[El-errata] ELSA-2025-20066 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Wed Jan 29 12:50:20 UTC 2025

Oracle Linux Security Advisory ELSA-2025-20066

http://linux.oracle.com/errata/ELSA-2025-20066.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-304.171.4.3.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-304.171.4.3.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-304.171.4.3.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-304.171.4.3.el9uek.src.rpm

Related CVEs:

CVE-2024-49974
CVE-2024-50261
CVE-2024-50301

Description of changes:

[5.15.0-304.171.4.3.el9uek]
- NFSD: Limit the number of concurrent async COPY operations (Chuck Lever)  [Orabug: 37516381]  {CVE-2024-49974}
- NFSD: Async COPY result needs to return a write verifier (Chuck Lever)  [Orabug: 37516381]  {CVE-2024-49974}
- security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong)  [Orabug: 37516370]  {CVE-2024-50301}
- macsec: Fix use-after-free while sending the offloading packet (Jianbo Liu)  [Orabug: 37516375]  {CVE-2024-50261}

[5.15.0-304.171.4.2.el9uek]
- PCI: Fix pci_enable_acs() support for the ACS quirks (Jason Gunthorpe)  [Orabug: 37492139]
- PCI: Clear Secondary Status errors after enumeration (Vidya Sagar)  [Orabug: 37492139]
- PCI/AER: Configure ECRC only if AER is native (Vidya Sagar)  [Orabug: 37492139]
- PCI: Extend ACS configurability (Vidya Sagar)  [Orabug: 37492139]