Oracle Linux 6277 Published by

Oracle Linux has received multiple security upgrades, including a crash bug repair, a java-1.8.0-openjdk security update, a ghostscript security update, and a java-1.8.0-openjdk security update:

ELBA-2024-12667 Oracle Linux 8 crash bug fix update
ELSA-2024-4560 Important: Oracle Linux 7 java-1.8.0-openjdk security update (aarch64)
ELSA-2024-4549 Important: Oracle Linux 7 ghostscript security update (aarch64)
ELSA-2024-4560 Important: Oracle Linux 7 java-1.8.0-openjdk security update
ELSA-2024-4549 Important: Oracle Linux 7 ghostscript security update




ELBA-2024-12667 Oracle Linux 8 crash bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12667

http://linux.oracle.com/errata/ELBA-2024-12667.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
crash-8.0.5-1.0.2.el8.x86_64.rpm
crash-devel-8.0.5-1.0.2.el8.i686.rpm
crash-devel-8.0.5-1.0.2.el8.x86_64.rpm

aarch64:
crash-8.0.5-1.0.2.el8.aarch64.rpm
crash-devel-8.0.5-1.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//crash-8.0.5-1.0.2.el8.src.rpm

Description of changes:

[8.0.5-1.0.2]
- Fix crash tool fails with vmcore/kcore of mainline/LUCI kernels [Orabug: 36934225]



ELSA-2024-4560 Important: Oracle Linux 7 java-1.8.0-openjdk security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-4560

http://linux.oracle.com/errata/ELSA-2024-4560.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
java-1.8.0-openjdk-1.8.0.412.b08-1.0.1.el7_9.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.412.b08-1.0.1.el7_9.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.412.b08-1.0.1.el7_9.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.0.1.el7_9.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.412.b08-1.0.1.el7_9.aarch64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.412.b08-1.0.1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-1.0.1.el7_9.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.412.b08-1.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//java-1.8.0-openjdk-1.8.0.412.b08-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21144
CVE-2024-21145
CVE-2024-21147

Description of changes:

[1:1.8.0.412.b08-1.0.1]
- Fixes openjdk below given CVE issues
- CVE-2024-21131 Improve-UTF8-String-supports
- CVE-2024-21138 Better-symbol-storage
- Fixes bad immediate dominator info openjdk bug8262017
- Fixes malformed control flow openjdk bug8303466
- CVE-2024-21140 Improved-loop-handling
- CVE-2024-21144 Enhance-Pack-200-loading
- CVE-2024-21145 Improve-2D-image-handling
- CVE-2024-21147 Improve-array-management



ELSA-2024-4549 Important: Oracle Linux 7 ghostscript security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-4549

http://linux.oracle.com/errata/ELSA-2024-4549.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
ghostscript-9.25-5.0.1.el7.aarch64.rpm
ghostscript-cups-9.25-5.0.1.el7.aarch64.rpm
ghostscript-doc-9.25-5.0.1.el7.noarch.rpm
ghostscript-gtk-9.25-5.0.1.el7.aarch64.rpm
libgs-9.25-5.0.1.el7.aarch64.rpm
libgs-devel-9.25-5.0.1.el7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//ghostscript-9.25-5.0.1.el7.src.rpm

Related CVEs:

CVE-2024-33871

Description of changes:

[9.25-5.0.1]
- Fixes CVE-2024-33871 OPVP device arbitrary code execution via custom Driver library



ELSA-2024-4560 Important: Oracle Linux 7 java-1.8.0-openjdk security update


Oracle Linux Security Advisory ELSA-2024-4560

http://linux.oracle.com/errata/ELSA-2024-4560.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-1.8.0-openjdk-1.8.0.412.b08-1.0.1.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.412.b08-1.0.1.el7_9.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.0.1.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.0.1.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.412.b08-1.0.1.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.412.b08-1.0.1.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.412.b08-1.0.1.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.412.b08-1.0.1.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.412.b08-1.0.1.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.412.b08-1.0.1.el7_9.x86_64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.412.b08-1.0.1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-1.0.1.el7_9.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.412.b08-1.0.1.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.412.b08-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//java-1.8.0-openjdk-1.8.0.412.b08-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21144
CVE-2024-21145
CVE-2024-21147

Description of changes:

[1:1.8.0.412.b08-1.0.1]
- Fixes openjdk below given CVE issues
- CVE-2024-21131 Improve-UTF8-String-supports
- CVE-2024-21138 Better-symbol-storage
- Fixes bad immediate dominator info openjdk bug8262017
- Fixes malformed control flow openjdk bug8303466
- CVE-2024-21140 Improved-loop-handling
- CVE-2024-21144 Enhance-Pack-200-loading
- CVE-2024-21145 Improve-2D-image-handling
- CVE-2024-21147 Improve-array-management



ELSA-2024-4549 Important: Oracle Linux 7 ghostscript security update


Oracle Linux Security Advisory ELSA-2024-4549

http://linux.oracle.com/errata/ELSA-2024-4549.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
ghostscript-9.25-5.0.1.el7.i686.rpm
ghostscript-9.25-5.0.1.el7.x86_64.rpm
ghostscript-cups-9.25-5.0.1.el7.x86_64.rpm
ghostscript-doc-9.25-5.0.1.el7.noarch.rpm
ghostscript-gtk-9.25-5.0.1.el7.x86_64.rpm
libgs-9.25-5.0.1.el7.i686.rpm
libgs-9.25-5.0.1.el7.x86_64.rpm
libgs-devel-9.25-5.0.1.el7.i686.rpm
libgs-devel-9.25-5.0.1.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//ghostscript-9.25-5.0.1.el7.src.rpm

Related CVEs:

CVE-2024-33871

Description of changes:

[9.25-5.0.1]
- Fixes CVE-2024-33871 OPVP device arbitrary code execution via custom Driver library