[El-errata] ELSA-2025-1266 Important: Oracle Linux 8 kernel security update

Thu Feb 13 14:42:26 UTC 2025

Oracle Linux Security Advisory ELSA-2025-1266

http://linux.oracle.com/errata/ELSA-2025-1266.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.40.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.40.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.40.1.el8_10.x86_64.rpm
perf-4.18.0-553.40.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.40.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.40.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.40.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.40.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.40.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.40.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.40.1.el8_10.aarch64.rpm
perf-4.18.0-553.40.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.40.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.40.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.40.1.el8_10.src.rpm

Related CVEs:

CVE-2024-53104

Description of changes:

[4.18.0-553.40.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-553.40.1.el8_10]
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Desnes Nunes) [RHEL-69571] {CVE-2024-53104}

[4.18.0-553.39.1.el8_10]
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [RHEL-73915]

[4.18.0-553.38.1.el8_10]
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Jose Ignacio Tornos Martinez) [RHEL-70891]
- s390/pci: Allow allocation of more than 1 MSI interrupt (Mete Durlu) [RHEL-74385]
- s390/pci: Refactor arch_setup_msi_irqs() (Mete Durlu) [RHEL-74385]
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (Mete Durlu) [RHEL-71451]
- s390/pci: Ignore RID for isolated VFs (Mete Durlu) [RHEL-71451]
- s390/pci: Use topology ID for multi-function devices (Mete Durlu) [RHEL-71451]
- s390/pci: Sort PCI functions prior to creating virtual busses (Mete Durlu) [RHEL-71451]
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (Mete Durlu) [RHEL-74387]
- s390/pci: Handle PCI error codes other than 0x3a (Mete Durlu) [RHEL-74383]