ELSA-2021-9037 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux 6167 Published by

An unbreakable Enterprise kernel security update has been released for Oracle Linux 8.



El-errata: ELSA-2021-9037 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2021-9037

  http://linux.oracle.com/errata/ELSA-2021-9037.html

The following updated rpms for Oracle Linux 8 have been uploaded to the
Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2036.103.3.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2036.103.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2036.103.3.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2036.103.3.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2036.103.3.el8uek.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2036.103.3.el8uek.src.rpm


Description of changes:

[5.4.17-2036.103.3.el8uek]
- Revert "rds: Deregister all FRWR mr with free_mr" (aru kolappan)
[Orabug: 32426610]

[5.4.17-2036.103.2.el8uek]
- A/A Bonding: Fix a one-byte-off kmalloc (Håkon Bugge) [Orabug: 32380824]
- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug:
32372530] {CVE-2021-20177}
- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]
- uek-rpm: Report removed symbols also during kabi check (Somasundaram
Krishnasamy) [Orabug: 32380061]
- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378206]
- A/A Bonding: Introduce selective interface name inclusion (Håkon
Bugge) [Orabug: 32350974]
- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug:
32248035] {CVE-2020-28374}

[5.4.17-2036.103.1.el8uek]
- mwifiex: Fix possible buffer overflows in
mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203]
{CVE-2020-36158}
- x86/process: Mark cpu inactive before offlining (Mridula Shastry)
[Orabug: 32234812]
- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]

[5.4.17-2036.103.0.el8uek]
- lockd: don't use interval-based rebinding over TCP (Calum Mackay)
[Orabug: 32337715]
- tools: update header files in the tools directory (Thomas Tai)
[Orabug: 32321484]
- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]
- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug:
32321484]
- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang)
[Orabug: 32321484]
- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang)
[Orabug: 32321484]
- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang)
[Orabug: 32321484]
- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan
Liang) [Orabug: 32321484]
- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang)
[Orabug: 32321484]
- perf/x86/intel: Generic support for hardware TopDown metrics (Kan
Liang) [Orabug: 32321484]
- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang)
[Orabug: 32321484]
- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra)
[Orabug: 32321484]
- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan
Liang) [Orabug: 32321484]
- perf/x86: Keep LBR records unchanged in host context for guest usage
(Like Xu) [Orabug: 32321484]
- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug:
32321484]
- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang)
[Orabug: 32321484]
- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang)
[Orabug: 32321484]
- perf/x86: Add constraint to create guest LBR event without hw counter
(Like Xu) [Orabug: 32321484]
- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug:
32321484]
- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug:
32321484]
- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan
Liang) [Orabug: 32321484]
- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean
Christopherson) [Orabug: 32321484]
- partitions/efi: Enable no warning option for the GPT warnings related
to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]
- Revert "cpu/hotplug: avoid race between cpuset_hotplug_workfn and
later hotplug" (Daniel Jordan) [Orabug: 32295229]
- cpuset: fix race between hotplug work and later CPU offline (Daniel
Jordan) [Orabug: 32295229]
- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp)
[Orabug: 32290034]
- driver/perf: Add PMU driver for the ARM DMC-620 memory controller
(Tuan Phan) [Orabug: 32290034]
- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon)
[Orabug: 32290034]
- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon)
[Orabug: 32290034]
- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]
- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]
- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]
- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work
(James Morse) [Orabug: 32290034]
- ACPI: APEI: Kick the memory_failure() queue for synchronous errors
(James Morse) [Orabug: 32290034]
- iommu/arm-smmu-v3: Don't reserve implementation defined register space
(Jean-Philippe Brucker) [Orabug: 32290034]
- Revert "BACKPORT: perf: Add Arm CMN-600 DT binding" (Dave Kleikamp)
[Orabug: 32290034]
- Revert "BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver" (Dave
Kleikamp) [Orabug: 32290034]
- Revert "BACKPORT: WIP: perf/arm-cmn: Add ACPI support" (Dave Kleikamp)
[Orabug: 32290034]
- Revert "perf: Add ARM DMC-620 PMU driver." (Dave Kleikamp) [Orabug:
32290034]
- Revert "BACKPORT: ACPI / APEI: Kick the memory_failure() queue for
synchronous errors" (Dave Kleikamp) [Orabug: 32290034]
- Revert "BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with
APEI's irq work" (Dave Kleikamp) [Orabug: 32290034]
- Revert "Perf: arm-cmn: Allow irq to be shared." (Dave Kleikamp)
[Orabug: 32290034]
- Revert "perf: arm_cmn: improve and make it work on 2P." (Dave
Kleikamp) [Orabug: 32290034]
- Revert "perf: arm_dsu: Allow IRQ to be shared among devices." (Dave
Kleikamp) [Orabug: 32290034]
- Revert "perf: arm_dsu: Support ACPI mode." (Dave Kleikamp) [Orabug:
32290034]
- Revert "perf: arm_dmc620: Update ACPI ID." (Dave Kleikamp) [Orabug:
32290034]
- Revert "perf: avoid breaking KABI by reusing enum" (Dave Kleikamp)
[Orabug: 32290034]
- Revert "perf/smmuv3: Allow sharing MMIO registers with the SMMU
driver" (Dave Kleikamp) [Orabug: 32290034]
- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677]
{CVE-2020-29660}
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel
Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park)
[Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park)
[Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae
Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
(SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae
Park) [Orabug: 32253409] {CVE-2020-29568}
- KVM: x86: clflushopt should be treated as a no-op by emulation (David
Edmondson) [Orabug: 32251910]

Fedora 33 Update: pngcheck-2.4.0-7.fc33

RHSA-2021:0308-01: Important: OpenShift Container Platform 4.6.16 security and bug fix update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...