Oracle Linux Security Advisory ELSA-2024-0897

https://linux.oracle.com/errata/ELSA-2024-0897.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-abi-stablelists-4.18.0-513.18.1.el8_9.noarch.rpm
kernel-core-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-cross-headers-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-debug-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-debug-core-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-debug-devel-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-debug-modules-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-debug-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-devel-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-doc-4.18.0-513.18.1.el8_9.noarch.rpm
kernel-headers-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-modules-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-tools-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-tools-libs-4.18.0-513.18.1.el8_9.x86_64.rpm
perf-4.18.0-513.18.1.el8_9.x86_64.rpm
python3-perf-4.18.0-513.18.1.el8_9.x86_64.rpm
kernel-tools-libs-devel-4.18.0-513.18.1.el8_9.x86_64.rpm

aarch64:
bpftool-4.18.0-513.18.1.el8_9.aarch64.rpm
kernel-cross-headers-4.18.0-513.18.1.el8_9.aarch64.rpm
kernel-headers-4.18.0-513.18.1.el8_9.aarch64.rpm
kernel-tools-4.18.0-513.18.1.el8_9.aarch64.rpm
kernel-tools-libs-4.18.0-513.18.1.el8_9.aarch64.rpm
perf-4.18.0-513.18.1.el8_9.aarch64.rpm
python3-perf-4.18.0-513.18.1.el8_9.aarch64.rpm
kernel-tools-libs-devel-4.18.0-513.18.1.el8_9.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-4.18.0-513.18.1.el8_9.src.rpm

Related CVEs:

CVE-2022-3545
CVE-2022-41858
CVE-2023-1073
CVE-2023-1838
CVE-2023-2166
CVE-2023-2176
CVE-2023-4623
CVE-2023-4921
CVE-2023-5717
CVE-2023-6356
CVE-2023-6535
CVE-2023-6536
CVE-2023-6606
CVE-2023-6610
CVE-2023-6817
CVE-2023-40283
CVE-2023-45871
CVE-2023-46813
CVE-2024-0646




Description of changes:

[4.18.0-513.18.1.el8_9.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Drop not needed patch

[4.18.0-513.18.1.el8_9]
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007]
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817}

[4.18.0-513.17.1.el8_9]
- redhat: rewrite genlog and support Y- tags (Jan Stancek)
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606}
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410]
- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944]
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128]

[4.18.0-513.16.1.el8_9]
- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142]
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244]
- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073}
- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831]
- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055]

[4.18.0-513.15.1.el8_9]
- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244]
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244]
- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-0897: kernel security Important Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[4.18.0-513.18.1.el8_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-513.18.1.el8_9] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646} - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007] - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817} [4.18.0-513.17.1.el8_9] - redhat: rewrite genlog and support Y- tags (Jan Stancek) - smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606} - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410] - blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944] - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128] [4.18.0-513.16.1.el8_9] - tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142] - tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142] - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142] - tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142] - tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142] - tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142] - trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142] - kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142] - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244] - HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073} - s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831] - blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055] [4.18.0-513.15.1.el8_9] - IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244] - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244] - x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-4.18.0-513.18.1.el8_9.src.rpm

x86_64

bpftool-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-abi-stablelists-4.18.0-513.18.1.el8_9.noarch.rpm kernel-core-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-cross-headers-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-debug-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-debug-core-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-debug-devel-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-debug-modules-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-debug-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-devel-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-doc-4.18.0-513.18.1.el8_9.noarch.rpm kernel-headers-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-modules-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-tools-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-tools-libs-4.18.0-513.18.1.el8_9.x86_64.rpm perf-4.18.0-513.18.1.el8_9.x86_64.rpm python3-perf-4.18.0-513.18.1.el8_9.x86_64.rpm kernel-tools-libs-devel-4.18.0-513.18.1.el8_9.x86_64.rpm

aarch64

bpftool-4.18.0-513.18.1.el8_9.aarch64.rpm kernel-cross-headers-4.18.0-513.18.1.el8_9.aarch64.rpm kernel-headers-4.18.0-513.18.1.el8_9.aarch64.rpm kernel-tools-4.18.0-513.18.1.el8_9.aarch64.rpm kernel-tools-libs-4.18.0-513.18.1.el8_9.aarch64.rpm perf-4.18.0-513.18.1.el8_9.aarch64.rpm python3-perf-4.18.0-513.18.1.el8_9.aarch64.rpm kernel-tools-libs-devel-4.18.0-513.18.1.el8_9.aarch64.rpm

i386

Severity
Related CVEs: CVE-2022-3545 CVE-2022-41858 CVE-2023-1073 CVE-2023-1838 CVE-2023-2166 CVE-2023-2176 CVE-2023-4623 CVE-2023-4921 CVE-2023-5717 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2023-40283 CVE-2023-45871 CVE-2023-46813 CVE-2024-0646

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved