Oracle Linux 6267 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-4653 Oracle Linux 7 tuned bug fix update
ELSA-2019-4652 Important: Oracle Linux 6 curl security update
ELSA-2019-4652 Important: Oracle Linux 7 curl security update



ELBA-2019-4653 Oracle Linux 7 tuned bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-4653

http://linux.oracle.com/errata/ELBA-2019-4653.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
tuned-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-cpu-partitioning-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-utils-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-utils-systemtap-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-gtk-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-atomic-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-compat-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-mssql-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-oracle-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-gtk-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-atomic-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-compat-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-cpu-partitioning-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-mssql-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-oci-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-oci-recommend-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-oracle-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-realtime-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-sap-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-profiles-sap-hana-2.10.0-6.0.3.el7_6.3.noarch.rpm
tuned-utils-2.10.0-6.0.3.el7_6.3.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/tuned-2.10.0-6.0.3.el7_6.3.src.rpm



Description of changes:

[2.10.0-6.0.3.el7_6.3]
- Added profiles-oci-recommend package [Orabug: 29632202]


ELSA-2019-4652 Important: Oracle Linux 6 curl security update

Oracle Linux Security Advisory ELSA-2019-4652

http://linux.oracle.com/errata/ELSA-2019-4652.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
curl-7.19.7-53.0.2.el6_9.i686.rpm
libcurl-7.19.7-53.0.2.el6_9.i686.rpm
libcurl-devel-7.19.7-53.0.2.el6_9.i686.rpm

x86_64:
curl-7.19.7-53.0.2.el6_9.x86_64.rpm
libcurl-7.19.7-53.0.2.el6_9.i686.rpm
libcurl-7.19.7-53.0.2.el6_9.x86_64.rpm
libcurl-devel-7.19.7-53.0.2.el6_9.i686.rpm
libcurl-devel-7.19.7-53.0.2.el6_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/curl-7.19.7-53.0.2.el6_9.src.rpm



Description of changes:

[7.19.7-53.0.2]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers
(https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison
(https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication
(https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf
(https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code
(https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds
(https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8623 Use-after-free via shared cookies
(https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with #
(https://curl.haxx.se/docs/CVE-2016-8624.html)

ELSA-2019-4652 Important: Oracle Linux 7 curl security update

Oracle Linux Security Advisory ELSA-2019-4652

http://linux.oracle.com/errata/ELSA-2019-4652.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
curl-7.29.0-51.0.1.el7.x86_64.rpm
libcurl-7.29.0-51.0.1.el7.i686.rpm
libcurl-7.29.0-51.0.1.el7.x86_64.rpm
libcurl-devel-7.29.0-51.0.1.el7.i686.rpm
libcurl-devel-7.29.0-51.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.0.1.el7.src.rpm



Description of changes:

[7.29.0-51.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers
(https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison
(https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication
(https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf
(https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code
(https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds
(https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation
(https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies
(https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with #
(https://curl.haxx.se/docs/CVE-2016-8624.html)