Oracle Linux 6255 Published by

Oracle just released the following 17 updates for Oracle Linux 7:

ELBA-2018-2753 Oracle Linux 7 systemd bug fix update
ELBA-2018-2754 Oracle Linux 7 gcc-libraries bug fix and enhancement update
ELBA-2018-2755 Oracle Linux 7 Apache Tomcat bug fix update
ELBA-2018-2756 Oracle Linux 7 sssd bug fix update
ELBA-2018-2758 Oracle Linux 7 Generated network interfaces (docker0) will now persist zone assignments
ELBA-2018-2759 Oracle Linux 7 pki-core bug fix update
ELBA-2018-2760 Oracle Linux 7 ipa bug fix update
ELBA-2018-2761 Oracle Linux 7 kexec-tools bug fix update
ELBA-2018-2764 Oracle Linux 7 initscripts bug fix update
ELBA-2018-2765 Oracle Linux 7 mutter bug fix update
ELBA-2018-2767 Oracle Linux 7 mod_wsgi bug fix update
ELBA-2018-2769 Oracle Linux 7 libvirt bug fix update
ELBA-2018-2771 Oracle Linux 7 dconf bug fix update
ELSA-2018-2748 Important: Oracle Linux 7 kernel security and bug fix update
ELSA-2018-2757 Moderate: Oracle Linux 7 389-ds-base security and bug fix update
ELSA-2018-2766 Moderate: Oracle Linux 7 flatpak security update
ELSA-2018-2768 Moderate: Oracle Linux 7 nss security update



ELBA-2018-2753 Oracle Linux 7 systemd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2753

http://linux.oracle.com/errata/ELBA-2018-2753.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libgudev1-219-57.0.1.el7_5.3.i686.rpm
libgudev1-219-57.0.1.el7_5.3.x86_64.rpm
libgudev1-devel-219-57.0.1.el7_5.3.i686.rpm
libgudev1-devel-219-57.0.1.el7_5.3.x86_64.rpm
systemd-219-57.0.1.el7_5.3.x86_64.rpm
systemd-devel-219-57.0.1.el7_5.3.i686.rpm
systemd-devel-219-57.0.1.el7_5.3.x86_64.rpm
systemd-journal-gateway-219-57.0.1.el7_5.3.x86_64.rpm
systemd-libs-219-57.0.1.el7_5.3.i686.rpm
systemd-libs-219-57.0.1.el7_5.3.x86_64.rpm
systemd-networkd-219-57.0.1.el7_5.3.x86_64.rpm
systemd-python-219-57.0.1.el7_5.3.x86_64.rpm
systemd-resolved-219-57.0.1.el7_5.3.i686.rpm
systemd-resolved-219-57.0.1.el7_5.3.x86_64.rpm
systemd-sysv-219-57.0.1.el7_5.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/systemd-219-57.0.1.el7_5.3.src.rpm



Description of changes:

[219-57.0.1]
- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug:
25897792] (tony.l.lam@oracle.com)
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug:
18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]

[219-57.3]
- restart automounts unit on update (#1596241)

[219-57.2]
- automount: handle state changes of the corresponding mount unit
correctly (#1596241)


ELBA-2018-2754 Oracle Linux 7 gcc-libraries bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2018-2754

http://linux.oracle.com/errata/ELBA-2018-2754.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libgfortran4-8.2.1-1.3.1.el7_5.i686.rpm
libgfortran4-8.2.1-1.3.1.el7_5.x86_64.rpm
libgfortran5-8.2.1-1.3.1.el7_5.i686.rpm
libgfortran5-8.2.1-1.3.1.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gcc-libraries-8.2.1-1.3.1.el7_5.src.rpm



Description of changes:

[8.2.1-1.3.1]
- update 0022-Default-values-for-certain-field-descriptors-in-form.patch

[8.2.1-1.2.1]
- update from rhel-7.6 branch


ELBA-2018-2755 Oracle Linux 7 Apache Tomcat bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2755

http://linux.oracle.com/errata/ELBA-2018-2755.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
tomcat-7.0.76-7.el7_5.noarch.rpm
tomcat-admin-webapps-7.0.76-7.el7_5.noarch.rpm
tomcat-docs-webapp-7.0.76-7.el7_5.noarch.rpm
tomcat-el-2.2-api-7.0.76-7.el7_5.noarch.rpm
tomcat-javadoc-7.0.76-7.el7_5.noarch.rpm
tomcat-jsp-2.2-api-7.0.76-7.el7_5.noarch.rpm
tomcat-jsvc-7.0.76-7.el7_5.noarch.rpm
tomcat-lib-7.0.76-7.el7_5.noarch.rpm
tomcat-servlet-3.0-api-7.0.76-7.el7_5.noarch.rpm
tomcat-webapps-7.0.76-7.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/tomcat-7.0.76-7.el7_5.src.rpm



Description of changes:

[0:7.0.76-7]
- Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session.


ELBA-2018-2756 Oracle Linux 7 sssd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2756

http://linux.oracle.com/errata/ELBA-2018-2756.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libipa_hbac-1.16.0-19.el7_5.8.i686.rpm
libipa_hbac-1.16.0-19.el7_5.8.x86_64.rpm
libipa_hbac-devel-1.16.0-19.el7_5.8.i686.rpm
libipa_hbac-devel-1.16.0-19.el7_5.8.x86_64.rpm
libsss_autofs-1.16.0-19.el7_5.8.x86_64.rpm
libsss_certmap-1.16.0-19.el7_5.8.i686.rpm
libsss_certmap-1.16.0-19.el7_5.8.x86_64.rpm
libsss_certmap-devel-1.16.0-19.el7_5.8.i686.rpm
libsss_certmap-devel-1.16.0-19.el7_5.8.x86_64.rpm
libsss_idmap-1.16.0-19.el7_5.8.i686.rpm
libsss_idmap-1.16.0-19.el7_5.8.x86_64.rpm
libsss_idmap-devel-1.16.0-19.el7_5.8.i686.rpm
libsss_idmap-devel-1.16.0-19.el7_5.8.x86_64.rpm
libsss_nss_idmap-1.16.0-19.el7_5.8.i686.rpm
libsss_nss_idmap-1.16.0-19.el7_5.8.x86_64.rpm
libsss_nss_idmap-devel-1.16.0-19.el7_5.8.i686.rpm
libsss_nss_idmap-devel-1.16.0-19.el7_5.8.x86_64.rpm
libsss_simpleifp-1.16.0-19.el7_5.8.i686.rpm
libsss_simpleifp-1.16.0-19.el7_5.8.x86_64.rpm
libsss_simpleifp-devel-1.16.0-19.el7_5.8.i686.rpm
libsss_simpleifp-devel-1.16.0-19.el7_5.8.x86_64.rpm
libsss_sudo-1.16.0-19.el7_5.8.x86_64.rpm
python-libipa_hbac-1.16.0-19.el7_5.8.x86_64.rpm
python-libsss_nss_idmap-1.16.0-19.el7_5.8.x86_64.rpm
python-sss-1.16.0-19.el7_5.8.x86_64.rpm
python-sss-murmur-1.16.0-19.el7_5.8.x86_64.rpm
python-sssdconfig-1.16.0-19.el7_5.8.noarch.rpm
sssd-1.16.0-19.el7_5.8.x86_64.rpm
sssd-ad-1.16.0-19.el7_5.8.x86_64.rpm
sssd-client-1.16.0-19.el7_5.8.i686.rpm
sssd-client-1.16.0-19.el7_5.8.x86_64.rpm
sssd-common-1.16.0-19.el7_5.8.x86_64.rpm
sssd-common-pac-1.16.0-19.el7_5.8.x86_64.rpm
sssd-dbus-1.16.0-19.el7_5.8.x86_64.rpm
sssd-ipa-1.16.0-19.el7_5.8.x86_64.rpm
sssd-kcm-1.16.0-19.el7_5.8.x86_64.rpm
sssd-krb5-1.16.0-19.el7_5.8.x86_64.rpm
sssd-krb5-common-1.16.0-19.el7_5.8.x86_64.rpm
sssd-ldap-1.16.0-19.el7_5.8.x86_64.rpm
sssd-libwbclient-1.16.0-19.el7_5.8.x86_64.rpm
sssd-libwbclient-devel-1.16.0-19.el7_5.8.i686.rpm
sssd-libwbclient-devel-1.16.0-19.el7_5.8.x86_64.rpm
sssd-polkit-rules-1.16.0-19.el7_5.8.x86_64.rpm
sssd-proxy-1.16.0-19.el7_5.8.x86_64.rpm
sssd-tools-1.16.0-19.el7_5.8.x86_64.rpm
sssd-winbind-idmap-1.16.0-19.el7_5.8.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.0-19.el7_5.8.src.rpm



Description of changes:

[1.16.0-19.8]
- Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in
case an invalid profile is found [rhel-7.5.z]

[1.16.0-19.7]
- Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA
master for AD users [rhel-7.5.z]

[1.16.0-19.6]
- Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working
after update to RHEL-7.5 [rhel-7.5.z]


ELBA-2018-2758 Oracle Linux 7 Generated network interfaces (docker0) will now persist zone assignments

Oracle Linux Bug Fix Advisory ELBA-2018-2758

http://linux.oracle.com/errata/ELBA-2018-2758.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
firewall-applet-0.4.4.4-15.el7_5.noarch.rpm
firewall-config-0.4.4.4-15.el7_5.noarch.rpm
firewalld-0.4.4.4-15.el7_5.noarch.rpm
firewalld-filesystem-0.4.4.4-15.el7_5.noarch.rpm
python-firewall-0.4.4.4-15.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firewalld-0.4.4.4-15.el7_5.src.rpm



Description of changes:

[0.4.4.4-15]
- backport patches to avoid NM for generated connections



ELBA-2018-2759 Oracle Linux 7 pki-core bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2759

http://linux.oracle.com/errata/ELBA-2018-2759.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
pki-base-10.5.1-15.el7_5.noarch.rpm
pki-base-java-10.5.1-15.el7_5.noarch.rpm
pki-ca-10.5.1-15.el7_5.noarch.rpm
pki-javadoc-10.5.1-15.el7_5.noarch.rpm
pki-kra-10.5.1-15.el7_5.noarch.rpm
pki-server-10.5.1-15.el7_5.noarch.rpm
pki-symkey-10.5.1-15.el7_5.x86_64.rpm
pki-tools-10.5.1-15.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pki-core-10.5.1-15.el7_5.src.rpm



Description of changes:

[10.5.1-15]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1600905 - pki console configurations that involves ldap
passwords leave the plain text password in signed audit logs
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1611245 - Certificate generation happens with partial
attributes in CMCRequest file [rhel-7.5.z] (cfu)
- Bugzilla Bug #1611250 - Better understanding of
NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu)
- Bugzilla Bug #1612880 - CMC Revocations throws exception with
same reqIssuer & certissuer [rhel-7.5.z] (cfu)
- Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on
DL0 with latest version [rhel-7.5.z] (abokovoy)
- Bugzilla Bug #1614839 - CC: Enable all config audit events
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1615266 - ECC keys not supported for signing audit
logs [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1539933 - keyGen fails when only Identity


ELBA-2018-2760 Oracle Linux 7 ipa bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2760

http://linux.oracle.com/errata/ELBA-2018-2760.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
ipa-client-4.5.4-10.0.1.el7_5.4.4.x86_64.rpm
ipa-client-common-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
ipa-common-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
ipa-python-compat-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
ipa-server-4.5.4-10.0.1.el7_5.4.4.x86_64.rpm
ipa-server-common-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
ipa-server-dns-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
ipa-server-trust-ad-4.5.4-10.0.1.el7_5.4.4.x86_64.rpm
python2-ipaclient-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
python2-ipalib-4.5.4-10.0.1.el7_5.4.4.noarch.rpm
python2-ipaserver-4.5.4-10.0.1.el7_5.4.4.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ipa-4.5.4-10.0.1.el7_5.4.4.src.rpm



Description of changes:

[4.5.4-10.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]

[4.5.4-10.el7_5.4.4]
- Resolves: #1626379 PKINIT configuration did not succeed message is
received during Replica-install
- ipa-replica-install: fix pkinit setup


ELBA-2018-2761 Oracle Linux 7 kexec-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2761

http://linux.oracle.com/errata/ELBA-2018-2761.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kexec-tools-2.0.15-13.0.1.el7_5.2.x86_64.rpm
kexec-tools-anaconda-addon-2.0.15-13.0.1.el7_5.2.x86_64.rpm
kexec-tools-eppic-2.0.15-13.0.1.el7_5.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kexec-tools-2.0.15-13.0.1.el7_5.2.src.rpm



Description of changes:

[2.0.15-13.0.1]
- dracut-module-setup: avoid duplicate config for ibft [Orabug: 22780125]
- kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline
(Sriharsha Yadagudde) [Orabug: 19134999]
- kdumpctl: verify if kernel support securelevel interface
(Sriharsha Yadagudde) [Orabug: 18905671]

[2.0.15-13.2]
- kdumpctl: Remove 'netroot' and 'iscsi initiator' entries from kdump
cmdline

ELBA-2018-2764 Oracle Linux 7 initscripts bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2764

http://linux.oracle.com/errata/ELBA-2018-2764.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
debugmode-9.49.41-1.0.4.el7_5.2.x86_64.rpm
initscripts-9.49.41-1.0.4.el7_5.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/initscripts-9.49.41-1.0.4.el7_5.2.src.rpm



Description of changes:

[9.49.41-1.0.4]
- Set net.rdmaip.trigger_active_bonding on service start and stop
- set net.rdmaip.active_bonding.patch [Orabug 27741130]
- Require the 7u5 package oraclelinux-release instead of the file
/etc/system-release to ensure all upgrade scenarios are covered
[bug 27882831]
- Restore requirement for /etc/system-release to ensure that
oraclelinux-release is pulled in [bug 27882831]
- modify SUBSCRIPTION_MSG

[9.49.41-1.el7_5.2]
- ifup-post: fix incorrect condition for RESOLV_MODS (bug #1622533)


ELBA-2018-2765 Oracle Linux 7 mutter bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2765

http://linux.oracle.com/errata/ELBA-2018-2765.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
mutter-3.26.2-17.el7_5.i686.rpm
mutter-3.26.2-17.el7_5.x86_64.rpm
mutter-devel-3.26.2-17.el7_5.i686.rpm
mutter-devel-3.26.2-17.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/mutter-3.26.2-17.el7_5.src.rpm



Description of changes:

[3.26.2-17]
- Fix crash when transient dialog closes during drag operation
- Resolves: #1622036

[3.26.2-16]
- Fix support for external monitor configurations
- Resolves: #1622000


ELBA-2018-2767 Oracle Linux 7 mod_wsgi bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2767

http://linux.oracle.com/errata/ELBA-2018-2767.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
mod_wsgi-3.4-13.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/mod_wsgi-3.4-13.el7_5.1.src.rpm



Description of changes:

[3.4-13.1]
- mod_wsgi forces HEAD to GET (#1623666)

[3.4-13]
- reduce chance of deadlock at process shutdown (#1493429)


ELBA-2018-2769 Oracle Linux 7 libvirt bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2769

http://linux.oracle.com/errata/ELBA-2018-2769.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libvirt-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-admin-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.8.i686.rpm
libvirt-client-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.8.i686.rpm
libvirt-devel-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.8.i686.rpm
libvirt-libs-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.8.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.8.i686.rpm
libvirt-nss-3.9.0-14.el7_5.8.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-3.9.0-14.el7_5.8.src.rpm



Description of changes:

[3.9.0-14.el7_5.8]
- remote: Extract common clearing of event callbacks of client private
data (rhbz#1619206)
- remote: Move the call to remoteClientFreePrivateCallbacks from
FreeFunc to CloseFunc (rhbz#1619206)

ELBA-2018-2771 Oracle Linux 7 dconf bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2771

http://linux.oracle.com/errata/ELBA-2018-2771.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
dconf-0.26.0-3.el7_5.1.i686.rpm
dconf-0.26.0-3.el7_5.1.x86_64.rpm
dconf-devel-0.26.0-3.el7_5.1.i686.rpm
dconf-devel-0.26.0-3.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/dconf-0.26.0-3.el7_5.1.src.rpm



Description of changes:

[0.26.0-3]
- Check mtimes of files in /etc/dconf/db/*.d/ directories
- when running "dconf update"
- Resolves: #1626372

ELSA-2018-2748 Important: Oracle Linux 7 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2018-2748

http://linux.oracle.com/errata/ELSA-2018-2748.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm
kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm
kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm
perf-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-3.10.0-862.14.4.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-862.14.4.el7.src.rpm



Description of changes:

[3.10.0-862.14.4.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.14.4.el7]
- [scsi] Revert: lpfc: Fix port initialization failure (Radomir
Vrbovsky) [1605235 1584377]
- [scsi] Revert: qla2xxx: Fix NULL pointer access for fcport structure
(Radomir Vrbovsky) [1597546 1547714]

[3.10.0-862.14.3.el7]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta)
[1625980 1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980
1625991] {CVE-2018-14634}

[3.10.0-862.14.2.el7]
- [uio] fix possible circular locking dependency (Xiubo Li) [1608677
1560418]
- [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li)
[1608677 1560418]
- [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418]
- [uio] fix crash after the device is unregistered (Xiubo Li) [1608677
1560418]
- [uio] change to use the mutex lock instead of the spin lock (Xiubo Li)
[1608677 1560418]
- [uio] Prevent device destruction while fds are open (Xiubo Li)
[1608677 1560418]
- [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418]
- [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418]
- [uio] add missing error codes (Xiubo Li) [1608677 1560418]
- [uio] fix false positive __might_sleep warning splat (Xiubo Li)
[1608677 1560418]
- [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418]
- [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418]
- [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677
1560418]
- [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418]
- [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li)
[1608677 1560418]
- [uio] fix memory leak (Xiubo Li) [1608677 1560418]
- [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677
1560418]
- [uio] Simplify uio error path by using devres functions (Xiubo Li)
[1608677 1560418]

[3.10.0-862.14.1.el7]
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh
Poimboeuf) [1619622 1614515]
- [infiniband] core: Fix nospec regression (Josh Poimboeuf) [1619624
1616346]
- [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly
Kuznetsov) [1618390 1607899]

[3.10.0-862.13.1.el7]
- [infiniband] ib/ipoib: Fix race condition in neigh creation (Don
Dutile) [1616164 1520300]
- [gpu] qxl: hook monitors_config updates into crtc, not encoder (Gerd
Hoffmann) [1614349 1544322]
- [gpu] qxl: move qxl_send_monitors_config() (Gerd Hoffmann) [1614349
1544322]
- [gpu] qxl: remove qxl_io_log() (Gerd Hoffmann) [1614349 1544322]
- [kernel] locking: Introduce smp_mb__after_spinlock() (Steve Best)
[1613814 1496574]
- [scsi] ibmvfc: Avoid unnecessary port relogin (Steve Best) [1613202
1605080]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream
(Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte)
[1612353 1585297]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo
Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream
(Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream
(Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte)
[1612353 1585297]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in
upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: move code from setup.h to security_features.h
as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo
Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update entry barrier slot as in upstream
(Gustavo Duarte) [1612353 1585297]
- [nvmet-fc] move tech preview warning to nvmet_fc_register_targetport
call (Ewan Milne) [1610381 1608947]
- [nvme-fc] move tech preview warning to nvme_fc_register_localport call
(Ewan Milne) [1610381 1608947]
- [block] blk-throttle: check stats_cpu before reading it from sysfs
(Ming Lei) [1608228 1567748]
- [powerpc] signals: Discard transaction state from signal frames (Steve
Best) [1608227 1586153]
- [ipc] shm.c: add split function to shm_vm_ops (Desnes Augusto Nunes do
Rosario) [1608225 1586152]
- [scsi] lpfc: Fix port initialization failure (Dick Kennedy) [1605235
1584377]
- [vmbus] fix the missed signaling in hv_signal_on_read() (Vitaly
Kuznetsov) [1605089 1591976]
- [infiniband] ib/ipoib: Fix for potential no-carrier state (Donald
Dutile) [1601935 1548474]
- [vmwgfx] refuse to hibernate if we have any resources. (v2) (Dave
Airlie) [1601516 1595136]
- [netdrv] sfc: stop the TX queue before pushing new buffers (Xin Long)
[1601353 1445576]
- [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601009
1559106]
- [kernel] hrtimer: Allow concurrent hrtimer_start() for self restarting
timers (Oleksandr Natalenko) [1600911 1574387]
- [iommu] amd: Add NULL sanity check for struct irq_2_irte.ir_data
(Suravee Suthikulpanit) [1600661 1542697]
- [hid] wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
(Benjamin Tissoires) [1600660 1591499]
- [md] avoid NULL dereference to queue pointer (Ming Lei) [1600056 1581845]
- [scsi] qla2xxx: Fix NULL pointer access for fcport structure (Himanshu
Madhani) [1597546 1547714]
- [scsi] csiostor: Add a soft dep on cxgb4 driver (Arjun Vynipadath)
[1597529 1584003]
- [mm] initialize pages on demand during boot (Masayoshi Mizuma)
[1588366 1496330]
- [mm] split deferred_init_range into initializing and freeing parts
(Masayoshi Mizuma) [1588366 1496330]
- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh
Poimboeuf) [1589033 1589035] {CVE-2018-3693}
- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368
1611369] {CVE-2018-5390}
- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni)
[1611368 1611369] {CVE-2018-5390}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue()
(Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo
Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo
Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368
1611369] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni)
[1611368 1611369] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368
1611369] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo
Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni)
[1611368 1611369] {CVE-2018-5390}
- [x86] x86/syscall: Fix regression when using the last syscall
(pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693}
- [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384]
{CVE-2018-3620}
- [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED
architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Expose SMT control init function (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384]
{CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] bugs: Concentrate bug reporting into a separate function (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Online siblings when SMT control is turned on
(Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only
MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting
(Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an
host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities,
part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being
present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities,
part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- Revert "x86/apic: Ignore secondary threads if nosmt=force" (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] CPU/AMD: Move TOPOEXT reenablement before reading
smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP
info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] CPU: Modify detect_extended_topology() to return result (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Report if too much memory for L1TF workaround (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] l1tf: Make sure the first page is always reserved (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf)
[1593383 1593384] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh
Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383
1593384] {CVE-2018-3620}
- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities
(Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}

[3.10.0-862.12.1.el7]
- [fs] CIFS: Fix NULL pointer deref on SMB2_tcon() failure (Leif
Sahlberg) [1609159 1591092]
- [net] multicast: do not restore deleted record source filter mode to
new one (Hangbin Liu) [1610380 1586321]
- [net] multicast: remove useless parameter for group add (Hangbin Liu)
[1610380 1586321]
- [net] ipv6/mcast: init as INCLUDE when join SSM INCLUDE group (Hangbin
Liu) [1610380 1586321]
- [net] ipv4/igmp: init group mode as INCLUDE when join source group
(Hangbin Liu) [1610380 1586321]
- [net] ipv6: mcast: fix unsolicited report interval after receiving
querys (Hangbin Liu) [1610380 1586321]
- [net] ipv6: refactor ipv6_dev_mc_inc() (Hangbin Liu) [1610380 1586321]

ELSA-2018-2757 Moderate: Oracle Linux 7 389-ds-base security and bug fix update

Oracle Linux Security Advisory ELSA-2018-2757

http://linux.oracle.com/errata/ELSA-2018-2757.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm
389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm
389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm
389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/389-ds-base-1.3.7.5-28.el7_5.src.rpm



Description of changes:

[1.3.7.5-28]
- Bump version to 1.3.7.5-28
- Resolves: Bug 1628676 - 389-ds-base: race condition on reference
counter leads to DoS using persistent search
- Resolves: Bug 1628677 - Crash in delete_passwdPolicy when persistent
search connections are terminated unexpectedly

[1.3.7.5-27]
- Bump version to 1.3.7.5-27
- Resolves: Bug 1623247 - Crash in vslapd_log_emergency_error

[1.3.7.5-26]
- Bump version to 1.3.7.5-26
- Resolves: Bug 1615924 - Fine grained password policy can impact search
performance
- Resolves: Bug 1614836 - Disable nunc-stans by default
- Resolves: Bug 1614861 - ldapsearch with server side sort crashes the
ldap server


ELSA-2018-2766 Moderate: Oracle Linux 7 flatpak security update

Oracle Linux Security Advisory ELSA-2018-2766

http://linux.oracle.com/errata/ELSA-2018-2766.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
flatpak-0.8.8-4.el7_5.x86_64.rpm
flatpak-builder-0.8.8-4.el7_5.x86_64.rpm
flatpak-devel-0.8.8-4.el7_5.x86_64.rpm
flatpak-libs-0.8.8-4.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/flatpak-0.8.8-4.el7_5.src.rpm



Description of changes:

[0.8.8-4]
- Add patch for CVE-2018-6560 (#1547376)

ELSA-2018-2768 Moderate: Oracle Linux 7 nss security update

Oracle Linux Security Advisory ELSA-2018-2768

http://linux.oracle.com/errata/ELSA-2018-2768.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
nss-3.36.0-7.el7_5.i686.rpm
nss-3.36.0-7.el7_5.x86_64.rpm
nss-devel-3.36.0-7.el7_5.i686.rpm
nss-devel-3.36.0-7.el7_5.x86_64.rpm
nss-pkcs11-devel-3.36.0-7.el7_5.i686.rpm
nss-pkcs11-devel-3.36.0-7.el7_5.x86_64.rpm
nss-sysinit-3.36.0-7.el7_5.x86_64.rpm
nss-tools-3.36.0-7.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.36.0-7.el7_5.src.rpm



Description of changes:

[3.36.0-7]
- Backport upstream fix for CVE-2018-12384
- Remove nss-lockcert-api-change.patch, which turned out to be a
mistake (the symbol was not exported from libnss)

[3.36.0-6]
- Exercise SSL tests which only run under non-FIPS setting