Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-2598 Oracle Linux 7 gnome-settings-daemon bug fix update (aarch64)
ELBA-2019-2603 Oracle Linux 7 rear bug fix update (aarch64)
ELSA-2019-2591 Important: Oracle Linux 8 ghostscript security update
ELSA-2019-2663 Critical: Oracle Linux 8 firefox security update
ELSA-2019-4775 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4775 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2019-2600-1)
New Ksplice updates for RHCK 7 (ELSA-2019-2600)
New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELBA-2019-4774)



ELBA-2019-2598 Oracle Linux 7 gnome-settings-daemon bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-2598

http://linux.oracle.com/errata/ELBA-2019-2598.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
gnome-settings-daemon-3.28.1-5.el7.aarch64.rpm
gnome-settings-daemon-devel-3.28.1-5.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gnome-settings-daemon-3.28.1-5.el7.src.rpm



Description of changes:

[3.28.1-5]
- Added patch for - keyboard: Enable ibus for OSK purposes
Resolves: #1632904

ELBA-2019-2603 Oracle Linux 7 rear bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-2603

http://linux.oracle.com/errata/ELBA-2019-2603.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
rear-2.4-9.0.1.el7_7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/rear-2.4-9.0.1.el7_7.src.rpm



Description of changes:

[2.4-9.0.1]
- Change OS_VENDOR to OracleServer

[2.4-9]
- Apply upstream PR2173 - Cannot restore using Bacula method
due to "bconsole" not showing its prompt
Resolves: rhbz1726982

[2.4-8]
- Backport fix for upstream issue 2187 (disklayout.conf file contains
duplicate lines, breaking recovery in migration mode or when
thin pools are used). PR2194, 2196.
Resolves: rhbz1732328

[2.4-7]
- Backport fix for upstream bug 1913 (backup succeeds in case of tar error)
Resolves: rhbz1631183
- Apply upstream patch PR1885
Partition information recorded is unexpected when disk has 4K block size
Resolves: rhbz1610638
- Apply upstream patch PR1887
LPAR/PPC64 bootlist is incorrectly set when having multiple 'prep'
partitions
Resolves: rhbz1610647
- Apply upstream patch PR1993
Automatically exclude $BUILD_DIR from the backup
Resolves: rhbz1655956
- Require xorriso instead of genisoimage, it is now the preferred method
and supports files over 4GB in size.
Resolves: rhbz1462189

ELSA-2019-2591 Important: Oracle Linux 8 ghostscript security update

Oracle Linux Security Advisory ELSA-2019-2591

http://linux.oracle.com/errata/ELSA-2019-2591.html

The following updated rpms for Oracle Linux 8 have been uploaded to the
Unbreakable Linux Network:

x86_64:
ghostscript-9.25-2.el8_0.3.x86_64.rpm
libgs-9.25-2.el8_0.3.i686.rpm
libgs-9.25-2.el8_0.3.x86_64.rpm
ghostscript-doc-9.25-2.el8_0.3.noarch.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-9.25-2.el8_0.3.x86_64.rpm
libgs-devel-9.25-2.el8_0.3.i686.rpm
libgs-devel-9.25-2.el8_0.3.x86_64.rpm

aarch64:
ghostscript-9.25-2.el8_0.3.aarch64.rpm
libgs-9.25-2.el8_0.3.aarch64.rpm
ghostscript-doc-9.25-2.el8_0.3.noarch.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-9.25-2.el8_0.3.aarch64.rpm
libgs-devel-9.25-2.el8_0.3.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/ghostscript-9.25-2.el8_0.3.src.rpm



Description of changes:

[9.25-2.3]
- Resolves: #1744010 - CVE-2019-14811 ghostscript: Safer Mode Bypass by
.forceput Exposure in .pdf_hook_DSC_Creator (701445)
- Resolves: #1744014 - CVE-2019-14812 ghostscript: Safer Mode Bypass by
.forceput Exposure in setuserparams (701444)
- Resolves: #1744005 - CVE-2019-14813 ghostscript: Safer Mode Bypass by
.forceput Exposure in setsystemparams (701443)
- Resolves: #1744230 - CVE-2019-14817 ghostscript: Safer Mode Bypass by
.forceput Exposure in .pdfexectoken and other procedures (701450)

ELSA-2019-2663 Critical: Oracle Linux 8 firefox security update

Oracle Linux Security Advisory ELSA-2019-2663

http://linux.oracle.com/errata/ELSA-2019-2663.html

The following updated rpms for Oracle Linux 8 have been uploaded to the
Unbreakable Linux Network:

x86_64:
firefox-68.1.0-1.0.1.el8_0.x86_64.rpm

aarch64:
firefox-68.1.0-1.0.1.el8_0.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/firefox-68.1.0-1.0.1.el8_0.src.rpm



Description of changes:

[68.1.0-1.0.1]
- Rebuild to pickup Oracle default bookmarks [Orabug: 30069264]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red
Hat file

[68.1.0-1]
- Update to 68.1.0 ESR

[68.0.1-4]
- Enable system nss

ELSA-2019-4775 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4775

http://linux.oracle.com/errata/ELSA-2019-4775.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.38.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.38.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.38.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.38.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.38.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.38.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.38.1.el6uek-0.4.5-3.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.38.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.38.1.el6uek-0.4.5-3.el6.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.38.1.el6uek]
- x86/speculation: Exclude ATOMs from speculation through SWAPGS (Thomas
Gleixner) [Orabug: 30165288] {CVE-2019-1125}
- x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf)
[Orabug: 30165288] {CVE-2019-1125}
- x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
(Josh Poimboeuf) [Orabug: 30165288] {CVE-2019-1125}

ELSA-2019-4775 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4775

http://linux.oracle.com/errata/ELSA-2019-4775.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.38.1.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.38.1.el7uek.noarch.rpm
kernel-uek-3.8.13-118.38.1.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.38.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.38.1.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.38.1.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.38.1.el7uek-0.4.5-3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.38.1.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.38.1.el7uek-0.4.5-3.el7.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.38.1.el7uek]
- x86/speculation: Exclude ATOMs from speculation through SWAPGS (Thomas
Gleixner) [Orabug: 30165288] {CVE-2019-1125}
- x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf)
[Orabug: 30165288] {CVE-2019-1125}
- x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
(Josh Poimboeuf) [Orabug: 30165288] {CVE-2019-1125}

New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2019-2600-1)

Synopsis: ELBA-2019-2600-1 can now be patched using Ksplice
CVEs: CVE-2019-1125 CVE-2019-9500

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2019-2600-1.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2019-2600-1.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-1125: Information leak in kernel entry code when swapping GS.

A local attacker could speculatively access percpu data using a user
defined GS and leak information about running kernel to facilitate an
attack.


* CVE-2019-9500: Denial-of-service in Broadcom IEEE802.11n Wake-On-LAN.

Missing range checks when validating an SSID from firmware could result
in a heap overflow and kernel crash. A remote attacker could use this
flaw to crash a system that used compromised firmware.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for RHCK 7 (ELSA-2019-2600)

Synopsis: ELSA-2019-2600 can now be patched using Ksplice
CVEs: CVE-2019-1125 CVE-2019-9500

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-2600.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-2600.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-1125: Information leak in kernel entry code when swapping GS.

A local attacker could speculatively access percpu data using a user
defined GS and leak information about running kernel to facilitate an
attack.


* CVE-2019-9500: Denial-of-service in Broadcom IEEE802.11n Wake-On-LAN.

Missing range checks when validating an SSID from firmware could result
in a heap overflow and kernel crash. A remote attacker could use this
flaw to crash a system that used compromised firmware.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELBA-2019-4774)

Synopsis: ELBA-2019-4774 can now be patched using Ksplice

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2019-4774.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2019-4774.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Network TUN device creation failure with formatted names.

Incorrect error handling when creating TUN devices could result in false
positives when using formatted names and failure to create the device.

Orabug: 30085611


* SUNRPC failure during NFS secure unmounting.

Incorrect error handling could result in unhandled errors in the
SUNRPC subsystem and subsequent I/O failures.

Orabug: 29926734


* Improved Spectre v2 vulnerability message on non-retpoline module loading.

The kernel tainting for loading a non-retpoline enabled kernel module on
a retpoline kernel could lead to reporting errors for Spectre v2
vulnerability. The vulnerability reporting now includes information
about retpoline being enabled but non-retpoline modules being loaded.

Orabug: 30185537


* Use-after-free in Xen network backend receive path.

Incorrect locking could result in races between interrupts when
processing received data leading to a use-after-free and potential
kernel crash.

Orabug: 30223112


* Kernel IO hang during directory entry cache shrinking.

Missing scheduler calls when performing directory entry cache shrinking
could result in an IO stall and subsequent kernel hang under heavy IO
load.

Orabug: 30101895


* Incorrect IPv4 address reporting in rds-info.

A logic error when reading IPv4 addresses with rds-info could result in
all IP addresses being returned as 0.0.0.0.

Orabug: 30022915

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.