ELSA-2024-6417 Important: Oracle Linux 7 flatpak security update
ELSA-2024-12709 Moderate: Oracle Linux 7 python-urllib3 security update
ELBA-2024-12706 Oracle Linux 7 systemd bug fix update (aarch64)
ELBA-2024-12707 Oracle Linux 9 gcc-toolset-12-gcc bug fix update
ELSA-2024-12698 Moderate: Oracle Linux 8 oVirt 4.5 ovirt-engine security update
ELSA-2024-7463 Important: Oracle Linux 8 cups-filters security update
ELBA-2024-7457 Oracle Linux 9 mod_jk bug fix update
ELSA-2024-12700 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-5076 Moderate: Oracle Linux 7 krb5 security update (aarch64)
ELSA-2024-12709 Moderate: Oracle Linux 7 python-urllib3 security update (aarch64)
ELSA-2024-12700 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
ELSA-2024-6417 Important: Oracle Linux 7 flatpak security update
Oracle Linux Security Advisory ELSA-2024-6417
http://linux.oracle.com/errata/ELSA-2024-6417.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
flatpak-1.0.9-13.0.1.el7_9.x86_64.rpm
flatpak-builder-1.0.0-13.0.1.el7_9.x86_64.rpm
flatpak-devel-1.0.9-13.0.1.el7_9.x86_64.rpm
flatpak-libs-1.0.9-13.0.1.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//flatpak-1.0.9-13.0.1.el7_9.src.rpm
Related CVEs:
CVE-2024-42472
Description of changes:
[1.0.9-13.0.1]
- Fix CVE-2024-42472 [Orabug: 37027734]
ELSA-2024-12709 Moderate: Oracle Linux 7 python-urllib3 security update
Oracle Linux Security Advisory ELSA-2024-12709
http://linux.oracle.com/errata/ELSA-2024-12709.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
python-urllib3-1.10.2-7.0.1.el7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//python-urllib3-1.10.2-7.0.1.el7.src.rpm
Related CVEs:
CVE-2024-37891
Description of changes:
[1.10.2-7.0.1]
- CVE-2024-37891 fix [Orabug: 37085188]
ELBA-2024-12706 Oracle Linux 7 systemd bug fix update (aarch64)
Oracle Linux Bug Fix Advisory ELBA-2024-12706
http://linux.oracle.com/errata/ELBA-2024-12706.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
libgudev1-219-78.0.15.el7_9.9.aarch64.rpm
libgudev1-devel-219-78.0.15.el7_9.9.aarch64.rpm
systemd-219-78.0.15.el7_9.9.aarch64.rpm
systemd-devel-219-78.0.15.el7_9.9.aarch64.rpm
systemd-libs-219-78.0.15.el7_9.9.aarch64.rpm
systemd-python-219-78.0.15.el7_9.9.aarch64.rpm
systemd-sysv-219-78.0.15.el7_9.9.aarch64.rpm
systemd-journal-gateway-219-78.0.15.el7_9.9.aarch64.rpm
systemd-networkd-219-78.0.15.el7_9.9.aarch64.rpm
systemd-resolved-219-78.0.15.el7_9.9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//systemd-219-78.0.15.el7_9.9.src.rpm
Description of changes:
[219-78.0.15]
- Drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432]
ELBA-2024-12707 Oracle Linux 9 gcc-toolset-12-gcc bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-12707
http://linux.oracle.com/errata/ELBA-2024-12707.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
gcc-toolset-12-gcc-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-gcc-c++-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-gcc-gfortran-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-gcc-plugin-annobin-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-gcc-plugin-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-gcc-plugin-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libasan-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libasan-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libatomic-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libatomic-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libgccjit-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libgccjit-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libgccjit-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libgccjit-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libgccjit-docs-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libitm-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libitm-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-liblsan-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libquadmath-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libquadmath-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libstdc++-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libstdc++-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libstdc++-docs-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libtsan-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-libubsan-devel-12.2.1-7.7.0.2.el9_4.i686.rpm
gcc-toolset-12-libubsan-devel-12.2.1-7.7.0.2.el9_4.x86_64.rpm
gcc-toolset-12-offload-nvptx-12.2.1-7.7.0.2.el9_4.x86_64.rpm
libasan8-12.2.1-7.7.0.2.el9_4.i686.rpm
libasan8-12.2.1-7.7.0.2.el9_4.x86_64.rpm
libtsan2-12.2.1-7.7.0.2.el9_4.x86_64.rpm
aarch64:
gcc-toolset-12-gcc-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-gcc-c++-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-gcc-gfortran-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-gcc-plugin-annobin-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-gcc-plugin-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libasan-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libatomic-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libgccjit-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libgccjit-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libgccjit-docs-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libitm-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-liblsan-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libstdc++-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libstdc++-docs-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libtsan-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
gcc-toolset-12-libubsan-devel-12.2.1-7.7.0.2.el9_4.aarch64.rpm
libasan8-12.2.1-7.7.0.2.el9_4.aarch64.rpm
libtsan2-12.2.1-7.7.0.2.el9_4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//gcc-toolset-12-gcc-12.2.1-7.7.0.2.el9_4.src.rpm
Description of changes:
[12.2.1-7.7.0.2]
- Fix Orabug 36878992, i.e, the same bug as GCC PR116585.
gcc15-pr116585.patch
- Reviewed-by: Jose E. Marchesi [jose.marchesi@oracle.com]
Oracle history:
September-3-2024 Qing Zhao [qing.zhao@oracle.com] 12.2.1-7.7.0.1
- Merge Oracle patches to 12.2.1-7.7.
Reviewed-by: Jose E. Marchesi [jose.marchesi@oracle.com]
May-15-2024 Qing Zhao [qing.zhao@oracle.com] 12.2.1-7.6.0.2
- Fix Orabug 35283123, i.e, the same bug as GCC PR111407.
gcc14-pr111407.patch
Reviewed-by: Jose E. Marchesi [jose.marchesi@oracle.com]
- Add support for -mpreserve-args in aarch64.
Orabug 36399592.
Reviewed-by: Elena Zannoni [elena.zannoni@oracle.com]
Oracle history:
May-03-2024 Jose E. Marchesi [jose.marchesi@oracle.com] 12.2.1-7.6.0.1
- Forward-port Oracle patches to 12.2.1-7.6.
- Reviewed by: Cupertino Miranda [cupertino.miranda@oracle.com]
August-31-2023 Qing Zhao [qing.zhao@oracle.com] 12.2.1-7.4.0.2
- CVE-2023-4039 GCC mitigation.
Orabug 35751965.
- CVE-2022-40982 "Intel Downfall" mitigation.
Orabug 35751972.
Add two patches originally from GCC upstream releases/gcc-11 branch.
gcc12-downfall-disable-gather-in-vec.patch
gcc12-downfall-support-mno-gather.patch
- Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE.
ELSA-2024-12698 Moderate: Oracle Linux 8 oVirt 4.5 ovirt-engine security update
Oracle Linux Security Advisory ELSA-2024-12698
http://linux.oracle.com/errata/ELSA-2024-12698.html
The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network:
x86_64:
ovirt-engine-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-backend-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-dbscripts-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-health-check-bundler-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-restapi-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-base-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-tools-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-tools-backup-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-webadmin-portal-4.5.5-1.21.el8.noarch.rpm
ovirt-engine-websocket-proxy-4.5.5-1.21.el8.noarch.rpm
python3-ovirt-engine-lib-4.5.5-1.21.el8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-4.5.5-1.21.el8.src.rpm
Related CVEs:
CVE-2024-7259
Description of changes:
[4.5.5-1.21]
- Fix external providers properties observability
ELSA-2024-7463 Important: Oracle Linux 8 cups-filters security update
Oracle Linux Security Advisory ELSA-2024-7463
http://linux.oracle.com/errata/ELSA-2024-7463.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
cups-filters-1.20.0-35.0.1.el8_10.x86_64.rpm
cups-filters-libs-1.20.0-35.0.1.el8_10.i686.rpm
cups-filters-libs-1.20.0-35.0.1.el8_10.x86_64.rpm
cups-filters-devel-1.20.0-35.0.1.el8_10.i686.rpm
cups-filters-devel-1.20.0-35.0.1.el8_10.x86_64.rpm
aarch64:
cups-filters-1.20.0-35.0.1.el8_10.aarch64.rpm
cups-filters-libs-1.20.0-35.0.1.el8_10.aarch64.rpm
cups-filters-devel-1.20.0-35.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//cups-filters-1.20.0-35.0.1.el8_10.src.rpm
Related CVEs:
CVE-2024-47076
CVE-2024-47175
CVE-2024-47176
Description of changes:
[1.20.0-35.0.1]
- header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com)
- Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com)
[1.20.0-35]
- CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file
- CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes
- CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
ELBA-2024-7457 Oracle Linux 9 mod_jk bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-7457
http://linux.oracle.com/errata/ELBA-2024-7457.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
mod_jk-1.2.50-1.el9_4.1.x86_64.rpm
aarch64:
mod_jk-1.2.50-1.el9_4.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//mod_jk-1.2.50-1.el9_4.1.src.rpm
Description of changes:
[1.2.50-1]
- Resolves: RHEL-58855 - Rebase to upstream 1.2.50 release
ELSA-2024-12700 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2024-12700
http://linux.oracle.com/errata/ELSA-2024-12700.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.90.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.90.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.90.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.90.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.90.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.90.3.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.90.3.el7uek.src.rpm
Related CVEs:
CVE-2024-26931
CVE-2024-35877
CVE-2024-35886
CVE-2024-35930
CVE-2024-35935
CVE-2024-35947
CVE-2024-36004
Description of changes:
[4.1.12-124.90.3.el7uek]
- SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int (Dai Ngo) [Orabug: 37055439]
[4.1.12-124.90.2.el7uek]
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Justin Tee) [Orabug: 36643241] {CVE-2024-35930}
- scsi: qla2xxx: Fix command flush on cable pull (Quinn Tran) [Orabug: 36596617] {CVE-2024-26931}
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 33917166]
[4.1.12-124.90.1.el7uek]
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Sindhu Devale) [Orabug: 36643519] {CVE-2024-36004}
- dyndbg: fix old BUG_ON in >control parser (Jim Cromie) [Orabug: 36643340] {CVE-2024-35947}
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (David Sterba) [Orabug: 36643269] {CVE-2024-35935}
- ipv6: Fix infinite recursion in fib6_dump_done(). (Kuniyuki Iwashima) [Orabug: 36643095] {CVE-2024-35886}
- x86/mm/pat: fix VM_PAT handling in COW mappings (David Hildenbrand) [Orabug: 36643059] {CVE-2024-35877}
ELSA-2024-5076 Moderate: Oracle Linux 7 krb5 security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-5076
http://linux.oracle.com/errata/ELSA-2024-5076.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
krb5-devel-1.15.1-55.0.3.el7_9.aarch64.rpm
krb5-libs-1.15.1-55.0.3.el7_9.aarch64.rpm
krb5-pkinit-1.15.1-55.0.3.el7_9.aarch64.rpm
krb5-server-1.15.1-55.0.3.el7_9.aarch64.rpm
krb5-server-ldap-1.15.1-55.0.3.el7_9.aarch64.rpm
krb5-workstation-1.15.1-55.0.3.el7_9.aarch64.rpm
libkadm5-1.15.1-55.0.3.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//krb5-1.15.1-55.0.3.el7_9.src.rpm
Related CVEs:
CVE-2024-37370
CVE-2024-37371
Description of changes:
[1.15.1-55.0.3]
- Length check when parsing GSS token encapsulation [Orabug: 36927256]
- Add a simple DER support header [Orabug: 36927256]
- Fix vulnerabilities in GSS message token handling [Orabug: 36927256]
ELSA-2024-12709 Moderate: Oracle Linux 7 python-urllib3 security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-12709
http://linux.oracle.com/errata/ELSA-2024-12709.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
python-urllib3-1.10.2-7.0.1.el7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//python-urllib3-1.10.2-7.0.1.el7.src.rpm
Related CVEs:
CVE-2024-37891
Description of changes:
[1.10.2-7.0.1]
- CVE-2024-37891 fix [Orabug: 37085188]
ELSA-2024-12700 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2024-12700
http://linux.oracle.com/errata/ELSA-2024-12700.html
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.90.3.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.90.3.el6uek.noarch.rpm
kernel-uek-4.1.12-124.90.3.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.90.3.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.90.3.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.90.3.el6uek.x86_64.rpm
Related CVEs:
CVE-2024-26931
CVE-2024-35877
CVE-2024-35886
CVE-2024-35930
CVE-2024-35935
CVE-2024-35947
CVE-2024-36004
Description of changes:
[4.1.12-124.90.3.el6uek]
- SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int (Dai Ngo) [Orabug: 37055439]
[4.1.12-124.90.2.el6uek]
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Justin Tee) [Orabug: 36643241] {CVE-2024-35930}
- scsi: qla2xxx: Fix command flush on cable pull (Quinn Tran) [Orabug: 36596617] {CVE-2024-26931}
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 33917166]
[4.1.12-124.90.1.el6uek]
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Sindhu Devale) [Orabug: 36643519] {CVE-2024-36004}
- dyndbg: fix old BUG_ON in >control parser (Jim Cromie) [Orabug: 36643340] {CVE-2024-35947}
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (David Sterba) [Orabug: 36643269] {CVE-2024-35935}
- ipv6: Fix infinite recursion in fib6_dump_done(). (Kuniyuki Iwashima) [Orabug: 36643095] {CVE-2024-35886}
- x86/mm/pat: fix VM_PAT handling in COW mappings (David Hildenbrand) [Orabug: 36643059] {CVE-2024-35877}
