle Linux Bug Fix Advisory ELBA-2020-3652

http://linux.oracle.com/errata/ELBA-2020-3652.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-abi-whitelists-4.18.0-193.19.1.el8_2.noarch.rpm
kernel-core-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-cross-headers-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-debug-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-debug-core-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-debug-devel-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-debug-modules-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-debug-modules-extra-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-devel-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-doc-4.18.0-193.19.1.el8_2.noarch.rpm
kernel-headers-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-modules-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-modules-extra-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-tools-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-tools-libs-4.18.0-193.19.1.el8_2.x86_64.rpm
perf-4.18.0-193.19.1.el8_2.x86_64.rpm
python3-perf-4.18.0-193.19.1.el8_2.x86_64.rpm
kernel-tools-libs-devel-4.18.0-193.19.1.el8_2.x86_64.rpm

aarch64:
bpftool-4.18.0-193.19.1.el8_2.aarch64.rpm
kernel-cross-headers-4.18.0-193.19.1.el8_2.aarch64.rpm
kernel-headers-4.18.0-193.19.1.el8_2.aarch64.rpm
kernel-tools-4.18.0-193.19.1.el8_2.aarch64.rpm
kernel-tools-libs-4.18.0-193.19.1.el8_2.aarch64.rpm
perf-4.18.0-193.19.1.el8_2.aarch64.rpm
python3-perf-4.18.0-193.19.1.el8_2.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-193.19.1.el8_2.src.rpm



Description of changes:

[4.18.0-193.19.1.el8_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted 
keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-193.19.1.el8_2]
- [net] tcp: add sanity tests in tcp_add_backlog() (Guillaume Nault) 
[1861378 1790843]
- [net] tcp: implement coalescing on backlog queue (Guillaume Nault) 
[1861378 1790843]
- [include] tcp: make tcp_space() aware of socket backlog (Guillaume 
Nault) [1861378 1790843]
- [net] tcp: take care of compressed acks in tcp_add_reno_sack() 
(Guillaume Nault) [1861378 1790843]
- [include] tcp: hint compiler about sack flows (Guillaume Nault) 
[1861378 1790843]
- [net] tcp: drop dst in tcp_add_backlog() (Guillaume Nault) [1861378 
1790843]

[4.18.0-193.18.1.el8_2]
- [security] selinux: allow reading labels before policy is loaded 
(Ondrej Mosnacek) [1861721 1839819]
- [security] selinux: allow labeling before policy is loaded (Ondrej 
Mosnacek) [1861722 1777525]
- [mm] mm/memory_hotplug.c: only respect mem= parameter during boot 
stage (Baoquan He) [1854207 1838809]

[4.18.0-193.17.1.el8_2]
- [net] netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag (Phil 
Sutter) [1854531 1847553]
- [net] netfilter: nf_tables: report EOPNOTSUPP on unsupported 
flags/object type (Phil Sutter) [1854531 1847553]
- [s390] s390: prevent leaking kernel address in BEAR (Claudio Imbrenda) 
[1854986 1850907]
- [s390] scsi: zfcp: Fix panic on ERP timeout for previously dismissed 
ERP action (Philipp Rudo) [1861355 1857312]

[4.18.0-193.16.1.el8_2]
- [infiniband] IB/rdmavt: Free kernel completion queue when done (Gopal 
Tiwari) [1857757 1805036]
- [kernel] Move to dual-signing to split signing keys up better (pjones) 
[1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny 
Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down 
(Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked 
down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

[4.18.0-193.15.1.el8_2]
- [wireless] iwlwifi: pcie: handle QuZ configs with killer NICs as well 
(Jarod Wilson) [1857773 1844129]
- [wireless] iwlwifi: pcie: move power gating workaround earlier in the 
flow (Jarod Wilson) [1857773 1844129]
- [nvme] nvme: fix possible deadlock when nvme_update_formats fails 
(Gopal Tiwari) [1857115 1781927]
- [iommu] iommu: move flags field before ids in iommu_fwspec (Jerry 
Snitselaar) [1856966 1833512]
- [x86] kvm: x86: only do L1TF workaround on affected processors (Vitaly 
Kuznetsov) [1857796 1800673]
- [x86] kvm: x86: create mmu/ subdirectory (Vitaly Kuznetsov) [1857796 
1800673]
- [kvm] KVM: SVM: Override default MMIO mask if memory encryption is 
enabled (Wei Huang) [1857796 1800673]

More information about the El-errata mailing list