Oracle Linux 6279 Published by

The following updates are available for Oracle Linux:

ELBA-2018-1980 Oracle Linux 7 libwacom, xorg-x11-drv-wacom, mutter, and control-center enhancement update (aarch64)
ELBA-2018-1981 Oracle Linux 7 systemtap bug fix update (aarch64)
ELBA-2018-1982 Oracle Linux 7 libreswan bug fix update (aarch64)
ELBA-2018-1984 Oracle Linux 7 cloud-init bug fix update (aarch64)
ELBA-2018-1985 Oracle Linux 7 ipa bug fix update (aarch64)
ELBA-2018-1986 Oracle Linux 7 sssd bug fix update (aarch64)
ELBA-2018-1987 Oracle Linux 7 sos bug fix and enhancement update (aarch64)
ELBA-2018-1988 Oracle Linux 7 389-ds-base bug fix update (aarch64)
ELBA-2018-1989 Oracle Linux 7 jss bug fix update (aarch64)
ELBA-2018-1992 Oracle Linux 7 sudo bug fix update (aarch64)
ELBA-2018-1993 Oracle Linux 7 httpd bug fix update (aarch64)
ELBA-2018-1995 Oracle Linux 7 motif bug fix update (aarch64)
ELBA-2018-1998 Oracle Linux 7 python-rtslib bug fix update (aarch64)
ELBA-2018-1999 Oracle Linux 7 targetcli bug fix update (aarch64)
ELBA-2018-2000 Oracle Linux 7 NetworkManager bug fix update (aarch64)
ELBA-2018-2004 Oracle Linux 7 selinux-policy bug fix update (aarch64)
ELBA-2018-2005 Oracle Linux 7 spice bug fix update (aarch64)
ELSA-2018-1979 Moderate: Oracle Linux 7 pki-core security, bug fix, and enhancement update (aarch64)
New glibc updates available via Ksplice (ELSA-2018-1879)



ELBA-2018-1980 Oracle Linux 7 libwacom, xorg-x11-drv-wacom, mutter, and control-center enhancement update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1980

http://linux.oracle.com/errata/ELBA-2018-1980.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
control-center-3.26.2-9.el7_5.aarch64.rpm
control-center-filesystem-3.26.2-9.el7_5.aarch64.rpm
gsettings-desktop-schemas-3.24.1-2.el7_5.aarch64.rpm
gsettings-desktop-schemas-devel-3.24.1-2.el7_5.aarch64.rpm
libwacom-0.24-4.el7.aarch64.rpm
libwacom-data-0.24-4.el7.noarch.rpm
libwacom-devel-0.24-4.el7.aarch64.rpm
mutter-3.26.2-14.el7_5.aarch64.rpm
mutter-devel-3.26.2-14.el7_5.aarch64.rpm
xorg-x11-drv-wacom-0.34.2-5.el7.aarch64.rpm
xorg-x11-drv-wacom-devel-0.34.2-5.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/control-center-3.26.2-9.el7_5.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/gsettings-desktop-schemas-3.24.1-2.el7_5.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/libwacom-0.24-4.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/mutter-3.26.2-14.el7_5.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/xorg-x11-drv-wacom-0.34.2-5.el7.src.rpm



Description of changes:

control-center
[3.26.2-9]
- Add support for Wacom Pro Pen 3D styli
Resolves: #1568701

gsettings-desktop-schemas
[3.24.1-2]
- Add support for Wacom Pro Pen 3D styli
Resolves: #1568715

libwacom
[0.24-4]
- Add the Wacom Cintiq Pro 24 and Cintiq Pro 32 (#1551883)

mutter
[3.26.2-14]
- Add support for Wacom Pro Pen 3D styli
Resolves: #1568702

xorg-x11-drv-wacom
[0.34.2-5]
- Add support for the Pro Pen 3D (#1557255)

ELBA-2018-1981 Oracle Linux 7 systemtap bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1981

http://linux.oracle.com/errata/ELBA-2018-1981.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
systemtap-3.2-8.el7_5.aarch64.rpm
systemtap-client-3.2-8.el7_5.aarch64.rpm
systemtap-devel-3.2-8.el7_5.aarch64.rpm
systemtap-initscript-3.2-8.el7_5.aarch64.rpm
systemtap-runtime-3.2-8.el7_5.aarch64.rpm
systemtap-sdt-devel-3.2-8.el7_5.aarch64.rpm
systemtap-server-3.2-8.el7_5.aarch64.rpm
systemtap-runtime-java-3.2-8.el7_5.aarch64.rpm
systemtap-runtime-python2-3.2-8.el7_5.aarch64.rpm
systemtap-runtime-virtguest-3.2-8.el7_5.aarch64.rpm
systemtap-testsuite-3.2-8.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/systemtap-3.2-8.el7_5.src.rpm



Description of changes:

[3.2-8]
- rhbz1563052 (stp_deref string truncation off-by-one error)

[3.2-7]
- rhbz1566422 (module build-id checking broken on unload)

[3.2-6]
- rhbz1567356 (backtraces broken w/ kaslr)

[3.2-5]
- rhbz1558350 (nfsd.proc.create typo fix)

ELBA-2018-1982 Oracle Linux 7 libreswan bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1982

http://linux.oracle.com/errata/ELBA-2018-1982.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
libreswan-3.23-5.0.1.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libreswan-3.23-5.0.1.el7_5.src.rpm



Description of changes:

[3.23-5.0.1]
- add libreswan-oracle.patch to detect Oracle Linux distro

[3.23-5]
- Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode [spec file
only update]

[3.23-4]
- Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode when RSA
key is generated
- Resolves: rhbz#1574456 Shared IKE SA leads to rekey interop issues
- Resolves: rhbz#1574457 IKEv2 liveness false positive on IKEv2 idle
connections causes tunnel to be restarted

ELBA-2018-1984 Oracle Linux 7 cloud-init bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1984

http://linux.oracle.com/errata/ELBA-2018-1984.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
cloud-init-0.7.9-24.0.3.el7_5.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/cloud-init-0.7.9-24.0.3.el7_5.1.src.rpm



Description of changes:

[0.7.9-24.0.3]
- Fix xfs grow (Oracle Bug 28077374)
- Fix boot deplay in OCI (Oracle Bugdb 27724543)
- Enable ec2_utils.py to stop retry when openstack getting ec2 metadata
(Oracle Bugdb 27803956)

[0.7.9-24.el7_5.1]
- ci-Revert-azure-Fix-publishing-of-hostname.patch [bz#1568717]
- ci-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch [bz#1568717]
- ci-sysconfig-Don-t-disable-IPV6_AUTOCONF.patch [bz#1578702]
- Resolves: bz#1568717
(Add patch to bounce NICs in Azure/update DNS [rhel-7.5.z])
- Resolves: bz#1578702
(cloud-init-0.7.9-9.el7_4.6 breaks IPv4/IPv6 dual-stack EC2 instances
in AWS [rhel-7.5.z])

ELBA-2018-1985 Oracle Linux 7 ipa bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1985

http://linux.oracle.com/errata/ELBA-2018-1985.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
ipa-client-4.5.4-10.0.1.el7_5.3.aarch64.rpm
ipa-client-common-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-common-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-python-compat-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-server-4.5.4-10.0.1.el7_5.3.aarch64.rpm
ipa-server-common-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-server-dns-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-server-trust-ad-4.5.4-10.0.1.el7_5.3.aarch64.rpm
python2-ipaclient-4.5.4-10.0.1.el7_5.3.noarch.rpm
python2-ipalib-4.5.4-10.0.1.el7_5.3.noarch.rpm
python2-ipaserver-4.5.4-10.0.1.el7_5.3.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ipa-4.5.4-10.0.1.el7_5.3.src.rpm



Description of changes:

[4.5.4-10.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]

[4.5.4-10.el7.3]
- Resolves: #1579190 Improve Custodia client and key distribution handling
- Use single Custodia instance in installers

[4.5.4-10.el7.2]
- Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default
- Add nsds5ReplicaReleaseTimeout to replica config
- Fix upgrade (update_replica_config) in single master mode
- Resolves: #1579190 Improve Custodia client and key distribution handling
- Use single Custodia instance in installers
- Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in
ipa-server-upgrade: No such file or directory:
'/var/lib/pki/pki-tomcat/conf/ca/CS.cfg'
- Don't try to backup CS.cfg during upgrade if CA is not configured

ELBA-2018-1986 Oracle Linux 7 sssd bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1986

http://linux.oracle.com/errata/ELBA-2018-1986.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
libipa_hbac-1.16.0-19.el7_5.5.aarch64.rpm
libsss_autofs-1.16.0-19.el7_5.5.aarch64.rpm
libsss_certmap-1.16.0-19.el7_5.5.aarch64.rpm
libsss_idmap-1.16.0-19.el7_5.5.aarch64.rpm
libsss_nss_idmap-1.16.0-19.el7_5.5.aarch64.rpm
libsss_simpleifp-1.16.0-19.el7_5.5.aarch64.rpm
libsss_sudo-1.16.0-19.el7_5.5.aarch64.rpm
python-libipa_hbac-1.16.0-19.el7_5.5.aarch64.rpm
python-libsss_nss_idmap-1.16.0-19.el7_5.5.aarch64.rpm
python-sss-1.16.0-19.el7_5.5.aarch64.rpm
python-sssdconfig-1.16.0-19.el7_5.5.noarch.rpm
python-sss-murmur-1.16.0-19.el7_5.5.aarch64.rpm
sssd-1.16.0-19.el7_5.5.aarch64.rpm
sssd-ad-1.16.0-19.el7_5.5.aarch64.rpm
sssd-client-1.16.0-19.el7_5.5.aarch64.rpm
sssd-common-1.16.0-19.el7_5.5.aarch64.rpm
sssd-common-pac-1.16.0-19.el7_5.5.aarch64.rpm
sssd-dbus-1.16.0-19.el7_5.5.aarch64.rpm
sssd-ipa-1.16.0-19.el7_5.5.aarch64.rpm
sssd-kcm-1.16.0-19.el7_5.5.aarch64.rpm
sssd-krb5-1.16.0-19.el7_5.5.aarch64.rpm
sssd-krb5-common-1.16.0-19.el7_5.5.aarch64.rpm
sssd-ldap-1.16.0-19.el7_5.5.aarch64.rpm
sssd-libwbclient-1.16.0-19.el7_5.5.aarch64.rpm
sssd-polkit-rules-1.16.0-19.el7_5.5.aarch64.rpm
sssd-proxy-1.16.0-19.el7_5.5.aarch64.rpm
sssd-tools-1.16.0-19.el7_5.5.aarch64.rpm
sssd-winbind-idmap-1.16.0-19.el7_5.5.aarch64.rpm
libipa_hbac-devel-1.16.0-19.el7_5.5.aarch64.rpm
libsss_certmap-devel-1.16.0-19.el7_5.5.aarch64.rpm
libsss_idmap-devel-1.16.0-19.el7_5.5.aarch64.rpm
libsss_nss_idmap-devel-1.16.0-19.el7_5.5.aarch64.rpm
libsss_simpleifp-devel-1.16.0-19.el7_5.5.aarch64.rpm
sssd-libwbclient-devel-1.16.0-19.el7_5.5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.0-19.el7_5.5.src.rpm



Description of changes:

[1.16.0-19.5]
- Resolves: rhbz#1583746 - The SSSD IPA provider allocates information
about external groups on a long lived memory context, causing memory
growth of the sssd_be process [rhel-7.5.z]

[1.16.0-19.4]
- Resolves: rhbz#1580281 - Samba can not register sss idmap module
because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z]

[1.16.0-19.3]
- Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear
the sssd cache [rhel-7.5.z]

[1.16.0-19.2]
- Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent.
sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0
error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]

[1.16.0-19.1]
- Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex
interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]

ELBA-2018-1987 Oracle Linux 7 sos bug fix and enhancement update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1987

http://linux.oracle.com/errata/ELBA-2018-1987.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
sos-3.5-9.0.1.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sos-3.5-9.0.1.el7_5.src.rpm



Description of changes:

[3.5-9.0.1]
- Added sos-oraclelinux-vendor-vendorurl.patch

[3.5-9]
- [logs] collect journalctl verbosed logs with --all-logs only
Resolves: bz1584548

[3.5-8]
- [docker] backport three container related patches
Resolves: bz1580526
- [ovn] add two OpenVSwitch plugins
Resoles: bz1580525

ELBA-2018-1988 Oracle Linux 7 389-ds-base bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1988

http://linux.oracle.com/errata/ELBA-2018-1988.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
389-ds-base-1.3.7.5-24.el7_5.aarch64.rpm
389-ds-base-libs-1.3.7.5-24.el7_5.aarch64.rpm
389-ds-base-devel-1.3.7.5-24.el7_5.aarch64.rpm
389-ds-base-snmp-1.3.7.5-24.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/389-ds-base-1.3.7.5-24.el7_5.src.rpm



Description of changes:

[1.3.7.5-24]
- Bump version to 1.3.7.5-24
- Resolves: Bug 1580257 - Fix certificate directory verification

[1.3.7.5-23]
- Bump version to 1.3.7.5-23
- Resolves: Bug 1581588 - ACI deny rules do not work correctly
- Resolves: Bug 1582747 - DS only accepts RSA and Fortezza cipher families

[1.3.7.5-22]
- Bump version to 1.3.5.7-22
- Resolves: Bug 1563079 - adjustment of csn_generator can fail so next
generated csn can be equal to the most recent one received
- Resolves: Bug 1579702 - Replication stops working when MemberOf plugin
is enabled on hub and consumer
- Resolves: Bug 1579698 - replicated operations should be serialized
- Resolves: Bug 1579700 - Upgrade script doesn't enable PBKDF password
storage plug-in
- Resolves: Bug 1580257 - ds-replcheck LDIF comparision fails when
checking for conflicts
- Resolves: Bug 1580523 - ns-slapd segfaults with ERR -
connection_release_nolock_ext - conn=0 fd=0 Attempt to release
connection that is not acquired

ELBA-2018-1989 Oracle Linux 7 jss bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1989

http://linux.oracle.com/errata/ELBA-2018-1989.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
jss-4.4.0-12.el7_5.aarch64.rpm
jss-javadoc-4.4.0-12.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/jss-4.4.0-12.el7_5.src.rpm



Description of changes:

[4.4.2-12]
- Bugzilla #1579202 - JSS has wrong encoding for ecdsa with sha*
AlgorithmIdentifier [rhel-7.5.z] (cfu)

ELBA-2018-1992 Oracle Linux 7 sudo bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1992

http://linux.oracle.com/errata/ELBA-2018-1992.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
sudo-1.8.19p2-14.el7_5.aarch64.rpm
sudo-devel-1.8.19p2-14.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sudo-1.8.19p2-14.el7_5.src.rpm



Description of changes:

[1.8.19p2-14]
- Fixed deadlocking after command termination when iolog is enabled
Resolves: rhbz#1582155

ELBA-2018-1993 Oracle Linux 7 httpd bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1993

http://linux.oracle.com/errata/ELBA-2018-1993.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
httpd-2.4.6-80.0.1.el7_5.1.aarch64.rpm
httpd-devel-2.4.6-80.0.1.el7_5.1.aarch64.rpm
httpd-manual-2.4.6-80.0.1.el7_5.1.noarch.rpm
httpd-tools-2.4.6-80.0.1.el7_5.1.aarch64.rpm
mod_session-2.4.6-80.0.1.el7_5.1.aarch64.rpm
mod_ssl-2.4.6-80.0.1.el7_5.1.aarch64.rpm
mod_ldap-2.4.6-80.0.1.el7_5.1.aarch64.rpm
mod_proxy_html-2.4.6-80.0.1.el7_5.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/httpd-2.4.6-80.0.1.el7_5.1.src.rpm



Description of changes:

[2.4.6-80.0.1]
- replace index.html with Oracle's index page oracle_index.html

[2.4.6-80.1]
- Resolves: #1560609 - httpd: active connections being terminated when httpd
gets gracefully stopped/restarted, GracefulShutdownTimeout is not being
honored

ELBA-2018-1995 Oracle Linux 7 motif bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1995

http://linux.oracle.com/errata/ELBA-2018-1995.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
motif-2.3.4-14.el7_5.aarch64.rpm
motif-devel-2.3.4-14.el7_5.aarch64.rpm
motif-static-2.3.4-14.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/motif-2.3.4-14.el7_5.src.rpm



Description of changes:

[2.3.4-14]
- Remove redundant includes that were left by mistake upstream.
Resolves: rhbz#1518966

[2.3.4-13]
- Fix motifzone 1665. Motif was deactivating shorcuts in cascade menus when
closing them by mouse.
Resolves: RHBZ#1467303

ELBA-2018-1998 Oracle Linux 7 python-rtslib bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1998

http://linux.oracle.com/errata/ELBA-2018-1998.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
python-rtslib-2.1.fb63-12.0.1.el7_5.noarch.rpm
python-rtslib-doc-2.1.fb63-12.0.1.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-rtslib-2.1.fb63-12.0.1.el7_5.src.rpm



Description of changes:

[2.1.fb63-12.0.1]
- Add patch 0005-allow-mixed-case-in-oracle-iqns to fix [Orabug: 27613482]
- Add patch 0004-allow-underscore-in-oracle-iqns to fix [Orabug: 27582660]
- Add patch 0014-reenable-vhost to fix [Orabug: 27707403]


[2.1.fb63-12]
- saveconfig: way to block-level save with delete command

ELBA-2018-1999 Oracle Linux 7 targetcli bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-1999

http://linux.oracle.com/errata/ELBA-2018-1999.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
targetcli-2.1.fb46-6.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/targetcli-2.1.fb46-6.el7_5.src.rpm



Description of changes:

[2.1.fb46-6]
- handle backups with block-level delete

[2.1.fb46-5]
- saveconfig: way for block-level save with delete command

ELBA-2018-2000 Oracle Linux 7 NetworkManager bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-2000

http://linux.oracle.com/errata/ELBA-2018-2000.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
NetworkManager-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-adsl-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-bluetooth-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-config-server-1.10.2-16.el7_5.noarch.rpm
NetworkManager-glib-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-libnm-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-ppp-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-team-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-tui-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-wifi-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-wwan-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-dispatcher-routing-rules-1.10.2-16.el7_5.noarch.rpm
NetworkManager-glib-devel-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-libnm-devel-1.10.2-16.el7_5.aarch64.rpm
NetworkManager-ovs-1.10.2-16.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/NetworkManager-1.10.2-16.el7_5.src.rpm



Description of changes:

[1:1.10.2-16]
- device: fix crash during reapply of connection settings (rh #1591631)

[1:1.10.2-15]
- device: start IP configuration when master carrier goes up (rh #1576254)

ELBA-2018-2004 Oracle Linux 7 selinux-policy bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-2004

http://linux.oracle.com/errata/ELBA-2018-2004.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
selinux-policy-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-devel-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-minimum-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-mls-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-targeted-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-doc-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-sandbox-3.13.1-192.0.3.el7_5.4.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/selinux-policy-3.13.1-192.0.3.el7_5.4.src.rpm



Description of changes:

[3.13.1-192.0.3]
- Add vhost-scsi to be vhost_device_t type [OraBug 27774921]
- Obsolete docker-engine-selinux [OraBug 26439663]
- Fix container selinux policy [OraBug 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

[3.13.1-192.4]
- Allow certmonger to sends emails
Resolves: rhbz#1588363

ELBA-2018-2005 Oracle Linux 7 spice bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-2005

http://linux.oracle.com/errata/ELBA-2018-2005.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
spice-server-0.14.0-2.0.2.el7_5.4.aarch64.rpm
spice-server-devel-0.14.0-2.0.2.el7_5.4.aarch64.rpm
spice-glib-0.34-3.el7_5.1.aarch64.rpm
spice-gtk3-0.34-3.el7_5.1.aarch64.rpm
spice-glib-devel-0.34-3.el7_5.1.aarch64.rpm
spice-gtk3-devel-0.34-3.el7_5.1.aarch64.rpm
spice-gtk3-vala-0.34-3.el7_5.1.aarch64.rpm
spice-gtk-tools-0.34-3.el7_5.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/spice-0.14.0-2.0.2.el7_5.4.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/spice-gtk-0.34-3.el7_5.1.src.rpm



Description of changes:

spice
[0.14.0-2.0.2]
- add arm suppport

[0.14.0-2.4]
- Don't mute Record channel on client reconnection
  Resolves: rhbz#1582601

spice-gtk
[0.34-3.1]
- Fix migration failure when USB is enabled
  Resolves: rhbz#1590412

ELSA-2018-1979 Moderate: Oracle Linux 7 pki-core security, bug fix, and enhancement update (aarch64)

Oracle Linux Security Advisory ELSA-2018-1979

http://linux.oracle.com/errata/ELSA-2018-1979.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
pki-base-10.5.1-13.1.el7_5.noarch.rpm
pki-base-java-10.5.1-13.1.el7_5.noarch.rpm
pki-ca-10.5.1-13.1.el7_5.noarch.rpm
pki-kra-10.5.1-13.1.el7_5.noarch.rpm
pki-server-10.5.1-13.1.el7_5.noarch.rpm
pki-symkey-10.5.1-13.1.el7_5.aarch64.rpm
pki-tools-10.5.1-13.1.el7_5.aarch64.rpm
pki-javadoc-10.5.1-13.1.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pki-core-10.5.1-13.1.el7_5.src.rpm



Description of changes:

[10.5.1-13.1]
- Rebuild due to build system database problem

[10.5.1-13]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1553068 - Using a Netmask produces an odd
entry in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1585945 - CMC CRMF requests result in
InvalidKeyFormatException when signing algorithm is ECC
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1587826 - ExternalCA: Installation failed during
csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
- Bugzilla Bug #1588944 - Cert validation for installation with
external CA cert [rhel-7.5.z] (edewata)
- Bugzilla Bug #1588945 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
- Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled
ACL configuration in AAclAuthz.java reverses rules that allow
and deny access [rhel-7.5.z] (ftweedal, cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

[10.5.1-12]
- Updated "jss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,
CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
- Bugzilla Bug #1572548 - IPA install with external-CA is failing when
FIPS mode enabled. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue
with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs
improvement [rhel-7.5.z] (jmagne)
- Bugzilla Bug #1581135 - SAN in internal SSL server certificate in
pkispawn configuration step [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong
input class_id [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System
9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

[10.5.1-11]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz

[10.5.1-10]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1550581 - CMCAuth throws
org.mozilla.jss.crypto.TokenException: Unable to insert certificate into
temporary database [rhel-7.5.z] (cfu)
- Bugzilla Bug #1551067 - [MAN] Add --skip-configuration
and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers
[rhel-7.5.z] (cheimes, mharmsen)
- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry
in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled
by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives
StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1558919 - Not able to generate certificate request
with ECC using pki client-cert-request [rhel-7.5.z] (akahat)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz

New glibc updates available via Ksplice (ELSA-2018-1879)

Synopsis: ELSA-2018-1879 can now be patched using Ksplice
CVEs: CVE-2017-15670 CVE-2017-15804

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-1879.

INSTALLING THE UPDATES

We recommend that all users of Ksplice on OL 6 install these updates.

You can install these updates by running:

# ksplice -y user upgrade

32-bit applications should be restarted after upgrading the on-disk
glibc RPMs and statically linked applications using
glibc should be rebuilt to include these fixes.

Ksplice user-space patching requires installation of Ksplice-aware
packages and the system must be rebooted after the first installation of
these packages. Refer to the installation instructions for the Enhanced
Ksplice Client in the Ksplice User's Guide for more details. Systems
may be prepared for Ksplice patching by installing the Ksplice aware
packages in advance, prior to installing the enhanced Ksplice client.

DESCRIPTION

* CVE-2017-15670: Code execution in glob().

An off-by-one error in glob() could result in a heap overflow when
processing user home directory expansion. An attacker could use
maliciously crafted expansions to gain code execution inside the target
process.


* CVE-2017-15804: Code execution in glob() username unescaping.

A buffer overflow when expanding user home directories could allow an
attacker to use specially crafted expansions to gain code execution
inside the process.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.