Oracle9: ELSA-2024-2758: kernel Moderate Security Advisory Updates
Summary
[5.14.0-427.16.1.el9_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.16.1.el9_4] - memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656] - memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656] - iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656] [5.14.0-427.15.1.el9_4] - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000] - ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000] - ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000] - crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685] - cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381] - x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742} [5.14.0-427.14.1.el9_4] - crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845] - crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845] - crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845] - printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709] - mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667] - trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667] - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667] - cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514] - crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}
SRPMs
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-427.16.1.el9_4.src.rpm
x86_64
bpftool-7.3.0-427.16.1.el9_4.x86_64.rpm kernel-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-abi-stablelists-5.14.0-427.16.1.el9_4.noarch.rpm kernel-core-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-devel-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-devel-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-doc-5.14.0-427.16.1.el9_4.noarch.rpm kernel-headers-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-modules-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-tools-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-tools-libs-5.14.0-427.16.1.el9_4.x86_64.rpm perf-5.14.0-427.16.1.el9_4.x86_64.rpm python3-perf-5.14.0-427.16.1.el9_4.x86_64.rpm rtla-5.14.0-427.16.1.el9_4.x86_64.rpm rv-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-cross-headers-5.14.0-427.16.1.el9_4.x86_64.rpm kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.x86_64.rpm libperf-5.14.0-427.16.1.el9_4.x86_64.rpm
aarch64
bpftool-7.3.0-427.16.1.el9_4.aarch64.rpm kernel-headers-5.14.0-427.16.1.el9_4.aarch64.rpm kernel-tools-5.14.0-427.16.1.el9_4.aarch64.rpm kernel-tools-libs-5.14.0-427.16.1.el9_4.aarch64.rpm perf-5.14.0-427.16.1.el9_4.aarch64.rpm python3-perf-5.14.0-427.16.1.el9_4.aarch64.rpm kernel-cross-headers-5.14.0-427.16.1.el9_4.aarch64.rpm kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.aarch64.rpm
i386
![Oracle Linux Logo](/images/distros/oracle-linux-logo.jpg)