[El-errata] ELSA-2021-2725 Important: Oracle Linux 7 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jul 21 20:56:39 PDT 2021 

Oracle Linux Security Advisory ELSA-2021-2725

http://linux.oracle.com/errata/ELSA-2021-2725.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm
kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm
perf-3.10.0-1160.36.2.el7.x86_64.rpm
python-perf-3.10.0-1160.36.2.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1160.36.2.el7.src.rpm

Related CVEs:

CVE-2019-20934
CVE-2020-11668
CVE-2021-33033
CVE-2021-33034
CVE-2021-33909




Description of changes:

[3.10.0-1160.36.2.el7.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9.el7
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.36.2.el7]
- seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975251]

[3.10.0-1160.36.1.el7]
- cipso,calipso: resolve a number of problems with the DOI refcounts (Antoine Tenart) [1967720]
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Alaa Hleihel) [1962406]
- sched/debug: Fix cgroup_path[] serialization (Waiman Long) [1912221]
- sched/debug: Reset watchdog on all CPUs while processing sysrq-t (Waiman Long) [1912221]
- vt: vt_ioctl: fix use-after-free in vt_in_use() (Vladis Dronov) [1872778]
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Vladis Dronov) [1872778]
- vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (Vladis Dronov) [1872778]
- vt: selection, introduce vc_is_sel (Vladis Dronov) [1872778]
- redhat: genspec: generate changelog entries since last release (Augusto Caringi)

[3.10.0-1160.35.1.el7]
- CI: Merge configuration (Veronika Kabatova)
- [pci/aer] Work around use-after-free in pcie_do_fatal_recovery() (Al Stone) [1933663]
- [pci/aer] do not invoke error recovery with non-fatal errors (Al Stone) [1933663]

[3.10.0-1160.34.1.el7]
- futex: remove lockdep_assert_held() in pi_state_update_owner() (Donghai Qiao) [1965495]
- video: hyperv_fb: Add ratelimit on error message (Mohammed Gamal) [1957803]
- Drivers: hv: vmbus: Increase wait time for VMbus unload (Mohammed Gamal) [1957803]
- Drivers: hv: vmbus: Initialize unload_event statically (Mohammed Gamal) [1957803]
- blk-mq: always allow reserved allocation in hctx_may_queue (Ming Lei) [1926825]
- s390/pci: fix out of bounds access during irq setup (Philipp Rudo) [1917943]
- s390/pci: improve irq number check for msix (Philipp Rudo) [1917943]

[3.10.0-1160.33.1.el7]
- CI: Disable result checking for realtime check (Veronika Kabatova)
- CI: Explicitly disable result checking for private CI (Veronika Kabatova)
- CI: Rename variable (Veronika Kabatova)
- mm: memcontrol: switch to rcu protection in drain_all_stock() (Waiman Long) [1957719]
- sctp: Don't add the shutdown timer if its already been added (Xin Long) [1953052]
- media: xirlink_cit: add missing descriptor sanity checks (Mark Langsdorf) [1826877] {CVE-2020-11668}

[3.10.0-1160.32.1.el7]
- Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962532] {CVE-2021-33034}
- net: ipv4: route: Fix sending IGMP messages with link address (Hangbin Liu) [1958339]
- hv_netvsc: remove ndo_poll_controller (Mohammed Gamal) [1953075]
- Fix double free in nvme_trans_log_temperature (Gopal Tiwari) [1946793]
- rcu: Call touch_nmi_watchdog() while printing stall warnings (Artem Savkov) [1924688]
- sched/fair: Use RCU accessors consistently for ->numa_group (Rafael Aquini) [1915635] {CVE-2019-20934}
- sched/fair: Don't free p->numa_faults with concurrent readers (Rafael Aquini) [1915635] {CVE-2019-20934}
- sched/numa: Simplify task_numa_compare() (Rafael Aquini) [1915635] {CVE-2019-20934}
- sched/numa: Fix task_numa_free() lockdep splat (Rafael Aquini) [1915635] {CVE-2019-20934}
- sched/numa: Move task_numa_free() to __put_task_struct() (Rafael Aquini) [1915635] {CVE-2019-20934}
- [s390] s390/dasd: fix diag 0x250 inline assembly (Philipp Rudo) [1910395]
- vsock/vmci: log once the failed queue pair allocation (Stefano Garzarella) [1892237]
- VMCI: Stop log spew when qp allocation isn't possible (Stefano Garzarella) [1892237]

More information about the El-errata mailing list