Oracle Linux Cloud Native Environment Security Advisory ELSA-2022-9011

https://linux.oracle.com/errata/ELSA-2022-9011.html

The following updated rpms for Oracle Linux Cloud Native Environment 1.0 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-container-4.14.35-2047.510.5.2.el7.x86_64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-container-4.14.35-2047.510.5.2.el7.src.rpm

Related CVEs:

CVE-2021-0920
CVE-2021-4155




Description of changes:

[4.14.35-2047.510.5.2.el7]
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
  (Darrick J. Wong)  [Orabug: 33722441]  {CVE-2021-4155}

[4.14.35-2047.510.5.1.el7]
- fget: check that the fd still exists after getting a ref to it (Linus Torvalds)  [Orabug: 33679805]  {CVE-2021-0920}
- fs: add fget_many() and fput_many() (Jens Axboe)  [Orabug: 33679805]

[4.14.35-2047.510.5.el7]
- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan)  [Orabug: 33585476]
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna)  [Orabug: 33501677]
- rds: ib: Ack seq not always received in monotonic increasing order (H=E5kon Bugge)  [Orabug: 33620419]
- net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo)  [Orabug: 33265955]
- arm64: pcie: Intercept Pensando specific SError (Henry Willard)  [Orabug: 33590080]
- arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard)  [Orabug: 33590080]
- arm64: pcie: Remove Pensando SError trapping patch (Henry Willard)  [Orabug: 33590080]
- take care multiple extents in CoW extent converting (Wengang Wang)  [Orabug: 33473949]
- net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi)  [Orabug: 33525560]
- ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi)  [Orabug: 33525560]
- net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje)  [Orabug: 33651549]
- uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly)  [Orabug: 33651431]
- x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora)  [Orabug: 33651433]
- x86/asm: add clzero based page clearing (Ankur Arora)  [Orabug: 33580825]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora)  [Orabug: 33580825]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips)  [Orabug: 33580825]
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich)  [Orabug: 33651434]
- net/rds: Don't pummel the subnet-manager (Gerd Rausch)  [Orabug: 33651436]
- uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy)  [Orabug: 33651437]
- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju)  [Orabug: 33651440]
- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann)  [Orabug: 33651444]
- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib)  [Orabug: 33651442]

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle: ELSA-2022-9011: Oracle Important Security Update

The following updated rpms for Oracle Linux Cloud Native Environment 1.0 ha= ve been uploaded to the Unbreakable Linux Network:

Summary

[4.14.35-2047.510.5.2.el7] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33722441] {CVE-2021-4155} [4.14.35-2047.510.5.1.el7] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] [4.14.35-2047.510.5.el7] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585476] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501677] - rds: ib: Ack seq not always received in monotonic increasing order (H=E5kon Bugge) [Orabug: 33620419] - net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33265955] - arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33590080] - arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33590080] - arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33590080] - take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33473949] - net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33525560] - ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33525560] - net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33651549] - uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33651431] - x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33651433] - x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33651434] - net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33651436] - uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33651437] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33651440] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33651444] - RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33651442]

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-container-4.14.35-2047.510.5.2.el7.src.rpm

x86_64

kernel-uek-container-4.14.35-2047.510.5.2.el7.x86_64.rpm

aarch64

i386

Severity
Related CVEs: CVE-2021-0920 CVE-2021-4155

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved