Oracle Linux 6267 Published by

The following updates has been released for Oracle Linux 6:

ELBA-2019-1651 Oracle Linux 6 kernel bug fix update
ELSA-2019-1650 Low: Oracle Linux 6 qemu-kvm security update
ELSA-2019-1652 Important: Oracle Linux 6 libssh2 security update



ELBA-2019-1651 Oracle Linux 6 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1651

http://linux.oracle.com/errata/ELBA-2019-1651.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-2.6.32-754.17.1.el6.i686.rpm
kernel-abi-whitelists-2.6.32-754.17.1.el6.noarch.rpm
kernel-debug-2.6.32-754.17.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.17.1.el6.i686.rpm
kernel-devel-2.6.32-754.17.1.el6.i686.rpm
kernel-doc-2.6.32-754.17.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.17.1.el6.noarch.rpm
kernel-headers-2.6.32-754.17.1.el6.i686.rpm
perf-2.6.32-754.17.1.el6.i686.rpm
python-perf-2.6.32-754.17.1.el6.i686.rpm

x86_64:
kernel-2.6.32-754.17.1.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-754.17.1.el6.noarch.rpm
kernel-debug-2.6.32-754.17.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.17.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.17.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.17.1.el6.x86_64.rpm
kernel-doc-2.6.32-754.17.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.17.1.el6.noarch.rpm
kernel-headers-2.6.32-754.17.1.el6.x86_64.rpm
perf-2.6.32-754.17.1.el6.x86_64.rpm
python-perf-2.6.32-754.17.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-754.17.1.el6.src.rpm



Description of changes:

[2.6.32-754.17.1.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-754.17.1.el6]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian
Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614]
{CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian
Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal)
[1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal)
[1719585] {CVE-2019-11477}
- [lib] idr: free the top layer if idr tree has the maximum height
(Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix top layer handling (Denys Vlasenko) [1698139]
{CVE-2019-3896}
- [lib] idr: fix backtrack logic in idr_remove_all (Denys Vlasenko)
[1698139] {CVE-2019-3896}

[2.6.32-754.16.1.el6]
- [virt] xenbus: Fix memory leak on release (Vitaly Kuznetsov) [1661666]
- [fs] dcache: fix locking around setting DCACHE_SHRINKING flag (Miklos
Szeredi) [1672269]
- [x86] KVM: SVM: Selective cr0 intercept (Wei Huang) [1655873]
- [x86] KVM: SVM: Restore unconditional cr0 intercept under npt (Wei
Huang) [1655873]

ELSA-2019-1650 Low: Oracle Linux 6 qemu-kvm security update

Oracle Linux Security Advisory ELSA-2019-1650

http://linux.oracle.com/errata/ELSA-2019-1650.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
qemu-guest-agent-0.12.1.2-2.506.el6_10.4.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.4.x86_64.rpm
qemu-img-0.12.1.2-2.506.el6_10.4.x86_64.rpm
qemu-kvm-0.12.1.2-2.506.el6_10.4.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.506.el6_10.4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/qemu-kvm-0.12.1.2-2.506.el6_10.4.src.rpm



Description of changes:

[0.12.1.2-2.506.el6_10.4]
- kvm-target-i386-Sanitize-the-XSAVE-related-feature-bits.patch [bz#1673779]
- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689790]
- Resolves: bz#1673779
(RHEL8 VM's do not install on RHEL6 KVM hypervisor)
- Resolves: bz#1689790
(CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in
tcp_emu() due to uninitialized stack variables [rhel-6])

ELSA-2019-1652 Important: Oracle Linux 6 libssh2 security update

Oracle Linux Security Advisory ELSA-2019-1652

http://linux.oracle.com/errata/ELSA-2019-1652.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm
libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm
libssh2-docs-1.4.2-3.0.1.el6_10.1.i686.rpm

x86_64:
libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm
libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm
libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm
libssh2-devel-1.4.2-3.0.1.el6_10.1.x86_64.rpm
libssh2-docs-1.4.2-3.0.1.el6_10.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libssh2-1.4.2-3.0.1.el6_10.1.src.rpm



Description of changes:

[1.4.2-3.0.1.el6_10.1]
- [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com)
Added Additional length checks to prevent out-of-bounds (CVE-2019-3862)

[1.4.2-3.el6_10.1]
- fix integer overflow in keyboard interactive handling that allows
out-of-bounds writes (CVE-2019-3863)
- fix integer overflow in SSH packet processing channel resulting in out
of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out
of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds
write (CVE-2019-3855)

- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)