Oracle Linux 6262 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-3083-1 Oracle Linux 7 kernel bug fix update
ELBA-2018-3337 Oracle Linux 7 cloud-init bug fix update (aarch64)
ELBA-2018-3338 Oracle Linux 7 sos bug fix update (aarch64)
ELBA-2018-3340 Oracle Linux 7 selinux-policy bug fix update (aarch64)
ELBA-2018-3341 Oracle Linux 7 gnome-session, gdm, mutter, and xorg-x11-server bug fix update (aarch64)
ELBA-2018-3345 Oracle Linux 7 pcp bug fix update (aarch64)
ELBA-2018-3346 Oracle Linux 7 java-1.8.0-openjdk bug fix update (aarch64)
ELBA-2018-3349 Oracle Linux 7 NetworkManager bug fix update (aarch64)
ELBA-2018-3454 Oracle Linux 7 tzdata enhancement update (aarch64)
ELSA-2018-3347 Critical: Oracle Linux 7 python-paramiko security update (aarch64)
ELSA-2018-3350 Important: Oracle Linux 7 java-1.7.0-openjdk security update (aarch64)
ELSA-2018-3408 Important: Oracle Linux 7 git security update
ELSA-2018-3408 Important: Oracle Linux 7 git security update (aarch64)
ELSA-2018-3410 Important: Oracle Linux 7 xorg-x11-server security update (aarch64)
ELSA-2018-3458 Important: Oracle Linux 7 thunderbird security update (aarch64)
ELSA-2018-3521 Critical: Oracle Linux 7 java-11-openjdk security update (aarch64)
ELSA-2018-3532 Important: Oracle Linux 7 thunderbird security update
ELSA-2018-4270 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4270 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2018-4269)
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4268)



ELBA-2018-3083-1 Oracle Linux 7 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-3083-1

http://linux.oracle.com/errata/ELBA-2018-3083-1.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.0.0.0.1.el7.noarch.rpm
kernel-debug-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-devel-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-doc-3.10.0-957.0.0.0.1.el7.noarch.rpm
kernel-headers-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-tools-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.0.0.0.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.0.0.0.1.el7.x86_64.rpm
perf-3.10.0-957.0.0.0.1.el7.x86_64.rpm
python-perf-3.10.0-957.0.0.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.0.0.0.1.el7.src.rpm



Description of changes:

[3.10.0-957.0.0.0.1.el7.OL7]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug
22552377]


ELBA-2018-3337 Oracle Linux 7 cloud-init bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3337

http://linux.oracle.com/errata/ELBA-2018-3337.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
cloud-init-18.2-1.0.1.el7_6.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/cloud-init-18.2-1.0.1.el7_6.1.src.rpm



Description of changes:

[18.2-1.0.1]
- add modified version of
enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch for 18.2:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py
MetadataReader
Resolves: Oracle-Bug:41660 (Bugzilla)

[18.2-1.el7_6.1]
- ci-Adding-systemd-mount-options-to-wait-for-cloud-init.patch [bz#1633282]
- ci-Azure-Ignore-NTFS-mount-errors-when-checking-ephemer.patch [bz#1633282]
- ci-azure-Add-reported-ready-marker-file.patch [bz#1633282]
- ci-Adding-disk_setup-to-rhel-cloud.cfg.patch [bz#1633282]
- Resolves: bz#1633282
([Azure] cloud-init fails to mount /dev/sdb1 after
stop(deallocate)&&start VM)

ELBA-2018-3338 Oracle Linux 7 sos bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3338

http://linux.oracle.com/errata/ELBA-2018-3338.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
sos-3.6-11.0.1.el7_6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sos-3.6-11.0.1.el7_6.src.rpm



Description of changes:

[3.6-11.0.1]
- Added bug28674897.patch [Orabug 28674897]
- Added sos-oraclelinux-vendor-vendorurl.patch

[3.6-11]
- [kernel] dont collect some tracing instance files
Resolves: bz1637632

[3.6-10]
- [openstack_*] relax enabling of OSP RedHat plugins
Resolves: bz1636093

ELBA-2018-3340 Oracle Linux 7 selinux-policy bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3340

http://linux.oracle.com/errata/ELBA-2018-3340.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
selinux-policy-3.13.1-229.0.1.el7_6.5.noarch.rpm
selinux-policy-devel-3.13.1-229.0.1.el7_6.5.noarch.rpm
selinux-policy-minimum-3.13.1-229.0.1.el7_6.5.noarch.rpm
selinux-policy-mls-3.13.1-229.0.1.el7_6.5.noarch.rpm
selinux-policy-targeted-3.13.1-229.0.1.el7_6.5.noarch.rpm
selinux-policy-doc-3.13.1-229.0.1.el7_6.5.noarch.rpm
selinux-policy-sandbox-3.13.1-229.0.1.el7_6.5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/selinux-policy-3.13.1-229.0.1.el7_6.5.src.rpm



Description of changes:

[3.13.1-229.0.1.el7_6.5]
- SELinux support for cgroup2 filesystem. [OraBug 28127822]
- refpolicy: Define getrlimit permission for class process [OraBug 28229492]
- Add vhost-scsi to be vhost_device_t type [OraBug 27774921]
- Obsolete docker-engine-selinux [OraBug 26439663]
- Fix container selinux policy [OraBug 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

[3.13.1-229.5]
- Remove disabling ganesha module in pre install phase of installation
new selinux-policy package where ganesha is again standalone module
Resolves: rhbz#1638257

[3.13.1-229.4]
- Allow staff_t userdomain and confined_admindomain attribute to allow
use generic ptys because of new sudo feature 'io logging'
Resolves: rhbz#1638427

[3.13.1-229.3]
- Run ganesha as ganesha_t domain again, revert changes where ganesha is
running as nfsd_t
Resolves: rhbz#1638257

[3.13.1-229.2]
- Fix missing patch in spec file
Resolves: rhbz#1635704

[3.13.1-229.1]
- Allow cinder_volume_t domain to dbus chat with systemd_logind_t domain
Resolves: rhbz#1635704

ELBA-2018-3341 Oracle Linux 7 gnome-session, gdm, mutter, and xorg-x11-server bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3341

http://linux.oracle.com/errata/ELBA-2018-3341.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
gdm-3.28.2-10.el7.aarch64.rpm
gdm-devel-3.28.2-10.el7.aarch64.rpm
gdm-pam-extensions-devel-3.28.2-10.el7.aarch64.rpm
gnome-session-3.28.1-6.el7.aarch64.rpm
gnome-session-xsession-3.28.1-6.el7.aarch64.rpm
gnome-session-custom-session-3.28.1-6.el7.aarch64.rpm
gnome-session-wayland-session-3.28.1-6.el7.aarch64.rpm
mutter-3.28.3-5.el7.aarch64.rpm
mutter-devel-3.28.3-5.el7.aarch64.rpm
xorg-x11-server-common-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-Xephyr-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-Xorg-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-devel-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-source-1.20.1-5.el7.noarch.rpm
xorg-x11-server-Xdmx-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-Xnest-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-Xvfb-1.20.1-5.el7.aarch64.rpm
xorg-x11-server-Xwayland-1.20.1-5.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gdm-3.28.2-10.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/gnome-session-3.28.1-6.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/mutter-3.28.3-5.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/xorg-x11-server-1.20.1-5.el7.src.rpm



Description of changes:

gdm
[3.28.2-10]
- another user switching fix
Resolves: #1489977

gnome-session
[3.28.1-6]
- Fix crash in gles helper if there's no display
Resolves: #1627056

mutter
[3.28.3-5]
- Do not latch modifiers on modifier keys
Resolves: #1637822

xorg-x11-server
[1.20.1-5]
- Call LeaveVT from xf86CrtcCloseScreen

[1.20.1-4]
- Hide the modesetting driver's atomic ioctl support behind Option "Atomic"

ELBA-2018-3345 Oracle Linux 7 pcp bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3345

http://linux.oracle.com/errata/ELBA-2018-3345.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-conf-4.1.0-5.el7_6.aarch64.rpm
pcp-doc-4.1.0-5.el7_6.noarch.rpm
pcp-export-pcp2graphite-4.1.0-5.el7_6.aarch64.rpm
pcp-gui-4.1.0-5.el7_6.aarch64.rpm
pcp-libs-4.1.0-5.el7_6.aarch64.rpm
pcp-manager-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-activemq-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-apache-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-bash-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-bonding-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-cisco-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-dbping-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-dm-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-ds389-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-ds389log-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-elasticsearch-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-gfs2-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-gluster-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-gpfs-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-gpsd-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-json-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-kvm-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-lmsensors-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-logger-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-lustre-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-lustrecomm-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-mailq-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-memcache-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-mounts-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-mysql-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-named-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-netfilter-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-news-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-nfsclient-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-nginx-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-nvidia-gpu-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-pdns-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-postfix-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-postgresql-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-roomtemp-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-rpm-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-sendmail-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-shping-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-summary-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-trace-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-unbound-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-weblog-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-zswap-4.1.0-5.el7_6.aarch64.rpm
pcp-selinux-4.1.0-5.el7_6.aarch64.rpm
pcp-system-tools-4.1.0-5.el7_6.aarch64.rpm
pcp-webapi-4.1.0-5.el7_6.aarch64.rpm
perl-PCP-PMDA-4.1.0-5.el7_6.aarch64.rpm
python-pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-collector-4.1.0-5.el7_6.aarch64.rpm
pcp-devel-4.1.0-5.el7_6.aarch64.rpm
pcp-export-pcp2influxdb-4.1.0-5.el7_6.aarch64.rpm
pcp-export-pcp2json-4.1.0-5.el7_6.aarch64.rpm
pcp-export-pcp2xml-4.1.0-5.el7_6.aarch64.rpm
pcp-export-pcp2zabbix-4.1.0-5.el7_6.aarch64.rpm
pcp-export-zabbix-agent-4.1.0-5.el7_6.aarch64.rpm
pcp-import-collectl2pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-import-ganglia2pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-import-iostat2pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-import-mrtg2pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-import-sar2pcp-4.1.0-5.el7_6.aarch64.rpm
pcp-libs-devel-4.1.0-5.el7_6.aarch64.rpm
pcp-monitor-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-bind2-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-cifs-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-docker-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-haproxy-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-infiniband-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-libvirt-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-lio-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-mic-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-oracle-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-papi-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-perfevent-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-prometheus-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-redis-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-rsyslog-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-samba-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-slurm-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-snmp-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-systemd-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-vmware-4.1.0-5.el7_6.aarch64.rpm
pcp-pmda-zimbra-4.1.0-5.el7_6.aarch64.rpm
pcp-testsuite-4.1.0-5.el7_6.aarch64.rpm
pcp-webapp-blinkenlights-4.1.0-5.el7_6.noarch.rpm
pcp-webapp-grafana-4.1.0-5.el7_6.noarch.rpm
pcp-webapp-graphite-4.1.0-5.el7_6.noarch.rpm
pcp-webapp-vector-4.1.0-5.el7_6.noarch.rpm
pcp-webjs-4.1.0-5.el7_6.noarch.rpm
pcp-zeroconf-4.1.0-5.el7_6.aarch64.rpm
perl-PCP-LogImport-4.1.0-5.el7_6.aarch64.rpm
perl-PCP-LogSummary-4.1.0-5.el7_6.aarch64.rpm
perl-PCP-MMV-4.1.0-5.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pcp-4.1.0-5.el7_6.src.rpm



Description of changes:

[4.1.0-5]
- Missing values from short /proc/*/status file reads (BZ 1600262)

ELBA-2018-3346 Oracle Linux 7 java-1.8.0-openjdk bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3346

http://linux.oracle.com/errata/ELBA-2018-3346.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-debug-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.191.b12-1.el7_6.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.191.b12-1.el7_6.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.191.b12-1.el7_6.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.191.b12-1.el7_6.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.191.b12-1.el7_6.aarch64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.191.b12-1.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.src.rpm



Description of changes:

[1:1.8.0.191.b12-1]
- Update to aarch64-shenandoah-jdk8u191-b12.
- Resolves: rhbz#1633817

ELBA-2018-3349 Oracle Linux 7 NetworkManager bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3349

http://linux.oracle.com/errata/ELBA-2018-3349.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
NetworkManager-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-adsl-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-bluetooth-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-config-server-1.12.0-7.el7_6.noarch.rpm
NetworkManager-glib-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-libnm-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-ppp-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-team-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-tui-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-wifi-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-wwan-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-dispatcher-routing-rules-1.12.0-7.el7_6.noarch.rpm
NetworkManager-glib-devel-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-libnm-devel-1.12.0-7.el7_6.aarch64.rpm
NetworkManager-ovs-1.12.0-7.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/NetworkManager-1.12.0-7.el7_6.src.rpm



Description of changes:

[1:1.12.0-7]
- manager: accept non-null device for VPN activations (rh #1641174)
- drop dependency of NetworkManager-ovs on openvswitch (rh #1633190)

ELBA-2018-3454 Oracle Linux 7 tzdata enhancement update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3454

http://linux.oracle.com/errata/ELBA-2018-3454.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
tzdata-2018g-1.el7.noarch.rpm
tzdata-java-2018g-1.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/tzdata-2018g-1.el7.src.rpm



Description of changes:

[2018g-1]
- Rebase to tzdata-2018g
- Morocco will remain at UTC+1 rather than switching back to UTC+0 as
planned. This change is effective Octobober 28, 2018.

ELSA-2018-3347 Critical: Oracle Linux 7 python-paramiko security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3347

http://linux.oracle.com/errata/ELSA-2018-3347.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
python-paramiko-2.1.1-9.el7.noarch.rpm
python-paramiko-doc-2.1.1-9.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-paramiko-2.1.1-9.el7.src.rpm



Description of changes:

[2.1.1-9]
- Fix a security flaw (CVE-2018-1000805) in Paramiko's server
mode (does not effect client mode).
Backported from 2.1.6
Resolves rhbz#1637366

ELSA-2018-3350 Important: Oracle Linux 7 java-1.7.0-openjdk security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3350

http://linux.oracle.com/errata/ELSA-2018-3350.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
java-1.7.0-openjdk-1.7.0.201-2.6.16.1.0.1.el7_6.aarch64.rpm
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.1.0.1.el7_6.aarch64.rpm
java-1.7.0-openjdk-headless-1.7.0.201-2.6.16.1.0.1.el7_6.aarch64.rpm
java-1.7.0-openjdk-accessibility-1.7.0.201-2.6.16.1.0.1.el7_6.aarch64.rpm
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.1.0.1.el7_6.aarch64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.1.0.1.el7_6.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.1.0.1.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-1.7.0-openjdk-1.7.0.201-2.6.16.1.0.1.el7_6.src.rpm



Description of changes:

[1:1.7.0.201-2.6.16.1.0.1]
- Update DISTRO_NAME in specfile

[1:1.7.0.201-2.6.16.1]
- Bump to 2.6.16 and u201b00.
- Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES)
- Resolves: rhbz#1633817

ELSA-2018-3408 Important: Oracle Linux 7 git security update

Oracle Linux Security Advisory ELSA-2018-3408

http://linux.oracle.com/errata/ELSA-2018-3408.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
emacs-git-1.8.3.1-20.el7.noarch.rpm
emacs-git-el-1.8.3.1-20.el7.noarch.rpm
git-1.8.3.1-20.el7.x86_64.rpm
git-all-1.8.3.1-20.el7.noarch.rpm
git-bzr-1.8.3.1-20.el7.noarch.rpm
git-cvs-1.8.3.1-20.el7.noarch.rpm
git-daemon-1.8.3.1-20.el7.x86_64.rpm
git-email-1.8.3.1-20.el7.noarch.rpm
git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm
git-gui-1.8.3.1-20.el7.noarch.rpm
git-hg-1.8.3.1-20.el7.noarch.rpm
git-instaweb-1.8.3.1-20.el7.noarch.rpm
git-p4-1.8.3.1-20.el7.noarch.rpm
git-svn-1.8.3.1-20.el7.x86_64.rpm
gitk-1.8.3.1-20.el7.noarch.rpm
gitweb-1.8.3.1-20.el7.noarch.rpm
perl-Git-1.8.3.1-20.el7.noarch.rpm
perl-Git-SVN-1.8.3.1-20.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/git-1.8.3.1-20.el7.src.rpm



Description of changes:

[1.8.3.1-20]
- Fix CVE-2018-17456: arbitrary code execution via .gitmodules
Thanks to Jonathan Nieder for backporting to 2.1.x
and to Steve Beattie for backporting to 1.9.1

ELSA-2018-3408 Important: Oracle Linux 7 git security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3408

http://linux.oracle.com/errata/ELSA-2018-3408.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
git-1.8.3.1-20.el7.aarch64.rpm
perl-Git-1.8.3.1-20.el7.noarch.rpm
emacs-git-1.8.3.1-20.el7.noarch.rpm
emacs-git-el-1.8.3.1-20.el7.noarch.rpm
git-all-1.8.3.1-20.el7.noarch.rpm
git-bzr-1.8.3.1-20.el7.noarch.rpm
git-cvs-1.8.3.1-20.el7.noarch.rpm
git-daemon-1.8.3.1-20.el7.aarch64.rpm
git-email-1.8.3.1-20.el7.noarch.rpm
git-gnome-keyring-1.8.3.1-20.el7.aarch64.rpm
git-gui-1.8.3.1-20.el7.noarch.rpm
git-hg-1.8.3.1-20.el7.noarch.rpm
git-instaweb-1.8.3.1-20.el7.noarch.rpm
gitk-1.8.3.1-20.el7.noarch.rpm
git-p4-1.8.3.1-20.el7.noarch.rpm
git-svn-1.8.3.1-20.el7.aarch64.rpm
gitweb-1.8.3.1-20.el7.noarch.rpm
perl-Git-SVN-1.8.3.1-20.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/git-1.8.3.1-20.el7.src.rpm



Description of changes:

[1.8.3.1-20]
- Fix CVE-2018-17456: arbitrary code execution via .gitmodules
Thanks to Jonathan Nieder for backporting to 2.1.x
and to Steve Beattie for backporting to 1.9.1

ELSA-2018-3410 Important: Oracle Linux 7 xorg-x11-server security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3410

http://linux.oracle.com/errata/ELSA-2018-3410.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
xorg-x11-server-common-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-Xephyr-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-Xorg-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-devel-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-source-1.20.1-5.1.el7.noarch.rpm
xorg-x11-server-Xdmx-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-Xnest-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-Xvfb-1.20.1-5.1.el7.aarch64.rpm
xorg-x11-server-Xwayland-1.20.1-5.1.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/xorg-x11-server-1.20.1-5.1.el7.src.rpm



Description of changes:

[1.20.1-5.1]
- CVE-2018-14665: Disable -logfile and -modulepath when running with
elevated
privileges

ELSA-2018-3458 Important: Oracle Linux 7 thunderbird security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3458

http://linux.oracle.com/errata/ELSA-2018-3458.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
thunderbird-60.2.1-4.0.1.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-60.2.1-4.0.1.el7_5.src.rpm



Description of changes:

[60.2.1-4.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js

[60.2.1-4]
- Fixing minor issues

[60.2.1-3]
- Reverting deleting of key3db

[60.2.1-2]
- Update to 60.2.1
- Added fix for rhbz#1546988

[60.0-1]
- Rebase to version 60

ELSA-2018-3521 Critical: Oracle Linux 7 java-11-openjdk security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3521

http://linux.oracle.com/errata/ELSA-2018-3521.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
java-11-openjdk-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-devel-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-headless-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-demo-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-demo-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-devel-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-headless-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-javadoc-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-javadoc-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-javadoc-zip-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-javadoc-zip-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-jmods-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-jmods-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-src-11.0.1.13-3.0.1.el7_6.aarch64.rpm
java-11-openjdk-src-debug-11.0.1.13-3.0.1.el7_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-11-openjdk-11.0.1.13-3.0.1.el7_6.src.rpm



Description of changes:

[1:11.0.1.13-3.0.1]
- link atomic for ix86 build

[1:11.0.1.13-3]
- Bump release for rebuild.

[1:11.0.1.13-2]
- Use LTS designator in version output for RHEL.

[1:11.0.1.13-1]
- Update to October 2018 CPU release, 11.0.1+13.

[1:11.0.0.28-2]
- Use --with-vendor-version-string=18.9 so as to show original
GA date for the JDK.

[1:11.0.0.28-1]
- Identify as GA version and no longer as early access (EA).
- JDK 11 has been released for GA on 2018-09-25.

[1:11.0.ea.28-9]
- Rework changes from 1:11.0.ea.22-6. RHBZ#1632174 supercedes
RHBZ-1624122.
- Add patch, JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch, so as to
optimize compilation of fdlibm library.
- Add patch, JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch, so
as to optimize compilation of sharedRuntime{Trig,Trans}.cpp
- Add patch, JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch, so as to
optimize compilation of libsaproc (extra c flags won't override
optimization).
- Add patch, JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch, so as to
optimize compilation of libjsig.
- Add patch, JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch, so as to
optimize compilation of vmStructs.cpp (part of libjvm.so).
- Reinstate filtering of opt flags coming from redhat-rpm-config.

[1:11.0.ea.28-8]
- removed version less provides
- javadocdir moved to arched dir as it is no longer noarch
- Resolves: rhbz#1570856

[1:11.0.ea.28-6]
- Add patch,
RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.patch,
so as to disable log math intrinsic on aarch64. Work-around for
JDK-8210858
- Resolves: rhbz#1570856

[1:11.0.ea.28-5]
- Add patch,
RHBZ-1628612-JDK-8210461-workaround-disable-aarch64-intrinsic.patch,
so as to disable dsin/dcos math intrinsics on aarch64. Work-around for
JDK-8210461.
- Resolves: rhbz#1570856

[1:11.0.ea.22-6]
- Add patch, JDK-8210416-RHBZ-1624122-fdlibm-opt-fix.patch, so as to
optimize compilation of fdlibm library.
- Add patch, JDK-8210425-RHBZ-1624122-sharedRuntimeTrig-opt-fix.patch, so
as to optimize compilation of sharedRuntime{Trig,Trans}.cpp
- Add patch, JDK-8210647-RHBZ-1624122-libsaproc-opt-fix.patch, so as to
optimize compilation of libsaproc (extra c flags won't override
optimization).
- Add patch, JDK-8210703-RHBZ-1624122-vmStructs-opt-fix.patch, so as to
optimize compilation of vmStructs.cpp (part of libjvm.so).
- No longer filter -O flags from C flags coming from
redhat-rpm-config.
- Resolves: RHBZ#1570856

[1:11.0.ea.28-4]
- link to jhsdb followed its file to ifarch jit_arches ifnarch s390x
- Resolves: rhbz#1570856

[1:11.0.ea.28-4]
- modified to build by itself
- Resolves: rhbz#1570856

[1:11.0.ea.28-3]
- Enable ZGC on x86_64.
- Resolves: RHBZ#1570856

[1:11.0.ea.28-2]
- jfr/*jfc files listed for all arches
- lib/classlist do not exists s390, ifarch-ed via jit_arches out
- specfile slightly improved to allow srpm rebuild on rhel8/fedoras
- Resolves: rhbz#1570856

[1:11.0.ea.28-1]
- Update to latest upstream build jdk11+28, the first release
candidate.
- Resolves: rhbz#1570856

[1:11.0.ea.22-8]
- Adjust system NSS patch, RHBZ-1565658-system-nss-SunEC.patch, so
as to filter -Wl,--as-needed from linker flags. Fixes FTBFS issue.
- Resolves: rhbz#1570856

[1:11.0.ea.22-6]
- dissabled accessibility, fixed provides for main package's debug variant
- Resolves: RHBZ#1570856

[1:11.0.ea.22-8]
- jfr/*jfc files listed for all arches
- Resolves: rhbz#1570856

[1:11.0.ea.22-7]
- added space behind jmd slave
- Resolves: rhbz#1570856

[1:11.0.ea.22-6]
- jfr/*jfc files listed also for ppc
- Resolves: rhbz#1570856

[1:11.0.ea.22-5]
- Initial Load
- removed -fno-lifetime-dse; rhel7 gcc to old (4.8.5)
- lib/classlist do not exists s390, ifarch-ed via jit_arches out
- Resolves: rhbz#1570856

ELSA-2018-3532 Important: Oracle Linux 7 thunderbird security update

Oracle Linux Security Advisory ELSA-2018-3532

http://linux.oracle.com/errata/ELSA-2018-3532.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
thunderbird-60.3.0-1.0.1.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-60.3.0-1.0.1.el7_5.src.rpm



Description of changes:

[60.3.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js

[60.3.0-1]
- Update to 60.3.0

[60.2.1-6]
- Fixed missing calendar langpacks

[60.2.1-5]
- Fixing minor issues

ELSA-2018-4270 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4270

http://linux.oracle.com/errata/ELSA-2018-4270.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1818.4.5.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1818.4.5.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1818.4.5.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1818.4.5.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1818.4.5.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1818.4.5.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.4.5.el7uek.src.rpm



Description of changes:

[4.14.35-1818.4.5.el7uek]
- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris
Ostrovsky) [Orabug: 28814574]
- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace
(Boris Ostrovsky) [Orabug: 28814574]
- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally
(Boris Ostrovsky) [Orabug: 28814574]
- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris
Ostrovsky) [Orabug: 28814574]
- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris
Ostrovsky) [Orabug: 28814574]

[4.14.35-1818.4.4.el7uek]
- ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug: 28821391]
- scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824731]
{CVE-2017-13168}
- hugetlbfs: introduce truncation/fault mutex to avoid races (Mike
Kravetz) [Orabug: 28776542]
- rds: MPRDS messages delivered out of order (Ka-Cheong Poon) [Orabug:
28838051]
- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit
(Daniel Jordan) [Orabug: 28270952]
- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel
Jordan) [Orabug: 28270952]
- x86/bugs: x86_spec_ctrl_set may not disable IBRS on kernel idle
(Daniel Jordan) [Orabug: 28270952]
- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec
ctrl MSR (Daniel Jordan) [Orabug: 28270952]
- iommu: turn on iommu=pt by default (Tushar Dave) [Orabug: 28111039]
- vhost/scsi: Use common handling code in request queue handler (Bijan
Mottahedeh) [Orabug: 28775556]
- vhost/scsi: Extract common handling code from control queue handler
(Bijan Mottahedeh) [Orabug: 28775556]
- vhost/scsi: Respond to control queue operations (Bijan Mottahedeh)
[Orabug: 28775556]

[4.14.35-1818.4.3.el7uek]
- Fix error code in nfs_lookup_verify_inode() (Lance Shelton) [Orabug:
28807515]
- x86/speculation: Retpoline should always be available on Skylake
(Alexandre Chartre) [Orabug: 28801830]
- x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan)
[Orabug: 28802799]
- net/mlx4_core: print firmware version during driver loading (Qing
Huang) [Orabug: 28809382]
- hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz)
[Orabug: 28813999]

[4.14.35-1818.4.2.el7uek]
- infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug:
28774511] {CVE-2018-14734}
- nfs: fix a deadlock in nfs client initialization (Scott Mayhew)
[Orabug: 28775910]
- x86/speculation: Unconditionally fill RSB on context switch (Alejandro
Jimenez) [Orabug: 28631576] {CVE-2018-15572}
- bnxt_re: Implement the shutdown hook of the L2-RoCE driver interface
(Somnath Kotur) [Orabug: 28539344]
- rds: RDS (tcp) hangs on sendto() to unresponding address (Ka-Cheong
Poon) [Orabug: 28762597]
- uek-rpm: aarch64 some XGENE drivers must be be modules (Tom Saeger)
[Orabug: 28769119]
- arm64: KVM: Sanitize PSTATE.M when being set from userspace (Marc
Zyngier) [Orabug: 28762424] {CVE-2018-18021}
- arm64: KVM: Tighten guest core register access from userspace (Dave
Martin) [Orabug: 28762424] {CVE-2018-18021}
- iommu/amd: Clear memory encryption mask from physical address (Singh,
Brijesh) [Orabug: 28770185]

[4.14.35-1818.4.1.el7uek]
- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds)
[Orabug: 28700955] {CVE-2018-17182}
- Btrfs: fix log replay failure after unlink and link combination
(Filipe Manana) [Orabug: 27941939]
- x86/speculation: Add sysfs entry to enable/disable retpoline
(Alexandre Chartre) [Orabug: 28753851]
- x86/speculation: Allow IBRS firmware to be enabled when IBRS is
disabled (Alexandre Chartre) [Orabug: 28753851]
- x86/speculation: Remove unnecessary retpoline alternatives (Alexandre
Chartre) [Orabug: 28753851]
- x86/speculation: Use static key to enable/disable retpoline (Alexandre
Chartre) [Orabug: 28753851]
- bnxt_en: Fix memory fault in bnxt_ethtool_init() (Vasundhara Volam)
[Orabug: 28632641]
- IB/core: Initialize relaxed_pd properly (Yuval Shaia) [Orabug: 28197305]

[4.14.35-1818.4.0.el7uek]
- e1000e: Fix link check race condition (Benjamin Poirier) [Orabug:
28489384]
- Revert "e1000e: Separate signaling for link check/link up" (Benjamin
Poirier) [Orabug: 28489384]
- e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier)
[Orabug: 28489384]
- e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin
Poirier) [Orabug: 28489384]
- Partial revert "e1000e: Avoid receiver overrun interrupt bursts"
(Benjamin Poirier) [Orabug: 28489384]
- e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28489384]
- btrfs: validate type when reading a chunk (Gu Jinxiang) [Orabug:
28700851] {CVE-2018-14611}
- btrfs: Check that each block group has corresponding chunk at mount
time (Qu Wenruo) [Orabug: 28700872] {CVE-2018-14610}
- net: rds: Use address family to designate IPv4 or IPv6 addresses
(Håkon Bugge) [Orabug: 28720069]
- net: rds: Fix blank at eol in af_rds.c (Håkon Bugge) [Orabug: 28720069]

ELSA-2018-4270 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-4270

http://linux.oracle.com/errata/ELSA-2018-4270.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1818.4.5.el7uek.aarch64.rpm
perf-4.14.35-1818.4.5.el7uek.aarch64.rpm
python-perf-4.14.35-1818.4.5.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1818.4.5.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.4.5.el7uek.src.rpm



Description of changes:

[4.14.35-1818.4.5.el7uek]
- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris
Ostrovsky) [Orabug: 28814574]
- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace
(Boris Ostrovsky) [Orabug: 28814574]
- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally
(Boris Ostrovsky) [Orabug: 28814574]
- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris
Ostrovsky) [Orabug: 28814574]
- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris
Ostrovsky) [Orabug: 28814574]

[4.14.35-1818.4.4.el7uek]
- ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug: 28821391]
- scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824731]
{CVE-2017-13168}
- hugetlbfs: introduce truncation/fault mutex to avoid races (Mike
Kravetz) [Orabug: 28776542]
- rds: MPRDS messages delivered out of order (Ka-Cheong Poon) [Orabug:
28838051]
- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit
(Daniel Jordan) [Orabug: 28270952]
- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel
Jordan) [Orabug: 28270952]
- x86/bugs: x86_spec_ctrl_set may not disable IBRS on kernel idle
(Daniel Jordan) [Orabug: 28270952]
- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec
ctrl MSR (Daniel Jordan) [Orabug: 28270952]
- iommu: turn on iommu=pt by default (Tushar Dave) [Orabug: 28111039]
- vhost/scsi: Use common handling code in request queue handler (Bijan
Mottahedeh) [Orabug: 28775556]
- vhost/scsi: Extract common handling code from control queue handler
(Bijan Mottahedeh) [Orabug: 28775556]
- vhost/scsi: Respond to control queue operations (Bijan Mottahedeh)
[Orabug: 28775556]

[4.14.35-1818.4.3.el7uek]
- Fix error code in nfs_lookup_verify_inode() (Lance Shelton) [Orabug:
28807515]
- x86/speculation: Retpoline should always be available on Skylake
(Alexandre Chartre) [Orabug: 28801830]
- x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan)
[Orabug: 28802799]
- net/mlx4_core: print firmware version during driver loading (Qing
Huang) [Orabug: 28809382]
- hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz)
[Orabug: 28813999]

[4.14.35-1818.4.2.el7uek]
- infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug:
28774511] {CVE-2018-14734}
- nfs: fix a deadlock in nfs client initialization (Scott Mayhew)
[Orabug: 28775910]
- x86/speculation: Unconditionally fill RSB on context switch (Alejandro
Jimenez) [Orabug: 28631576] {CVE-2018-15572}
- bnxt_re: Implement the shutdown hook of the L2-RoCE driver interface
(Somnath Kotur) [Orabug: 28539344]
- rds: RDS (tcp) hangs on sendto() to unresponding address (Ka-Cheong
Poon) [Orabug: 28762597]
- uek-rpm: aarch64 some XGENE drivers must be be modules (Tom Saeger)
[Orabug: 28769119]
- arm64: KVM: Sanitize PSTATE.M when being set from userspace (Marc
Zyngier) [Orabug: 28762424] {CVE-2018-18021}
- arm64: KVM: Tighten guest core register access from userspace (Dave
Martin) [Orabug: 28762424] {CVE-2018-18021}
- iommu/amd: Clear memory encryption mask from physical address (Singh,
Brijesh) [Orabug: 28770185]

[4.14.35-1818.4.1.el7uek]
- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds)
[Orabug: 28700955] {CVE-2018-17182}
- Btrfs: fix log replay failure after unlink and link combination
(Filipe Manana) [Orabug: 27941939]
- x86/speculation: Add sysfs entry to enable/disable retpoline
(Alexandre Chartre) [Orabug: 28753851]
- x86/speculation: Allow IBRS firmware to be enabled when IBRS is
disabled (Alexandre Chartre) [Orabug: 28753851]
- x86/speculation: Remove unnecessary retpoline alternatives (Alexandre
Chartre) [Orabug: 28753851]
- x86/speculation: Use static key to enable/disable retpoline (Alexandre
Chartre) [Orabug: 28753851]
- bnxt_en: Fix memory fault in bnxt_ethtool_init() (Vasundhara Volam)
[Orabug: 28632641]
- IB/core: Initialize relaxed_pd properly (Yuval Shaia) [Orabug: 28197305]

[4.14.35-1818.4.0.el7uek]
- e1000e: Fix link check race condition (Benjamin Poirier) [Orabug:
28489384]
- Revert "e1000e: Separate signaling for link check/link up" (Benjamin
Poirier) [Orabug: 28489384]
- e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier)
[Orabug: 28489384]
- e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin
Poirier) [Orabug: 28489384]
- Partial revert "e1000e: Avoid receiver overrun interrupt bursts"
(Benjamin Poirier) [Orabug: 28489384]
- e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28489384]
- btrfs: validate type when reading a chunk (Gu Jinxiang) [Orabug:
28700851] {CVE-2018-14611}
- btrfs: Check that each block group has corresponding chunk at mount
time (Qu Wenruo) [Orabug: 28700872] {CVE-2018-14610}
- net: rds: Use address family to designate IPv4 or IPv6 addresses
(Håkon Bugge) [Orabug: 28720069]
- net: rds: Fix blank at eol in af_rds.c (Håkon Bugge) [Orabug: 28720069]

New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2018-4269)

Synopsis: ELSA-2018-4269 can now be patched using Ksplice
CVEs: CVE-2018-7757

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4269.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.

Orabug: 27927686

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4268)

Synopsis: ELSA-2018-4268 can now be patched using Ksplice
CVEs: CVE-2017-18017 CVE-2018-7757

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4268.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.

Orabug: 27927692


* CVE-2017-18017: Use-after-free when processing TCP packets in netfliter TCPMSS target.

A missing check when using TCPMSS target for TCP could lead to an
use-after-free. A remote attacker could use this flaw to cause a
denial-of-service.

Orabug: 27896807

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.