Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-3339 Oracle Linux 7 libvirt bug fix update
ELSA-2018-3032 Low: Oracle Linux 7 binutils security, bug fix, and enhancement update
ELSA-2018-3041 Moderate: Oracle Linux 7 python security and bug fix update
ELSA-2018-3050 Moderate: Oracle Linux 7 gnutls security, bug fix, and enhancement update
ELSA-2018-3052 Moderate: Oracle Linux 7 wget security and bug fix update
ELSA-2018-3056 Moderate: Oracle Linux 7 samba security, bug fix, and enhancement update
ELSA-2018-3065 Moderate: Oracle Linux 7 libkdcraw security update
ELSA-2018-3071 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update
ELSA-2018-3073 Moderate: Oracle Linux 7 zsh security and bug fix update
ELSA-2018-3083 Important: Oracle Linux 7 kernel security, bug fix, and enhancement update
ELSA-2018-3090 Moderate: Oracle Linux 7 ovmf security, bug fix, and enhancement update
ELSA-2018-3107 Moderate: Oracle Linux 7 wpa_supplicant security and bug fix update
ELSA-2018-3113 Moderate: Oracle Linux 7 libvirt security, bug fix, and enhancement update
ELSA-2018-3127 Moderate: Oracle Linux 7 389-ds-base security, bug fix, and enhancement update
ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update
ELSA-2018-3158 Low: Oracle Linux 7 sssd security, bug fix, and enhancement update
ELSA-2018-3221 Moderate: Oracle Linux 7 openssl security, bug fix, and enhancement update
ELSA-2018-3229 Low: Oracle Linux 7 zziplib security update
ELSA-2018-3242 Moderate: Oracle Linux 7 glusterfs security, bug fix, and enhancement update
ELSA-2018-3246 Low: Oracle Linux 7 libcdio security update
ELSA-2018-3249 Low: Oracle Linux 7 setup security and bug fix update
ELSA-2018-3253 Low: Oracle Linux 7 jasper security update
ELSA-2018-3327 Low: Oracle Linux 7 libmspack security update
ELSA-2018-3335 Moderate: Oracle Linux 7 xerces-c security update



ELBA-2018-3339 Oracle Linux 7 libvirt bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-3339

http://linux.oracle.com/errata/ELBA-2018-3339.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libvirt-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-admin-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-bash-completion-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-client-4.5.0-10.0.1.el7_6.2.i686.rpm
libvirt-client-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-config-network-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-interface-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-network-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-secret-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-gluster-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-rbd-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-kvm-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-daemon-lxc-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-devel-4.5.0-10.0.1.el7_6.2.i686.rpm
libvirt-devel-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-docs-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-libs-4.5.0-10.0.1.el7_6.2.i686.rpm
libvirt-libs-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-lock-sanlock-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-login-shell-4.5.0-10.0.1.el7_6.2.x86_64.rpm
libvirt-nss-4.5.0-10.0.1.el7_6.2.i686.rpm
libvirt-nss-4.5.0-10.0.1.el7_6.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-4.5.0-10.0.1.el7_6.2.src.rpm



Description of changes:

[4.5.0-10.0.1.el7_6.2]
- added librbd1 as dependency (Keshav Sharma)

[4.5.0-10.el7_6.2]
- virfile: fix cast-align error (rhbz#1635705)
- virfiletest: Fix test name prefix for virFileInData test (rhbz#1635705)
- virfiletst: Test virFileIsSharedFS (rhbz#1635705)
- virFileIsSharedFSType: Detect direct mount points (rhbz#1635705)
- virfile: Rework virFileIsSharedFixFUSE (rhbz#1635705)

[4.5.0-10.el7_6.1]
- security: dac: also label listen UNIX sockets (rhbz#1635228)
- qemu: fix up permissions for pre-created UNIX sockets (rhbz#1635228)
- virFileIsSharedFSType: Check for fuse.glusterfs too (rhbz#1635705)

ELSA-2018-3032 Low: Oracle Linux 7 binutils security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3032

http://linux.oracle.com/errata/ELSA-2018-3032.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
binutils-2.27-34.base.0.1.el7.x86_64.rpm
binutils-devel-2.27-34.base.0.1.el7.i686.rpm
binutils-devel-2.27-34.base.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/binutils-2.27-34.base.0.1.el7.src.rpm



Description of changes:

[2.27-34.base.0.1]
- Backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598
Add a test for R_386_GOT32/R_386_GOT32X IFUNC reloc error [Orabug
27930573]

[2.27-34.base]
- Fix seg-fault parsing corrupt AOUT format files. (#1579799)
- Fix seg-fault parsing corrupt DWARF2 debug information. (#1579802)
- Fix seg-fault parsing corrupt ELF format files. (#1579801)

[2.27-33.base]
- Fix seg-fault parsing ELF files. (#1578979)
- Fix seg-fault parsing DWARF-2 information. (#1579065)
- Fix seg-fault parsing DWARF-2 information. (#1579051)
- Fix seg-fault parsing a PE format file. (#1579019)

[2.27-32.base]
- Fix seg-fault parsing DWARF-1 information. (#1569580)
- Fix seg-fault parsing DWARF-2 information. (#1569891)
- Fix seg-fault parsing COFF files. (#1571917)

[2.27-31.base]
- Allow "lea foo@GOT, %reg" in PIC mode on the x86. (#1573872)

[2.27-30.base]
- Version bump in order to allow a rebuild, in order to work around a
transient problem with the compose database.

[2.27-29.base]
- Add support for the GLOBALAUDIT dynamic linker tag.
(#1439351)

ELSA-2018-3041 Moderate: Oracle Linux 7 python security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3041

http://linux.oracle.com/errata/ELSA-2018-3041.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
python-2.7.5-76.0.1.el7.x86_64.rpm
python-debug-2.7.5-76.0.1.el7.x86_64.rpm
python-devel-2.7.5-76.0.1.el7.x86_64.rpm
python-libs-2.7.5-76.0.1.el7.i686.rpm
python-libs-2.7.5-76.0.1.el7.x86_64.rpm
python-test-2.7.5-76.0.1.el7.x86_64.rpm
python-tools-2.7.5-76.0.1.el7.x86_64.rpm
tkinter-2.7.5-76.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-2.7.5-76.0.1.el7.src.rpm



Description of changes:

[2.7.5-76.0.1]
- Add Oracle Linux distribution in platform.py [orabug 20812544]

[2.7.5-76]
- Remove an unversioned obsoletes tag
Resolves: rhbz#1627059

[2.7.5-75]
- Provide the /usr/libexec/platform-python symlink to the main binary
Resolves: rhbz#1599159

[2.7.5-74]
- Fix OSERROR 17 due to _multiprocessing/semaphore.c assuming
a one-to-one Pid -> process mapping
Resolves: rhbz#1579432

[2.7.5-73]
- Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32).
Resolves: rhbz#1581901

[2.7.5-72]
- Fix CVE-2018-1060 and CVE-2018-1061
Resolves: rhbz#1563454 and rhbz#1549192
- Provide python2-libs from the python-libs subpackage
Resolves: rhbz#1557460

[2.7.5-71]
- Limit the number of CPU cores when building the package on power
architectures
Resolves: rhbz#1568974

[2.7.5-70]
- Do not send IP addresses in SNI TLS extension
Resolves: rhbz#1555314

ELSA-2018-3050 Moderate: Oracle Linux 7 gnutls security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3050

http://linux.oracle.com/errata/ELSA-2018-3050.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
gnutls-3.3.29-8.0.1.el7.i686.rpm
gnutls-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-c++-3.3.29-8.0.1.el7.i686.rpm
gnutls-c++-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-dane-3.3.29-8.0.1.el7.i686.rpm
gnutls-dane-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-devel-3.3.29-8.0.1.el7.i686.rpm
gnutls-devel-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-utils-3.3.29-8.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gnutls-3.3.29-8.0.1.el7.src.rpm



Description of changes:

[3.3.29-8.0.1]
- Include ECDSA KAT into selftests for FIPS140-2 compliance [Orabug
27484156]

[3.3.29-8]
- Backported --sni-hostname option which allows overriding the hostname
advertised to the peer (#1444792)
- Improved counter-measures in TLS CBC record padding for lucky13 attack
(CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
(CVE-2018-10846, #1589708)
- Address p11tool issue in object deletion in batch mode (#1375307)
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
unsupported features in 3.3.x (--load-pubkey and --test-sign options,
ECC key
generation without login, and certificates do not inherit ID from the
private
key)
- p11tool explicitly marks certificates and public keys as NOT private
objects
and private keys as private objects
- Enlarge buffer size to support resumption with large keys (#1542461)
- Legacy HMAC-SHA384 cipher suites were disabled by default
- Added DSA key generation to p11tool (#1464896)
- Address session renegotiation issue using client certificate (#1434091)
- Address issue when importing private keys into Atos HSM (#1460125)

ELSA-2018-3052 Moderate: Oracle Linux 7 wget security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3052

http://linux.oracle.com/errata/ELSA-2018-3052.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
wget-1.14-18.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/wget-1.14-18.el7.src.rpm



Description of changes:

[1.14-18]
- Fix CVE-2018-0494 (#1576106)

[1.14-17]
- Fix segfault when Digest Authentication header is missing 'qop' part
(#1545310)

[1.14-16]
- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090)

ELSA-2018-3056 Moderate: Oracle Linux 7 samba security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3056

http://linux.oracle.com/errata/ELSA-2018-3056.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libsmbclient-4.8.3-4.el7.i686.rpm
libsmbclient-4.8.3-4.el7.x86_64.rpm
libsmbclient-devel-4.8.3-4.el7.i686.rpm
libsmbclient-devel-4.8.3-4.el7.x86_64.rpm
libwbclient-4.8.3-4.el7.i686.rpm
libwbclient-4.8.3-4.el7.x86_64.rpm
libwbclient-devel-4.8.3-4.el7.i686.rpm
libwbclient-devel-4.8.3-4.el7.x86_64.rpm
samba-4.8.3-4.el7.x86_64.rpm
samba-client-4.8.3-4.el7.x86_64.rpm
samba-client-libs-4.8.3-4.el7.i686.rpm
samba-client-libs-4.8.3-4.el7.x86_64.rpm
samba-common-4.8.3-4.el7.noarch.rpm
samba-common-libs-4.8.3-4.el7.x86_64.rpm
samba-common-tools-4.8.3-4.el7.x86_64.rpm
samba-dc-4.8.3-4.el7.x86_64.rpm
samba-dc-libs-4.8.3-4.el7.x86_64.rpm
samba-devel-4.8.3-4.el7.i686.rpm
samba-devel-4.8.3-4.el7.x86_64.rpm
samba-krb5-printing-4.8.3-4.el7.x86_64.rpm
samba-libs-4.8.3-4.el7.i686.rpm
samba-libs-4.8.3-4.el7.x86_64.rpm
samba-pidl-4.8.3-4.el7.noarch.rpm
samba-python-4.8.3-4.el7.x86_64.rpm
samba-python-test-4.8.3-4.el7.x86_64.rpm
samba-test-4.8.3-4.el7.x86_64.rpm
samba-test-libs-4.8.3-4.el7.i686.rpm
samba-test-libs-4.8.3-4.el7.x86_64.rpm
samba-vfs-glusterfs-4.8.3-4.el7.x86_64.rpm
samba-winbind-4.8.3-4.el7.x86_64.rpm
samba-winbind-clients-4.8.3-4.el7.x86_64.rpm
samba-winbind-krb5-locator-4.8.3-4.el7.x86_64.rpm
samba-winbind-modules-4.8.3-4.el7.i686.rpm
samba-winbind-modules-4.8.3-4.el7.x86_64.rpm
ctdb-4.8.3-4.el7.x86_64.rpm
ctdb-tests-4.8.3-4.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/samba-4.8.3-4.el7.src.rpm



Description of changes:

[4.8.3-4]
- resolves: #1614132 - Fix delete-on-close after smb2_find
- resolves: #1614265 - Fix CVE-2018-1139
- resolves: #1614269 - Fix CVE-2018-10858

ELSA-2018-3065 Moderate: Oracle Linux 7 libkdcraw security update

Oracle Linux Security Advisory ELSA-2018-3065

http://linux.oracle.com/errata/ELSA-2018-3065.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libkdcraw-4.10.5-5.el7.i686.rpm
libkdcraw-4.10.5-5.el7.x86_64.rpm
libkdcraw-devel-4.10.5-5.el7.i686.rpm
libkdcraw-devel-4.10.5-5.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libkdcraw-4.10.5-5.el7.src.rpm



Description of changes:

[4.10.5-5]
- Resolves: #1557171, #1557189, #1558954
use the system LibRaw

ELSA-2018-3071 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3071

http://linux.oracle.com/errata/ELSA-2018-3071.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
krb5-devel-1.15.1-34.el7.i686.rpm
krb5-devel-1.15.1-34.el7.x86_64.rpm
krb5-libs-1.15.1-34.el7.i686.rpm
krb5-libs-1.15.1-34.el7.x86_64.rpm
krb5-pkinit-1.15.1-34.el7.x86_64.rpm
krb5-server-1.15.1-34.el7.x86_64.rpm
krb5-server-ldap-1.15.1-34.el7.x86_64.rpm
krb5-workstation-1.15.1-34.el7.x86_64.rpm
libkadm5-1.15.1-34.el7.i686.rpm
libkadm5-1.15.1-34.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.15.1-34.el7.src.rpm



Description of changes:

[1.15.1-34]
- In FIPS mode, add plaintext fallback for RC4 usages and taint
- Resolves: #1570600

[1.15.1-33]
- Use SHA-256 instead of MD5 for audit ticket IDs
- Resolves: #1570600

[1.15.1-32]
- Include preauth name in trace output if possible
- Update cert generation scripts to work on modern openssl
- Fix per-request preauth scoping
- Add test case for PKINIT DH renegotiation
- Echo KDC cookies in preauth tryagain
- Fall back to other preauth mechanisms after failures
- Resolves: #1540130

[1.15.1-31]
- Add German translation
- Resolves: #1497301

[1.15.1-30]
- Add default pkinit_anchors value to krb5.conf
- Resolves: #1508081

[1.15.1-29]
- Process profile includedir in sorted order
- Also, ignore dotfiles in included directories
- Resolves: #1539824

[1.15.1-28]
- Exit with status 0 from kadmind
- Resolves: #1373909

[1.15.1-27]
- Continue after KRB5_CC_END in KCM cache iteration
- Resolves: #1563166

[1.15.1-26]
- Merge duplicate subsections in profile library
- Resolves: #1519625

[1.15.1-25]
- Fix service dependencies on network state
- Resolves: #1525232

[1.15.1-24]
- Explicitly use openssl rather than builtin crypto
- Resolves: #1570600

[1.15.1-23]
- Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730)
- Resolves: #1562684
- Resolves: #1562679

[1.15.1-22]
- Fix segfault in finish_dispatch()
- Resolves: #1568970

[1.15.1-21]
- Unparse SANs with NO_REALM
- Resolves: #1482457

[1.15.1-20]
- Fix hex conversion of PKINIT certid strings
- Resolves: #1538491


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata



ELSA-2018-3073 Moderate: Oracle Linux 7 zsh security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3073

http://linux.oracle.com/errata/ELSA-2018-3073.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
zsh-5.0.2-31.el7.x86_64.rpm
zsh-html-5.0.2-31.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/zsh-5.0.2-31.el7.src.rpm



Description of changes:

[5.0.2-31]
- fix defects detected by Coverity related to CVE-2017-18206 and
CVE-2018-1083

[5.0.2-30]
- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100)
- fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083)
- fix stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)
- avoid crash when copying empty hash table (CVE-2018-7549)
- fix buffer overrun in xsymlinks (CVE-2017-18206)
- fix NULL dereference in cd (CVE-2017-18205)
- fix buffer overflow when scanning very long path for symlinks
(CVE-2014-10072)
- fix buffer overflow for very long fds in >& fd syntax (CVE-2014-10071)

[5.0.2-29]
- fix crash while inputting long multi-line strings (#1492595)

ELSA-2018-3083 Important: Oracle Linux 7 kernel security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3083

http://linux.oracle.com/errata/ELSA-2018-3083.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.el7.x86_64.rpm
kernel-3.10.0-957.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
kernel-debug-3.10.0-957.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
kernel-devel-3.10.0-957.el7.x86_64.rpm
kernel-doc-3.10.0-957.el7.noarch.rpm
kernel-headers-3.10.0-957.el7.x86_64.rpm
kernel-tools-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
perf-3.10.0-957.el7.x86_64.rpm
python-perf-3.10.0-957.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.el7.src.rpm



Description of changes:

[3.10.0-957.el7]
- [mm] mlock: avoid increase mm->locked_vm on mlock() when already
mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059]

ELSA-2018-3107 Moderate: Oracle Linux 7 wpa_supplicant security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3107

http://linux.oracle.com/errata/ELSA-2018-3107.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
wpa_supplicant-2.6-12.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/wpa_supplicant-2.6-12.el7.src.rpm



Description of changes:

[1:2.6-12]
- Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526)

[1:2.6-11]
- Better handling of /run/wpa_supplicant (rh #1507919)

[1:2.6-10]
- Fix memory leak when macsec MKA/PSK is used (rh #1500442)
- Fix authentication failure when the MAC is updated externally (rh
#1490885)
- Let the kernel discard EAPOL if packet type is PACKET_OTHERHOST (rh
#1434434)
- Don't restart wpa_supplicant.service on package upgrade (rh #1505404)
- Don't own a directory in /run/ (rh #1507919)

ELSA-2018-3113 Moderate: Oracle Linux 7 libvirt security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3113

http://linux.oracle.com/errata/ELSA-2018-3113.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libvirt-4.5.0-10.el7.x86_64.rpm
libvirt-admin-4.5.0-10.el7.x86_64.rpm
libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm
libvirt-client-4.5.0-10.el7.i686.rpm
libvirt-client-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-kvm-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-devel-4.5.0-10.el7.i686.rpm
libvirt-devel-4.5.0-10.el7.x86_64.rpm
libvirt-docs-4.5.0-10.el7.x86_64.rpm
libvirt-libs-4.5.0-10.el7.i686.rpm
libvirt-libs-4.5.0-10.el7.x86_64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.x86_64.rpm
libvirt-login-shell-4.5.0-10.el7.x86_64.rpm
libvirt-nss-4.5.0-10.el7.i686.rpm
libvirt-nss-4.5.0-10.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-4.5.0-10.el7.src.rpm



Description of changes:

[4.5.0-10]
- conf: correct false boot order error during domain parse (rhbz#1601318)

[4.5.0-9]
- virDomainDefCompatibleDevice: Relax alias change check (rhbz#1621910)
- virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1621910)
- virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623157)

[4.5.0-8]
- storage: Add --shrink to qemu-img command when shrinking vol
(rhbz#1613746)
- access: Fix nwfilter-binding ACL access API name generation (rhbz#1611320)
- qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs
(rhbz#1624735)

[4.5.0-7]
- qemu_migration: Avoid writing to freed memory (rhbz#1593137)
- qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618622)
- tests: rename hugepages to hugepages-default (rhbz#1591235)
- tests: extract hugepages-numa-default-dimm out of hugepages-numa
(rhbz#1591235)
- tests: rename hugepages-numa into hugepages-numa-default (rhbz#1591235)
- tests: remove unnecessary XML elements from hugepages-numa-default
(rhbz#1591235)
- tests: extract pages-discard out of hugepages-pages (rhbz#1591235)
- tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1591235)
- tests: rename hugepages-pages2 into hugepages-numa-default-2M
(rhbz#1591235)
- tests: extract pages-discard-hugepages out of hugepages-pages3
(rhbz#1591235)
- tests: rename hugepages-pages3 into hugepages-numa-nodeset-part
(rhbz#1591235)
- tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist
(rhbz#1591235)
- tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1591235)
- tests: rename hugepages-pages6 into hugepages-default-system-size
(rhbz#1591235)
- tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1591235)
- tests: rename hugepages-pages8 into hugepages-nodeset-nonexist
(rhbz#1591235)
- tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1591235)
- tests: introduce hugepages-nodeset (rhbz#1591235)
- conf: Move hugepage XML validation check out of qemu_command
(rhbz#1591235)
- conf: Move hugepages validation out of XML parser (rhbz#1591235)
- conf: Introduce virDomainDefPostParseMemtune (rhbz#1591235)
- tests: sev: Test launch-security with specific QEMU version (rhbz#1612009)
- qemu: Fix probing of AMD SEV support (rhbz#1612009)
- qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1612009)

[4.5.0-6]
- qemu: Exempt video model 'none' from getting a PCI address on Q35
(rhbz#1609087)
- conf: Fix a error msg typo in virDomainVideoDefValidate (rhbz#1607825)

[4.5.0-5]
- esx storage: Fix typo lsilogic -> lsiLogic (rhbz#1571759)
- networkGetDHCPLeases: Don't always report error if unable to read
leases file (rhbz#1600468)
- nwfilter: Resolve SEGV for NWFilter Snoop processing (rhbz#1599973)
- qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs
(rhbz#1589115)
- qemuDomainSaveMemory: Don't enforce dynamicOwnership (rhbz#1589115)
- domain_nwfilter: Return early if net has no name in
virDomainConfNWFilterTeardownImpl (rhbz#1607831)
- examples: Add clean-traffic-gateway into nwfilters (rhbz#1603115)

[4.5.0-4]
- qemu: hotplug: don't overwrite error message in
qemuDomainAttachNetDevice (rhbz#1598311)
- qemu: hotplug: report error when changing rom enabled attr for net
iface (rhbz#1599513)
- qemu: Fix setting global_period cputune element (rhbz#1600427)
- tests: qemucaps: Add test data for upcoming qemu 3.0.0 (rhbz#1475770)
- qemu: capabilities: Add capability for werror/rerror for 'usb-device'
frontend (rhbz#1475770)
- qemu: command: Move graphics iteration to its own function (rhbz#1475770)
- qemu: address: Handle all the video devices within a single loop
(rhbz#1475770)
- conf: Introduce virDomainVideoDefClear helper (rhbz#1475770)
- conf: Introduce virDomainDefPostParseVideo helper (rhbz#1475770)
- qemu: validate: Enforce compile time switch type checking for videos
(rhbz#1475770)
- tests: Add capabilities data for QEMU 2.11 x86_64 (rhbz#1475770)
- tests: Update capabilities data for QEMU 3.0.0 x86_64 (rhbz#1475770)
- qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc
(rhbz#1475770)
- qemu: caps: Introduce a capability for egl-headless (rhbz#1475770)
- qemu: Introduce a new graphics display type 'headless' (rhbz#1475770)
- qemu: caps: Add vfio-pci.display capability (rhbz#1475770)
- conf: Introduce virDomainGraphicsDefHasOpenGL helper (rhbz#1475770)
- conf: Replace 'error' with 'cleanup' in
virDomainHostdevDefParseXMLSubsys (rhbz#1475770)
- conf: Introduce new attribute 'display' (rhbz#1475770)
- qemu: command: Enable formatting vfio-pci.display option onto cmdline
(rhbz#1475770)
- docs: Rephrase the mediated devices hostdev section a bit (rhbz#1475770)
- conf: Introduce new video type 'none' (rhbz#1475770)
- virt-xml-validate: Add schema for nwfilterbinding (rhbz#1600330)
- tools: Fix typo generating adapter_wwpn field (rhbz#1601377)
- src: Fix memory leak in virNWFilterBindingDispose (rhbz#1603025)

[4.5.0-3]
- qemu: hotplug: Do not try to add secret object for TLS if it does not
exist (rhbz#1598015)
- qemu: monitor: Make qemuMonitorAddObject more robust against
programming errors (rhbz#1598015)
- spec: Explicitly require matching libvirt-libs (rhbz#1600122)
- virDomainConfNWFilterInstantiate: initialize @xml to avoid random
crash (rhbz#1599545)
- qemuProcessStartPRDaemonHook: Try to set NS iff domain was started
with one (rhbz#1470007)
- qemuDomainValidateStorageSource: Relax PR validation (rhbz#1470007)
- virStoragePRDefFormat: Suppress path formatting for migratable XML
(rhbz#1470007)
- qemu: Wire up PR_MANAGER_STATUS_CHANGED event (rhbz#1470007)
- qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo (rhbz#1470007)
- qemu: Fetch pr-helper process info on reconnect (rhbz#1470007)
- qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject (rhbz#1598015)
- virsh.pod: Fix a command name typo in nwfilter-binding-undefine
(rhbz#1600329)
- docs: schema: Add missing to vsock device (rhbz#1600345)
- virnetdevtap: Don't crash on !ifname in virNetDevTapInterfaceStats
(rhbz#1595184)

[4.5.0-2]
- qemu: Add capability for the HTM pSeries feature (rhbz#1525599)
- conf: Parse and format the HTM pSeries feature (rhbz#1525599)
- qemu: Format the HTM pSeries feature (rhbz#1525599)
- qemu: hotplug: Don't access srcPriv when it's not allocated (rhbz#1597550)
- qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE (rhbz#1598084)
- src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias
docs (rhbz#1598087)
- virsh.pod: Drop --persistent for detach-device-alias (rhbz#1598087)
- qemu: don't use chardev FD passing with standalone args (rhbz#1598281)
- qemu: remove chardevStdioLogd param from vhostuser code path
(rhbz#1597940)
- qemu: consolidate parameters of qemuBuildChrChardevStr into flags
(rhbz#1597940)
- qemu: don't use chardev FD passing for vhostuser backend (rhbz#1597940)
- qemu: fix UNIX socket chardevs operating in client mode (rhbz#1598440)
- qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix
set (rhbz#1515533)

[4.5.0-1]
- Rebased to libvirt-4.5.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1291851, rhbz#1393106, rhbz#1468422, rhbz#1469338, rhbz#1526382
rhbz#1529059, rhbz#1541921, rhbz#1544869, rhbz#1552092, rhbz#1568407
rhbz#1583623, rhbz#1584091, rhbz#1585108, rhbz#1586027, rhbz#1588295
rhbz#1588336, rhbz#1589730, rhbz#1590214, rhbz#1591017, rhbz#1591561
rhbz#1591628, rhbz#1591645, rhbz#1593549

[4.4.0-2]
- build: Don't install sysconfig files as scripts (rhbz#1563169)

[4.4.0-1]
- Rebased to libvirt-4.4.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1149445, rhbz#1291851, rhbz#1300772, rhbz#1400475, rhbz#1456165
rhbz#1470007, rhbz#1480668, rhbz#1534418, rhbz#1549531, rhbz#1559284
rhbz#1559835, rhbz#1560946, rhbz#1566416, rhbz#1569861, rhbz#1572491
rhbz#1574089, rhbz#1576916, rhbz#1583484, rhbz#1583927, rhbz#1584071
rhbz#1584073

[4.3.0-1]
- Rebased to libvirt-4.3.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1509870, rhbz#1530451, rhbz#1577920, rhbz#1283700, rhbz#1425757
rhbz#1448149, rhbz#1454709, rhbz#1502754, rhbz#1507737, rhbz#1519130
rhbz#1519146, rhbz#1522706, rhbz#1523564, rhbz#1524399, rhbz#1525496
rhbz#1527740, rhbz#1550980, rhbz#916061, rhbz#1494454, rhbz#1515533
rhbz#1532542, rhbz#1538570, rhbz#1544325, rhbz#1544659, rhbz#1546971
rhbz#1347550, rhbz#1367238, rhbz#1483816, rhbz#1543775, rhbz#1551000
rhbz#1552127, rhbz#1553075, rhbz#1553085, rhbz#1554876, rhbz#1556828
rhbz#1558317, rhbz#1425058, rhbz#1490158, rhbz#1492597, rhbz#1520821
rhbz#1529256, rhbz#1547250, rhbz#1557769, rhbz#1560917, rhbz#1560976
rhbz#1568148, rhbz#1569678, rhbz#1576464

ELSA-2018-3127 Moderate: Oracle Linux 7 389-ds-base security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3127

http://linux.oracle.com/errata/ELSA-2018-3127.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
389-ds-base-1.3.8.4-15.el7.x86_64.rpm
389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm
389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm
389-ds-base-snmp-1.3.8.4-15.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/389-ds-base-1.3.8.4-15.el7.src.rpm



Description of changes:

[1.3.8.4-15]
- Bump version to 1.3.8.4-15
- Resolves: Bug 1624004 - Fix regression in last patch

ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3157

http://linux.oracle.com/errata/ELSA-2018-3157.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
curl-7.29.0-51.el7.x86_64.rpm
libcurl-7.29.0-51.el7.i686.rpm
libcurl-7.29.0-51.el7.x86_64.rpm
libcurl-devel-7.29.0-51.el7.i686.rpm
libcurl-devel-7.29.0-51.el7.x86_64.rpm
nss-pem-1.0.3-5.el7.i686.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-pem-1.0.3-5.el7.src.rpm



Description of changes:

curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum
(#1610998)

[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)

[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write
(CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)

nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)

ELSA-2018-3158 Low: Oracle Linux 7 sssd security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3158

http://linux.oracle.com/errata/ELSA-2018-3158.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libipa_hbac-1.16.2-13.el7.i686.rpm
libipa_hbac-1.16.2-13.el7.x86_64.rpm
libipa_hbac-devel-1.16.2-13.el7.i686.rpm
libipa_hbac-devel-1.16.2-13.el7.x86_64.rpm
libsss_autofs-1.16.2-13.el7.x86_64.rpm
libsss_certmap-1.16.2-13.el7.i686.rpm
libsss_certmap-1.16.2-13.el7.x86_64.rpm
libsss_certmap-devel-1.16.2-13.el7.i686.rpm
libsss_certmap-devel-1.16.2-13.el7.x86_64.rpm
libsss_idmap-1.16.2-13.el7.i686.rpm
libsss_idmap-1.16.2-13.el7.x86_64.rpm
libsss_idmap-devel-1.16.2-13.el7.i686.rpm
libsss_idmap-devel-1.16.2-13.el7.x86_64.rpm
libsss_nss_idmap-1.16.2-13.el7.i686.rpm
libsss_nss_idmap-1.16.2-13.el7.x86_64.rpm
libsss_nss_idmap-devel-1.16.2-13.el7.i686.rpm
libsss_nss_idmap-devel-1.16.2-13.el7.x86_64.rpm
libsss_simpleifp-1.16.2-13.el7.i686.rpm
libsss_simpleifp-1.16.2-13.el7.x86_64.rpm
libsss_simpleifp-devel-1.16.2-13.el7.i686.rpm
libsss_simpleifp-devel-1.16.2-13.el7.x86_64.rpm
libsss_sudo-1.16.2-13.el7.x86_64.rpm
python-libipa_hbac-1.16.2-13.el7.x86_64.rpm
python-libsss_nss_idmap-1.16.2-13.el7.x86_64.rpm
python-sss-1.16.2-13.el7.x86_64.rpm
python-sss-murmur-1.16.2-13.el7.x86_64.rpm
python-sssdconfig-1.16.2-13.el7.noarch.rpm
sssd-1.16.2-13.el7.x86_64.rpm
sssd-ad-1.16.2-13.el7.x86_64.rpm
sssd-client-1.16.2-13.el7.i686.rpm
sssd-client-1.16.2-13.el7.x86_64.rpm
sssd-common-1.16.2-13.el7.x86_64.rpm
sssd-common-pac-1.16.2-13.el7.x86_64.rpm
sssd-dbus-1.16.2-13.el7.x86_64.rpm
sssd-ipa-1.16.2-13.el7.x86_64.rpm
sssd-kcm-1.16.2-13.el7.x86_64.rpm
sssd-krb5-1.16.2-13.el7.x86_64.rpm
sssd-krb5-common-1.16.2-13.el7.x86_64.rpm
sssd-ldap-1.16.2-13.el7.x86_64.rpm
sssd-libwbclient-1.16.2-13.el7.x86_64.rpm
sssd-libwbclient-devel-1.16.2-13.el7.i686.rpm
sssd-libwbclient-devel-1.16.2-13.el7.x86_64.rpm
sssd-polkit-rules-1.16.2-13.el7.x86_64.rpm
sssd-proxy-1.16.2-13.el7.x86_64.rpm
sssd-tools-1.16.2-13.el7.x86_64.rpm
sssd-winbind-idmap-1.16.2-13.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.2-13.el7.src.rpm



Description of changes:

[1.16.2-13]
- Resolves: rhbz#1593756 - sssd needs to require a newer version of
libtalloc and libtevent to avoid an issue
in GPO processing

[1.16.2-12]
- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more
than one certificate is converted into an SSH key
- Resolves: rhbz#1583360 - The IPA selinux provider can return an error
if SELinux is completely disabled

[1.16.2-11]
- Resolves: rhbz#1602781 - Local users failed to login with same password

[1.16.2-10]
- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can
cause the memory cache to be skipped

[1.16.2-9]
- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password

[1.16.2-8]
- Resolves: rhbz#1607313 - When sssd is running as non-root user, the
sudo pipe is created as sssd:sssd but then the private pipe ownership fails

[1.16.2-7]
- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in
case an invalid profile is found

[1.16.2-6]
- Resolves: rhbz#1582975 - The search filter for detecting POSIX
attributes in global catalog is too broad and can cause a high load on
the servers

[1.16.2-5]
- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX
attributes stored in AD GC also for regular AD DC queries
- Resolves: rhbz#1416528 - sssd in cross realm trust configuration
should be able to use AD KDCs from a client site defined in sssd.conf or
a snippet
- Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd

[1.16.2-4]
- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information
leak from the sssd-sudo responder [rhel-7]
- Resolves: rhbz#1450778 - Full information regarding priority of lookup
of principal in keytab not in man page

[1.16.2-3]
- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains
of a directly joined AD client
- Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working
after update to RHEL-7.5
- Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more
gracefully
- Resolves: rhbz#1509691 - Document how to change the regular expression
for SSSD so that group names with an @-sign can be parsed

[1.16.2-2]
- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of
the 1.16 branch

[1.16.2-1]
- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release
of the 1.16 branch
- Resolves: rhbz#1523019 - Reset password with two factor authentication
fails
- Resolves: rhbz#1534749 - Requesting an AD user's private group and
then the user itself returns an emty homedir
- Resolves: rhbz#1537272 - SSH public key authentication keeps working
after keys are removed from ID view
- Resolves: rhbz#1537279 - Certificate is not removed from cache when
it's removed from the override
- Resolves: rhbz#1562025 - externalUser sudo attribute must be
fully-qualified
- Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily
- Resolves: rhbz#1508530 - How should sudo behave without sudoHost
attribute?
- Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be
enhanced to better explain how the keys are retrieved and how X.509
certificates can be used
- Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with
multiple domains if the first domain uses mid_id/max_id
- Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS
update process is terminated with a signal
- Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA
master for AD users
- Resolves: rhbz#1514061 - ID override GID from Default Trust View is
not properly resolved in case domain resolution order is set
- Resolves: rhbz#1571466 - Utilizing domain_resolution_order in
sssd.conf breaks SELinux user map
- Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a
warning in case the ldap schema is manually changed to something
different than 'ad'.

[1.16.0-25]
- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information
about external groups on a long lived memory context, causing memory
growth of the sssd_be process

[1.16.0-24]
- Related: rhbz#1578291 - Samba can not register sss idmap module
because it's using an outdated SMB_IDMAP_INTERFACE_VERSION

[1.16.0-23]
- Resolves: rhbz#1578291 - Samba can not register sss idmap module
because it's using an outdated SMB_IDMAP_INTERFACE_VERSION

[1.16.0-22]
- Resolves: rhbz#1516266 - Give a more detailed debug and system-log
message if krb5_init_context() failed
- Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is
offline and 'krb5_store_password_if_offline = True'
- Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child
(updated)
- Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option
- Resolves: rhbz#1459348 - extend sss-certmap man page regarding
priority processing
- Resolves: rhbz#1220767 - Group renaming issue when "id_provider =
ldap" is set
- Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent.
sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0
error 4 in sssd_nss[55612687e000+39000]

[1.16.0-21]
- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear
the sssd cache

[1.16.0-20]
- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex
interface can cause the ns-slapd process on IPA server to crash

ELSA-2018-3221 Moderate: Oracle Linux 7 openssl security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3221

http://linux.oracle.com/errata/ELSA-2018-3221.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
openssl-1.0.2k-16.0.1.el7.x86_64.rpm
openssl-devel-1.0.2k-16.0.1.el7.i686.rpm
openssl-devel-1.0.2k-16.0.1.el7.x86_64.rpm
openssl-libs-1.0.2k-16.0.1.el7.i686.rpm
openssl-libs-1.0.2k-16.0.1.el7.x86_64.rpm
openssl-perl-1.0.2k-16.0.1.el7.x86_64.rpm
openssl-static-1.0.2k-16.0.1.el7.i686.rpm
openssl-static-1.0.2k-16.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/openssl-1.0.2k-16.0.1.el7.src.rpm



Description of changes:

[1.0.2k-16.0.1]
- sha256 is used for the RSA pairwise consistency test instead of sha1

[1.0.2k-16]
- fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA
- fix incorrect error message on FIPS DSA parameter generation (#1603597)

[1.0.2k-14]
- ppc64le is not multilib architecture (#1585004)

[1.0.2k-13]
- add S390x assembler updates
- make CA name list comparison function case sensitive (#1548401)
- fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily
- fix CVE-2018-0732 - large prime DH DoS of TLS client
- fix CVE-2018-0737 - RSA key generation cache timing vulnerability
- fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure

ELSA-2018-3229 Low: Oracle Linux 7 zziplib security update

Oracle Linux Security Advisory ELSA-2018-3229

http://linux.oracle.com/errata/ELSA-2018-3229.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
zziplib-0.13.62-9.el7.i686.rpm
zziplib-0.13.62-9.el7.x86_64.rpm
zziplib-devel-0.13.62-9.el7.i686.rpm
zziplib-devel-0.13.62-9.el7.x86_64.rpm
zziplib-utils-0.13.62-9.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/zziplib-0.13.62-9.el7.src.rpm



Description of changes:

[0.13.62-9]
- Fix covscan warning
- "Variable "file" going out of scope leaks the storage it points to."
has been introduced by the original version of
0001-fix-CVE-2018-7725.patch
- Related: 1558596

[0.13.62-8]
- Fix CVE-2018-7727
- Resolves: 1558891

[0.13.62-7]
- Fix CVE-2018-7726
- Resolves: 1558623

[0.13.62-6]
- Fix CVE-2018-7725
- Resolves: 1558596

ELSA-2018-3242 Moderate: Oracle Linux 7 glusterfs security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3242

http://linux.oracle.com/errata/ELSA-2018-3242.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
glusterfs-3.12.2-18.el7.x86_64.rpm
glusterfs-api-3.12.2-18.el7.x86_64.rpm
glusterfs-api-devel-3.12.2-18.el7.x86_64.rpm
glusterfs-cli-3.12.2-18.el7.x86_64.rpm
glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm
glusterfs-devel-3.12.2-18.el7.x86_64.rpm
glusterfs-fuse-3.12.2-18.el7.x86_64.rpm
glusterfs-libs-3.12.2-18.el7.x86_64.rpm
glusterfs-rdma-3.12.2-18.el7.x86_64.rpm
python2-gluster-3.12.2-18.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/glusterfs-3.12.2-18.el7.src.rpm



Description of changes:

[3.12.2-18]
- fixes bugs bz#1524336 bz#1622029 bz#1622452

[3.12.2-17]
- fixes bugs bz#1615578 bz#1619416 bz#1619538 bz#1620469 bz#1620765

[3.12.2-16]
- fixes bugs bz#1569657 bz#1608352 bz#1609163 bz#1609724 bz#1610825
bz#1611151 bz#1612098 bz#1615338 bz#1615440

[3.12.2-15]
- fixes bugs bz#1589279 bz#1598384 bz#1599362 bz#1599998 bz#1600790
bz#1601331 bz#1603103

[3.12.2-14]
- fixes bugs bz#1547903 bz#1566336 bz#1568896 bz#1578716 bz#1581047
bz#1581231 bz#1582066 bz#1593865 bz#1597506 bz#1597511 bz#1597654
bz#1597768
bz#1598105 bz#1598356 bz#1599037 bz#1599823 bz#1600057 bz#1601314

[3.12.2-13]
- fixes bugs bz#1493085 bz#1518710 bz#1554255 bz#1558948 bz#1558989
bz#1559452 bz#1567001 bz#1569312 bz#1569951 bz#1575539 bz#1575557
bz#1577051
bz#1580120 bz#1581184 bz#1581553 bz#1581647 bz#1582119 bz#1582129
bz#1582417
bz#1583047 bz#1588408 bz#1592666 bz#1594658

[3.12.2-12]
- fixes bugs bz#1558989 bz#1580344 bz#1581057 bz#1581219

[3.12.2-11]
- fixes bugs bz#1558989 bz#1575555 bz#1578647

[3.12.2-10]
- fixes bugs bz#1488120 bz#1565577 bz#1568297 bz#1570586 bz#1572043
bz#1572075 bz#1575840 bz#1575877

[3.12.2-9]
- fixes bugs bz#1546717 bz#1557551 bz#1558948 bz#1561999 bz#1563804
bz#1565015 bz#1565119 bz#1565399 bz#1565577 bz#1567100 bz#1567899
bz#1568374
bz#1568969 bz#1569490 bz#1570514 bz#1570541 bz#1570582 bz#1571645
bz#1572087
bz#1572585 bz#1575895

[3.12.2-8]
- fixes bugs bz#1466129 bz#1475779 bz#1523216 bz#1535281 bz#1546941
bz#1550315 bz#1550991 bz#1553677 bz#1554291 bz#1559452 bz#1560955
bz#1562744
bz#1563692 bz#1565962 bz#1567110 bz#1569457

[3.12.2-7]
- fixes bugs bz#958062 bz#1186664 bz#1226874 bz#1446046 bz#1529451
bz#1550315
bz#1557365 bz#1559884 bz#1561733

[3.12.2-6]
- fixes bugs bz#1491785 bz#1518710 bz#1523599 bz#1528733 bz#1550474
bz#1550982 bz#1551186 bz#1552360 bz#1552414 bz#1552425 bz#1554255
bz#1554905
bz#1555261 bz#1556895 bz#1557297 bz#1559084 bz#1559788

[3.12.2-5]
- fixes bugs bz#1378371 bz#1384983 bz#1472445 bz#1493085 bz#1508999
bz#1516638 bz#1518260 bz#1529072 bz#1530519 bz#1537357 bz#1540908
bz#1541122
bz#1541932 bz#1543068 bz#1544382 bz#1544852 bz#1545570 bz#1546075
bz#1546945
bz#1546960 bz#1547012 bz#1549497

[3.12.2-4]
- fixes bugs bz#1446125 bz#1467536 bz#1530146 bz#1540600 bz#1540664
bz#1540961 bz#1541830 bz#1543296

[3.12.2-3]
- fixes bugs bz#1446125 bz#1463592 bz#1516249 bz#1517463 bz#1527309
bz#1530325 bz#1531041 bz#1539699 bz#1540011

[3.12.2-2]
- fixes bugs bz#1264911 bz#1277924 bz#1286820 bz#1360331 bz#1401969
bz#1410719 bz#1419438 bz#1426042 bz#1444820 bz#1459101 bz#1464150
bz#1464350
bz#1466122 bz#1466129 bz#1467903 bz#1468972 bz#1476876 bz#1484446
bz#1492591
bz#1498391 bz#1498730 bz#1499865 bz#1500704 bz#1501345 bz#1505570
bz#1507361
bz#1507394 bz#1509102 bz#1509191 bz#1509810 bz#1509833 bz#1511766
bz#1512470
bz#1512496 bz#1512963 bz#1515051 bz#1519076 bz#1519740 bz#1534253
bz#1534530

[3.12.2-1]
- rebase to upstream glusterfs at v3.12.2
- fixes bugs bz#1442983 bz#1474745 bz#1503244 bz#1505363 bz#1509102


ELSA-2018-3246 Low: Oracle Linux 7 libcdio security update

Oracle Linux Security Advisory ELSA-2018-3246

http://linux.oracle.com/errata/ELSA-2018-3246.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libcdio-0.92-3.el7.i686.rpm
libcdio-0.92-3.el7.x86_64.rpm
libcdio-devel-0.92-3.el7.i686.rpm
libcdio-devel-0.92-3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libcdio-0.92-3.el7.src.rpm



Description of changes:

[0.92-3]
- fix CVE-2017-18198 and CVE-2017-18199
- Resolves: rhbz#1553769
- Resolves: rhbz#1553604

[0.92-2]
- fix CVE-2017-18201
- Resolves: rhbz#1553621


ELSA-2018-3249 Low: Oracle Linux 7 setup security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3249

http://linux.oracle.com/errata/ELSA-2018-3249.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
setup-2.8.71-10.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/setup-2.8.71-10.el7.src.rpm



Description of changes:

[2.8.71-10]
- fix crudp name in /etc/protocols (#1566469)
- do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells
(#1571104)

ELSA-2018-3253 Low: Oracle Linux 7 jasper security update

Oracle Linux Security Advisory ELSA-2018-3253

http://linux.oracle.com/errata/ELSA-2018-3253.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
jasper-1.900.1-33.el7.x86_64.rpm
jasper-devel-1.900.1-33.el7.i686.rpm
jasper-devel-1.900.1-33.el7.x86_64.rpm
jasper-libs-1.900.1-33.el7.i686.rpm
jasper-libs-1.900.1-33.el7.x86_64.rpm
jasper-utils-1.900.1-33.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/jasper-1.900.1-33.el7.src.rpm



Description of changes:

[1.900.1-33]
- remove implicit declaration of jas_eprintf (#1585830)

[1.900.1-32]
- Fix CVE-2016-9396 (#1583721)
- Fix CVE-2017-1000050 (#1585830)

ELSA-2018-3327 Low: Oracle Linux 7 libmspack security update

Oracle Linux Security Advisory ELSA-2018-3327

http://linux.oracle.com/errata/ELSA-2018-3327.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libmspack-0.5-0.6.alpha.el7.i686.rpm
libmspack-0.5-0.6.alpha.el7.x86_64.rpm
libmspack-devel-0.5-0.6.alpha.el7.i686.rpm
libmspack-devel-0.5-0.6.alpha.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libmspack-0.5-0.6.alpha.el7.src.rpm



Description of changes:

[0.5-0.6.alpha]
- Fixes for CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682
- resolves: rhbz#1611550 rhbz#1611551 rhbz#1611552 rhbz#1611553

ELSA-2018-3335 Moderate: Oracle Linux 7 xerces-c security update

Oracle Linux Security Advisory ELSA-2018-3335

http://linux.oracle.com/errata/ELSA-2018-3335.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
xerces-c-3.1.1-9.el7.i686.rpm
xerces-c-3.1.1-9.el7.x86_64.rpm
xerces-c-devel-3.1.1-9.el7.i686.rpm
xerces-c-devel-3.1.1-9.el7.x86_64.rpm
xerces-c-doc-3.1.1-9.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/xerces-c-3.1.1-9.el7.src.rpm



Description of changes:

[3.1.1-9]
- Fix CVE-2016-4463
- Resolves: #1534481