Oracle Linux Security Advisory ELSA-2024-10943 http://linux.oracle.com/errata/ELSA-2024-10943.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm perf-4.18.0-553.32.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm perf-4.18.0-553.32.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.32.1.el8_10.src.rpm Related CVEs: CVE-2024-46695 CVE-2024-49949 CVE-2024-50082 CVE-2024-50099 CVE-2024-50110 CVE-2024-50142 CVE-2024-50192 CVE-2024-50256 CVE-2024-50264 Description of changes: [4.18.0-553.32.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-553.32.1.el8_10] - irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192} - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192} - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082} - gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869] - Revert "GFS2: Don't add all glocks to the lru" (Andreas Gruenbacher) [RHEL-62869] - gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869] - gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869] - gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869] - gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869] - gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869] - gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869] - gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869] - gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869] - gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869] - gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869] - gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869] - gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869] - gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869] - gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869] - KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080] - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264} - md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585] [4.18.0-553.31.1.el8_10] - xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110} - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256} - netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862] - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862] - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988] - cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988] - cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988] - cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988] - cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988] - cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988] - cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988] - selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695} - gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823] - gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823] - arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099} - net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949} - xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142} _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata