The following updates has been released for Oracle Linux 7:
ELSA-2018-3833 Critical: Oracle Linux 7 firefox security update (aarch64)
ELSA-2018-3834 Important: Oracle Linux 7 ghostscript security and bug fix update (aarch64)
ELSA-2018-3854 Low: Oracle Linux 6 ntp security update
ELSA-2018-3833 Critical: Oracle Linux 7 firefox security update (aarch64)
ELSA-2018-3834 Important: Oracle Linux 7 ghostscript security and bug fix update (aarch64)
ELSA-2018-3854 Low: Oracle Linux 6 ntp security update
ELSA-2018-3833 Critical: Oracle Linux 7 firefox security update (aarch64)
Oracle Linux Security Advisory ELSA-2018-3833
http://linux.oracle.com/errata/ELSA-2018-3833.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
firefox-60.4.0-1.0.1.el7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-60.4.0-1.0.1.el7.src.rpm
Description of changes:
[60.4.0-1.0.1]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red
Hat file
[60.4.0-1]
- Update to 60.4.0 ESR
[60.3.0-2]
- Added firefox-gnome-shell-extension
[60.3.0-1]
- Update to 60.3.0 ESR
ELSA-2018-3834 Important: Oracle Linux 7 ghostscript security and bug fix update (aarch64)
Oracle Linux Security Advisory ELSA-2018-3834
http://linux.oracle.com/errata/ELSA-2018-3834.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
ghostscript-9.07-31.el7_6.6.aarch64.rpm
ghostscript-cups-9.07-31.el7_6.6.aarch64.rpm
ghostscript-devel-9.07-31.el7_6.6.aarch64.rpm
ghostscript-doc-9.07-31.el7_6.6.noarch.rpm
ghostscript-gtk-9.07-31.el7_6.6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ghostscript-9.07-31.el7_6.6.src.rpm
Description of changes:
[9.07-31.el7_6.6]
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)
[9.07-31.el7_6.5]
- Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
[9.07-31.el7_6.4]
- Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect "restoration of
privilege" checking when running out of stack during exception handling
- Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
ELSA-2018-3854 Low: Oracle Linux 6 ntp security update
Oracle Linux Security Advisory ELSA-2018-3854
http://linux.oracle.com/errata/ELSA-2018-3854.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
ntp-4.2.6p5-15.0.1.el6_10.i686.rpm
ntp-doc-4.2.6p5-15.0.1.el6_10.noarch.rpm
ntp-perl-4.2.6p5-15.0.1.el6_10.i686.rpm
ntpdate-4.2.6p5-15.0.1.el6_10.i686.rpm
x86_64:
ntp-4.2.6p5-15.0.1.el6_10.x86_64.rpm
ntp-doc-4.2.6p5-15.0.1.el6_10.noarch.rpm
ntp-perl-4.2.6p5-15.0.1.el6_10.x86_64.rpm
ntpdate-4.2.6p5-15.0.1.el6_10.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/ntp-4.2.6p5-15.0.1.el6_10.src.rpm
Description of changes:
[4.2.6p5-15.0.1]
- add disable monitor to default ntp.conf [CVE-2013-5211]
[4.2.6p5-15]
- fix buffer overflow in parsing of address in ntpq and ntpdc
(CVE-2018-12327)
[4.2.6p5-14]
- fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)
[4.2.6p5-13]
- fix buffer overflow in datum refclock driver (CVE-2017-6462)
- fix crash with invalid unpeer command (CVE-2017-6463)
- fix potential crash with invalid server command (CVE-2017-6464)
