[3.10.0-1160.99.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.99.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9] - Update oracle value to match new certificate [3.10.0-1160.99.1.el7] - x86/cpu/amd: Add a Zenbleed fix [2226841] {CVE-2023-20593} - x86/cpu/amd: Move the errata checking functionality up [2226841] {CVE-2023-20593} - x86/cpu: Restore AMD"s DE_CFG MSR after resume [2226841] {CVE-2023-20593} [3.10.0-1160.98.1.el7] - GFS2: gfs2_dir_get_hash_table: avoiding deferred vfree is easy here... [2190450] - GFS2: use kvfree instead of open-coding it [2190450] [3.10.0-1160.97.1.el7] - net/sched: flower: fix possible OOB write in fl_set_geneve_opt [2216982] {CVE-2023-35788} - netfilter: conntrack: re-fetch conntrack after insertion [2188190] - netfilter: conntrack: handle tcp challenge acks during connection reuse [2128262] - netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst [2128262] - netfilter: conntrack: remove unneeded indent level [2128262] - netfilter: conntrack: ignore overly delayed tcp packets [2128262] - netfilter: conntrack: prepare tcp_in_window for ternary return value [2128262] - netfilter: conntrack: connection timeout after re-register [2128262] - netfilter: conntrack: always store window size un-scaled [2128262] - netfilter: conntrack: work around exceeded receive window [2128262] - netfilter: conntrack: avoid misleading "invalid" in log message [2128262] - netfilter: remove BUG_ON after skb_header_pointer [2128262] - netfilter: nf_conntrack_tcp: re-init for syn packets only [2128262] - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options [2128262] - netfilter: conntrack: re-init state for retransmitted syn-ack [2128262] - netfilter: conntrack: move synack init code to helper [2128262] - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state [2128262] - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options [2128262] [3.10.0-1160.96.1.el7] - sched/fair: Eliminate bandwidth race between throttling and distribution [2180681] - sched/fair: Fix race between runtime distribution and assignment [2180681] - sched/fair: Don"t assign runtime for throttled cfs_rq [2180681]