Oracle Linux Security Advisory ELSA-2022-1550

https://linux.oracle.com/errata/ELSA-2022-1550.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-abi-stablelists-4.18.0-348.23.1.el8_5.noarch.rpm
kernel-core-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-cross-headers-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-core-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-devel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-modules-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-modules-extra-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-devel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-doc-4.18.0-348.23.1.el8_5.noarch.rpm
kernel-headers-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-modules-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-modules-extra-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-tools-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-tools-libs-4.18.0-348.23.1.el8_5.x86_64.rpm
perf-4.18.0-348.23.1.el8_5.x86_64.rpm
python3-perf-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-tools-libs-devel-4.18.0-348.23.1.el8_5.x86_64.rpm

aarch64:
bpftool-4.18.0-348.23.1.el8_5.aarch64.rpm
kernel-cross-headers-4.18.0-348.23.1.el8_5.aarch64.rpm
kernel-headers-4.18.0-348.23.1.el8_5.aarch64.rpm
kernel-tools-4.18.0-348.23.1.el8_5.aarch64.rpm
kernel-tools-libs-4.18.0-348.23.1.el8_5.aarch64.rpm
perf-4.18.0-348.23.1.el8_5.aarch64.rpm
python3-perf-4.18.0-348.23.1.el8_5.aarch64.rpm
kernel-tools-libs-devel-4.18.0-348.23.1.el8_5.aarch64.rpm


SRPMS:
https://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-348.23.1.el8_5.src.rpm

Related CVEs:

CVE-2021-4028
CVE-2022-25636




Description of changes:

[4.18.0-348.23.1.el8_5.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5.el8

[4.18.0-348.23.1.el8_5]
- gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2069750 2061665]

[4.18.0-348.22.1.el8_5]
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (Dick Kennedy) [2058193 2027558]
- cifs: check all path components in resolved dfs target (Ronnie Sahlberg) [2056329 2030880]
- RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032073 2032074] {CVE-2021-4028}

[4.18.0-348.21.1.el8_5]
- netfilter: nf_queue: handle socket prefetch (Florian Westphal) [2061446 2009786]
- netfilter: nf_queue: fix possible use-after-free (Florian Westphal) [2061446 2009786]
- selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test (Florian Westphal) [2061446 2009786]
- netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) [2061446 2009786]
- netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056867 2056728] {CVE-2022-25636}
- netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056867 2056728] {CVE-2022-25636}


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata