Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux 7:

ELBA-2018-1965-1 Oracle Linux 7 kernel bug fix update
ELBA-2018-1980 Oracle Linux 7 libwacom, xorg-x11-drv-wacom, mutter, and control-center enhancement update
ELBA-2018-1981 Oracle Linux 7 systemtap bug fix update
ELBA-2018-1982 Oracle Linux 7 libreswan bug fix update
ELBA-2018-1983 Oracle Linux 7 kmod-kvdo bug fix update
ELBA-2018-1984 Oracle Linux 7 cloud-init bug fix update
ELBA-2018-1985 Oracle Linux 7 ipa bug fix update
ELBA-2018-1986 Oracle Linux 7 sssd bug fix update
ELBA-2018-1987 Oracle Linux 7 sos bug fix and enhancement update
ELBA-2018-1989 Oracle Linux 7 jss bug fix update
ELBA-2018-1992 Oracle Linux 7 sudo bug fix update
ELBA-2018-1993 Oracle Linux 7 httpd bug fix update
ELBA-2018-1994 Oracle Linux 7 binutils bug fix update
ELBA-2018-1995 Oracle Linux 7 motif bug fix update
ELBA-2018-1996 Oracle Linux 7 open-vm-tools bug fix update
ELBA-2018-1998 Oracle Linux 7 python-rtslib bug fix update
ELBA-2018-1999 Oracle Linux 7 targetcli bug fix update
ELBA-2018-2000 Oracle Linux 7 NetworkManager bug fix update
ELBA-2018-2004 Oracle Linux 7 selinux-policy bug fix update
ELBA-2018-2005 Oracle Linux 7 spice bug fix update
ELBA-2018-4154 Oracle Linux 7 microcode_ctl bug fix update
ELSA-2018-1965 Important: Oracle Linux 7 kernel security and bug fix update
ELSA-2018-1979 Moderate: Oracle Linux 7 pki-core security, bug fix, and enhancement update
ELSA-2018-1997 Important: Oracle Linux 7 libvirt security and bug fix update
ELSA-2018-2001 Important: Oracle Linux 7 qemu-kvm security update



ELBA-2018-1965-1 Oracle Linux 7 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1965-1

http://linux.oracle.com/errata/ELBA-2018-1965-1.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-862.6.3.0.1.el7.noarch.rpm
kernel-debug-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-doc-3.10.0-862.6.3.0.1.el7.noarch.rpm
kernel-headers-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.0.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.0.1.el7.x86_64.rpm
perf-3.10.0-862.6.3.0.1.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-862.6.3.0.1.el7.src.rpm



Description of changes:

[3.10.0-862.6.3.0.1.el7.OL7]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug
22552377]


ELBA-2018-1980 Oracle Linux 7 libwacom, xorg-x11-drv-wacom, mutter, and control-center enhancement update

Oracle Linux Bug Fix Advisory ELBA-2018-1980

http://linux.oracle.com/errata/ELBA-2018-1980.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
control-center-3.26.2-9.el7_5.i686.rpm
control-center-3.26.2-9.el7_5.x86_64.rpm
control-center-filesystem-3.26.2-9.el7_5.x86_64.rpm
gsettings-desktop-schemas-3.24.1-2.el7_5.i686.rpm
gsettings-desktop-schemas-3.24.1-2.el7_5.x86_64.rpm
gsettings-desktop-schemas-devel-3.24.1-2.el7_5.i686.rpm
gsettings-desktop-schemas-devel-3.24.1-2.el7_5.x86_64.rpm
libwacom-0.24-4.el7.i686.rpm
libwacom-0.24-4.el7.x86_64.rpm
libwacom-data-0.24-4.el7.noarch.rpm
libwacom-devel-0.24-4.el7.i686.rpm
libwacom-devel-0.24-4.el7.x86_64.rpm
mutter-3.26.2-14.el7_5.i686.rpm
mutter-3.26.2-14.el7_5.x86_64.rpm
mutter-devel-3.26.2-14.el7_5.i686.rpm
mutter-devel-3.26.2-14.el7_5.x86_64.rpm
xorg-x11-drv-wacom-0.34.2-5.el7.x86_64.rpm
xorg-x11-drv-wacom-devel-0.34.2-5.el7.i686.rpm
xorg-x11-drv-wacom-devel-0.34.2-5.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/control-center-3.26.2-9.el7_5.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/gsettings-desktop-schemas-3.24.1-2.el7_5.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/libwacom-0.24-4.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/mutter-3.26.2-14.el7_5.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/xorg-x11-drv-wacom-0.34.2-5.el7.src.rpm



Description of changes:

control-center
[3.26.2-9]
- Add support for Wacom Pro Pen 3D styli
Resolves: #1568701

gsettings-desktop-schemas
[3.24.1-2]
- Add support for Wacom Pro Pen 3D styli
Resolves: #1568715

libwacom
[0.24-4]
- Add the Wacom Cintiq Pro 24 and Cintiq Pro 32 (#1551883)

mutter
[3.26.2-14]
- Add support for Wacom Pro Pen 3D styli
Resolves: #1568702

xorg-x11-drv-wacom
[0.34.2-5]
- Add support for the Pro Pen 3D (#1557255)


ELBA-2018-1981 Oracle Linux 7 systemtap bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1981

http://linux.oracle.com/errata/ELBA-2018-1981.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
systemtap-3.2-8.el7_5.x86_64.rpm
systemtap-client-3.2-8.el7_5.x86_64.rpm
systemtap-devel-3.2-8.el7_5.x86_64.rpm
systemtap-initscript-3.2-8.el7_5.x86_64.rpm
systemtap-runtime-3.2-8.el7_5.x86_64.rpm
systemtap-runtime-java-3.2-8.el7_5.x86_64.rpm
systemtap-runtime-python2-3.2-8.el7_5.x86_64.rpm
systemtap-runtime-virtguest-3.2-8.el7_5.x86_64.rpm
systemtap-runtime-virthost-3.2-8.el7_5.x86_64.rpm
systemtap-sdt-devel-3.2-8.el7_5.i686.rpm
systemtap-sdt-devel-3.2-8.el7_5.x86_64.rpm
systemtap-server-3.2-8.el7_5.x86_64.rpm
systemtap-testsuite-3.2-8.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/systemtap-3.2-8.el7_5.src.rpm



Description of changes:

[3.2-8]
- rhbz1563052 (stp_deref string truncation off-by-one error)

[3.2-7]
- rhbz1566422 (module build-id checking broken on unload)

[3.2-6]
- rhbz1567356 (backtraces broken w/ kaslr)

[3.2-5]
- rhbz1558350 (nfsd.proc.create typo fix)


ELBA-2018-1982 Oracle Linux 7 libreswan bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1982

http://linux.oracle.com/errata/ELBA-2018-1982.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libreswan-3.23-5.0.1.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libreswan-3.23-5.0.1.el7_5.src.rpm



Description of changes:

[3.23-5.0.1]
- add libreswan-oracle.patch to detect Oracle Linux distro

[3.23-5]
- Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode [spec file
only update]

[3.23-4]
- Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode when RSA
key is generated
- Resolves: rhbz#1574456 Shared IKE SA leads to rekey interop issues
- Resolves: rhbz#1574457 IKEv2 liveness false positive on IKEv2 idle
connections causes tunnel to be restarted

ELBA-2018-1983 Oracle Linux 7 kmod-kvdo bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1983

http://linux.oracle.com/errata/ELBA-2018-1983.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kmod-kvdo-6.1.0.171-17.0.1.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kmod-kvdo-6.1.0.171-17.0.1.el7_5.src.rpm



Description of changes:

[6.1.0.171-17.0.1]
- add RHCK signature

[6.1.0.171-17]
- Bumped NVR to maintain kABI compatibility.
- Resolves: rhbz#1578421

[6.1.0.171-16]
- Fixed a bug which prevented disabling of the UDS index.
- Resolves: rhbz#1578421


ELBA-2018-1984 Oracle Linux 7 cloud-init bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1984

http://linux.oracle.com/errata/ELBA-2018-1984.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
cloud-init-0.7.9-24.0.3.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/cloud-init-0.7.9-24.0.3.el7_5.1.src.rpm



Description of changes:

[0.7.9-24.0.3]
- Fix xfs grow (Oracle Bug 28077374)
- Fix boot deplay in OCI (Oracle Bugdb 27724543)
- Enable ec2_utils.py to stop retry when openstack getting ec2 metadata
(Oracle
Bugdb 27803956)

[0.7.9-24.el7_5.1]
- ci-Revert-azure-Fix-publishing-of-hostname.patch [bz#1568717]
- ci-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch [bz#1568717]
- ci-sysconfig-Don-t-disable-IPV6_AUTOCONF.patch [bz#1578702]
- Resolves: bz#1568717
(Add patch to bounce NICs in Azure/update DNS [rhel-7.5.z])
- Resolves: bz#1578702
(cloud-init-0.7.9-9.el7_4.6 breaks IPv4/IPv6 dual-stack EC2 instances
in AWS [rhel-7.5.z])


ELBA-2018-1985 Oracle Linux 7 ipa bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1985

http://linux.oracle.com/errata/ELBA-2018-1985.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
ipa-client-4.5.4-10.0.1.el7_5.3.x86_64.rpm
ipa-client-common-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-common-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-python-compat-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-server-4.5.4-10.0.1.el7_5.3.x86_64.rpm
ipa-server-common-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-server-dns-4.5.4-10.0.1.el7_5.3.noarch.rpm
ipa-server-trust-ad-4.5.4-10.0.1.el7_5.3.x86_64.rpm
python2-ipaclient-4.5.4-10.0.1.el7_5.3.noarch.rpm
python2-ipalib-4.5.4-10.0.1.el7_5.3.noarch.rpm
python2-ipaserver-4.5.4-10.0.1.el7_5.3.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ipa-4.5.4-10.0.1.el7_5.3.src.rpm



Description of changes:

[4.5.4-10.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]

ELBA-2018-1986 Oracle Linux 7 sssd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1986

http://linux.oracle.com/errata/ELBA-2018-1986.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libipa_hbac-1.16.0-19.el7_5.5.i686.rpm
libipa_hbac-1.16.0-19.el7_5.5.x86_64.rpm
libipa_hbac-devel-1.16.0-19.el7_5.5.i686.rpm
libipa_hbac-devel-1.16.0-19.el7_5.5.x86_64.rpm
libsss_autofs-1.16.0-19.el7_5.5.x86_64.rpm
libsss_certmap-1.16.0-19.el7_5.5.i686.rpm
libsss_certmap-1.16.0-19.el7_5.5.x86_64.rpm
libsss_certmap-devel-1.16.0-19.el7_5.5.i686.rpm
libsss_certmap-devel-1.16.0-19.el7_5.5.x86_64.rpm
libsss_idmap-1.16.0-19.el7_5.5.i686.rpm
libsss_idmap-1.16.0-19.el7_5.5.x86_64.rpm
libsss_idmap-devel-1.16.0-19.el7_5.5.i686.rpm
libsss_idmap-devel-1.16.0-19.el7_5.5.x86_64.rpm
libsss_nss_idmap-1.16.0-19.el7_5.5.i686.rpm
libsss_nss_idmap-1.16.0-19.el7_5.5.x86_64.rpm
libsss_nss_idmap-devel-1.16.0-19.el7_5.5.i686.rpm
libsss_nss_idmap-devel-1.16.0-19.el7_5.5.x86_64.rpm
libsss_simpleifp-1.16.0-19.el7_5.5.i686.rpm
libsss_simpleifp-1.16.0-19.el7_5.5.x86_64.rpm
libsss_simpleifp-devel-1.16.0-19.el7_5.5.i686.rpm
libsss_simpleifp-devel-1.16.0-19.el7_5.5.x86_64.rpm
libsss_sudo-1.16.0-19.el7_5.5.x86_64.rpm
python-libipa_hbac-1.16.0-19.el7_5.5.x86_64.rpm
python-libsss_nss_idmap-1.16.0-19.el7_5.5.x86_64.rpm
python-sss-1.16.0-19.el7_5.5.x86_64.rpm
python-sss-murmur-1.16.0-19.el7_5.5.x86_64.rpm
python-sssdconfig-1.16.0-19.el7_5.5.noarch.rpm
sssd-1.16.0-19.el7_5.5.x86_64.rpm
sssd-ad-1.16.0-19.el7_5.5.x86_64.rpm
sssd-client-1.16.0-19.el7_5.5.i686.rpm
sssd-client-1.16.0-19.el7_5.5.x86_64.rpm
sssd-common-1.16.0-19.el7_5.5.x86_64.rpm
sssd-common-pac-1.16.0-19.el7_5.5.x86_64.rpm
sssd-dbus-1.16.0-19.el7_5.5.x86_64.rpm
sssd-ipa-1.16.0-19.el7_5.5.x86_64.rpm
sssd-kcm-1.16.0-19.el7_5.5.x86_64.rpm
sssd-krb5-1.16.0-19.el7_5.5.x86_64.rpm
sssd-krb5-common-1.16.0-19.el7_5.5.x86_64.rpm
sssd-ldap-1.16.0-19.el7_5.5.x86_64.rpm
sssd-libwbclient-1.16.0-19.el7_5.5.x86_64.rpm
sssd-libwbclient-devel-1.16.0-19.el7_5.5.i686.rpm
sssd-libwbclient-devel-1.16.0-19.el7_5.5.x86_64.rpm
sssd-polkit-rules-1.16.0-19.el7_5.5.x86_64.rpm
sssd-proxy-1.16.0-19.el7_5.5.x86_64.rpm
sssd-tools-1.16.0-19.el7_5.5.x86_64.rpm
sssd-winbind-idmap-1.16.0-19.el7_5.5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.0-19.el7_5.5.src.rpm



Description of changes:

[1.16.0-19.5]
- Resolves: rhbz#1583746 - The SSSD IPA provider allocates information
about external groups on a long lived memory context, causing memory
growth of the sssd_be process [rhel-7.5.z]

[1.16.0-19.4]
- Resolves: rhbz#1580281 - Samba can not register sss idmap module
because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z]

[1.16.0-19.3]
- Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear
the sssd cache [rhel-7.5.z]

[1.16.0-19.2]
- Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent.
sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0
error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]

[1.16.0-19.1]
- Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex
interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]

ELBA-2018-1987 Oracle Linux 7 sos bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2018-1987

http://linux.oracle.com/errata/ELBA-2018-1987.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
sos-3.5-9.0.1.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sos-3.5-9.0.1.el7_5.src.rpm



Description of changes:

[3.5-9.0.1]
- Added sos-oraclelinux-vendor-vendorurl.patch

[= 3.5-9]
- [logs] collect journalctl verbosed logs with --all-logs only
Resolves: bz1584548

[= 3.5-8]
- [docker] backport three container related patches
Resolves: bz1580526
- [ovn] add two OpenVSwitch plugins
Resoles: bz1580525


ELBA-2018-1989 Oracle Linux 7 jss bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1989

http://linux.oracle.com/errata/ELBA-2018-1989.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
jss-4.4.0-12.el7_5.x86_64.rpm
jss-javadoc-4.4.0-12.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/jss-4.4.0-12.el7_5.src.rpm



Description of changes:

[4.4.2-12]
- Bugzilla #1579202 - JSS has wrong encoding for ecdsa with sha*
AlgorithmIdentifier [rhel-7.5.z] (cfu)


ELBA-2018-1992 Oracle Linux 7 sudo bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1992

http://linux.oracle.com/errata/ELBA-2018-1992.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
sudo-1.8.19p2-14.el7_5.x86_64.rpm
sudo-devel-1.8.19p2-14.el7_5.i686.rpm
sudo-devel-1.8.19p2-14.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sudo-1.8.19p2-14.el7_5.src.rpm



Description of changes:

[1.8.19p2-14]
- Fixed deadlocking after command termination when iolog is enabled
Resolves: rhbz#1582155


ELBA-2018-1993 Oracle Linux 7 httpd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1993

http://linux.oracle.com/errata/ELBA-2018-1993.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
httpd-2.4.6-80.0.1.el7_5.1.x86_64.rpm
httpd-devel-2.4.6-80.0.1.el7_5.1.x86_64.rpm
httpd-manual-2.4.6-80.0.1.el7_5.1.noarch.rpm
httpd-tools-2.4.6-80.0.1.el7_5.1.x86_64.rpm
mod_ldap-2.4.6-80.0.1.el7_5.1.x86_64.rpm
mod_proxy_html-2.4.6-80.0.1.el7_5.1.x86_64.rpm
mod_session-2.4.6-80.0.1.el7_5.1.x86_64.rpm
mod_ssl-2.4.6-80.0.1.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/httpd-2.4.6-80.0.1.el7_5.1.src.rpm



Description of changes:

[2.4.6-80.0.1]
- replace index.html with Oracle's index page oracle_index.html

[2.4.6-80.1]
- Resolves: #1560609 - httpd: active connections being terminated when httpd
gets gracefully stopped/restarted, GracefulShutdownTimeout is not being
honored

ELBA-2018-1994 Oracle Linux 7 binutils bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1994

http://linux.oracle.com/errata/ELBA-2018-1994.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
binutils-2.27-28.base.el7_5.1.x86_64.rpm
binutils-devel-2.27-28.base.el7_5.1.i686.rpm
binutils-devel-2.27-28.base.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/binutils-2.27-28.base.el7_5.1.src.rpm



Description of changes:

[2.27-28.base.1]
- Fix the N-V-R for z-stream release.

[2.27-28.base.0.0.hotfix.1.bz1582602]
- Hotfix build.

[2.27-28.base]
- Allow "lea foo@GOT, %reg" in PIC mode on the x86.
(#1582602)

ELBA-2018-1995 Oracle Linux 7 motif bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1995

http://linux.oracle.com/errata/ELBA-2018-1995.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
motif-2.3.4-14.el7_5.i686.rpm
motif-2.3.4-14.el7_5.x86_64.rpm
motif-devel-2.3.4-14.el7_5.i686.rpm
motif-devel-2.3.4-14.el7_5.x86_64.rpm
motif-static-2.3.4-14.el7_5.i686.rpm
motif-static-2.3.4-14.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/motif-2.3.4-14.el7_5.src.rpm



Description of changes:

[2.3.4-14]
- Remove redundant includes that were left by mistake upstream.
Resolves: rhbz#1518966

[2.3.4-13]
- Fix motifzone 1665. Motif was deactivating shorcuts in cascade menus when
closing them by mouse.
Resolves: RHBZ#1467303

ELBA-2018-1996 Oracle Linux 7 open-vm-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1996

http://linux.oracle.com/errata/ELBA-2018-1996.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
open-vm-tools-10.1.10-3.0.1.el7_5.1.x86_64.rpm
open-vm-tools-desktop-10.1.10-3.0.1.el7_5.1.x86_64.rpm
open-vm-tools-devel-10.1.10-3.0.1.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/open-vm-tools-10.1.10-3.0.1.el7_5.1.src.rpm



Description of changes:

[10.1.10-3.0.1]
- fix spaces in vmware udev rule for scsi devices
- Orabug 24461968
- Fix vmware udev rule in 99-vmware-scsi-timeout.rules file.
- Orabug 22815019
- Increase timeout for scsi devices on VMWare guests by adding a udev rule.
- Created a new file 99-vmware-scsi-timeout.rules
- Modified spec file to install this new file.
- Orabug 21819156

[10.1010-3.1]
- Ignore ENXIO errors with SyncDriver
resolves: rhbz#1582123


ELBA-2018-1998 Oracle Linux 7 python-rtslib bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1998

http://linux.oracle.com/errata/ELBA-2018-1998.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
python-rtslib-2.1.fb63-12.0.1.el7_5.noarch.rpm
python-rtslib-doc-2.1.fb63-12.0.1.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-rtslib-2.1.fb63-12.0.1.el7_5.src.rpm



Description of changes:

[2.1.fb63-12.0.1]
- Add patch 0005-allow-mixed-case-in-oracle-iqns to fix [Orabug: 27613482]
- Add patch 0004-allow-underscore-in-oracle-iqns to fix [Orabug: 27582660]
- Add patch 0014-reenable-vhost to fix [Orabug: 27707403]


[2.1.fb63-12]
- saveconfig: way to block-level save with delete command

ELBA-2018-1999 Oracle Linux 7 targetcli bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1999

http://linux.oracle.com/errata/ELBA-2018-1999.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
targetcli-2.1.fb46-6.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/targetcli-2.1.fb46-6.el7_5.src.rpm



Description of changes:

[2.1.fb46-6]
- handle backups with block-level delete

[2.1.fb46-5]
- saveconfig: way for block-level save with delete command


ELBA-2018-2000 Oracle Linux 7 NetworkManager bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2000

http://linux.oracle.com/errata/ELBA-2018-2000.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
NetworkManager-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-adsl-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-bluetooth-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-config-server-1.10.2-16.el7_5.noarch.rpm
NetworkManager-dispatcher-routing-rules-1.10.2-16.el7_5.noarch.rpm
NetworkManager-glib-1.10.2-16.el7_5.i686.rpm
NetworkManager-glib-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-glib-devel-1.10.2-16.el7_5.i686.rpm
NetworkManager-glib-devel-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-libnm-1.10.2-16.el7_5.i686.rpm
NetworkManager-libnm-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-libnm-devel-1.10.2-16.el7_5.i686.rpm
NetworkManager-libnm-devel-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-ovs-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-ppp-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-team-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-tui-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-wifi-1.10.2-16.el7_5.x86_64.rpm
NetworkManager-wwan-1.10.2-16.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/NetworkManager-1.10.2-16.el7_5.src.rpm



Description of changes:

[1:1.10.2-16]
- device: fix crash during reapply of connection settings (rh #1591631)

[1:1.10.2-15]
- device: start IP configuration when master carrier goes up (rh #1576254)


ELBA-2018-2004 Oracle Linux 7 selinux-policy bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2004

http://linux.oracle.com/errata/ELBA-2018-2004.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
selinux-policy-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-devel-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-doc-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-minimum-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-mls-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-sandbox-3.13.1-192.0.3.el7_5.4.noarch.rpm
selinux-policy-targeted-3.13.1-192.0.3.el7_5.4.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/selinux-policy-3.13.1-192.0.3.el7_5.4.src.rpm



Description of changes:

[3.13.1-192.0.3]
- Add vhost-scsi to be vhost_device_t type [OraBug 27774921]
- Obsolete docker-engine-selinux [OraBug 26439663]
- Fix container selinux policy [OraBug 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

[3.13.1-192.4]
- Allow certmonger to sends emails
Resolves: rhbz#1588363

ELBA-2018-2005 Oracle Linux 7 spice bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2005

http://linux.oracle.com/errata/ELBA-2018-2005.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
spice-glib-0.34-3.el7_5.1.i686.rpm
spice-glib-0.34-3.el7_5.1.x86_64.rpm
spice-glib-devel-0.34-3.el7_5.1.i686.rpm
spice-glib-devel-0.34-3.el7_5.1.x86_64.rpm
spice-gtk-tools-0.34-3.el7_5.1.x86_64.rpm
spice-gtk3-0.34-3.el7_5.1.i686.rpm
spice-gtk3-0.34-3.el7_5.1.x86_64.rpm
spice-gtk3-devel-0.34-3.el7_5.1.i686.rpm
spice-gtk3-devel-0.34-3.el7_5.1.x86_64.rpm
spice-gtk3-vala-0.34-3.el7_5.1.x86_64.rpm
spice-server-0.14.0-2.el7_5.4.x86_64.rpm
spice-server-devel-0.14.0-2.el7_5.4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/spice-0.14.0-2.el7_5.4.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/spice-gtk-0.34-3.el7_5.1.src.rpm



Description of changes:

spice
[0.14.0-2.4]
- Don't mute Record channel on client reconnection
Resolves: rhbz#1582601

spice-gtk
[0.34-3.1]
- Fix migration failure when USB is enabled
Resolves: rhbz#1590412


ELBA-2018-4154 Oracle Linux 7 microcode_ctl bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-4154

http://linux.oracle.com/errata/ELBA-2018-4154.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
microcode_ctl-2.1-29.2.0.2.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/microcode_ctl-2.1-29.2.0.2.el7_5.src.rpm



Description of changes:

[2.1-29.2.0.2]
- Update 306e4 (06-3e-04) to rev 0x42d.
- Update 306e7 (06-3e-07) to rev 0x714.
- Update 306f2 (06-3f-02) to rev 0x3d.
- Update 306f4 (06-3f-04) to rev 0x12.
- Update 406f1 (06-4f-01) to rev 0xb00002e.

[2.1-29.2.0.1]
- Remove upstream disclaimer file.
- Update 106a5 (06-1a-05) to rev 0x1c.
- Update 206c2 (06-2c-02) to rev 0x1e.
- Update 206d7 (06-2d-07) to rev 0x713.
- Update 206e6 (06-2e-06) to rev 0xc.
- Update 206f2 (06-2f-02) to rev 0x3a.
- Update 306e4 (06-3e-04) to rev 0x42c.
- Update 306e7 (06-3e-07) to rev 0x713.
- Update 306f2 (06-3f-02) to rev 0x3c.
- Update 306f4 (06-3f-04) to rev 0x11.
- Update 406f1 (06-4f-01) to rev 0xb00002a.
- Update 50654 (06-55-04) to rev 0x2000043.

ELSA-2018-1965 Important: Oracle Linux 7 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2018-1965

http://linux.oracle.com/errata/ELSA-2018-1965.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-862.6.3.el7.src.rpm



Description of changes:

[3.10.0-862.6.3.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.6.3.el7]
- [x86] always enable eager FPU by default on non-AMD processors (Paolo
Bonzini) [1589051 1589048] {CVE-2018-3665}
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU
features (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584323
1584569] {CVE-2018-3639}

[3.10.0-862.6.2.el7]
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user
settable (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] kvm: vmx: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] kvm: svm: Implement VIRT_SPEC_CTRL support for SSBD (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable
support (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584323 1584569]
{CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Make "seccomp" the default mode for Speculative
Store Bypass (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] seccomp: Move speculation migitation control to arch code
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [kernel] seccomp: Add filter flag to opt-out of SSB mitigation (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] prctl: Add force disable speculation (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spectre_v2: No mitigation if CPU not affected and no command
override (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bug: Add X86_BUG_CPU_MELTDOWN and X86_BUG_SPECTRE_V[12] (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long)
[1584323 1584569] {CVE-2018-3639}

[3.10.0-862.6.1.el7]
- [x86] microcode: Load microcode on all cpus (Prarit Bhargava) [1578047
1568249]
- [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava)
[1578047 1568249]
- [x86] microcode: Attempt late loading only when new microcode is
present (Prarit Bhargava) [1578047 1568249]
- [x86] microcode: Synchronize late microcode loading (Prarit Bhargava)
[1578047 1568249]
- [x86] microcode: Request microcode on the BSP (Prarit Bhargava)
[1578047 1568249]
- [x86] microcode: Do not upload microcode if CPUs are offline (Prarit
Bhargava) [1578047 1568249]
- [x86] microcode/intel: Writeback and invalidate caches before updating
microcode (Prarit Bhargava) [1578047 1568249]
- [x86] microcode/intel: Check microcode revision before updating
sibling threads (Prarit Bhargava) [1578047 1568249]
- [x86] microcode: Get rid of struct apply_microcode_ctx (Prarit
Bhargava) [1578047 1568249]
- [x86] cpu: Add a microcode loader callback (Prarit Bhargava) [1578047
1568249]
- [x86] microcode: Propagate return value from updating functions
(Prarit Bhargava) [1578047 1568249]
- [x86] microcode/amd: Change load_microcode_amd()'s param to bool to
fix preemptibility bug (Prarit Bhargava) [1578047 1568249]
- [x86] microcode/intel: Add a helper which gives the microcode revision
(Prarit Bhargava) [1578047 1568249]
- [x86] cpu: Add native CPUID variants returning a single datum (Prarit
Bhargava) [1578047 1568249]
- [x86] microcode/amd: Move private inlines to .c and mark local
functions static (Prarit Bhargava) [1578047 1568249]
- [x86] microcode/intel: Simplify generic_load_microcode() (Prarit
Bhargava) [1578047 1568249]
- [x86] microcode/intel: Do not issue microcode updates messages on each
CPU (Prarit Bhargava) [1578047 1568249]
- [kernel] pidns: Don't have unshare(CLONE_NEWPID) imply CLONE_THREAD
(Oleg Nesterov) [1578997 1577745]
- [powerpc] 64s: Add support for a store forwarding barrier at kernel
entry/exit (Mauricio Oliveira) [1581045 1581036] {CVE-2018-3639}
- [powerpc] 64s: Move the data access exception out-of-line (Mauricio
Oliveira) [1581045 1581036] {CVE-2018-3639}

[3.10.0-862.5.1.el7]
- [netdrv] vmxnet3: use correct flag to indicate LRO feature (Neil
Horman) [1567771 1558685]
- [netdrv] vmxnet3: avoid xmit reset due to a race in vmxnet3 (Neil
Horman) [1567771 1558685]
- [kernel] ib/mlx5: Respect new UMR capabilities (Alaa Hleihel) [1579847
1573661]
- [infiniband] ib/mlx5: Enable ECN capable bits for UD RoCE v2 QPs (Alaa
Hleihel) [1579847 1573661]
- [scsi] cdrom: do not call check_disk_change() inside cdrom_open()
(Maurizio Lombardi) [1579834 1538362]
- [hid] wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE)
events (Benjamin Tissoires) [1579192 1551776]
- [hid] wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen
collection (Benjamin Tissoires) [1579192 1551776]
- [hid] wacom: generic: Send BTN_STYLUS3 when both barrel switches are
set (Benjamin Tissoires) [1579191 1551783]
- [fs] eventpoll: fix uninitialized variable in epoll_ctl (Paul Moore)
[1578734 1553256]
- [fs] nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (Scott Mayhew)
[1578458 1574002]
- [net] sock_diag: request _diag module only when the family or proto
has been registered (Xin Long) [1578272 1544898]
- [target] Re-add missing SCF_ACK_KREF assignment in (Mike Christie)
[1578048 1561851]
- [gpu] drm/nouveau: Fix deadlock in nv50_mstm_register_connector()
(Lyude Paul) [1577792 1571927]
- [netdrv] vmxnet3: segCnt can be 1 for LRO packets (Neil Horman)
[1577790 1426680]
- [s390] correct nospec auto detection init order (Hendrik Brueckner)
[1577767 1558325]
- [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1577767
1558325]
- [s390] report spectre mitigation via syslog (Hendrik Brueckner)
[1577767 1558325]
- [s390] add automatic detection of the spectre defense (Hendrik
Brueckner) [1577767 1558325]
- [s390] move nobp parameter functions to nospec-branch.c (Hendrik
Brueckner) [1577767 1558325]
- [s390] do not bypass BPENTER for interrupt system calls (Hendrik
Brueckner) [1577767 1558325]
- [s390] Replace IS_ENABLED(EXPOLINE_*) with
IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1577767 1558325]
- [s390] introduce execute-trampolines for branches (Hendrik Brueckner)
[1577767 1558325]
- [s390] run user space and KVM guests with modified branch prediction
(Hendrik Brueckner) [1577767 1558325]
- [s390] add optimized array_index_mask_nospec (Hendrik Brueckner)
[1577767 1558325]
- [s390] entry.s: fix spurious zeroing of r0 (Hendrik Brueckner)
[1577767 1558325]
- [s390] scrub registers on kernel entry and KVM exit (Hendrik
Brueckner) [1577767 1558325]
- [s390] align and prepare spectre mitigation for upstream commits
(Hendrik Brueckner) [1577767 1558325]
- [s390] alternative: use a copy of the facility bit mask (Hendrik
Brueckner) [1577767 1558325]
- [gpu] drm/amdgpu: Fix deadlock on runtime suspend (Lyude Paul)
[1577760 1563957]
- [gpu] drm/radeon: Fix deadlock on runtime suspend (Lyude Paul)
[1577760 1563957]
- [gpu] drm/nouveau: Fix deadlock on runtime suspend (Lyude Paul)
[1577760 1563957]
- [gpu] drm: Allow determining if current task is output poll worker
(Lyude Paul) [1577760 1563957]
- [gpu] workqueue: Allow retrieval of current task's work struct (1/5)
(Lyude Paul) [1577760 1563957]
- [md] dm: remove fmode_t argument from .prepare_ioctl hook (Mike
Snitzer) [1576508 1562960]
- [md] dm: hold DM table for duration of ioctl rather than use
blkdev_get (Mike Snitzer) [1576508 1562960]
- [scsi] iscsi: respond to netlink with unicast when appropriate (Chris
Leech) [1576293 1330865]
- [netdrv] i40e: fix incorrect UP-TC mapping (Stefan Assmann) [1574371
1558159]
- [powerpc] System reset avoid interleaving oops using die
synchronisation (Mauricio Oliveira) [1574366 1564126]
- [powerpc] Do not send system reset request through the oops path
(Mauricio Oliveira) [1574366 1564126]
- [powerpc] crash: Remove the test for cpu_online in the IPI callback
(Mauricio Oliveira) [1574366 1564126]
- [sound] hda: Fix a wrong FIXUP for alc289 on Dell machines (Jaroslav
Kysela) [1571581 1548969]
- [sound] hda: Fix headset mic detection problem for two Dell machines
(Jaroslav Kysela) [1571581 1548969]
- [firmware] fw_cfg: write vmcoreinfo details (Marc-Andre Lureau)
[1571369 1533367]
- [kernel] crash: export paddr_vmcoreinfo_note() (Marc-Andre Lureau)
[1571369 1533367]
- [firmware] fw_cfg: add DMA register (Marc-Andre Lureau) [1571369 1533367]
- [firmware] fw_cfg: add a public uapi header (Marc-Andre Lureau)
[1571369 1533367]
- [firmware] fw_cfg: handle fw_cfg_read_blob() error (Marc-Andre Lureau)
[1571369 1533367]
- [firmware] fw_cfg: remove inline from fw_cfg_read_blob() (Marc-Andre
Lureau) [1571369 1533367]
- [firmware] fw_cfg: fix sparse warnings around FW_CFG_FILE_DIR read
(Marc-Andre Lureau) [1571369 1533367]
- [firmware] fw_cfg: fix sparse warning reading FW_CFG_ID (Marc-Andre
Lureau) [1571369 1533367]
- [firmware] fw_cfg: fix sparse warnings with fw_cfg_file (Marc-Andre
Lureau) [1571369 1533367]
- [firmware] fw_cfg: fix sparse warnings in fw_cfg_sel_endianness()
(Marc-Andre Lureau) [1571369 1533367]
- [firmware] revert "fw_cfg: add DMA register" (Marc-Andre Lureau)
[1571369 1533367]
- [firmware] revert "fw_cfg: do DMA read operation" (Marc-Andre Lureau)
[1571369 1533367]
- [firmware] revert "fw_cfg: write vmcoreinfo details" (Marc-Andre
Lureau) [1571369 1533367]
- [infiniband] mlx5: Set the default active rate and width to QDR and 4X
(Honggang Li) [1570536 1554535]
- [x86] spec_ctrl: disable IBRS in idle, part 2 (Josh Poimboeuf)
[1570532 1558668]
- [x86] platform/uv: Fix critical UV MMR address error (Frank Ramsay)
[1570520 1562945]
- [powerpc] pseries: Restore default security feature flags on setup
(Mauricio Oliveira) [1570518 1561787]
- [powerpc] Move default security feature flags (Mauricio Oliveira)
[1570518 1561787]
- [powerpc] pseries: Fix clearing of security feature flags (Mauricio
Oliveira) [1570518 1561787]
- [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira)
[1570518 1561787]
- [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira)
[1570518 1561787]
- [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush()
(Mauricio Oliveira) [1570518 1561787]
- [powerpc] powernv: Use the security flags in pnv_setup_rfi_flush()
(Mauricio Oliveira) [1570518 1561787]
- [powerpc] 64s: Enhance the information in cpu_show_meltdown()
(Mauricio Oliveira) [1570518 1561787]
- [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1570518
1561787]
- [powerpc] powernv: Set or clear security feature flags (Mauricio
Oliveira) [1570518 1561787]
- [powerpc] pseries: Set or clear security feature flags (Mauricio
Oliveira) [1570518 1561787]
- [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio
Oliveira) [1570518 1561787]
- [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio
Oliveira) [1570518 1561787]
- [powerpc] lib: seq: Add seq_buf_printf() (Mauricio Oliveira) [1570518
1561787]
- [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration
(Mauricio Oliveira) [1570509 1561785]
- [powerpc] rfi-flush: Differentiate enabled and patched flush types
(Mauricio Oliveira) [1570509 1561785]
- [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio
Oliveira) [1570509 1561785]
- [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again
(Mauricio Oliveira) [1570509 1561785]
- [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs
code (Mauricio Oliveira) [1570509 1561785]
- [fs] vfs: Remove incorrect debugging WARN in prepend_path (Frank
Sorenson) [1568322 1481732]
- [fs] xfs: fix transaction allocation deadlock in IO path (Eric
Sandeen) [1568320 1551111]
- [md] support to split big bio (Ming Lei) [1568070 1557434]
- [block] introduce bio_split2() and bio_pair2_release() (Ming Lei)
[1568070 1557434]
- [netdrv] qed: Free reserved MR tid (Harish Patil) [1568069 1554217]
- [netdrv] qed: Free RoCE ILT Memory on rmmod qedr (Harish Patil)
[1568069 1554217]
- [net] sctp: use right member as the param of list_for_each_entry (Xin
Long) [1565983 1483445]
- [net] sctp: reset owner sk for data chunks on out queues when
migrating a sock (Xin Long) [1565983 1483445]
- [net] xfrm: policy: check policy direction value (Bruno Eduardo de
Oliveira Meneguele) [1479419 1479421] {CVE-2017-11600}
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] entry: Add missing "$" in IBRS macros (Waiman Long) [1566904
1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman
Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by
kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905]
{CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905]
{CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman
Long) [1566904 1566905] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [uapi] prctl: Add speculation control prctls (Waiman Long) [1566904
1566905] {CVE-2018-3639}
- [x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if
requested (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904
1566905] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904
1566905] {CVE-2018-3639}

[3.10.0-862.4.1.el7]
- [powerpc] msi: Fix race condition in tearing down MSI interrupts
(David Milburn) [1570511 1549680]

ELSA-2018-1979 Moderate: Oracle Linux 7 pki-core security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-1979

http://linux.oracle.com/errata/ELSA-2018-1979.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
pki-base-10.5.1-13.1.el7_5.noarch.rpm
pki-base-java-10.5.1-13.1.el7_5.noarch.rpm
pki-ca-10.5.1-13.1.el7_5.noarch.rpm
pki-javadoc-10.5.1-13.1.el7_5.noarch.rpm
pki-kra-10.5.1-13.1.el7_5.noarch.rpm
pki-server-10.5.1-13.1.el7_5.noarch.rpm
pki-symkey-10.5.1-13.1.el7_5.x86_64.rpm
pki-tools-10.5.1-13.1.el7_5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pki-core-10.5.1-13.1.el7_5.src.rpm



Description of changes:

[10.5.1-13.1]
- Rebuild due to build system database problem

[10.5.1-13]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1553068 - Using a Netmask produces an odd
entry in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1585945 - CMC CRMF requests result in
InvalidKeyFormatException when signing algorithm is ECC
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1587826 - ExternalCA: Installation failed during
csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
- Bugzilla Bug #1588944 - Cert validation for installation with
external CA cert [rhel-7.5.z] (edewata)
- Bugzilla Bug #1588945 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
- Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled
ACL configuration in AAclAuthz.java reverses rules that allow
and deny access [rhel-7.5.z] (ftweedal, cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

[10.5.1-12]
- Updated "jss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,
CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
- Bugzilla Bug #1572548 - IPA install with external-CA is failing when
FIPS mode enabled. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue
with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs
improvement [rhel-7.5.z] (jmagne)
- Bugzilla Bug #1581135 - SAN in internal SSL server certificate in
pkispawn configuration step [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong
input class_id [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System
9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

[10.5.1-11]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz

[10.5.1-10]
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1550581 - CMCAuth throws
org.mozilla.jss.crypto.TokenException: Unable to insert certificate into
temporary database [rhel-7.5.z] (cfu)
- Bugzilla Bug #1551067 - [MAN] Add --skip-configuration
and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers
[rhel-7.5.z] (cheimes, mharmsen)
- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry
in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled
by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives
StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1558919 - Not able to generate certificate request
with ECC using pki client-cert-request [rhel-7.5.z] (akahat)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz


ELSA-2018-1997 Important: Oracle Linux 7 libvirt security and bug fix update

Oracle Linux Security Advisory ELSA-2018-1997

http://linux.oracle.com/errata/ELSA-2018-1997.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libvirt-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.6.i686.rpm
libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.6.i686.rpm
libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.6.i686.rpm
libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.6.i686.rpm
libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-3.9.0-14.el7_5.6.src.rpm



Description of changes:

[3.9.0-14.el7_5.6]
- logging: Don't inhibit shutdown in system daemon (rhbz#1573268)
- util: don't check for parallel iteration in hash-related functions
(rhbz#1581364)
- cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
- virNumaGetHugePageInfo: Return page_avail and page_free as ULL
(rhbz#1582418)

ELSA-2018-2001 Important: Oracle Linux 7 qemu-kvm security update

Oracle Linux Security Advisory ELSA-2018-2001

http://linux.oracle.com/errata/ELSA-2018-2001.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
qemu-img-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-kvm-1.5.3-156.el7_5.3.src.rpm



Description of changes:

[1.5.3-156.el7_5.3]
- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch
[bz#1584363]
- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch
[bz#1584363]
- Resolves: bz#1584363
(CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass
[rhel-7.5.z])