Oracle Linux 6264 Published by

The following updates have been released for Oracle Linux:

ELSA-2024-1644 Important: Oracle Linux 8 grafana-pcp security and bug fix update
ELSA-2024-1601 Moderate: Oracle Linux 8 curl security and bug fix update
ELSA-2024-1608 Moderate: Oracle Linux 8 opencryptoki security update
ELSA-2024-1615 Moderate: Oracle Linux 8 expat security update
ELSA-2024-1646 Important: Oracle Linux 8 grafana security and bug fix update
ELBA-2024-1603 Oracle Linux 8 iptables bug fix update
ELBA-2024-1602 Oracle Linux 8 nftables bug fix update
ELSA-2024-1610 Moderate: Oracle Linux 8 less security update
ELBA-2024-1600 Oracle Linux 8 evolution bug fix update
ELSA-2024-12266 Important: Oracle Linux 8 kernel security update
ELBA-2024-1596 Oracle Linux 8 python3.11-pip bug fix and enhancement update
ELSA-2024-12265 Important: Oracle Linux 9 kernel security update




ELSA-2024-1644 Important: Oracle Linux 8 grafana-pcp security and bug fix update


Oracle Linux Security Advisory ELSA-2024-1644

http://linux.oracle.com/errata/ELSA-2024-1644.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-pcp-5.1.1-2.el8_9.x86_64.rpm

aarch64:
grafana-pcp-5.1.1-2.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//grafana-pcp-5.1.1-2.el8_9.src.rpm

Related CVEs:

CVE-2024-1394

Description of changes:

[5.1.1-2]
- Rebuild with latest version of golang
- resolves CVE-2024-1394



ELSA-2024-1601 Moderate: Oracle Linux 8 curl security and bug fix update


Oracle Linux Security Advisory ELSA-2024-1601

http://linux.oracle.com/errata/ELSA-2024-1601.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
curl-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-7.61.1-33.el8_9.5.i686.rpm
libcurl-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-devel-7.61.1-33.el8_9.5.i686.rpm
libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm
libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm

aarch64:
curl-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//curl-7.61.1-33.el8_9.5.src.rpm

Related CVEs:

CVE-2023-28322
CVE-2023-38546
CVE-2023-46218

Description of changes:

[7.61.1-33.5]
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)



ELSA-2024-1608 Moderate: Oracle Linux 8 opencryptoki security update


Oracle Linux Security Advisory ELSA-2024-1608

http://linux.oracle.com/errata/ELSA-2024-1608.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
opencryptoki-3.21.0-10.el8_9.x86_64.rpm
opencryptoki-icsftok-3.21.0-10.el8_9.x86_64.rpm
opencryptoki-libs-3.21.0-10.el8_9.i686.rpm
opencryptoki-libs-3.21.0-10.el8_9.x86_64.rpm
opencryptoki-swtok-3.21.0-10.el8_9.x86_64.rpm
opencryptoki-tpmtok-3.21.0-10.el8_9.x86_64.rpm
opencryptoki-devel-3.21.0-10.el8_9.i686.rpm
opencryptoki-devel-3.21.0-10.el8_9.x86_64.rpm

aarch64:
opencryptoki-3.21.0-10.el8_9.aarch64.rpm
opencryptoki-icsftok-3.21.0-10.el8_9.aarch64.rpm
opencryptoki-libs-3.21.0-10.el8_9.aarch64.rpm
opencryptoki-swtok-3.21.0-10.el8_9.aarch64.rpm
opencryptoki-tpmtok-3.21.0-10.el8_9.aarch64.rpm
opencryptoki-devel-3.21.0-10.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//opencryptoki-3.21.0-10.el8_9.src.rpm

Related CVEs:

CVE-2024-0914

Description of changes:

[3.21.0-10]
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
Resolves: RHEL-22791



ELSA-2024-1615 Moderate: Oracle Linux 8 expat security update


Oracle Linux Security Advisory ELSA-2024-1615

http://linux.oracle.com/errata/ELSA-2024-1615.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
expat-2.2.5-11.0.1.el8_9.1.i686.rpm
expat-2.2.5-11.0.1.el8_9.1.x86_64.rpm
expat-devel-2.2.5-11.0.1.el8_9.1.i686.rpm
expat-devel-2.2.5-11.0.1.el8_9.1.x86_64.rpm

aarch64:
expat-2.2.5-11.0.1.el8_9.1.aarch64.rpm
expat-devel-2.2.5-11.0.1.el8_9.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//expat-2.2.5-11.0.1.el8_9.1.src.rpm

Related CVEs:

CVE-2023-52425

Description of changes:

[2.2.5-11.0.1.1]
- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]

[2.2.5-11.1]
- CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
- Resolves: RHEL-29321



ELSA-2024-1646 Important: Oracle Linux 8 grafana security and bug fix update


Oracle Linux Security Advisory ELSA-2024-1646

http://linux.oracle.com/errata/ELSA-2024-1646.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-9.2.10-8.el8_9.x86_64.rpm

aarch64:
grafana-9.2.10-8.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//grafana-9.2.10-8.el8_9.src.rpm

Related CVEs:

CVE-2024-1394

Description of changes:

[9.2.10-8]
- Rebuild with latest version of golang
- resolves CVE-2024-1394



ELBA-2024-1603 Oracle Linux 8 iptables bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-1603

http://linux.oracle.com/errata/ELBA-2024-1603.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
iptables-1.8.5-11.0.1.el8_9.i686.rpm
iptables-1.8.5-11.0.1.el8_9.x86_64.rpm
iptables-arptables-1.8.5-11.0.1.el8_9.x86_64.rpm
iptables-devel-1.8.5-11.0.1.el8_9.i686.rpm
iptables-devel-1.8.5-11.0.1.el8_9.x86_64.rpm
iptables-ebtables-1.8.5-11.0.1.el8_9.x86_64.rpm
iptables-libs-1.8.5-11.0.1.el8_9.i686.rpm
iptables-libs-1.8.5-11.0.1.el8_9.x86_64.rpm
iptables-services-1.8.5-11.0.1.el8_9.x86_64.rpm
iptables-utils-1.8.5-11.0.1.el8_9.x86_64.rpm

aarch64:
iptables-1.8.5-11.0.1.el8_9.aarch64.rpm
iptables-arptables-1.8.5-11.0.1.el8_9.aarch64.rpm
iptables-devel-1.8.5-11.0.1.el8_9.aarch64.rpm
iptables-ebtables-1.8.5-11.0.1.el8_9.aarch64.rpm
iptables-libs-1.8.5-11.0.1.el8_9.aarch64.rpm
iptables-services-1.8.5-11.0.1.el8_9.aarch64.rpm
iptables-utils-1.8.5-11.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//iptables-1.8.5-11.0.1.el8_9.src.rpm

Description of changes:

[1.8.5-11.0.1]
- Replace upstream references within the ebtables description tag

[1.8.5-11]
- iptables-restore: Drop dead code
- iptables-apply: Eliminate shellcheck warnings
- ebtables: Exit gracefully on invalid table names



ELBA-2024-1602 Oracle Linux 8 nftables bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-1602

http://linux.oracle.com/errata/ELBA-2024-1602.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nftables-1.0.4-4.el8_9.i686.rpm
nftables-1.0.4-4.el8_9.x86_64.rpm
python3-nftables-1.0.4-4.el8_9.x86_64.rpm
nftables-devel-1.0.4-4.el8_9.i686.rpm
nftables-devel-1.0.4-4.el8_9.x86_64.rpm

aarch64:
nftables-1.0.4-4.el8_9.aarch64.rpm
python3-nftables-1.0.4-4.el8_9.aarch64.rpm
nftables-devel-1.0.4-4.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nftables-1.0.4-4.el8_9.src.rpm

Description of changes:

[1.0.4-4]
- parser_bison: Fix for broken compatibility with older dumps (Phil Sutter) [RHEL-2596]



ELSA-2024-1610 Moderate: Oracle Linux 8 less security update


Oracle Linux Security Advisory ELSA-2024-1610

http://linux.oracle.com/errata/ELSA-2024-1610.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
less-530-2.el8_9.x86_64.rpm

aarch64:
less-530-2.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//less-530-2.el8_9.src.rpm

Related CVEs:

CVE-2022-48624

Description of changes:

[530-2]
- Fix CVE-2022-48624
- Resolves: RHEL-26265



ELBA-2024-1600 Oracle Linux 8 evolution bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-1600

http://linux.oracle.com/errata/ELBA-2024-1600.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
evolution-3.28.5-25.el8_9.x86_64.rpm
evolution-bogofilter-3.28.5-25.el8_9.x86_64.rpm
evolution-help-3.28.5-25.el8_9.noarch.rpm
evolution-langpacks-3.28.5-25.el8_9.noarch.rpm
evolution-pst-3.28.5-25.el8_9.x86_64.rpm
evolution-spamassassin-3.28.5-25.el8_9.x86_64.rpm
evolution-devel-3.28.5-25.el8_9.i686.rpm
evolution-devel-3.28.5-25.el8_9.x86_64.rpm

aarch64:
evolution-3.28.5-25.el8_9.aarch64.rpm
evolution-bogofilter-3.28.5-25.el8_9.aarch64.rpm
evolution-help-3.28.5-25.el8_9.noarch.rpm
evolution-langpacks-3.28.5-25.el8_9.noarch.rpm
evolution-pst-3.28.5-25.el8_9.aarch64.rpm
evolution-spamassassin-3.28.5-25.el8_9.aarch64.rpm
evolution-devel-3.28.5-25.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//evolution-3.28.5-25.el8_9.src.rpm

Description of changes:

[3.28.5-25]
- Resolves: RHEL-29169 (Composer: Cursor jumps to the starting line when "return" key is pressed at the end of the line)
- Remove dependency on evolution-data-server-ui

[3.28.5-24]
- Resolves: RHEL-17661 (Composer: Cursor jumps over characters when using backspace or delete)



ELSA-2024-12266 Important: Oracle Linux 8 kernel security update


Oracle Linux Security Advisory ELSA-2024-12266

http://linux.oracle.com/errata/ELSA-2024-12266.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-core-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-cross-headers-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-debug-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-debug-core-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-debug-devel-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-debug-modules-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-debug-modules-extra-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-devel-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-doc-4.18.0-513.18.1.0.1.el8_9.noarch.rpm
kernel-headers-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-modules-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-modules-extra-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-tools-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-tools-libs-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
perf-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
python3-perf-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-tools-libs-devel-4.18.0-513.18.1.0.1.el8_9.x86_64.rpm
kernel-abi-stablelists-4.18.0-513.18.1.0.1.el8_9.noarch.rpm

aarch64:
bpftool-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
kernel-cross-headers-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
kernel-headers-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
kernel-tools-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
kernel-tools-libs-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
perf-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
python3-perf-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm
kernel-tools-libs-devel-4.18.0-513.18.1.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-513.18.1.0.1.el8_9.src.rpm

Related CVEs:

CVE-2024-1086

Description of changes:

[4.18.0-513.18.1.0.1.el8_9.OL8]
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461932] {CVE-2024-1086}

[4.18.0-513.18.1.el8_9.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64