An unbreakable Enterprise kernel security update has been released for Oracle Linux 6.

El-errata: ELSA-2022-9260 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2022-9260

  http://linux.oracle.com/errata/ELSA-2022-9260.html

The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.61.2.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.61.2.el6uek.noarch.rpm
kernel-uek-4.1.12-124.61.2.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.61.2.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.61.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.61.2.el6uek.x86_64.rpm


Related CVEs:

CVE-2020-36516
CVE-2021-20322
CVE-2021-3772
CVE-2022-0330
CVE-2022-26966



Description of changes:

[4.1.12-124.61.2.el6uek]
- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34023956]

[4.1.12-124.61.1.el6uek]
- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835812] {CVE-2022-0330}
- drm/i915: Reduce locking in execlist command submission (Chris Wilson) [Orabug: 33835812] {CVE-2022-0330}
- ipv4: make exception cache less predictible (Eric Dumazet) [Orabug: 33894531] {CVE-2021-20322}
- route: also update fnhe_genid when updating a route cache (Xin Long) [Orabug: 33894531] {CVE-2021-20322}
- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}
- sctp: add vtag check in sctp_sf_violation (Xin Long) [Orabug: 33924717] {CVE-2021-3772}
- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) [Orabug: 33924717] {CVE-2021-3772}
- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962995] {CVE-2022-26966}

_______________________________________________