Описание
ELSA-2021-0003: kernel security and bug fix update (IMPORTANT)
[4.18.0-240.10.1_3.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7
[4.18.0-240.10.1_3]
- [net] SUNRPC: Signalled ASYNC tasks need to exit (Scott Mayhew) [1907667 1872310]
[4.18.0-240.9.1_3]
- [net] tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies (Antoine Tenart) [1902082 1895765]
- [net] net-sysfs: add backlog len and CPU id to softnet data (Paolo Abeni) [1883314 1866909]
- [net] try to avoid unneeded backlog flush (Paolo Abeni) [1883314 1866909]
- [net] skbuff: fix a data race in skb_queue_len() (Paolo Abeni) [1883314 1866909]
- [powerpc] mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush (Diego Domingos) [1899208 1805031]
- [powerpc] powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case (Diego Domingos) [1899208 1805031]
- [net] netfilter: ctnetlink: add a range check for l3/l4 protonum (Florian Westphal) [1892665 1892666] {CVE-2020-25211}
- [char] random: decouple random and urandom extrng fops (Vladis Dronov) [1899584 1890711]
- [char] random: Add a poll handler to extrng_fops (Vladis Dronov) [1886192 1884857]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bpftool
4.18.0-240.10.1.el8_3
kernel-cross-headers
4.18.0-240.10.1.el8_3
kernel-headers
4.18.0-240.10.1.el8_3
kernel-tools
4.18.0-240.10.1.el8_3
kernel-tools-libs
4.18.0-240.10.1.el8_3
kernel-tools-libs-devel
4.18.0-240.10.1.el8_3
perf
4.18.0-240.10.1.el8_3
python3-perf
4.18.0-240.10.1.el8_3
Oracle Linux x86_64
bpftool
4.18.0-240.10.1.el8_3
kernel
4.18.0-240.10.1.el8_3
kernel-abi-whitelists
4.18.0-240.10.1.el8_3
kernel-core
4.18.0-240.10.1.el8_3
kernel-cross-headers
4.18.0-240.10.1.el8_3
kernel-debug
4.18.0-240.10.1.el8_3
kernel-debug-core
4.18.0-240.10.1.el8_3
kernel-debug-devel
4.18.0-240.10.1.el8_3
kernel-debug-modules
4.18.0-240.10.1.el8_3
kernel-debug-modules-extra
4.18.0-240.10.1.el8_3
kernel-devel
4.18.0-240.10.1.el8_3
kernel-doc
4.18.0-240.10.1.el8_3
kernel-headers
4.18.0-240.10.1.el8_3
kernel-modules
4.18.0-240.10.1.el8_3
kernel-modules-extra
4.18.0-240.10.1.el8_3
kernel-tools
4.18.0-240.10.1.el8_3
kernel-tools-libs
4.18.0-240.10.1.el8_3
kernel-tools-libs-devel
4.18.0-240.10.1.el8_3
perf
4.18.0-240.10.1.el8_3
python3-perf
4.18.0-240.10.1.el8_3
Связанные CVE
Связанные уязвимости
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
In the Linux kernel through 5.8.7, local attackers able to inject conn ...