Oracle Linux 6279 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-0172 Oracle Linux 7 nss bug fix update (aarch64)
ELEA-2019-0178 Oracle Linux 7 libreswan bug fix and enhancement update (aarch64)
ELSA-2019-0219 Critical: Oracle Linux 7 firefox security update (aarch64)
ELSA-2019-0229 Important: Oracle Linux 7 ghostscript security and bug fix update
ELSA-2019-0230 Important: Oracle Linux 7 polkit security update
ELSA-2019-0231 Important: Oracle Linux 7 spice security update
ELSA-2019-0232 Important: Oracle Linux 6 spice-server security update



ELBA-2019-0172 Oracle Linux 7 nss bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-0172

http://linux.oracle.com/errata/ELBA-2019-0172.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
nss-3.36.0-7.1.el7_6.aarch64.rpm
nss-devel-3.36.0-7.1.el7_6.aarch64.rpm
nss-sysinit-3.36.0-7.1.el7_6.aarch64.rpm
nss-tools-3.36.0-7.1.el7_6.aarch64.rpm
nss-pkcs11-devel-3.36.0-7.1.el7_6.aarch64.rpm
nss-util-3.36.0-1.1.el7_6.aarch64.rpm
nss-util-devel-3.36.0-1.1.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.36.0-7.1.el7_6.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.36.0-1.1.el7_6.src.rpm



Description of changes:

nss
[3.36.0-7.1]
- Update the cert verify code to allow a new ipsec usage and follow RFC 4945

nss-util
[3.36.0-1.1]
- Update the cert verify code to allow a new ipsec usage and follow RFC 4945


ELEA-2019-0178 Oracle Linux 7 libreswan bug fix and enhancement update (aarch64)

Oracle Linux Enhancement Advisory ELEA-2019-0178

http://linux.oracle.com/errata/ELEA-2019-0178.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
libreswan-3.25-4.1.0.1.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libreswan-3.25-4.1.0.1.el7_6.src.rpm



Description of changes:

[3.25-4.1.0.1]
- add libreswan-oracle.patch to detect Oracle Linux distro

[3.25-4.1]
- Resolves: rhbz#1665369 libreswan 3.25 in FIPS mode is incorrectly
rejecting X.509 public keys that are >= 3072 bits [rhel-7.6.z]

[3.25-4]
- Resolves: rhbz#1660536 libreswan assertion failed when
OAKLEY_KEY_LENGTH is zero for IKE using AES_CBC
- Resolves: rhbz#1660544 config: recursive include check doesn't work
- Resolves: rhbz#1660542 Libreswan crash upon receiving ISAKMP_NEXT_D
with appended ISAKMP_NEXT_N
- Resolves: rhbz#1664244 [abrt] [faf] libreswan: strncpy():
/usr/libexec/ipsec/pluto killed by 11

[3.25-3]
- Resolves: rhbz#1655440 Unable to verify certificate with non-empty
Extended Key Usage which does not include serverAuth or clientAuth

ELSA-2019-0219 Critical: Oracle Linux 7 firefox security update (aarch64)

Oracle Linux Security Advisory ELSA-2019-0219

http://linux.oracle.com/errata/ELSA-2019-0219.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
firefox-60.5.0-2.0.1.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-60.5.0-2.0.1.el7.src.rpm



Description of changes:

[60.5.0-2.0.1]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red
Hat file

[60.5.0-2]
- Updated to 60.5.0 ESR build2

[60.5.0-1]
- Updated to 60.5.0 ESR build1

[60.4.0-3]
- Fixing fontconfig warnings (rhbz#1601475)

[60.4.0-2]
- Added pipewire patch from Tomas Popela (rhbz#1664270)

ELSA-2019-0229 Important: Oracle Linux 7 ghostscript security and bug fix update

Oracle Linux Security Advisory ELSA-2019-0229

http://linux.oracle.com/errata/ELSA-2019-0229.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
ghostscript-9.07-31.el7_6.9.i686.rpm
ghostscript-9.07-31.el7_6.9.x86_64.rpm
ghostscript-cups-9.07-31.el7_6.9.x86_64.rpm
ghostscript-devel-9.07-31.el7_6.9.i686.rpm
ghostscript-devel-9.07-31.el7_6.9.x86_64.rpm
ghostscript-doc-9.07-31.el7_6.9.noarch.rpm
ghostscript-gtk-9.07-31.el7_6.9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ghostscript-9.07-31.el7_6.9.src.rpm



Description of changes:

[9.07-31.el7_6.9]
- Related: #1667442 - CVE-2019-6116 - added missing parts of patch

[9.07-31.el7_6.8]
- Resolves: #1667442 - CVE-2019-6116 ghostscript: subroutines within
pseudo-operators must themselves be pseudo-operators

[9.07-31.el7_6.7]
- Resolves: #1665919 pdf2ps reports an error when reading from stdin
- Resolves: #1657333 - CVE-2018-16540 ghostscript: use-after-free in
copydevice handling (699661)
- Resolves: #1660569 - CVE-2018-19475 ghostscript: access bypass in
psi/zdevice2.c (700153)
- Resolves: #1660828 - CVE-2018-19476 ghostscript: access bypass in
psi/zicc.c
- Resolves: #1661278 - CVE-2018-19477 ghostscript: access bypass in
psi/zfjbig2.c (700168)

ELSA-2019-0230 Important: Oracle Linux 7 polkit security update

Oracle Linux Security Advisory ELSA-2019-0230

http://linux.oracle.com/errata/ELSA-2019-0230.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
polkit-0.112-18.0.1.el7_6.1.i686.rpm
polkit-0.112-18.0.1.el7_6.1.x86_64.rpm
polkit-devel-0.112-18.0.1.el7_6.1.i686.rpm
polkit-devel-0.112-18.0.1.el7_6.1.x86_64.rpm
polkit-docs-0.112-18.0.1.el7_6.1.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/polkit-0.112-18.0.1.el7_6.1.src.rpm



Description of changes:

[0.112-18.0.1]
- Increase timeout to avoid defunct processes [bug26930744]

[0.112-18.el7_6.1]
- Fix of CVE-2019-6133, PID reuse via slow fork
- Resolves: rhbz#1667311

ELSA-2019-0231 Important: Oracle Linux 7 spice security update

Oracle Linux Security Advisory ELSA-2019-0231

http://linux.oracle.com/errata/ELSA-2019-0231.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
spice-server-0.14.0-6.el7_6.1.x86_64.rpm
spice-server-devel-0.14.0-6.el7_6.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/spice-0.14.0-6.el7_6.1.src.rpm



Description of changes:

[0.14.0-6.1]
- Fix off-by-one error during guest-to-host memory address conversion
Resolves: CVE-2019-3813

ELSA-2019-0232 Important: Oracle Linux 6 spice-server security update

Oracle Linux Security Advisory ELSA-2019-0232

http://linux.oracle.com/errata/ELSA-2019-0232.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:

x86_64:
spice-server-0.12.4-16.el6_10.3.x86_64.rpm
spice-server-devel-0.12.4-16.el6_10.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/spice-server-0.12.4-16.el6_10.3.src.rpm



Description of changes:

[0.12.4-16.3]
- Fix off-by-one error during guest-to-host memory address conversion
Resolves: CVE-2019-3813

[0.12.4-16.2]
- Prevent potential buffer/integer overflows with invalid MonitorsConfig
messages
sent from an authenticated client
Resolves: CVE-2017-7506

[0.12.4-16.1]
- Fix flexible array buffer overflow
Resolves: rhbz#1596008