Oracle Linux Security Advisory ELSA-2024-10281

http://linux.oracle.com/errata/ELSA-2024-10281.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.30.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.30.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.30.1.el8_10.x86_64.rpm
perf-4.18.0-553.30.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.30.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.30.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.30.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.30.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.30.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.30.1.el8_10.aarch64.rpm
perf-4.18.0-553.30.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.30.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.30.1.el8_10.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.30.1.el8_10.src.rpm

Related CVEs:

CVE-2024-27043
CVE-2024-27399
CVE-2024-38564
CVE-2024-46858




Description of changes:

- [4.18.0-553.30.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-553.30.1.el8_10]
- media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043}
- blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200]
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52684]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52684]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52684]
- smb: client: use actual path when queryfs (Paulo Alcantara) [RHEL-60363]
- cifs: Fix uninitialized memory reads for oparms.mode (Paulo Alcantara) [RHEL-60363]
- cifs: Fix uninitialized memory read for smb311 posix symlink create (Paulo Alcantara) [RHEL-60363]
- cifs: convert the path to utf16 in smb2_query_info_compound (Paulo Alcantara) [RHEL-60363]
- autofs: fix thinko in validate_dev_ioctl() (Ian Kent) [RHEL-62168]
- autofs: add per dentry expire timeout (Ian Kent) [RHEL-62168]
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (Viktor Malik) [RHEL-44167] {CVE-2024-38564}

[4.18.0-553.29.1.el8_10]
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (cki-backport-bot) [RHEL-36372] {CVE-2024-27399}
- mptcp: pm: Fix uaf in __timer_delete_sync (Guillaume Nault) [RHEL-60614] {CVE-2024-46858}
- cifs: fix dfs link failover in cifs_tree_connect() (Paulo Alcantara) [RHEL-8002]

[4.18.0-553.28.1.el8_10]
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Mete Durlu) [RHEL-61702]
- smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-61400]
- smb: client: fix potential deadlock when releasing mids (Paulo Alcantara) [RHEL-61400]
- cifs: remove useless DeleteMidQEntry() (Paulo Alcantara) [RHEL-61400]
- Bluetooth: af_bluetooth: Fix deadlock (CKI Backport Bot) [RHEL-58991]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Nico Pache) [RHEL-26709]
- audit: Send netlink ACK before setting connection in auditd_set (Richard Guy Briggs) [RHEL-14004]
- KVM: selftests: x86: Fix test failure on arch lbr capable platforms (Maxim Levitsky) [RHEL-23999]
- raid1: fix use-after-free for original bio in raid1_write_request() (Nigel Croxon) [RHEL-55263]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-10281: kernel:4.18.0 Moderate Security Advisory Updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

- [4.18.0-553.30.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-553.30.1.el8_10] - media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043} - blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200] - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52684] - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52684] - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52684] - smb: client: use actual path when queryfs (Paulo Alcantara) [RHEL-60363] - cifs: Fix uninitialized memory reads for oparms.mode ...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.30.1.el8_10.src.rpm

x86_64

bpftool-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.30.1.el8_10.noarch.rpm kernel-core-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.30.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.30.1.el8_10.x86_64.rpm perf-4.18.0-553.30.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.30.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.30.1.el8_10.x86_64.rpm

aarch64

bpftool-4.18.0-553.30.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.30.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.30.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.30.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.30.1.el8_10.aarch64.rpm perf-4.18.0-553.30.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.30.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.30.1.el8_10.aarch64.rpm

i386

Severity
Related CVEs: CVE-2024-27043 CVE-2024-27399 CVE-2024-38564 CVE-2024-46858

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved