[El-errata] ELSA-2021-9037 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Feb 8 18:53:24 PST 2021


Oracle Linux Security Advisory ELSA-2021-9037

http://linux.oracle.com/errata/ELSA-2021-9037.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2036.103.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2036.103.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2036.103.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2036.103.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2036.103.3.el8uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2036.103.3.el8uek.src.rpm



Description of changes:

[5.4.17-2036.103.3.el8uek]
- Revert "rds: Deregister all FRWR mr with free_mr" (aru kolappan) 
[Orabug: 32426610]

[5.4.17-2036.103.2.el8uek]
- A/A Bonding: Fix a one-byte-off kmalloc (Håkon Bugge) [Orabug: 32380824]
- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 
32372530] {CVE-2021-20177}
- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]
- uek-rpm: Report removed symbols also during kabi check (Somasundaram 
Krishnasamy) [Orabug: 32380061]
- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378206]
- A/A Bonding: Introduce selective interface name inclusion (Håkon 
Bugge) [Orabug: 32350974]
- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 
32248035] {CVE-2020-28374}

[5.4.17-2036.103.1.el8uek]
- mwifiex: Fix possible buffer overflows in 
mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] 
{CVE-2020-36158}
- x86/process: Mark cpu inactive before offlining (Mridula Shastry) 
[Orabug: 32234812]
- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]

[5.4.17-2036.103.0.el8uek]
- lockd: don't use interval-based rebinding over TCP (Calum Mackay) 
[Orabug: 32337715]
- tools: update header files in the tools directory (Thomas Tai) 
[Orabug: 32321484]
- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]
- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 
32321484]
- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) 
[Orabug: 32321484]
- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) 
[Orabug: 32321484]
- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) 
[Orabug: 32321484]
- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan 
Liang) [Orabug: 32321484]
- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) 
[Orabug: 32321484]
- perf/x86/intel: Generic support for hardware TopDown metrics (Kan 
Liang) [Orabug: 32321484]
- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) 
[Orabug: 32321484]
- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) 
[Orabug: 32321484]
- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan 
Liang) [Orabug: 32321484]
- perf/x86: Keep LBR records unchanged in host context for guest usage 
(Like Xu) [Orabug: 32321484]
- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 
32321484]
- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) 
[Orabug: 32321484]
- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) 
[Orabug: 32321484]
- perf/x86: Add constraint to create guest LBR event without hw counter 
(Like Xu) [Orabug: 32321484]
- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 
32321484]
- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 
32321484]
- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan 
Liang) [Orabug: 32321484]
- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean 
Christopherson) [Orabug: 32321484]
- partitions/efi: Enable no warning option for the GPT warnings related 
to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]
- Revert "cpu/hotplug: avoid race between cpuset_hotplug_workfn and 
later hotplug" (Daniel Jordan) [Orabug: 32295229]
- cpuset: fix race between hotplug work and later CPU offline (Daniel 
Jordan) [Orabug: 32295229]
- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) 
[Orabug: 32290034]
- driver/perf: Add PMU driver for the ARM DMC-620 memory controller 
(Tuan Phan) [Orabug: 32290034]
- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) 
[Orabug: 32290034]
- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) 
[Orabug: 32290034]
- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]
- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]
- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]
- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work 
(James Morse) [Orabug: 32290034]
- ACPI: APEI: Kick the memory_failure() queue for synchronous errors 
(James Morse) [Orabug: 32290034]
- iommu/arm-smmu-v3: Don't reserve implementation defined register space 
(Jean-Philippe Brucker) [Orabug: 32290034]
- Revert "BACKPORT: perf: Add Arm CMN-600 DT binding" (Dave Kleikamp) 
[Orabug: 32290034]
- Revert "BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver" (Dave 
Kleikamp) [Orabug: 32290034]
- Revert "BACKPORT: WIP: perf/arm-cmn: Add ACPI support" (Dave Kleikamp) 
[Orabug: 32290034]
- Revert "perf: Add ARM DMC-620 PMU driver." (Dave Kleikamp) [Orabug: 
32290034]
- Revert "BACKPORT: ACPI / APEI: Kick the memory_failure() queue for 
synchronous errors" (Dave Kleikamp) [Orabug: 32290034]
- Revert "BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with 
APEI's irq work" (Dave Kleikamp) [Orabug: 32290034]
- Revert "Perf: arm-cmn: Allow irq to be shared." (Dave Kleikamp) 
[Orabug: 32290034]
- Revert "perf: arm_cmn: improve and make it work on 2P." (Dave 
Kleikamp) [Orabug: 32290034]
- Revert "perf: arm_dsu: Allow IRQ to be shared among devices." (Dave 
Kleikamp) [Orabug: 32290034]
- Revert "perf: arm_dsu: Support ACPI mode." (Dave Kleikamp) [Orabug: 
32290034]
- Revert "perf: arm_dmc620: Update ACPI ID." (Dave Kleikamp) [Orabug: 
32290034]
- Revert "perf: avoid breaking KABI by reusing enum" (Dave Kleikamp) 
[Orabug: 32290034]
- Revert "perf/smmuv3: Allow sharing MMIO registers with the SMMU 
driver" (Dave Kleikamp) [Orabug: 32290034]
- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] 
{CVE-2020-29660}
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel 
Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) 
[Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park) 
[Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae 
Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() 
(SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae 
Park) [Orabug: 32253409] {CVE-2020-29568}
- KVM: x86: clflushopt should be treated as a no-op by emulation (David 
Edmondson) [Orabug: 32251910]





More information about the El-errata mailing list