ELSA-2021-2168

Опубликовано: 02 июн. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-2168: kernel security and bug fix update (IMPORTANT)

[4.18.0-305.3.1_4.OL8]

Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.3.1_4]

Revert 'uio: use request_threaded_irq instead' (Vitaly Kuznetsov) [1952952 1946644]
drm/ast: Set format registers in primary plane's update (Lyude Paul) [1952900 1923857]
net/sched: act_ct: clear post_ct if doing ct_clear (Marcelo Ricardo Leitner) [1956458 1941889]
md/raid1: properly indicate failure when ending a failed write request (Nigel Croxon) [1955188 1954588]
nitro_enclaves: Fix stale file descriptors on failed usercopy (Vitaly Kuznetsov) [1956379 1953717]

[4.18.0-305.2.1_4]

net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP (Alaa Hleihel) [1952061 1936742]
net/mlx5e: Reject tc rules which redirect from a VF to itself (Alaa Hleihel) [1952065 1932839]
net/mlx5: CT: Add support for matching on ct_state inv and rel flags (Alaa Hleihel) [1952062 1942681]
KVM: VMX: Don't use vcpu->run->internal.ndata as an array index (Jon Maloy) [1954221 1954219]
tools/power turbostat: Revert '[tools] tools/power turbostat: Enable accumulate RAPL display' (Prarit Bhargava) [1952987 1944699]

[4.18.0-305.1.1_4]

ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (Jaroslav Kysela) [1954545 1870724]
ALSA: usb-audio: fix use after free in usb_audio_disconnect (Jaroslav Kysela) [1954545 1870724]
ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (Jaroslav Kysela) [1954545 1870724]
selinux: fix deadlock in security_set_bools() (Ondrej Mosnacek) [1945123 1924230]
geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (Antoine Tenart) [1944667 1941753]
vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply (Antoine Tenart) [1944667 1941753]
redhat: switch to zstream (Jan Stancek)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

4.18.0-305.3.1.el8_4

kernel-cross-headers

4.18.0-305.3.1.el8_4

kernel-headers

4.18.0-305.3.1.el8_4

kernel-tools

4.18.0-305.3.1.el8_4

kernel-tools-libs

4.18.0-305.3.1.el8_4

kernel-tools-libs-devel

4.18.0-305.3.1.el8_4

perf

4.18.0-305.3.1.el8_4

python3-perf

4.18.0-305.3.1.el8_4

Oracle Linux x86_64

bpftool

4.18.0-305.3.1.el8_4

kernel

4.18.0-305.3.1.el8_4

kernel-abi-stablelists

4.18.0-305.3.1.el8_4

kernel-core

4.18.0-305.3.1.el8_4

kernel-cross-headers

4.18.0-305.3.1.el8_4

kernel-debug

4.18.0-305.3.1.el8_4

kernel-debug-core

4.18.0-305.3.1.el8_4

kernel-debug-devel

4.18.0-305.3.1.el8_4

kernel-debug-modules

4.18.0-305.3.1.el8_4

kernel-debug-modules-extra

4.18.0-305.3.1.el8_4

kernel-devel

4.18.0-305.3.1.el8_4

kernel-doc

4.18.0-305.3.1.el8_4

kernel-headers

4.18.0-305.3.1.el8_4

kernel-modules

4.18.0-305.3.1.el8_4

kernel-modules-extra

4.18.0-305.3.1.el8_4

kernel-tools

4.18.0-305.3.1.el8_4

kernel-tools-libs

4.18.0-305.3.1.el8_4

kernel-tools-libs-devel

4.18.0-305.3.1.el8_4

perf

4.18.0-305.3.1.el8_4

python3-perf

4.18.0-305.3.1.el8_4

Связанные CVE

CVE-2021-3543

CVE-2021-3501

Ссылки на источники

Связанные уязвимости

RLSA-2021:2168

rocky

почти 4 года назад

Important: kernel security and bug fix update

CVE-2021-3543

CVSS3: 6.7

ubuntu

около 4 лет назад

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

CVE-2021-3543

CVSS3: 6.7

redhat

около 4 лет назад

CVE-2021-3543

CVSS3: 6.7

nvd

около 4 лет назад

CVE-2021-3543

CVSS3: 6.7

debian

около 4 лет назад

A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...