The following security updates are available for Oracle Linux:

ELSA-2023-7711 Moderate: Oracle Linux 9 apr security update
ELBA-2023-13034 Oracle Linux 9 dracut bug fix update
ELBA-2023-13033 Oracle Linux 9 grub2 bug fix update
ELSA-2023-7668 Important: Oracle Linux 8 squid:4 security update
ELSA-2023-13039 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2023-13039 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELBA-2023-13037 Oracle Linux 8 systemd bug fix update
ELBA-2023-13036 Oracle Linux 8 bcache-tools bug fix update
ELBA-2023-13035 Oracle Linux 8 mdadm bug fix update
ELBA-2023-13030 Oracle Linux 8 mdadm bug fix update
ELBA-2023-13020 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update

ELSA-2023-7711 Moderate: Oracle Linux 9 apr security update

Oracle Linux Security Advisory ELSA-2023-7711

http://linux.oracle.com/errata/ELSA-2023-7711.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
apr-1.7.0-12.el9_3.i686.rpm
apr-1.7.0-12.el9_3.x86_64.rpm
apr-devel-1.7.0-12.el9_3.i686.rpm
apr-devel-1.7.0-12.el9_3.x86_64.rpm

aarch64:
apr-1.7.0-12.el9_3.aarch64.rpm
apr-devel-1.7.0-12.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//apr-1.7.0-12.el9_3.src.rpm

Related CVEs:

CVE-2022-24963

Description of changes:

[1.7.0-12]
- fix integer bounds checking in apr_encode_*
Resolves: RHEL-17123

ELBA-2023-13034 Oracle Linux 9 dracut bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13034

http://linux.oracle.com/errata/ELBA-2023-13034.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
dracut-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-config-generic-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-config-rescue-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-network-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-squash-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-tools-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-caps-057-44.git20230822.0.2.el9.x86_64.rpm
dracut-live-057-44.git20230822.0.2.el9.x86_64.rpm

aarch64:
dracut-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-config-generic-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-config-rescue-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-network-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-squash-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-tools-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-caps-057-44.git20230822.0.2.el9.aarch64.rpm
dracut-live-057-44.git20230822.0.2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//dracut-057-44.git20230822.0.2.el9.src.rpm

Description of changes:

[057-44.git20230822.0.2]
- Ship Oracle IMA certificate [Orabug: 35992862]
- Ship 98-integrity.conf, populating initramfs with Oracle IMA certificate [Orabug: 35992862]

ELBA-2023-13033 Oracle Linux 9 grub2 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13033

http://linux.oracle.com/errata/ELBA-2023-13033.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grub2-common-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-efi-aa64-modules-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-efi-x64-2.06-70.0.2.el9_3.1.x86_64.rpm
grub2-efi-x64-cdboot-2.06-70.0.2.el9_3.1.x86_64.rpm
grub2-efi-x64-modules-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-pc-2.06-70.0.2.el9_3.1.x86_64.rpm
grub2-pc-modules-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-tools-2.06-70.0.2.el9_3.1.x86_64.rpm
grub2-tools-efi-2.06-70.0.2.el9_3.1.x86_64.rpm
grub2-tools-extra-2.06-70.0.2.el9_3.1.x86_64.rpm
grub2-tools-minimal-2.06-70.0.2.el9_3.1.x86_64.rpm

aarch64:
grub2-common-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-efi-aa64-2.06-70.0.2.el9_3.1.aarch64.rpm
grub2-efi-aa64-cdboot-2.06-70.0.2.el9_3.1.aarch64.rpm
grub2-efi-aa64-modules-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-efi-x64-modules-2.06-70.0.2.el9_3.1.noarch.rpm
grub2-tools-2.06-70.0.2.el9_3.1.aarch64.rpm
grub2-tools-extra-2.06-70.0.2.el9_3.1.aarch64.rpm
grub2-tools-minimal-2.06-70.0.2.el9_3.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//grub2-2.06-70.0.2.el9_3.1.src.rpm

Description of changes:

[2.06-70.0.2.1]
- Support setting custom kernels as default kernels [Orabug: 36043978]

ELSA-2023-7668 Important: Oracle Linux 8 squid:4 security update

Oracle Linux Security Advisory ELSA-2023-7668

http://linux.oracle.com/errata/ELSA-2023-7668.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
squid-4.15-7.module+el8.9.0+90100+fede0fa7.3.x86_64.rpm

aarch64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
squid-4.15-7.module+el8.9.0+90100+fede0fa7.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//squid-4.15-7.module+el8.9.0+90100+fede0fa7.3.src.rpm

Related CVEs:

CVE-2023-5824

Description of changes:

libecap
squid
[7:4.15-7.3]
- Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824)

[7:4.15-7.1]
- Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest
Authentication
- Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1
and ICAP

ELSA-2023-13039 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2023-13039

http://linux.oracle.com/errata/ELSA-2023-13039.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.532.3.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.532.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.532.3.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.532.3.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.532.3.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.532.3.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.532.3.el7uek.src.rpm

Related CVEs:

CVE-2023-4623

Description of changes:

[4.14.35-2047.532.3.el7uek]
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards" (Dominique Martinet)
- media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)
- perf/core: Fix potential NULL deref (Peter Zijlstra)

[4.14.35-2047.532.2.el7uek]
- x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888]
- LTS version: 4.14.328 (Saeed Mirzamohammadi)
- Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)
- gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)
- s390/pci: fix iommu bitmap allocation (Niklas Schnelle)
- perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi)
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)
- USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoît Monin)
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (Andy Shevchenko)
- mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)
- sky2: Make sure there is at least one frag_addr available (Kees Cook)
- wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)
- Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)
- Bluetooth: Avoid redundant authentication (Ying Hsu)
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)
- tracing: relax trace_event_eval_update() execution with cond_resched() (Clément Léger)
- ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)
- overlayfs: set ctime when setting mtime and atime (Jeff Layton)
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)
- btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)
- ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)
- i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)
- net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)
- net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)
- net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)
- xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi)
- netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)
- KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)
- regmap: fix NULL deref on lookup (Johan Hovold)
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)
- Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)
- Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)
- Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)
- Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)
- Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi)
- Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi)
- usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Cañuelo)
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati)
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)
- pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov)
- cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutný)
- Input: xpad - add PXN V900 support (Matthias Berndt)
- Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)
- mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)
- iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)
- usb: musb: Modify the "HWVers" register address (Xingxing Luo)
- usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)
- workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)
- nfc: nci: assert requested protocol is valid (Jeremy Cline)
- ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)
- drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)
- drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)
- RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)
- LTS version: 4.14.327 (Saeed Mirzamohammadi)
- parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)
- RDMA/mlx5: Fix NULL string error (Shay Drory)
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)
- IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)
- cpupower: add Makefile dependencies for install targets (Ivan Babrou)
- sctp: update hb timer immediately after users change hb_interval (Xin Long)
- sctp: update transport state when processing a dupcook packet (Xin Long)
- tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)
- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)
- modpost: add missing else to the "of" check (Mauricio Faria de Oliveira)
- scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi)
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)
- drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)
- ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng)
- wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)
- media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman)
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623}
- ext4: fix rec_len verify error (Shida Zhang)
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy)
- fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)
- ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)
- ata: libata-core: Fix port and device removal (Damien Le Moal)
- ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)
- btrfs: properly report 0 avail for very full file systems (Josef Bacik)
- i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)
- serial: 8250_port: Check IRQ data before use (Andy Shevchenko)
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)
- watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)
- ata: libahci: clear pending interrupt status (Szuying Chen)
- ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)
- fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)
- ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)
- ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)
- selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)
- parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)
- parisc: iosapic.c: Fix sparse warnings (Helge Deller)
- parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)
- xtensa: boot/lib: fix function prototypes (Max Filippov)
- xtensa: boot: don't add include-dirs (Randy Dunlap)
- clk: tegra: fix error return case for recalc_rate (Timo Alho)
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)
- team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)
- powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)
- ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)
- NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)

[4.14.35-2047.532.1.el7uek]
- rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849]
- rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776]

ELSA-2023-13039 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Oracle Linux Security Advisory ELSA-2023-13039

http://linux.oracle.com/errata/ELSA-2023-13039.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.532.3.el7uek.aarch64.rpm
perf-4.14.35-2047.532.3.el7uek.aarch64.rpm
python-perf-4.14.35-2047.532.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.532.3.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.532.3.el7uek.src.rpm

Related CVEs:

CVE-2023-4623

Description of changes:

[4.14.35-2047.532.3.el7uek]
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards" (Dominique Martinet)
- media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)
- perf/core: Fix potential NULL deref (Peter Zijlstra)

[4.14.35-2047.532.2.el7uek]
- x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888]
- LTS version: 4.14.328 (Saeed Mirzamohammadi)
- Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)
- gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)
- s390/pci: fix iommu bitmap allocation (Niklas Schnelle)
- perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi)
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)
- USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoît Monin)
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (Andy Shevchenko)
- mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)
- sky2: Make sure there is at least one frag_addr available (Kees Cook)
- wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)
- Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)
- Bluetooth: Avoid redundant authentication (Ying Hsu)
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)
- tracing: relax trace_event_eval_update() execution with cond_resched() (Clément Léger)
- ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)
- overlayfs: set ctime when setting mtime and atime (Jeff Layton)
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)
- btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)
- ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)
- i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)
- net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)
- net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)
- net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)
- xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi)
- netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)
- KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)
- regmap: fix NULL deref on lookup (Johan Hovold)
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)
- Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)
- Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)
- Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)
- Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)
- Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi)
- Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi)
- usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Cañuelo)
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati)
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)
- pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov)
- cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutný)
- Input: xpad - add PXN V900 support (Matthias Berndt)
- Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)
- mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)
- iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)
- usb: musb: Modify the "HWVers" register address (Xingxing Luo)
- usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)
- workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)
- nfc: nci: assert requested protocol is valid (Jeremy Cline)
- ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)
- drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)
- drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)
- RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)
- LTS version: 4.14.327 (Saeed Mirzamohammadi)
- parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)
- RDMA/mlx5: Fix NULL string error (Shay Drory)
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)
- IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)
- cpupower: add Makefile dependencies for install targets (Ivan Babrou)
- sctp: update hb timer immediately after users change hb_interval (Xin Long)
- sctp: update transport state when processing a dupcook packet (Xin Long)
- tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)
- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)
- modpost: add missing else to the "of" check (Mauricio Faria de Oliveira)
- scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi)
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)
- drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)
- ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng)
- wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)
- media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman)
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623}
- ext4: fix rec_len verify error (Shida Zhang)
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy)
- fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)
- ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)
- ata: libata-core: Fix port and device removal (Damien Le Moal)
- ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)
- btrfs: properly report 0 avail for very full file systems (Josef Bacik)
- i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)
- serial: 8250_port: Check IRQ data before use (Andy Shevchenko)
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)
- watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)
- ata: libahci: clear pending interrupt status (Szuying Chen)
- ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)
- fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)
- ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)
- ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)
- selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)
- parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)
- parisc: iosapic.c: Fix sparse warnings (Helge Deller)
- parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)
- xtensa: boot/lib: fix function prototypes (Max Filippov)
- xtensa: boot: don't add include-dirs (Randy Dunlap)
- clk: tegra: fix error return case for recalc_rate (Timo Alho)
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)
- team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)
- powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)
- ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)
- NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)

[4.14.35-2047.532.1.el7uek]
- rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849]
- rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776]

ELBA-2023-13037 Oracle Linux 8 systemd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13037

http://linux.oracle.com/errata/ELBA-2023-13037.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
systemd-239-78.0.2.el8.i686.rpm
systemd-239-78.0.2.el8.x86_64.rpm
systemd-container-239-78.0.2.el8.i686.rpm
systemd-container-239-78.0.2.el8.x86_64.rpm
systemd-devel-239-78.0.2.el8.i686.rpm
systemd-devel-239-78.0.2.el8.x86_64.rpm
systemd-journal-remote-239-78.0.2.el8.x86_64.rpm
systemd-libs-239-78.0.2.el8.i686.rpm
systemd-libs-239-78.0.2.el8.x86_64.rpm
systemd-pam-239-78.0.2.el8.x86_64.rpm
systemd-tests-239-78.0.2.el8.x86_64.rpm
systemd-udev-239-78.0.2.el8.x86_64.rpm

aarch64:
systemd-239-78.0.2.el8.aarch64.rpm
systemd-container-239-78.0.2.el8.aarch64.rpm
systemd-devel-239-78.0.2.el8.aarch64.rpm
systemd-journal-remote-239-78.0.2.el8.aarch64.rpm
systemd-libs-239-78.0.2.el8.aarch64.rpm
systemd-pam-239-78.0.2.el8.aarch64.rpm
systemd-tests-239-78.0.2.el8.aarch64.rpm
systemd-udev-239-78.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//systemd-239-78.0.2.el8.src.rpm

Description of changes:

[239-78.0.2]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]

ELBA-2023-13036 Oracle Linux 8 bcache-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13036

http://linux.oracle.com/errata/ELBA-2023-13036.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bcache-tools-1.0.8-3.101.0.2.el8.x86_64.rpm

aarch64:
bcache-tools-1.0.8-3.101.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//bcache-tools-1.0.8-3.101.0.2.el8.src.rpm

Description of changes:

[1.0.8-3.101.0.2]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]

ELBA-2023-13035 Oracle Linux 8 mdadm bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13035

http://linux.oracle.com/errata/ELBA-2023-13035.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mdadm-4.2-8.0.2.el8.x86_64.rpm

aarch64:
mdadm-4.2-8.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//mdadm-4.2-8.0.2.el8.src.rpm

Description of changes:

[4.2-8.0.2]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]

ELBA-2023-13030 Oracle Linux 8 mdadm bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13030

http://linux.oracle.com/errata/ELBA-2023-13030.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mdadm-4.2-8.0.1.el8.x86_64.rpm

aarch64:
mdadm-4.2-8.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//mdadm-4.2-8.0.1.el8.src.rpm

Description of changes:

[4.2-8.0.1]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]

ELBA-2023-13020 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2023-13020

http://linux.oracle.com/errata/ELBA-2023-13020.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
oracle-ovirt-release-45-el8-1.0-22.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//oracle-ovirt-release-45-el8-1.0-22.el8.src.rpm

Description of changes:

[1.0-1.0.22]
- Removing versionlock for gluster-ansible- rpms

[1.0-1.0.21]
- Pipe output to dev null and remove unnecessary echo statements
- Remove unnecessary OCI related manipulations

[1.0-1.0.20]
- Update version lock for ansible-core - lock to version 2.13*

[1.0-1.0.19]
- Adding the version lock for ansible-core

[1.0-1.0.18]
- Do not remove 44 repos

[1.0-1.0.17]
- update ansible-core exclusion

[1.0-1.0.16]
- Add OLVM-4.4 repos so that engine-setup can rollback update in case of failure

[1.0-1.0.15]
- Exclude ansible-core updates from OL ol8_appstream

[1.0-1.0.14]
- Enable kvm_utils3 module which has latest libvirt

[1.0-1.0.12]
- Enable nodejs module

[1.0-1.0.11]
- Remove 4.3 check

[1.0-1.0.10]
- Update script and repo for OLVM-4.5 installs

[1.0-1.0.9]
- Cleanup and Update script to check uln subscription

[1.0-8]
Enable kvm_utils2 channel

[1.0-7]
Updated repo to use libvirt 7.10 & qemu-6.1

[1.0-6]
Add gluster repo as requirement

[1.0-5]
- Use GPLv2 version of LICENSE

[1.0-4]
- Install gluster repo and update License version

[1.0-3]
- Enable postgres and pki modules

[1.0-2]
- Remove gluster repo and update ol8 repos

[1.0-1]
- Initial package