Oracle9: ELSA-2024-2758: kernel Moderate Security Advisory Updates

Oracle Linux Security Advisory ELSA-2024-2758

http://linux.oracle.com/errata/ELSA-2024-2758.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.3.0-427.16.1.el9_4.x86_64.rpm
kernel-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-abi-stablelists-5.14.0-427.16.1.el9_4.noarch.rpm
kernel-core-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-devel-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-devel-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-doc-5.14.0-427.16.1.el9_4.noarch.rpm
kernel-headers-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-modules-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-tools-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-tools-libs-5.14.0-427.16.1.el9_4.x86_64.rpm
perf-5.14.0-427.16.1.el9_4.x86_64.rpm
python3-perf-5.14.0-427.16.1.el9_4.x86_64.rpm
rtla-5.14.0-427.16.1.el9_4.x86_64.rpm
rv-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-cross-headers-5.14.0-427.16.1.el9_4.x86_64.rpm
kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.x86_64.rpm
libperf-5.14.0-427.16.1.el9_4.x86_64.rpm

aarch64:
bpftool-7.3.0-427.16.1.el9_4.aarch64.rpm
kernel-headers-5.14.0-427.16.1.el9_4.aarch64.rpm
kernel-tools-5.14.0-427.16.1.el9_4.aarch64.rpm
kernel-tools-libs-5.14.0-427.16.1.el9_4.aarch64.rpm
perf-5.14.0-427.16.1.el9_4.aarch64.rpm
python3-perf-5.14.0-427.16.1.el9_4.aarch64.rpm
kernel-cross-headers-5.14.0-427.16.1.el9_4.aarch64.rpm
kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-427.16.1.el9_4.src.rpm

Related CVEs:

CVE-2023-6240
CVE-2024-25742
CVE-2024-25743




Description of changes:

[5.14.0-427.16.1.el9_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.16.1.el9_4]
- memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656]
- memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656]
- iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656]

[5.14.0-427.15.1.el9_4]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000]
- crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742}

[5.14.0-427.14.1.el9_4]
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845]
- printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709]
- mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667]
- trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667]
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667]
- cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514]
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
Oracle9: ELSA-2024-2758: kernel Moderate Security Advisory Updates

Summary

SRPMs

x86_64

aarch64

i386

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
