Oracle Linux 6277 Published by

Oracle Linux has undergone multiple updates, which include enhancements for grafana, mod_http2, buildah, osbuild-composer, microcode_ctl, leapp-repository, and e2fsprogs, addressing various security vulnerabilities and bug fixes:

ELSA-2024-8678 Important: Oracle Linux 9 grafana security update
ELSA-2024-8680 Low: Oracle Linux 9 mod_http2 security update
ELSA-2024-8563 Important: Oracle Linux 9 buildah security update
ELBA-2024-12801 Oracle Linux 9 osbuild-composer bug fix update
ELEA-2024-8159 Oracle Linux 8 microcode_ctl bug fix and enhancement update
ELBA-2024-12801 Oracle Linux 8 osbuild-composer bug fix update
ELBA-2024-12800 Oracle Linux 8 leapp-repository bug fix update
ELBA-2024-12787 Oracle Linux 8 e2fsprogs bug fix update




ELSA-2024-8678 Important: Oracle Linux 9 grafana security update


Oracle Linux Security Advisory ELSA-2024-8678

http://linux.oracle.com/errata/ELSA-2024-8678.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-9.2.10-19.el9_4.x86_64.rpm
grafana-selinux-9.2.10-19.el9_4.x86_64.rpm

aarch64:
grafana-9.2.10-19.el9_4.aarch64.rpm
grafana-selinux-9.2.10-19.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//grafana-9.2.10-19.el9_4.src.rpm

Related CVEs:

CVE-2024-9355
CVE-2024-47875

Description of changes:

[9.2.10-19]
- Resolves RHEL-62309: CVE-2024-47875

[9.2.10-18]
- Resolves RHEL-61049: CVE-2024-9355



ELSA-2024-8680 Low: Oracle Linux 9 mod_http2 security update


Oracle Linux Security Advisory ELSA-2024-8680

http://linux.oracle.com/errata/ELSA-2024-8680.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm

aarch64:
mod_http2-2.0.26-2.el9_4.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//mod_http2-2.0.26-2.el9_4.1.src.rpm

Related CVEs:

CVE-2024-36387

Description of changes:

[2.0.26-2.1]
- Resolves: RHEL-45803 - mod_http2: DoS by null pointer in websocket
over HTTP/2 (CVE-2024-36387)



ELSA-2024-8563 Important: Oracle Linux 9 buildah security update


Oracle Linux Security Advisory ELSA-2024-8563

http://linux.oracle.com/errata/ELSA-2024-8563.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
buildah-1.33.10-1.0.1.el9_4.x86_64.rpm
buildah-tests-1.33.10-1.0.1.el9_4.x86_64.rpm

aarch64:
buildah-1.33.10-1.0.1.el9_4.aarch64.rpm
buildah-tests-1.33.10-1.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//buildah-1.33.10-1.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-9675

Description of changes:

[1.33.10-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.33.10-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/bd85c17)
- Resolves: RHEL-61842



ELBA-2024-12801 Oracle Linux 9 osbuild-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12801

http://linux.oracle.com/errata/ELBA-2024-12801.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-101-2.0.3.el9_4.x86_64.rpm
osbuild-composer-core-101-2.0.3.el9_4.x86_64.rpm
osbuild-composer-worker-101-2.0.3.el9_4.x86_64.rpm

aarch64:
osbuild-composer-101-2.0.3.el9_4.aarch64.rpm
osbuild-composer-core-101-2.0.3.el9_4.aarch64.rpm
osbuild-composer-worker-101-2.0.3.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//osbuild-composer-101-2.0.3.el9_4.src.rpm

Description of changes:

[101-2.0.3]
- Support building Oracle Cross version [JIRA: OLDIS-35894]



ELEA-2024-8159 Oracle Linux 8 microcode_ctl bug fix and enhancement update


Oracle Linux Enhancement Advisory ELEA-2024-8159

http://linux.oracle.com/errata/ELEA-2024-8159.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
microcode_ctl-20240531-1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//microcode_ctl-20240531-1.0.1.el8_10.src.rpm

Description of changes:

[4:20240531-1.0.1]
- don't bother calling dracut if virtualized [Orabug: 35710077]
- ensure UEK also rebuilds initramfs [Orabug: 34280058]
- add support for UEK7 kernels
- enable early update for 06-4f-01
- remove no longer appropriate caveats for 06-2d-07 and 06-55-04
- enable early and late load on RHCK



ELBA-2024-12801 Oracle Linux 8 osbuild-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12801

http://linux.oracle.com/errata/ELBA-2024-12801.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-101-2.0.3.el8_10.x86_64.rpm
osbuild-composer-worker-101-2.0.3.el8_10.x86_64.rpm
osbuild-composer-core-101-2.0.3.el8_10.x86_64.rpm

aarch64:
osbuild-composer-101-2.0.3.el8_10.aarch64.rpm
osbuild-composer-worker-101-2.0.3.el8_10.aarch64.rpm
osbuild-composer-core-101-2.0.3.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//osbuild-composer-101-2.0.3.el8_10.src.rpm

Description of changes:

[101-2.0.3]
- Support building Oracle Cross version [JIRA: OLDIS-35894]



ELBA-2024-12800 Oracle Linux 8 leapp-repository bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12800

http://linux.oracle.com/errata/ELBA-2024-12800.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
leapp-upgrade-el8toel9-0.20.0-2.0.14.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.14.el8.noarch.rpm

aarch64:
leapp-upgrade-el8toel9-0.20.0-2.0.14.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.14.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//leapp-repository-0.20.0-2.0.14.el8.src.rpm

Description of changes:

[0.20.0-2.0.14]
- Implemented Default Kernel handling fix [Orabug: 36942371]
- Updated RHEL references to OL [Orabug: 36978104]

[0.20.0-2.0.13]
- Support upgrading OSMH managed instances



ELBA-2024-12787 Oracle Linux 8 e2fsprogs bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12787

http://linux.oracle.com/errata/ELBA-2024-12787.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
e2fsprogs-1.46.2-2.el8.x86_64.rpm
e2fsprogs-devel-1.46.2-2.el8.x86_64.rpm
e2fsprogs-devel-1.46.2-2.el8.i686.rpm
e2fsprogs-libs-1.46.2-2.el8.x86_64.rpm
e2fsprogs-libs-1.46.2-2.el8.i686.rpm
e2fsprogs-static-1.46.2-2.el8.x86_64.rpm
e2scrub-1.46.2-2.el8.x86_64.rpm
libcom_err-1.46.2-2.el8.x86_64.rpm
libcom_err-1.46.2-2.el8.i686.rpm
libcom_err-devel-1.46.2-2.el8.x86_64.rpm
libcom_err-devel-1.46.2-2.el8.i686.rpm
libss-1.46.2-2.el8.x86_64.rpm
libss-1.46.2-2.el8.i686.rpm
libss-devel-1.46.2-2.el8.x86_64.rpm
libss-devel-1.46.2-2.el8.i686.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//e2fsprogs-1.46.2-2.el8.src.rpm

Description of changes:

[1.46.2-2]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688