Oracle Linux Security Advisory ELSA-2021-9486 http://linux.oracle.com/errata/ELSA-2021-9486.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.300.7.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.300.7.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.300.7.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.300.7.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.300.7.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.300.7.el8uek.src.rpm Related CVEs: CVE-2017-6074 CVE-2020-16119 Description of changes: [5.4.17-2136.300.7.el8uek] - KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick) [Orabug: 33446526] - Revert "KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page" (Liam Merwick) [Orabug: 33450675] [5.4.17-2136.300.6.el8uek] - Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue" (Jack Vogel) [Orabug: 33441404] [5.4.17-2136.300.5.el8uek] - dccp: dont duplicate ccid when cloning dccp sock (Lin, Zhenpeng) [Orabug: 33408808] {CVE-2017-6074} {CVE-2020-16119} {CVE-2020-16119} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33396355] - uek-rpm: add ofb.ko and crypto_user.ko modules to nano kernel (Somasundaram Krishnasamy) [Orabug: 31895743] [5.4.17-2136.300.4] - Reintroduce: certs: Add EFI_CERT_X509_GUID support for dbx entries (Konrad Rzeszutek Wilk) [Orabug: 33382994] - bnxt_en: Update the driver version string (Jack Vogel) [Orabug: 33392416] [5.4.17-2136.300.3] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33379543] - KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan) [Orabug: 33359297] {CVE-2021-38198} - KVM: x86: adjust SEV for commit 7e8e6eed75e (Paolo Bonzini) [Orabug: 33375655] - net/mlx5: Implement Oracle-only solution for mlx device names (Mikhael Goikhman) [Orabug: 33247746] [5.4.17-2136.300.2] - btrfs: fix NULL pointer dereference when deleting device by invalid id (Qu Wenruo) [Orabug: 33365609] {CVE-2021-3739} - Revert uek-rpm: mark /etc/ld.so.conf.d/ files as %config (aloktiw) [Orabug: 33359669] - bpf: provide BPF Type Format (BTF) info for kernel (Alan Maguire) [Orabug: 33331233] - perf/x86/amd: Dont touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu) [Orabug: 33194216] - IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33283556] - IB/core: Shifting initialization of device->cache_lock (Anand Khoje) [Orabug: 33283556] - IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje) [Orabug: 33283556] - IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje) [Orabug: 33283556] - IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33283556] - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 33106728] [5.4.17-2136.300.1] - net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang) [Orabug: 33336805] {CVE-2021-3743} - ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Tso) [Orabug: 33336785] {CVE-2021-40490} - net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode (Vu Pham) [Orabug: 33291040] - rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33331710] - RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33331640] - usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu) [Orabug: 33329086] {CVE-2021-37159} - hso: fix bailout in error case of probe (Oliver Neukum) [Orabug: 33329086] {CVE-2021-37159} - uek-rpm: Set DEFAULTKERNEL in /etc/sysconfig/kernel correctly (Dave Kleikamp) [Orabug: 33219604] - RDMA/mlx5: Fix crash when unbind multiport slave (Maor Gottlieb) [Orabug: 33303425] - net/mlx5: Dont overwrite HCA capabilities when setting MSI-X count (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Implement sriov_get_vf_total_msix/count() callbacks (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Dynamically assign MSI-X vectors count (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Add dynamic MSI-X capabilities bits (Leon Romanovsky) [Orabug: 33220810] - PCI/IOV: Add sysfs MSI-X vector assignment interface (Leon Romanovsky) [Orabug: 33220810] - net/mlx5: Check that driver was probed prior attaching the device (Leon Romanovsky) [Orabug: 33286656] [5.4.17-2136.300.0] - misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33290806] - btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33265208] - vdpa/mlx5: fix feature negotiation across device reset (Si-Wei Liu) [Orabug: 33247045] - net/mlx5: E-switch, When eswitch is unsupported, return -EOPNOTSUPP (Parav Pandit) [Orabug: 33241452] - xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) - net/mlx5: E-switch, Use eswitch total_vports (Parav Pandit) [Orabug: 33213269] - net/mlx5: E-switch, Reuse total_vports and avoid duplicate nvports (Parav Pandit) [Orabug: 33213269] - net/mlx5: E-switch, Consider maximum vf vports for steering init (Parav Pandit) [Orabug: 33213269] - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (Maor Gottlieb) [Orabug: 33303297] - rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372378] - KVM: X86: Micro-optimize IPI fastpath delay (Wanpeng Li) [Orabug: 33119431] - net/mlx5_core: Restore driver version (Roy Novich) [Orabug: 33112151] - RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size (Christoph Hellwig) [Orabug: 33107202] - lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values (Jason Gunthorpe) [Orabug: 33107202] - RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 33107202] - lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 33107202] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246580] - rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] - driver core: auxiliary bus: Fix memory leak when driver_register() fail (Peter Ujfalusi) [Orabug: 32461425] - driver core: auxiliary bus: Remove unneeded module bits (Dave Jiang) [Orabug: 32461425] - driver core: auxiliary bus: Fix calling stage for auxiliary bus init (Dave Jiang) [Orabug: 32461425] - driver core: auxiliary bus: Fix auxiliary bus shutdown null auxdrv ptr (Dave Jiang) [Orabug: 32461425] - bnxt_en: Use register window 6 instead of 5 to read the PHC (Michael Chan) [Orabug: 33181761] - bnxt_en: Update firmware call to retrieve TX PTP timestamp (Michael Chan) [Orabug: 33181761] - bnxt_en: Update firmware interface to 1.10.2.52 (Michael Chan) [Orabug: 33181761] [5.4.17-2122.305.7] - ice: implement device flash update via devlink (Jacob Keller) [Orabug: 33236075] - ice: add board identifier info to devlink .info_get (Jacob Keller) [Orabug: 33236075] - ice: add basic handler for devlink .info_get (Jacob Keller) [Orabug: 33236075] - ice: enable initial devlink support (Jacob Keller) [Orabug: 33236075] - bitops: introduce the for_each_set_clump8 macro (William Breathitt Gray) [Orabug: 33236075] - Add pldmfw library for PLDM firmware update (Jacob Keller) [Orabug: 33236075] - devlink: expand the devlink-info documentation (Jakub Kicinski) [Orabug: 33236075] - devlink: promote fw.bundle_id to a generic info version (Jacob Keller) [Orabug: 33236075] - devlink: remove trigger command from devlink-region.rst (Jacob Keller) [Orabug: 33236075] - devlink: add trap metadata type for cookie (Jiri Pirko) [Orabug: 33236075] - devlink: add ACL generic packet traps (Jiri Pirko) [Orabug: 33236075] - devlink: Force enclosing array on binary fmsg data (Aya Levin) [Orabug: 33236075] - devlink: document devlink info versions reported by bnxt_en driver (Vasundhara Volam) [Orabug: 33236075] - devlink: add macro for fw.roce (Vasundhara Volam) [Orabug: 33236075] - devlink: Add health recover notifications on devlink flows (Moshe Shemesh) [Orabug: 33236075] - devlink: Add overlay source MAC is multicast trap (Amit Cohen) [Orabug: 33236075] - devlink: Add tunnel generic packet traps (Amit Cohen) [Orabug: 33236075] - devlink: Add non-routable packet trap (Amit Cohen) [Orabug: 33236075] - devlink: fix typos in qed documentation (Jacob Keller) [Orabug: 33236075] - devlink: correct misspelling of snapshot (Jacob Keller) [Orabug: 33236075] - devlink: document region snapshot triggering from userspace (Jacob Keller) [Orabug: 33236075] - devlink: introduce devlink-dpipe.rst documentation file (Jacob Keller) [Orabug: 33236075] - devlink: add a devlink-resource.rst documentation file (Jacob Keller) [Orabug: 33236075] - devlink: rename and expand devlink-trap-netdevsim.rst (Jacob Keller) [Orabug: 33236075] - devlink: add documentation for ionic device driver (Jacob Keller) [Orabug: 33236075] - devlink: add a file documenting devlink regions (Jacob Keller) [Orabug: 33236075] - devlink: add a driver-specific file for the qed driver (Jacob Keller) [Orabug: 33236075] - devlink: add parameter documentation for the mlx4 driver (Jacob Keller) [Orabug: 33236075] - devlink: document info versions for each driver (Jacob Keller) [Orabug: 33236075] - devlink: convert driver-specific files to reStructuredText (Jacob Keller) [Orabug: 33236075] - devlink: mention reloading in devlink-params.rst (Jacob Keller) [Orabug: 33236075] - devlink: add documentation for generic devlink parameters (Jacob Keller) [Orabug: 33236075] - devlink: convert devlink-params.txt to reStructuredText (Jacob Keller) [Orabug: 33236075] - devlink: rename devlink-info-versions.rst and add a header (Jacob Keller) [Orabug: 33236075] - devlink: convert devlink-health.txt to rst format (Jacob Keller) [Orabug: 33236075] - devlink: move devlink documentation to subfolder (Jacob Keller) [Orabug: 33236075] - devlink: add macro for fw.psid (Jacob Keller) [Orabug: 33236075] - devlink: add devink notification when reporter update health state (Vikas Gupta) [Orabug: 33236075] - rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243559] [5.4.17-2122.305.6] - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950} - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33352735] _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
