Oracle Linux Security Advisory ELSA-2022-0063

https://linux.oracle.com/errata/ELSA-2022-0063.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.53.1.el7.noarch.rpm
kernel-debug-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-doc-3.10.0-1160.53.1.el7.noarch.rpm
kernel-headers-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.53.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.53.1.el7.x86_64.rpm
perf-3.10.0-1160.53.1.el7.x86_64.rpm
python-perf-3.10.0-1160.53.1.el7.x86_64.rpm


SRPMS:
https://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1160.53.1.el7.src.rpm

Related CVEs:

CVE-2020-25704
CVE-2020-36322
CVE-2021-42739




Description of changes:

[3.10.0-1160.53.1.el7.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9.el7
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.53.1.el7]
- fuse: fix live lock in fuse_iget() (Miklos Szeredi) [1952046]
- fuse: fix bad inode (Miklos Szeredi) [1952046]
- GFS2: Truncate address space mapping when deleting an inode (Bob Peterson) [1364234]
- gfs2: Fix gfs2_testbit to use clone bitmaps (Bob Peterson) [1364234]
- gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (Bob Peterson) [1364234]
- gfs2: Fix oversight in gfs2_ail1_flush (Bob Peterson) [1364234]
- gfs2: Additional information when gfs2_ail1_flush withdraws (Bob Peterson) [1364234]
- gfs2: leaf_dealloc needs to allocate one more revoke (Bob Peterson) [1364234]
- gfs2: allow journal replay to hold sd_log_flush_lock (Bob Peterson) [1364234]
- gfs2: don't allow releasepage to free bd still used for revokes (Bob Peterson) [1364234]
- gfs2: flesh out delayed withdraw for gfs2_log_flush (Bob Peterson) [1364234]
- gfs2: Do proper error checking for go_sync family of glops functions (Bob Peterson) [1364234]
- gfs2: drain the ail2 list after io errors (Bob Peterson) [1364234]
- gfs2: Withdraw in gfs2_ail1_flush if write_cache_pages fails (Bob Peterson) [1364234]
- gfs2: Do log_flush in gfs2_ail_empty_gl even if ail list is empty (Bob Peterson) [1364234]
- gfs2: Check for log write errors before telling dlm to unlock (Bob Peterson) [1364234]
- gfs2: Prepare to withdraw as soon as an IO error occurs in log write (Bob Peterson) [1364234]
- gfs2: Issue revokes more intelligently (Bob Peterson) [1364234]
- gfs2: Add verbose option to check_journal_clean (Bob Peterson) [1364234]
- gfs2: fix infinite loop when checking ail item count before go_inval (Bob Peterson) [1364234]
- gfs2: Force withdraw to replay journals and wait for it to finish (Bob Peterson) [1364234]
- gfs2: Allow some glocks to be used during withdraw (Bob Peterson) [1364234]
- gfs2: move check_journal_clean to util.c for future use (Bob Peterson) [1364234]
- gfs2: Ignore dlm recovery requests if gfs2 is withdrawn (Bob Peterson) [1364234]
- gfs2: Only complain the first time an io error occurs in quota or log (Bob Peterson) [1364234]
- gfs2: log error reform (Bob Peterson) [1364234]
- gfs2: Rework how rgrp buffer_heads are managed (Bob Peterson) [1364234]
- gfs2: clear ail1 list when gfs2 withdraws (Bob Peterson) [1364234]
- gfs2: Introduce concept of a pending withdraw (Bob Peterson) [1364234]
- gfs2: Return bool from gfs2_assert functions (Bob Peterson) [1364234]
- gfs2: Turn gfs2_consist into void functions (Bob Peterson) [1364234]
- gfs2: Remove usused cluster_wide arguments of gfs2_consist functions (Bob Peterson) [1364234]
- gfs2: Report errors before withdraw (Bob Peterson) [1364234]
- gfs2: Split gfs2_lm_withdraw into two functions (Bob Peterson) [1364234]
- gfs2: Fix incorrect variable name (Bob Peterson) [1364234]
- gfs2: Don't write log headers after file system withdraw (Bob Peterson) [1364234]
- gfs2: clean up iopen glock mess in gfs2_create_inode (Bob Peterson) [1364234]
- gfs2: Close timing window with GLF_INVALIDATE_IN_PROGRESS (Bob Peterson) [1364234]
- gfs2: fix infinite loop in gfs2_ail1_flush on io error (Bob Peterson) [1364234]
- gfs2: Introduce function gfs2_withdrawn (Bob Peterson) [1364234]
- gfs2: replace more printk with calls to fs_info and friends (Bob Peterson) [1364234]
- gfs2: dump fsid when dumping glock problems (Bob Peterson) [1364234]
- gfs2: simplify gfs2_freeze by removing case (Bob Peterson) [1364234]
- gfs2: Rename SDF_SHUTDOWN to SDF_WITHDRAWN (Bob Peterson) [1364234]
- gfs2: Warn when a journal replay overwrites a rgrp with buffers (Bob Peterson) [1364234]
- gfs2: log which portion of the journal is replayed (Bob Peterson) [1364234]
- gfs2: slow the deluge of io error messages (Bob Peterson) [1364234]
- gfs2: Don't withdraw under a spin lock (Bob Peterson) [1364234]
- GFS2: Clear gl_object when deleting an inode in gfs2_delete_inode (Bob Peterson) [1364234]
- gfs2: Use fs_* functions instead of pr_* function where we can (Bob Peterson) [1364234]
more consistently (Bob Peterson) [1364234]

[3.10.0-1160.52.1.el7]
- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (David Arcari) [2019588]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [2019218]
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (David Arcari) [2019218]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Stefan Assmann) [1977246]
- i40e: Fix virtchnl_queue_select bitmap validation (Stefan Assmann) [1977246]

[3.10.0-1160.51.1.el7]
- mm, fs: Fix do_generic_file_read() error return (Carlos Maiolino) [2020857]
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (Michael Petlan) [1901932]

[3.10.0-1160.50.1.el7]
- tcp: grow window for OOO packets only for SACK flows (Guillaume Nault) [1990665]
- scsi: mpt3sas: Fix unlock imbalance (Tomas Henzl) [2006536]
- pci-hyperv: Fix setting CPU affinity on Azure (Vitaly Kuznetsov) [2019272]
- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Lucas Zampieri) [1956471] {CVE-2021-42739}


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata