Oracle Linux 6277 Published by

The following updates have been released for Oracle Linux:

ELBA-2024-6416 Oracle Linux 9 augeas bug fix and enhancement update
ELBA-2024-6168 Oracle Linux 9 systemd bug fix update
ELBA-2024-5811 Oracle Linux 9 scap-security-guide bug fix and enhancement update
ELBA-2024-6359 Oracle Linux 9 NetworkManager bug fix and enhancement update
ELSA-2024-6422 Important: Oracle Linux 8 bubblewrap and flatpak security update
ELBA-2024-12609 Oracle Linux 8 rpm bug fix update
ELBA-2024-6185 Oracle Linux 9 cloud-init bug fix and enhancement update




ELBA-2024-6416 Oracle Linux 9 augeas bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-6416

http://linux.oracle.com/errata/ELBA-2024-6416.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
augeas-1.13.0-6.el9_4.x86_64.rpm
augeas-libs-1.13.0-6.el9_4.i686.rpm
augeas-libs-1.13.0-6.el9_4.x86_64.rpm
augeas-devel-1.13.0-6.el9_4.i686.rpm
augeas-devel-1.13.0-6.el9_4.x86_64.rpm

aarch64:
augeas-1.13.0-6.el9_4.aarch64.rpm
augeas-libs-1.13.0-6.el9_4.aarch64.rpm
augeas-devel-1.13.0-6.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//augeas-1.13.0-6.el9_4.src.rpm

Description of changes:

[1.13.0-5]
- Fix parsing /etc/fstab by allowing comma after last option
resolves: RHEL-56992



ELBA-2024-6168 Oracle Linux 9 systemd bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-6168

http://linux.oracle.com/errata/ELBA-2024-6168.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
rhel-net-naming-sysattrs-252-32.0.2.el9_4.7.noarch.rpm
systemd-252-32.0.2.el9_4.7.i686.rpm
systemd-252-32.0.2.el9_4.7.x86_64.rpm
systemd-container-252-32.0.2.el9_4.7.i686.rpm
systemd-container-252-32.0.2.el9_4.7.x86_64.rpm
systemd-devel-252-32.0.2.el9_4.7.i686.rpm
systemd-devel-252-32.0.2.el9_4.7.x86_64.rpm
systemd-journal-remote-252-32.0.2.el9_4.7.x86_64.rpm
systemd-libs-252-32.0.2.el9_4.7.i686.rpm
systemd-libs-252-32.0.2.el9_4.7.x86_64.rpm
systemd-oomd-252-32.0.2.el9_4.7.x86_64.rpm
systemd-pam-252-32.0.2.el9_4.7.x86_64.rpm
systemd-resolved-252-32.0.2.el9_4.7.x86_64.rpm
systemd-rpm-macros-252-32.0.2.el9_4.7.noarch.rpm
systemd-udev-252-32.0.2.el9_4.7.x86_64.rpm
systemd-boot-unsigned-252-32.0.2.el9_4.7.x86_64.rpm

aarch64:
rhel-net-naming-sysattrs-252-32.0.2.el9_4.7.noarch.rpm
systemd-252-32.0.2.el9_4.7.aarch64.rpm
systemd-container-252-32.0.2.el9_4.7.aarch64.rpm
systemd-devel-252-32.0.2.el9_4.7.aarch64.rpm
systemd-journal-remote-252-32.0.2.el9_4.7.aarch64.rpm
systemd-libs-252-32.0.2.el9_4.7.aarch64.rpm
systemd-oomd-252-32.0.2.el9_4.7.aarch64.rpm
systemd-pam-252-32.0.2.el9_4.7.aarch64.rpm
systemd-resolved-252-32.0.2.el9_4.7.aarch64.rpm
systemd-rpm-macros-252-32.0.2.el9_4.7.noarch.rpm
systemd-udev-252-32.0.2.el9_4.7.aarch64.rpm
systemd-boot-unsigned-252-32.0.2.el9_4.7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//systemd-252-32.0.2.el9_4.7.src.rpm

Description of changes:

[252-32.0.2.7]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- Backport upstream pstore dmesg fix [Orabug: 34868110]
- Remove upstream references [Orabug: 33995357]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469]
- shutdown: get only active md arrays. [Orabug: 34467234]
- Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407]
- Removed unneeded patches from the systemd.spec
- 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490]
- 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490]
- 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110]
- Removed the following, associated with [Orabug: 36269319]:
- 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch
- 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319]
- 2C) Remove "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319]
- 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]

[252-32.7]
- generator: "uninline" generator_open_unit_file and generator_add_symlink (RHEL-49495)



ELBA-2024-5811 Oracle Linux 9 scap-security-guide bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-5811

http://linux.oracle.com/errata/ELBA-2024-5811.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.74-1.0.1.el9_4.noarch.rpm
scap-security-guide-doc-0.1.74-1.0.1.el9_4.noarch.rpm

aarch64:
scap-security-guide-0.1.74-1.0.1.el9_4.noarch.rpm
scap-security-guide-doc-0.1.74-1.0.1.el9_4.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//scap-security-guide-0.1.74-1.0.1.el9_4.src.rpm

Description of changes:

[0.1.74-1.0.1]
- Rebase Oracle patches to 0.1.74.openela.1.0 [Orabug: 36996303]
- Fix bash bug for rules account_disable_inactivity* [Orabug: 36888059]
- Finish ansible implementation for OL9 STIG [Orabug: 37000810]
- Create ISM profile for OL9 [Orabug: 37000822]
- Hide CJIS profile in OL8 [Orabug: 36996303]

[0.1.74.openela.1.0]
- Add OpenELA as derivative of RHEL

[0.1.74-1]
- Rebase to a new upstream release 0.1.74 (RHEL-53865)
- Ensure authselect features are preserved by enable_authselect rule (RHEL-39383)
- Fix check for passwords last changed date (RHEL-47129)
- Remediations of Journald configuration files now include a correct section (RHEL-38531)
- Adjust service requirements for CIS profiles (RHEL-23852)
- Update password hashing settings for ANSSI-BP-028 (RHEL-44983)

[0.1.73-2]
- Switch gating to tmt plan (RHEL-43243)



ELBA-2024-6359 Oracle Linux 9 NetworkManager bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-6359

http://linux.oracle.com/errata/ELBA-2024-6359.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
NetworkManager-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-adsl-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-bluetooth-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-cloud-setup-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-config-connectivity-oracle-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-config-server-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-dispatcher-routing-rules-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-initscripts-updown-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-libnm-1.46.0-19.0.1.el9_4.i686.rpm
NetworkManager-libnm-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-ovs-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-ppp-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-team-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-tui-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-wifi-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-wwan-1.46.0-19.0.1.el9_4.x86_64.rpm
NetworkManager-libnm-devel-1.46.0-19.0.1.el9_4.i686.rpm
NetworkManager-libnm-devel-1.46.0-19.0.1.el9_4.x86_64.rpm

aarch64:
NetworkManager-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-adsl-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-bluetooth-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-cloud-setup-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-config-connectivity-oracle-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-config-server-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-dispatcher-routing-rules-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-initscripts-updown-1.46.0-19.0.1.el9_4.noarch.rpm
NetworkManager-libnm-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-ovs-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-ppp-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-team-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-tui-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-wifi-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-wwan-1.46.0-19.0.1.el9_4.aarch64.rpm
NetworkManager-libnm-devel-1.46.0-19.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//NetworkManager-1.46.0-19.0.1.el9_4.src.rpm

Description of changes:

[1.46.0-19.0.1]
- disable MPTCP handling by default [Orabug: 34801142]
- add connectivity check via Oracle servers [Orabug: 32051972]

[1:1.46.0-19]
- Retry hostname resolutions when it fails (RHEL-55397)
- cloud-setup: allow bigger restart bursts (RHEL-56739)
- cloud-setup: Fix Azure primary and secondary address swap (RHEL-56386)



ELSA-2024-6422 Important: Oracle Linux 8 bubblewrap and flatpak security update


Oracle Linux Security Advisory ELSA-2024-6422

http://linux.oracle.com/errata/ELSA-2024-6422.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bubblewrap-0.4.0-2.el8_10.x86_64.rpm
flatpak-1.12.9-3.el8_10.x86_64.rpm
flatpak-libs-1.12.9-3.el8_10.i686.rpm
flatpak-libs-1.12.9-3.el8_10.x86_64.rpm
flatpak-selinux-1.12.9-3.el8_10.noarch.rpm
flatpak-session-helper-1.12.9-3.el8_10.x86_64.rpm
flatpak-1.12.9-3.el8_10.i686.rpm
flatpak-devel-1.12.9-3.el8_10.i686.rpm
flatpak-devel-1.12.9-3.el8_10.x86_64.rpm
flatpak-session-helper-1.12.9-3.el8_10.i686.rpm

aarch64:
bubblewrap-0.4.0-2.el8_10.aarch64.rpm
flatpak-1.12.9-3.el8_10.aarch64.rpm
flatpak-libs-1.12.9-3.el8_10.aarch64.rpm
flatpak-selinux-1.12.9-3.el8_10.noarch.rpm
flatpak-session-helper-1.12.9-3.el8_10.aarch64.rpm
flatpak-devel-1.12.9-3.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//bubblewrap-0.4.0-2.el8_10.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//flatpak-1.12.9-3.el8_10.src.rpm

Related CVEs:

CVE-2024-42472

Description of changes:

bubblewrap
[0.4.0-2]
- Backport upstream fix to help address CVE-2024-42472 in flatpak

flatpak
[1.12.9-3]
- Fix previous changelog entry

[1.12.9-2]
- Backport upstream patches for CVE-2024-42472
- Require bubblewrap version that has new --bind-fd option backported for
addressing CVE-2024-42472



ELBA-2024-12609 Oracle Linux 8 rpm bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12609

http://linux.oracle.com/errata/ELBA-2024-12609.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
rpm-build-4.14.3-31.0.2.el8.x86_64.rpm
python3-rpm-4.14.3-31.0.2.el8.x86_64.rpm
rpm-4.14.3-31.0.2.el8.x86_64.rpm
rpm-apidocs-4.14.3-31.0.2.el8.noarch.rpm
rpm-build-libs-4.14.3-31.0.2.el8.i686.rpm
rpm-build-libs-4.14.3-31.0.2.el8.x86_64.rpm
rpm-cron-4.14.3-31.0.2.el8.noarch.rpm
rpm-devel-4.14.3-31.0.2.el8.i686.rpm
rpm-devel-4.14.3-31.0.2.el8.x86_64.rpm
rpm-libs-4.14.3-31.0.2.el8.i686.rpm
rpm-libs-4.14.3-31.0.2.el8.x86_64.rpm
rpm-plugin-ima-4.14.3-31.0.2.el8.x86_64.rpm
rpm-plugin-prioreset-4.14.3-31.0.2.el8.x86_64.rpm
rpm-plugin-selinux-4.14.3-31.0.2.el8.x86_64.rpm
rpm-plugin-syslog-4.14.3-31.0.2.el8.x86_64.rpm
rpm-plugin-systemd-inhibit-4.14.3-31.0.2.el8.x86_64.rpm
rpm-sign-4.14.3-31.0.2.el8.x86_64.rpm
rpm-plugin-fapolicyd-4.14.3-31.0.2.el8.x86_64.rpm

aarch64:
rpm-build-4.14.3-31.0.2.el8.aarch64.rpm
python3-rpm-4.14.3-31.0.2.el8.aarch64.rpm
rpm-4.14.3-31.0.2.el8.aarch64.rpm
rpm-apidocs-4.14.3-31.0.2.el8.noarch.rpm
rpm-build-libs-4.14.3-31.0.2.el8.aarch64.rpm
rpm-cron-4.14.3-31.0.2.el8.noarch.rpm
rpm-devel-4.14.3-31.0.2.el8.aarch64.rpm
rpm-libs-4.14.3-31.0.2.el8.aarch64.rpm
rpm-plugin-ima-4.14.3-31.0.2.el8.aarch64.rpm
rpm-plugin-prioreset-4.14.3-31.0.2.el8.aarch64.rpm
rpm-plugin-selinux-4.14.3-31.0.2.el8.aarch64.rpm
rpm-plugin-syslog-4.14.3-31.0.2.el8.aarch64.rpm
rpm-plugin-systemd-inhibit-4.14.3-31.0.2.el8.aarch64.rpm
rpm-sign-4.14.3-31.0.2.el8.aarch64.rpm
rpm-plugin-fapolicyd-4.14.3-31.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//rpm-4.14.3-31.0.2.el8.src.rpm

Description of changes:

[4.14.3-31.0.2]
- Fixes RPM crash while installing/cleaning same package [Orabug: 36653282]
- Add TR_RPMDB element type for representing packages from the rpmdb
- Use an erase element to delete packages with same NEVRA
- Legalize proper reinstall within transaction
- Refactor pre-flight checks for added packages to helper function
- Add a pre-flight check for removed packages too



ELBA-2024-6185 Oracle Linux 9 cloud-init bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-6185

http://linux.oracle.com/errata/ELBA-2024-6185.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cloud-init-23.4-7.0.1.el9_4.6.noarch.rpm

aarch64:
cloud-init-23.4-7.0.1.el9_4.6.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//cloud-init-23.4-7.0.1.el9_4.6.src.rpm

Description of changes:

[23.4-7.0.1.el9_4.6]
- NetworkManagerActivator brings up interface failed when using sysconfig renderer [RHEL-18981]
- Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168]
- Increase retry value and add timeout for OCI [Orabug: 35329883]
- Fix log file permission [Orabug: 35302969]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- Make Oracle datasource detect dracut based config files [Orabug: 29956753]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros
Resolves: rhbz#1427280

[23.4.0.2]
- Apply OpenELA fixes

[23.4-7.el9_4.6]
- ci-fix-Clean-cache-if-no-datasource-fallback-5499.patch [RHEL-50562]
- Resolves: RHEL-50562
([Cloud-init] [RHEL-9.4] Password reset feature broken with CloudstackDataSource)