Oracle Linux Security Advisory ELSA-2024-1607

https://linux.oracle.com/errata/ELSA-2024-1607.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-abi-stablelists-4.18.0-513.24.1.el8_9.noarch.rpm
kernel-core-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-cross-headers-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-debug-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-debug-core-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-debug-devel-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-debug-modules-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-debug-modules-extra-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-devel-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-doc-4.18.0-513.24.1.el8_9.noarch.rpm
kernel-headers-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-modules-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-modules-extra-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-tools-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-tools-libs-4.18.0-513.24.1.el8_9.x86_64.rpm
perf-4.18.0-513.24.1.el8_9.x86_64.rpm
python3-perf-4.18.0-513.24.1.el8_9.x86_64.rpm
kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.x86_64.rpm

aarch64:
bpftool-4.18.0-513.24.1.el8_9.aarch64.rpm
kernel-cross-headers-4.18.0-513.24.1.el8_9.aarch64.rpm
kernel-headers-4.18.0-513.24.1.el8_9.aarch64.rpm
kernel-tools-4.18.0-513.24.1.el8_9.aarch64.rpm
kernel-tools-libs-4.18.0-513.24.1.el8_9.aarch64.rpm
perf-4.18.0-513.24.1.el8_9.aarch64.rpm
python3-perf-4.18.0-513.24.1.el8_9.aarch64.rpm
kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-4.18.0-513.24.1.el8_9.src.rpm

Related CVEs:

CVE-2021-33631
CVE-2022-38096
CVE-2023-6546
CVE-2023-6931
CVE-2023-51042
CVE-2024-0565
CVE-2024-1086




Description of changes:

[4.18.0-513.24.1.el8_9.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Drop not needed patch

[4.18.0-513.24.1.el8_9]
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-27496 RHEL-21760]
- ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-27496 RHEL-21760]
- ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-27496 RHEL-21760]

[4.18.0-513.23.1.el8_9]
- scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26139 RHEL-25747]
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-26331 RHEL-23386] {CVE-2021-33631}
- serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- amiserial: expand "custom" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: extract port ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: drop ISA support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}
- tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546}

[4.18.0-513.22.1.el8_9]
- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-25811 RHEL-11194]
- smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-25719 RHEL-22312]
- ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-20909 RHEL-16412]
- ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-20909 RHEL-16412]
- ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-20909 RHEL-16412]
- ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-20909 RHEL-16412]
- ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-20909 RHEL-16412]
- ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-20909 RHEL-16412]
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-20909 RHEL-16412]
- KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-23063 RHEL-7558]
- x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-23063 RHEL-7558]
- dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232]
- dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-26101 RHEL-22232]
- dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232]

[4.18.0-513.21.1.el8_9]
- rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-24204 RHEL-21941]
- drm/amdgpu: Fix potential fence use-after-free v2 (Jorge San Emeterio) [RHEL-24479 RHEL-22504] {CVE-2023-51042}
- perf: Fix perf_event_validate_size() lockdep splat (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931}
- perf: Fix perf_event_validate_size() (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931}
- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-22077 RHEL-21685] {CVE-2024-0565}
- ibmveth: Remove condition to recompute TCP header checksum. (Mamatha Inamdar) [RHEL-20822 RHEL-12553]

[4.18.0-513.20.1.el8_9]
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-22766 RHEL-3179] {CVE-2022-38096}
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21055 RHEL-21054]

[4.18.0-513.19.1.el8_9]
- libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-21394 RHEL-20390]
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24010 RHEL-23506] {CVE-2024-1086}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-1607: kernel security, bug fix, and enhancement Important Security Advisory Updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[4.18.0-513.24.1.el8_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-513.24.1.el8_9] - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-27496 RHEL-21760] - ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-27496 RHEL-21760] - ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-27496 RHEL-21760] [4.18.0-513.23.1.el8_9] - scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26139 RHEL-25747] - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-26331 RHEL-23386] {CVE-2021-33631} - serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: expand "custom" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: extract port ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop ISA support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} [4.18.0-513.22.1.el8_9] - s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-25811 RHEL-11194] - smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-25719 RHEL-22312] - ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-20909 RHEL-16412] - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-23063 RHEL-7558] - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-23063 RHEL-7558] - dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] - dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-26101 RHEL-22232] - dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] [4.18.0-513.21.1.el8_9] - rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-24204 RHEL-21941] - drm/amdgpu: Fix potential fence use-after-free v2 (Jorge San Emeterio) [RHEL-24479 RHEL-22504] {CVE-2023-51042} - perf: Fix perf_event_validate_size() lockdep splat (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} - perf: Fix perf_event_validate_size() (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} - smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-22077 RHEL-21685] {CVE-2024-0565} - ibmveth: Remove condition to recompute TCP header checksum. (Mamatha Inamdar) [RHEL-20822 RHEL-12553] [4.18.0-513.20.1.el8_9] - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-22766 RHEL-3179] {CVE-2022-38096} - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21055 RHEL-21054] [4.18.0-513.19.1.el8_9] - libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-21394 RHEL-20390] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24010 RHEL-23506] {CVE-2024-1086}

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-4.18.0-513.24.1.el8_9.src.rpm

x86_64

bpftool-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-abi-stablelists-4.18.0-513.24.1.el8_9.noarch.rpm kernel-core-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-cross-headers-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-debug-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-debug-core-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-debug-devel-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-debug-modules-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-debug-modules-extra-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-devel-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-doc-4.18.0-513.24.1.el8_9.noarch.rpm kernel-headers-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-modules-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-modules-extra-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-tools-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-tools-libs-4.18.0-513.24.1.el8_9.x86_64.rpm perf-4.18.0-513.24.1.el8_9.x86_64.rpm python3-perf-4.18.0-513.24.1.el8_9.x86_64.rpm kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.x86_64.rpm

aarch64

bpftool-4.18.0-513.24.1.el8_9.aarch64.rpm kernel-cross-headers-4.18.0-513.24.1.el8_9.aarch64.rpm kernel-headers-4.18.0-513.24.1.el8_9.aarch64.rpm kernel-tools-4.18.0-513.24.1.el8_9.aarch64.rpm kernel-tools-libs-4.18.0-513.24.1.el8_9.aarch64.rpm perf-4.18.0-513.24.1.el8_9.aarch64.rpm python3-perf-4.18.0-513.24.1.el8_9.aarch64.rpm kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.aarch64.rpm

i386

Severity
Related CVEs: CVE-2021-33631 CVE-2022-38096 CVE-2023-6546 CVE-2023-6931 CVE-2023-51042 CVE-2024-0565 CVE-2024-1086

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved