Oracle Linux Security Advisory ELSA-2022-0620

https://linux.oracle.com/errata/ELSA-2022-0620.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.59.1.el7.noarch.rpm
kernel-debug-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-doc-3.10.0-1160.59.1.el7.noarch.rpm
kernel-headers-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.59.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.59.1.el7.x86_64.rpm
perf-3.10.0-1160.59.1.el7.x86_64.rpm
python-perf-3.10.0-1160.59.1.el7.x86_64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-3.10.0-1160.59.1.el7.src.rpm

Related CVEs:

CVE-2020-0465
CVE-2020-0466
CVE-2021-0920
CVE-2021-3564
CVE-2021-3573
CVE-2021-3752
CVE-2021-4155
CVE-2022-0330
CVE-2022-22942




Description of changes:

[3.10.0-1160.59.1.el7.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9.el7
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.59.1.el7]
- Revert "Merge: Fix tasks stuck in IO waiting for buffer_head lock" (Rado Vrbovsky) [2030609]

[3.10.0-1160.58.1.el7]
- Bluetooth: fix use-after-free error in lock_sock_nested() (Gopal Tiwari) [2005687]
- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047597] {CVE-2022-22942}

[3.10.0-1160.57.1.el7]
- fix regression in "epoll: Keep a reference on files added to the check list" (Carlos Maiolino) [2042760] {CVE-2020-0466}
- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [2042760] {CVE-2020-0466}
- drm/i915: Flush TLBs before releasing backing store (Dave Airlie) [2044319] {CVE-2022-0330}

[3.10.0-1160.56.1.el7]
- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (Kamal Heib) [1984070]
- af_unix: fix garbage collect vs MSG_PEEK (William Zhao) [2031970] {CVE-2021-0920}
- selinux: fix race condition when computing ocontext SIDs (Ondrej Mosnacek) [2040196]
- Bluetooth: fix the erroneous flush_work() order (Chris von Recklinghausen) [1964556] {CVE-2021-3564}

[3.10.0-1160.55.1.el7]
- SUNRPC: Fix null rpc_clnt dereference in rpc_task_queued tracepoint (Benjamin Coddington) [2039508]
- buffer: eliminate the need to call free_more_memory() in __getblk_slow() (Carlos Maiolino) [2030609]
- buffer: grow_dev_page() should use __GFP_NOFAIL for all cases (Carlos Maiolino) [2030609]
- buffer: have alloc_page_buffers() use __GFP_NOFAIL (Carlos Maiolino) [2030609]
- net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (Sabrina Dubroca) [2033561]
- efi: Decode IA32/X64 Context Info structure (Aristeu Rozanski) [1950302]
- efi: Decode IA32/X64 MS Check structure (Aristeu Rozanski) [1950302]
- efi: Decode additional IA32/X64 Bus Check fields (Aristeu Rozanski) [1950302]
- efi: Decode IA32/X64 Cache, TLB, and Bus Check structures (Aristeu Rozanski) [1950302]
- efi: Decode UEFI-defined IA32/X64 Error Structure GUIDs (Aristeu Rozanski) [1950302]
- efi: Decode IA32/X64 Processor Error Info Structure (Aristeu Rozanski) [1950302]
- efi: Decode IA32/X64 Processor Error Section (Aristeu Rozanski) [1950302]
- efi: Fix IA32/X64 Processor Error Record definition (Aristeu Rozanski) [1950302]
- HID: core: Sanitize event code and type when mapping input (Aristeu Rozanski) [1920848] {CVE-2020-0465}

[3.10.0-1160.54.1.el7]
- block: queue lock must be acquired when iterating over rls (Ming Lei) [2029574]
- Bluetooth: use correct lock to prevent UAF of hdev object (Chris von Recklinghausen) [1968211] {CVE-2021-3573}
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Carlos Maiolino) [2034857] {CVE-2021-4155}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle7: ELSA-2022-0620: kernel Important Security Update

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[3.10.0-1160.59.1.el7.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9.el7 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.59.1.el7] - Revert "Merge: Fix tasks stuck in IO waiting for buffer_head lock" (Rado Vrbovsky) [2030609] [3.10.0-1160.58.1.el7] - Bluetooth: fix use-after-free error in lock_sock_nested() (Gopal Tiwari) [2005687] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047597] {CVE-2022-22942} [3.10.0-1160.57.1.el7] - fix regression in "epoll: Keep a reference on files added to the check list" (Carlos Maiolino) [2042760] {CVE-2020-0466} - epoll: Keep a reference on files added to the check list (Carlos Maiolino) [2042760] {CVE-2020-0466} - drm/i915: Flush TLBs before releasing backing store (Dave Airlie) [2044319] {CVE-2022-0330} [3.10.0-1160.56.1.el7] - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (Kamal Heib) [1984070] - af_unix: fix garbage collect vs MSG_PEEK (William Zhao) [2031970] {CVE-2021-0920} - selinux: fix race condition when computing ocontext SIDs (Ondrej Mosnacek) [2040196] - Bluetooth: fix the erroneous flush_work() order (Chris von Recklinghausen) [1964556] {CVE-2021-3564} [3.10.0-1160.55.1.el7] - SUNRPC: Fix null rpc_clnt dereference in rpc_task_queued tracepoint (Benjamin Coddington) [2039508] - buffer: eliminate the need to call free_more_memory() in __getblk_slow() (Carlos Maiolino) [2030609] - buffer: grow_dev_page() should use __GFP_NOFAIL for all cases (Carlos Maiolino) [2030609] - buffer: have alloc_page_buffers() use __GFP_NOFAIL (Carlos Maiolino) [2030609] - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (Sabrina Dubroca) [2033561] - efi: Decode IA32/X64 Context Info structure (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 MS Check structure (Aristeu Rozanski) [1950302] - efi: Decode additional IA32/X64 Bus Check fields (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 Cache, TLB, and Bus Check structures (Aristeu Rozanski) [1950302] - efi: Decode UEFI-defined IA32/X64 Error Structure GUIDs (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 Processor Error Info Structure (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 Processor Error Section (Aristeu Rozanski) [1950302] - efi: Fix IA32/X64 Processor Error Record definition (Aristeu Rozanski) [1950302] - HID: core: Sanitize event code and type when mapping input (Aristeu Rozanski) [1920848] {CVE-2020-0465} [3.10.0-1160.54.1.el7] - block: queue lock must be acquired when iterating over rls (Ming Lei) [2029574] - Bluetooth: use correct lock to prevent UAF of hdev object (Chris von Recklinghausen) [1968211] {CVE-2021-3573} - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Carlos Maiolino) [2034857] {CVE-2021-4155}

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-3.10.0-1160.59.1.el7.src.rpm

x86_64

bpftool-3.10.0-1160.59.1.el7.x86_64.rpm kernel-3.10.0-1160.59.1.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1160.59.1.el7.noarch.rpm kernel-debug-3.10.0-1160.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.59.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.59.1.el7.x86_64.rpm kernel-doc-3.10.0-1160.59.1.el7.noarch.rpm kernel-headers-3.10.0-1160.59.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.59.1.el7.x86_64.rpm perf-3.10.0-1160.59.1.el7.x86_64.rpm python-perf-3.10.0-1160.59.1.el7.x86_64.rpm

aarch64

i386

Severity
Related CVEs: CVE-2020-0465 CVE-2020-0466 CVE-2021-0920 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved