Oracle Linux 6245 Published by

19 new updates are available for Oracle Linux:

ELSA-2024-3754 Important: Oracle Linux 9 ipa security update
ELSA-2024-3760 Important: Oracle Linux 7 ipa security update (aarch64)
ELBA-2024-12417 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)
ELBA-2024-3624 Oracle Linux 7 scap-security-guide bug fix and enhancement update (aarch64)
ELBA-2024-12417 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update
ELBA-2024-12430 Oracle Linux 7 dtrace bug fix update
ELBA-2024-12426 Oracle Linux 9 dtrace bug fix update
ELBA-2024-12424 Oracle Linux 9 osbuild-composer bug fix update
ELBA-2024-12425 Oracle Linux 9 dtrace bug fix update
ELBA-2024-12421 Oracle Linux 9 osbuild bug fix update
ELBA-2024-12419 Oracle Linux 9 cockpit-composer bug fix update
ELBA-2024-12429 Oracle Linux 8 dtrace bug fix update
ELBA-2024-3624 Oracle Linux 8 scap-security-guide bug fix and enhancement update
ELBA-2024-12427 Oracle Linux 8 dtrace bug fix update
ELBA-2024-12428 Oracle Linux 8 dtrace bug fix update
ELSA-2024-3670 Moderate: Oracle Linux 8 ruby:3.3 security, bug fix, and enhancement update
ELBA-2024-12420 Oracle Linux 8 cockpit-composer bug fix update
ELBA-2024-12423 Oracle Linux 8 osbuild-composer bug fix update
ELBA-2024-12422 Oracle Linux 8 osbuild bug fix update




ELSA-2024-3754 Important: Oracle Linux 9 ipa security update


Oracle Linux Security Advisory ELSA-2024-3754

http://linux.oracle.com/errata/ELSA-2024-3754.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipa-client-4.11.0-15.0.1.el9_4.x86_64.rpm
ipa-client-common-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-client-epn-4.11.0-15.0.1.el9_4.x86_64.rpm
ipa-client-samba-4.11.0-15.0.1.el9_4.x86_64.rpm
ipa-common-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-selinux-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-server-4.11.0-15.0.1.el9_4.x86_64.rpm
ipa-server-common-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-server-dns-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-server-trust-ad-4.11.0-15.0.1.el9_4.x86_64.rpm
python3-ipaclient-4.11.0-15.0.1.el9_4.noarch.rpm
python3-ipalib-4.11.0-15.0.1.el9_4.noarch.rpm
python3-ipaserver-4.11.0-15.0.1.el9_4.noarch.rpm
python3-ipatests-4.11.0-15.0.1.el9_4.noarch.rpm

aarch64:
ipa-client-4.11.0-15.0.1.el9_4.aarch64.rpm
ipa-client-common-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-client-epn-4.11.0-15.0.1.el9_4.aarch64.rpm
ipa-client-samba-4.11.0-15.0.1.el9_4.aarch64.rpm
ipa-common-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-selinux-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-server-4.11.0-15.0.1.el9_4.aarch64.rpm
ipa-server-common-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-server-dns-4.11.0-15.0.1.el9_4.noarch.rpm
ipa-server-trust-ad-4.11.0-15.0.1.el9_4.aarch64.rpm
python3-ipaclient-4.11.0-15.0.1.el9_4.noarch.rpm
python3-ipalib-4.11.0-15.0.1.el9_4.noarch.rpm
python3-ipaserver-4.11.0-15.0.1.el9_4.noarch.rpm
python3-ipatests-4.11.0-15.0.1.el9_4.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ipa-4.11.0-15.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-2698
CVE-2024-3183

Description of changes:

[4.11.0-15.0.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
- Add bind to ipa-server-common Requires [Orabug: 36518596]

[4.11.0-15]
- Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
- Resolves: RHEL-31409 CVE-2024-2698 ipa: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service



ELSA-2024-3760 Important: Oracle Linux 7 ipa security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-3760

http://linux.oracle.com/errata/ELSA-2024-3760.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
ipa-client-4.6.8-5.0.1.el7_9.17.aarch64.rpm
ipa-client-common-4.6.8-5.0.1.el7_9.17.noarch.rpm
ipa-common-4.6.8-5.0.1.el7_9.17.noarch.rpm
ipa-python-compat-4.6.8-5.0.1.el7_9.17.noarch.rpm
ipa-server-4.6.8-5.0.1.el7_9.17.aarch64.rpm
ipa-server-common-4.6.8-5.0.1.el7_9.17.noarch.rpm
ipa-server-dns-4.6.8-5.0.1.el7_9.17.noarch.rpm
ipa-server-trust-ad-4.6.8-5.0.1.el7_9.17.aarch64.rpm
python2-ipaclient-4.6.8-5.0.1.el7_9.17.noarch.rpm
python2-ipalib-4.6.8-5.0.1.el7_9.17.noarch.rpm
python2-ipaserver-4.6.8-5.0.1.el7_9.17.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//ipa-4.6.8-5.0.1.el7_9.17.src.rpm

Related CVEs:

CVE-2024-3183

Description of changes:

[4.6.8-5.0.1.el7_9.17]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]

[4.6.8-5.el7_9.17]
- Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force



ELBA-2024-12417 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-12417

http://linux.oracle.com/errata/ELBA-2024-12417.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.537.4.el7uek.aarch64.rpm
perf-4.14.35-2047.537.4.el7uek.aarch64.rpm
python-perf-4.14.35-2047.537.4.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.537.4.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.537.4.el7uek.src.rpm

Description of changes:

[4.14.35-2047.537.4.el7uek]
- uek-rpm: iptables/nftables TABLE_ADD failed (Operation not supported) (Venkat Venkatsubra) [Orabug: 36638482]
- Revert "crypto: api - Disallow identical driver names" (Greg Kroah-Hartman)
- Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" (Siddh Raman Pant)

[4.14.35-2047.537.3.el7uek]
- ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki)
- ahci: asm1064: correct count of reported ports (Andrey Jr. Melnikov)
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (Bart Van Assche)
- igb: fix __free_irq warnings seen during module unload. (Imran Khan) [Orabug: 36618479]
- mm: fix misleading-indentation build warning (Anthony Yznaga) [Orabug: 36612276]
- uek: kabi: Enable the size checks and fix broken APIs (Saeed Mirzamohammadi) [Orabug: 36545474]
- uek: kabi: Introduce new APIs to check for size (Saeed Mirzamohammadi) [Orabug: 36545474]
cpus_read_lock() deadlock (Tejun Heo) [Orabug: 36480026]
- uek-rpm: ol7: fix prod build with editbuildid (Stephen Brennan) [Orabug: 35099077]
- uek-rpm: ol7: Prevent vmlinux build ID mismatch (Stephen Brennan) [Orabug: 35099077]
- uek-rpm: ol7: Remove fancy_debuginfo (Stephen Brennan) [Orabug: 35099077]

[4.14.35-2047.537.2.el7uek]
- Fix the type of set_ready_only in block device (Yifei Liu) [Orabug: 36612441]

[4.14.35-2047.537.1.el7uek]
- igb: free up irq resources in device shutdown path. (Imran Khan) [Orabug: 36547251]
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (Mark Zhang) [Orabug: 36546697]
- exec, elf: ignore malformed note segments (Anthony Yznaga) [Orabug: 36524978]
- LTS version: v4.14.343 (Yifei Liu)
- crypto: af_alg - Work around empty control messages without MSG_MORE (Herbert Xu)
- crypto: af_alg - Fix regression on empty requests (Herbert Xu)
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (Fei Shao)
- net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran)
- hsr: Handle failures in module init (Felix Maurer)
- rds: introduce acquire/release ordering in acquire/release_in_xmit() (Yewon Choi)
- hsr: Fix uninit-value access in hsr_get_node() (Shigeru Yoshida)
- net: hsr: fix placement of logical operator in a multi-line statement (Murali Karicheri)
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (Colin Ian King)
- staging: greybus: fix get_channel_from_mode() failure path (Dan Carpenter)
- serial: 8250_exar: Don't remove GPIO device on suspend (Andy Shevchenko)
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- rtc: mediatek: enhance the description for MediaTek PMIC based RTC (Sean Wang)
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (Tudor Ambarus)
- serial: max310x: fix syntax error in IRQ error message (Hugo Villeneuve)
- clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das)
- NFS: Fix an off by one in root_nfs_cat() (Christophe JAILLET)
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (Christophe JAILLET)
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (Arnd Bergmann)
- scsi: csiostor: Avoid function pointer casts (Arnd Bergmann)
- ALSA: usb-audio: Stop parsing channels bits when all channels are found. (Johan Carlsson)
- sparc32: Fix section mismatch in leon_pci_grpci (Sam Ravnborg)
- backlight: lp8788: Fully initialize backlight_properties during probe (Daniel Thompson)
- backlight: lm3639: Fully initialize backlight_properties during probe (Daniel Thompson)
- backlight: da9052: Fully initialize backlight_properties during probe (Daniel Thompson)
- backlight: lm3630a: Don't set bl->props.brightness in get_brightness (Luca Weiss)
- backlight: lm3630a: Initialize backlight_properties on init (Luca Weiss)
- powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. (Michael Ellerman)
- powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (Kajol Jain)
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (Hsin-Yi Wang)
- media: go7007: fix a memleak in go7007_load_encoder (Zhipeng Lu)
- media: dvb-frontends: avoid stack overflow warnings with clang (Arnd Bergmann)
- media: pvrusb2: fix uaf in pvr2_context_set_notify (Edward Adam Davis)
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (Srinivasan Shanmugam)
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (Arnd Bergmann)
- crypto: arm/sha - fix function cast warnings (Arnd Bergmann)
- crypto: arm - Rename functions to avoid conflict with crypto/sha256.h (Hans de Goede)
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin)
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (Fedor Pchelkin)
- clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() (Christophe JAILLET)
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken (Jörg Wedekind)
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (AngeloGioacchino Del Regno)
- media: pvrusb2: fix pvr2_stream_callback casts (Arnd Bergmann)
- media: go7007: add check of return value of go7007_read_addr() (Daniil Dulov)
- ALSA: seq: fix function cast warnings (Takashi Iwai)
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (Nikita Zhandarovich)
- perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (Yang Jihong)
- quota: Fix rcu annotations of inode dquot pointers (Jan Kara)
- quota: Fix potential NULL pointer dereference (Wang Jianjian)
- quota: simplify drop_dquot_ref() (Baokun Li)
- quota: check time limit when back out space/inode change (Chengguang Xu)
- fs/quota: erase unused but set variable warning (Jiang Biao)
- quota: code cleanup for __dquot_alloc_space() (Chengguang Xu)
- clk: qcom: reset: Ensure write completion on reset de/assertion (Konrad Dybcio)
- clk: qcom: reset: Commonize the de/assert functions (Konrad Dybcio)
- clk: qcom: reset: support resetting multiple bits (Robert Marko)
- clk: qcom: reset: Allow specifying custom reset delay (Stephan Gerhold)
- media: edia: dvbdev: fix a use-after-free (Zhipeng Lu)
- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (Hyunwoo Kim)
- media: dvbdev: convert DVB device types into an enum (Mauro Carvalho Chehab)
- media: dvbdev: fix error logic at dvb_register_device() (Mauro Carvalho Chehab)
- media: dvbdev: Fix memleak in dvb_register_device (Dinghao Liu)
- media: media/dvb: Use kmemdup rather than duplicating its implementation (Fuqian Huang)
- media: dvbdev: remove double-unlock (Mauro Carvalho Chehab)
- media: v4l2-tpg: fix some memleaks in tpg_alloc (Zhipeng Lu)
- media: em28xx: annotate unchecked call to media_device_register() (Nikita Zhandarovich)
- media: tc358743: register v4l2 async device only after successful setup (Alexander Stein)
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil (Harry Wentland)
- drm/rockchip: inno_hdmi: Fix video timing (Alex Bee)
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (Christophe JAILLET)
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (Christophe JAILLET)
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (Cai Huoqing)
- gpu: host1x: mipi: Update tegra_mipi_request() to be node based (Sowjanya Komatineni)
- drm/tegra: dsi: Add missing check for of_find_device_by_node (Chen Ni)
- dm: call the resume method on internal suspend (Mikulas Patocka)
- dm raid: fix false positive for requeue needed during reshape (Ming Lei)
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (Gavrilov Ilia)
- net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function (Gavrilov Ilia)
- udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (Gavrilov Ilia)
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (Gavrilov Ilia)
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (Gavrilov Ilia)
- ipv6: fib6_rules: flush route cache when rule is changed (Shiming Cheng)
- bpf: Fix stackmap overflow check on 32-bit arches (Toke Høiland-Jørgensen)
- bpf: Fix hashtab overflow check on 32-bit arches (Toke Høiland-Jørgensen)
- sr9800: Add check for usbnet_get_endpoints (Chen Ni)
- Bluetooth: hci_core: Fix possible buffer overflow (Luiz Augusto von Dentz)
- Bluetooth: Remove superfluous call to hci_conn_check_pending() (Jonas Dreßler)
- igb: Fix missing time sync events (Vinicius Costa Gomes)
- igb: move PEROUT and EXTTS isr logic to separate functions (Ruud Bos)
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (Christophe JAILLET)
- SUNRPC: fix some memleaks in gssx_dec_option_array (Zhipeng Lu)
- x86, relocs: Ignore relocations in .notes section (Kees Cook)
- ACPI: scan: Fix device check notification handling (Rafael J. Wysocki)
- ARM: dts: arm: realview: Fix development chip ROM compatible value (Geert Uytterhoeven)
- wifi: brcmsmac: avoid function pointer casts (Arnd Bergmann)
- iommu/amd: Mark interrupt as managed (Mario Limonciello)
- bus: tegra-aconnect: Update dependency to ARCH_TEGRA (Peter Robinson)
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Armin Wolf)
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (Zhipeng Lu)
- af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). (Kuniyuki Iwashima)
- sock_diag: annotate data-races around sock_diag_handlers[family] (Eric Dumazet)
- sock_diag: request _diag module only when the family or proto has been registered (Xin Long)
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (Jinjie Ruan)
- wifi: b43: Disable QoS for bcm4331 (Rahul Rameshbabu)
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (Rahul Rameshbabu)
- b43: main: Fix use true/false for bool type (Saurav Girepunje)
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (Rahul Rameshbabu)
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (Rahul Rameshbabu)
- b43: dma: Fix use true/false for bool type variable (Saurav Girepunje)
- timekeeping: Fix cross-timestamp interpolation for non-x86 (Peter Hilber)
- timekeeping: Fix cross-timestamp interpolation corner case decision (Peter Hilber)
- timekeeping: Fix cross-timestamp interpolation on counter wrap (Peter Hilber)
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (Chun-Yi Lee)
- md: Don't clear MD_CLOSING when the raid is about to stop (Li Nan)
- md: implement ->set_read_only to hook into BLKROSET processing (Christoph Hellwig)
- block: add a new set_read_only method (Christoph Hellwig)
- md: switch to ->check_events for media change notifications (Christoph Hellwig)
- fs/select: rework stack allocation hack for clang (Arnd Bergmann)
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Nikita Zhandarovich)
- crypto: algif_aead - Only wake up when ctx->more is zero (Herbert Xu)
- crypto: af_alg - make some functions static (Eric Biggers)
- ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll (Stuart Henderson)
- ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (Stuart Henderson)
- ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (Stuart Henderson)
- Input: gpio_keys_polled - suppress deferred probe error for gpio (Uwe Kleine-König)
- firewire: core: use long bus reset on gap count error (Takashi Sakamoto)
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (Ranjan Kumar)
- dm-verity, dm-crypt: align "struct bvec_iter" correctly (Mikulas Patocka)
- block: sed-opal: handle empty atoms when parsing response (Greg Joyce)
- net/iucv: fix the allocation size of iucv_path_table array (Alexander Gordeev)
- MIPS: Clear Cause.BD in instruction_pointer_set (Jiaxun Yang)
- x86/xen: Add some null pointer checking to smp.c (Kunwu Chan)
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Xiu Jianfeng)
- xen/events: only register debug interrupt for 2-level events (Juergen Gross)
- LTS version: v4.14.342 (Yifei Liu)
- selftests/vm: fix map_hugetlb length used for testing read and write (Christophe Leroy)
- selftests/vm: fix display of page size in map_hugetlb (Christophe Leroy)
- getrusage: use sig->stats_lock rather than lock_task_sighand() (Oleg Nesterov)
- getrusage: use __for_each_thread() (Oleg Nesterov)
- getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov)
- getrusage: add the "signal_struct *sig" local variable (Oleg Nesterov)
- hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang)
- um: allow not setting extra rpaths in the linux binary (Johannes Berg)
- selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache)
- tools/selftest/vm: allow choosing mem size and page size in map_hugetlb (Christophe Leroy)
- netrom: Fix data-races around sysctl_net_busy_read (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_link_fails_count (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_routing_control (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_busy_delay (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_timeout (Jason Xing)
- netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_default_path_quality (Jason Xing)
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Lena Wang)
- netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well (Eric Sesterhenn)
- netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function (Eric Sesterhenn)
- netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack (Eric Sesterhenn)
- netfilter: nf_conntrack_h323: Remove typedef struct (Harsha Sharma)
- geneve: make sure to pull inner header in geneve_rx() (Eric Dumazet)
- net: move definition of pcpu_lstats to header file (Li RongQing)
- net: lan78xx: fix runtime PM count underflow on link stop (Oleksij Rempel)
- lan78xx: Fix race conditions in suspend/resume handling (John Efstathiades)
- lan78xx: Fix partial packet errors on suspend/resume (John Efstathiades)
- lan78xx: Add missing return code checks (John Efstathiades)
- lan78xx: Fix white space and style issues (John Efstathiades)
- net: usb: lan78xx: Remove lots of set but unused 'ret' variables (Lee Jones)
- net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() (Daniel Wagner)
- net: lan78xx: Allow for VLAN headers in timeout calcs (Dave Stevenson)
- ip: validate header length on virtual device xmit (Willem de Bruijn)



ELBA-2024-3624 Oracle Linux 7 scap-security-guide bug fix and enhancement update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-3624

http://linux.oracle.com/errata/ELBA-2024-3624.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
scap-security-guide-0.1.73-1.0.1.el7_9.noarch.rpm
scap-security-guide-doc-0.1.73-1.0.1.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//scap-security-guide-0.1.73-1.0.1.el7_9.src.rpm

Description of changes:

[0.1.73-1.0.1]
- Rebase patches to v0.1.73-1 [Orabug: 36702060]
- Update jinja conditionals in source, so built contents include all expected
strings/code [Orabug: 35450273]
- Update vendor references to mention Oracle and Oracle Linux [Orabug: 35450273]
- Update rhel7 project profiles to use oracle gpgkey [Orabug: 33612582]
- Update rhel7 profiles to generate Oracle Linux 7 content [Orabug: 33612582]
- Update source to generate Oracle Linux 7 content [Orabug: 33612582]
- Add ntpd and chronyd OL approved servers support [Orabug: 33612582]
- Add UEFI boot loader rules to Oracle Linux 7 profiles [Orabug: 33612582]
- Fix OL7 mapping in stable_profile_ids test [Orabug: 33612582]
- Update OL7 Essential Eight profile [Orabug: 33612582]
- Disable cis profile [Orabug: 33612582]
- Disable new CIS and stig_gui profiles for RHEL7 product [Orabug: 34195638]

[0.1.73-1]
- Rebase scap-security-guide package to version 0.1.73 (RHEL-36739)



ELBA-2024-12417 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12417

http://linux.oracle.com/errata/ELBA-2024-12417.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.537.4.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.537.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.537.4.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.537.4.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.537.4.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.537.4.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.537.4.el7uek.src.rpm

Description of changes:

[4.14.35-2047.537.4.el7uek]
- uek-rpm: iptables/nftables TABLE_ADD failed (Operation not supported) (Venkat Venkatsubra) [Orabug: 36638482]
- Revert "crypto: api - Disallow identical driver names" (Greg Kroah-Hartman)
- Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" (Siddh Raman Pant)

[4.14.35-2047.537.3.el7uek]
- ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki)
- ahci: asm1064: correct count of reported ports (Andrey Jr. Melnikov)
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (Bart Van Assche)
- igb: fix __free_irq warnings seen during module unload. (Imran Khan) [Orabug: 36618479]
- mm: fix misleading-indentation build warning (Anthony Yznaga) [Orabug: 36612276]
- uek: kabi: Enable the size checks and fix broken APIs (Saeed Mirzamohammadi) [Orabug: 36545474]
- uek: kabi: Introduce new APIs to check for size (Saeed Mirzamohammadi) [Orabug: 36545474]
cpus_read_lock() deadlock (Tejun Heo) [Orabug: 36480026]
- uek-rpm: ol7: fix prod build with editbuildid (Stephen Brennan) [Orabug: 35099077]
- uek-rpm: ol7: Prevent vmlinux build ID mismatch (Stephen Brennan) [Orabug: 35099077]
- uek-rpm: ol7: Remove fancy_debuginfo (Stephen Brennan) [Orabug: 35099077]

[4.14.35-2047.537.2.el7uek]
- Fix the type of set_ready_only in block device (Yifei Liu) [Orabug: 36612441]

[4.14.35-2047.537.1.el7uek]
- igb: free up irq resources in device shutdown path. (Imran Khan) [Orabug: 36547251]
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (Mark Zhang) [Orabug: 36546697]
- exec, elf: ignore malformed note segments (Anthony Yznaga) [Orabug: 36524978]
- LTS version: v4.14.343 (Yifei Liu)
- crypto: af_alg - Work around empty control messages without MSG_MORE (Herbert Xu)
- crypto: af_alg - Fix regression on empty requests (Herbert Xu)
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (Fei Shao)
- net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran)
- hsr: Handle failures in module init (Felix Maurer)
- rds: introduce acquire/release ordering in acquire/release_in_xmit() (Yewon Choi)
- hsr: Fix uninit-value access in hsr_get_node() (Shigeru Yoshida)
- net: hsr: fix placement of logical operator in a multi-line statement (Murali Karicheri)
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (Colin Ian King)
- staging: greybus: fix get_channel_from_mode() failure path (Dan Carpenter)
- serial: 8250_exar: Don't remove GPIO device on suspend (Andy Shevchenko)
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- rtc: mediatek: enhance the description for MediaTek PMIC based RTC (Sean Wang)
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (Tudor Ambarus)
- serial: max310x: fix syntax error in IRQ error message (Hugo Villeneuve)
- clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das)
- NFS: Fix an off by one in root_nfs_cat() (Christophe JAILLET)
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (Christophe JAILLET)
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (Arnd Bergmann)
- scsi: csiostor: Avoid function pointer casts (Arnd Bergmann)
- ALSA: usb-audio: Stop parsing channels bits when all channels are found. (Johan Carlsson)
- sparc32: Fix section mismatch in leon_pci_grpci (Sam Ravnborg)
- backlight: lp8788: Fully initialize backlight_properties during probe (Daniel Thompson)
- backlight: lm3639: Fully initialize backlight_properties during probe (Daniel Thompson)
- backlight: da9052: Fully initialize backlight_properties during probe (Daniel Thompson)
- backlight: lm3630a: Don't set bl->props.brightness in get_brightness (Luca Weiss)
- backlight: lm3630a: Initialize backlight_properties on init (Luca Weiss)
- powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. (Michael Ellerman)
- powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (Kajol Jain)
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (Hsin-Yi Wang)
- media: go7007: fix a memleak in go7007_load_encoder (Zhipeng Lu)
- media: dvb-frontends: avoid stack overflow warnings with clang (Arnd Bergmann)
- media: pvrusb2: fix uaf in pvr2_context_set_notify (Edward Adam Davis)
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (Srinivasan Shanmugam)
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (Arnd Bergmann)
- crypto: arm/sha - fix function cast warnings (Arnd Bergmann)
- crypto: arm - Rename functions to avoid conflict with crypto/sha256.h (Hans de Goede)
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin)
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (Fedor Pchelkin)
- clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() (Christophe JAILLET)
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken (Jörg Wedekind)
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (AngeloGioacchino Del Regno)
- media: pvrusb2: fix pvr2_stream_callback casts (Arnd Bergmann)
- media: go7007: add check of return value of go7007_read_addr() (Daniil Dulov)
- ALSA: seq: fix function cast warnings (Takashi Iwai)
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (Nikita Zhandarovich)
- perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (Yang Jihong)
- quota: Fix rcu annotations of inode dquot pointers (Jan Kara)
- quota: Fix potential NULL pointer dereference (Wang Jianjian)
- quota: simplify drop_dquot_ref() (Baokun Li)
- quota: check time limit when back out space/inode change (Chengguang Xu)
- fs/quota: erase unused but set variable warning (Jiang Biao)
- quota: code cleanup for __dquot_alloc_space() (Chengguang Xu)
- clk: qcom: reset: Ensure write completion on reset de/assertion (Konrad Dybcio)
- clk: qcom: reset: Commonize the de/assert functions (Konrad Dybcio)
- clk: qcom: reset: support resetting multiple bits (Robert Marko)
- clk: qcom: reset: Allow specifying custom reset delay (Stephan Gerhold)
- media: edia: dvbdev: fix a use-after-free (Zhipeng Lu)
- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (Hyunwoo Kim)
- media: dvbdev: convert DVB device types into an enum (Mauro Carvalho Chehab)
- media: dvbdev: fix error logic at dvb_register_device() (Mauro Carvalho Chehab)
- media: dvbdev: Fix memleak in dvb_register_device (Dinghao Liu)
- media: media/dvb: Use kmemdup rather than duplicating its implementation (Fuqian Huang)
- media: dvbdev: remove double-unlock (Mauro Carvalho Chehab)
- media: v4l2-tpg: fix some memleaks in tpg_alloc (Zhipeng Lu)
- media: em28xx: annotate unchecked call to media_device_register() (Nikita Zhandarovich)
- media: tc358743: register v4l2 async device only after successful setup (Alexander Stein)
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil (Harry Wentland)
- drm/rockchip: inno_hdmi: Fix video timing (Alex Bee)
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (Christophe JAILLET)
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (Christophe JAILLET)
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (Cai Huoqing)
- gpu: host1x: mipi: Update tegra_mipi_request() to be node based (Sowjanya Komatineni)
- drm/tegra: dsi: Add missing check for of_find_device_by_node (Chen Ni)
- dm: call the resume method on internal suspend (Mikulas Patocka)
- dm raid: fix false positive for requeue needed during reshape (Ming Lei)
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (Gavrilov Ilia)
- net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function (Gavrilov Ilia)
- udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (Gavrilov Ilia)
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (Gavrilov Ilia)
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (Gavrilov Ilia)
- ipv6: fib6_rules: flush route cache when rule is changed (Shiming Cheng)
- bpf: Fix stackmap overflow check on 32-bit arches (Toke Høiland-Jørgensen)
- bpf: Fix hashtab overflow check on 32-bit arches (Toke Høiland-Jørgensen)
- sr9800: Add check for usbnet_get_endpoints (Chen Ni)
- Bluetooth: hci_core: Fix possible buffer overflow (Luiz Augusto von Dentz)
- Bluetooth: Remove superfluous call to hci_conn_check_pending() (Jonas Dreßler)
- igb: Fix missing time sync events (Vinicius Costa Gomes)
- igb: move PEROUT and EXTTS isr logic to separate functions (Ruud Bos)
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (Christophe JAILLET)
- SUNRPC: fix some memleaks in gssx_dec_option_array (Zhipeng Lu)
- x86, relocs: Ignore relocations in .notes section (Kees Cook)
- ACPI: scan: Fix device check notification handling (Rafael J. Wysocki)
- ARM: dts: arm: realview: Fix development chip ROM compatible value (Geert Uytterhoeven)
- wifi: brcmsmac: avoid function pointer casts (Arnd Bergmann)
- iommu/amd: Mark interrupt as managed (Mario Limonciello)
- bus: tegra-aconnect: Update dependency to ARCH_TEGRA (Peter Robinson)
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Armin Wolf)
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (Zhipeng Lu)
- af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). (Kuniyuki Iwashima)
- sock_diag: annotate data-races around sock_diag_handlers[family] (Eric Dumazet)
- sock_diag: request _diag module only when the family or proto has been registered (Xin Long)
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (Jinjie Ruan)
- wifi: b43: Disable QoS for bcm4331 (Rahul Rameshbabu)
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (Rahul Rameshbabu)
- b43: main: Fix use true/false for bool type (Saurav Girepunje)
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (Rahul Rameshbabu)
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (Rahul Rameshbabu)
- b43: dma: Fix use true/false for bool type variable (Saurav Girepunje)
- timekeeping: Fix cross-timestamp interpolation for non-x86 (Peter Hilber)
- timekeeping: Fix cross-timestamp interpolation corner case decision (Peter Hilber)
- timekeeping: Fix cross-timestamp interpolation on counter wrap (Peter Hilber)
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (Chun-Yi Lee)
- md: Don't clear MD_CLOSING when the raid is about to stop (Li Nan)
- md: implement ->set_read_only to hook into BLKROSET processing (Christoph Hellwig)
- block: add a new set_read_only method (Christoph Hellwig)
- md: switch to ->check_events for media change notifications (Christoph Hellwig)
- fs/select: rework stack allocation hack for clang (Arnd Bergmann)
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Nikita Zhandarovich)
- crypto: algif_aead - Only wake up when ctx->more is zero (Herbert Xu)
- crypto: af_alg - make some functions static (Eric Biggers)
- ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll (Stuart Henderson)
- ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (Stuart Henderson)
- ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (Stuart Henderson)
- Input: gpio_keys_polled - suppress deferred probe error for gpio (Uwe Kleine-König)
- firewire: core: use long bus reset on gap count error (Takashi Sakamoto)
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (Ranjan Kumar)
- dm-verity, dm-crypt: align "struct bvec_iter" correctly (Mikulas Patocka)
- block: sed-opal: handle empty atoms when parsing response (Greg Joyce)
- net/iucv: fix the allocation size of iucv_path_table array (Alexander Gordeev)
- MIPS: Clear Cause.BD in instruction_pointer_set (Jiaxun Yang)
- x86/xen: Add some null pointer checking to smp.c (Kunwu Chan)
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Xiu Jianfeng)
- xen/events: only register debug interrupt for 2-level events (Juergen Gross)
- LTS version: v4.14.342 (Yifei Liu)
- selftests/vm: fix map_hugetlb length used for testing read and write (Christophe Leroy)
- selftests/vm: fix display of page size in map_hugetlb (Christophe Leroy)
- getrusage: use sig->stats_lock rather than lock_task_sighand() (Oleg Nesterov)
- getrusage: use __for_each_thread() (Oleg Nesterov)
- getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov)
- getrusage: add the "signal_struct *sig" local variable (Oleg Nesterov)
- hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang)
- um: allow not setting extra rpaths in the linux binary (Johannes Berg)
- selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache)
- tools/selftest/vm: allow choosing mem size and page size in map_hugetlb (Christophe Leroy)
- netrom: Fix data-races around sysctl_net_busy_read (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_link_fails_count (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_routing_control (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_busy_delay (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_transport_timeout (Jason Xing)
- netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser (Jason Xing)
- netrom: Fix a data-race around sysctl_netrom_default_path_quality (Jason Xing)
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Lena Wang)
- netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well (Eric Sesterhenn)
- netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function (Eric Sesterhenn)
- netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack (Eric Sesterhenn)
- netfilter: nf_conntrack_h323: Remove typedef struct (Harsha Sharma)
- geneve: make sure to pull inner header in geneve_rx() (Eric Dumazet)
- net: move definition of pcpu_lstats to header file (Li RongQing)
- net: lan78xx: fix runtime PM count underflow on link stop (Oleksij Rempel)
- lan78xx: Fix race conditions in suspend/resume handling (John Efstathiades)
- lan78xx: Fix partial packet errors on suspend/resume (John Efstathiades)
- lan78xx: Add missing return code checks (John Efstathiades)
- lan78xx: Fix white space and style issues (John Efstathiades)
- net: usb: lan78xx: Remove lots of set but unused 'ret' variables (Lee Jones)
- net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() (Daniel Wagner)
- net: lan78xx: Allow for VLAN headers in timeout calcs (Dave Stevenson)
- ip: validate header length on virtual device xmit (Willem de Bruijn)



ELBA-2024-12430 Oracle Linux 7 dtrace bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12430

http://linux.oracle.com/errata/ELBA-2024-12430.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.1-1.el7.x86_64.rpm
dtrace-devel-2.0.1-1.el7.x86_64.rpm
dtrace-testsuite-2.0.1-1.el7.x86_64.rpm

aarch64:
dtrace-2.0.1-1.el7.aarch64.rpm
dtrace-devel-2.0.1-1.el7.aarch64.rpm
dtrace-testsuite-2.0.1-1.el7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//dtrace-2.0.1-1.el7.src.rpm

Description of changes:

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]



ELBA-2024-12426 Oracle Linux 9 dtrace bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12426

http://linux.oracle.com/errata/ELBA-2024-12426.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.1-1.el9.x86_64.rpm
dtrace-devel-2.0.1-1.el9.x86_64.rpm
dtrace-testsuite-2.0.1-1.el9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//dtrace-2.0.1-1.el9.src.rpm

Description of changes:

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]



ELBA-2024-12424 Oracle Linux 9 osbuild-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12424

http://linux.oracle.com/errata/ELBA-2024-12424.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-101-1.0.2.el9.x86_64.rpm
osbuild-composer-core-101-1.0.2.el9.x86_64.rpm
osbuild-composer-worker-101-1.0.2.el9.x86_64.rpm

aarch64:
osbuild-composer-101-1.0.2.el9.aarch64.rpm
osbuild-composer-core-101-1.0.2.el9.aarch64.rpm
osbuild-composer-worker-101-1.0.2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//osbuild-composer-101-1.0.2.el9.src.rpm

Description of changes:

[101-1.0.2]
- Add support for OCI hybrid images [JIRA: OLDIS-33593]
- enable aarch64 OCI image builds [JIRA: OLDIS-33593]

[101-1.0.1]
- support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]



ELBA-2024-12425 Oracle Linux 9 dtrace bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12425

http://linux.oracle.com/errata/ELBA-2024-12425.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
dtrace-2.0.1-1.el9.aarch64.rpm
dtrace-devel-2.0.1-1.el9.aarch64.rpm
dtrace-testsuite-2.0.1-1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//dtrace-2.0.1-1.el9.src.rpm

Description of changes:

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]

[2.0.0-1.14]
- Implement provider: io. (Eugene Loh, Kris Van Hees)
- Implement actions: print(). (Alan Maguire)
- Implement subroutines: link_ntop(), cleanpath(). (Eugene Loh)
- Implement options: -xcpu, -xaggpercpu. (Eugene Loh)
- Improve providers: pid (offset-based probes) and rawtp (arg info).
- Improve options: -xlockmem (improve default). (Eugene Loh)
- Ensure USDT probes can survive dtprobed restarts. (Nick Alcock)
- Improve USDT probe creation/deletion. (Nick Alcock)
- Improve support for DTrace with upstream kernels. (Nick Alcock)
- Improve support for compiling DTrace in older environments. (Kris Van Hees)
- Add support for aggregations of stacks. (Eugene Loh)
- Improve lexer parsing (top-level wildcard ambiguities and numerals).
(Nick Alcock)
- Fix END probe execution with multiple tracers. (Nick Alcock)
- Preemptive BPF program execution for DTrace probes is not allowed.
- Buffer overrun fix for systems with non-sequential online CPU ids.
(Kris Van Hees, Nick Alcock) [Orabug: 36356681]
- Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 36329725]

[2.0.0-1.13.2]
- Support using DTrace with upstream kernels.
- Implement provider: ip.
- Implement actions: trunc(), pcap().
- Implement subroutines: inet_ntoa6().
- Implement subroutines: inet_ntop(). (Eugene Loh)
- Support modules.builtin.ranges for builtin module-symbol association.
- Provide a BTF-to-CTF convertor to provide (limited) kernel type information
when CTF is not available.
- Remove dependency on waitfd(). (Nick Alcock)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)

[2.0.0-1.13.1]
- Restart dtprobed when upgrading DTrace.
- Report and clean up orphaned tracing events after each test.

[2.0.0-1.13]
- Full support for is-enabled USDT probes. (Nick Alcock)
- Report error on programs that exceed aggsize or dynvarsize.
- Support for drop counters for principal, speculation, and aggregation buffers
and for dynamic variables.
- Implement probe: proc:::signal-clear.
- Implement provider: sched (partial implementation).
- Implement provider: lockstat (for kernels >= 5.10.0 and UEK6 with fix).
- Support NULL strings. (Eugene Loh)
- Support uregs[] on older kernels. (Eugene Loh)
- New option: lonknommap. (Nick Alcock)
- Support for USDT probes in programs in different fs namespaces. (Nick Alcock)
- Support for USDT probes in non-PIE executables. (Nick Alcock)
- Fix dtprobed to support DOF that exceeds 64KiB. (Nick Alcock)
[Orabug: 35411920]
- Do not modify input files with dtrace -G if unchanged. (Steven Sistare)
[Orbug: 35417184]
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees) [Orabug: 35435195]
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 35435195]

[2.0.0-1.12]
- Fix evaluation order of bcopy() arguments and lift non-alloca restriction
on the source address. (Eugene Loh, Kris Van Hees)
- Implement actions: clear(), tracemem(). (Kris Van Hees, Eugene Loh)
- Implement subroutines: copyout(), copyinstr(). (Kris Van Hees, Eugene Loh)
- Implement options: switchrate, aggrate.
- Implement provider: cpc. (Eugene Loh)
- Implement provider: proc.
- Implement built-in variable: uregs. (Eugene Loh)
- Increase strtab maximum size.
- Support using indirect load instructions for pointers to alloca()'d and
DTrace managed memory. (Kris Van Hees, Eugene Loh)
- Fix arg0 and arg1 for profile-* and tick-* probes. (Eugene Loh)
- Implement runtime bounds checking for scalar array access. (Eugene Loh)
- Updated manpage and moved to dtrace.8.
- Support arbitrary address pointers for basename(), dirname(), strchr(),
strrchr(), and inet_ntoa(). (Eugene Loh) [Orabug: 34857846]
- Add runtime bounds checking for scalar array access. (Eugene Loh)
[Orabug: 35045463]
- Various testsuite fixes and improvements. [Orabug: 34829509]
- Various code improvements. [Orabug: 34829509]

[2.0.0-1.11.1]
- Support both libfuse 2 and libfuse 3.

[2.0.0-1.11]
- Add initial support for USDT. (Nick Alcock, Kris Van Hees)
- Add support for aggregation keys. (Eugene Loh, Kris Van Hees)
- Add support for copyin(), copyinto(), and copyinstr().
- Add support for built-in variable args[] and sdt probe arg types.
- Fix arg handling for various probes. (Eugene Loh)
- Add basic support for setopt().
- Add -xlockmem, with useful error message. (Eugene Loh)
- Fix -xverbose, -xcpp, and -xctfpath
- Fix handling of multiple args after --. (Nick Alcock)
- Have the pid provider ignore compiler-generated internal function names.
- Fix various bugs with typecasting and internal integer storage. (Eugene Loh)
- Fix access to scalars in kernel space.
- Fix libproc search of rtld_global due to glibc changes. (Nick Alcock)
[Orabug: 32856318]
- Truly decouple per-CPU BPF agg maps with a "map of maps."
- Unused dual aggregation copies (DT_AGG_NUM_COPIES) have been removed.
(Eugene Loh)
- Various testsuite fixes and improvements. [Orabug: 34251899]
- Various code improvements. [Orabug: 34251899]



ELBA-2024-12421 Oracle Linux 9 osbuild bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12421

http://linux.oracle.com/errata/ELBA-2024-12421.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-110-1.0.1.el9.noarch.rpm
osbuild-luks2-110-1.0.1.el9.noarch.rpm
osbuild-lvm2-110-1.0.1.el9.noarch.rpm
osbuild-ostree-110-1.0.1.el9.noarch.rpm
osbuild-selinux-110-1.0.1.el9.noarch.rpm
osbuild-depsolve-dnf-110-1.0.1.el9.noarch.rpm
osbuild-tools-110-1.0.1.el9.noarch.rpm
python3-osbuild-110-1.0.1.el9.noarch.rpm

aarch64:
osbuild-110-1.0.1.el9.noarch.rpm
osbuild-luks2-110-1.0.1.el9.noarch.rpm
osbuild-lvm2-110-1.0.1.el9.noarch.rpm
osbuild-ostree-110-1.0.1.el9.noarch.rpm
osbuild-selinux-110-1.0.1.el9.noarch.rpm
osbuild-depsolve-dnf-110-1.0.1.el9.noarch.rpm
osbuild-tools-110-1.0.1.el9.noarch.rpm
python3-osbuild-110-1.0.1.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//osbuild-110-1.0.1.el9.src.rpm

Description of changes:

[110-1.0.1]
- Add runner for ol8 and ol9 [Orabug: 36400619]



ELBA-2024-12419 Oracle Linux 9 cockpit-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12419

http://linux.oracle.com/errata/ELBA-2024-12419.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-composer-50-1.0.2.el9.noarch.rpm

aarch64:
cockpit-composer-50-1.0.2.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//cockpit-composer-50-1.0.2.el9.src.rpm

Description of changes:

[50-1.0.2]
- Add runner for ol8 and ol9 [Orabug: 36400619]



ELBA-2024-12429 Oracle Linux 8 dtrace bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12429

http://linux.oracle.com/errata/ELBA-2024-12429.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.1-1.el8.x86_64.rpm
dtrace-devel-2.0.1-1.el8.x86_64.rpm
dtrace-testsuite-2.0.1-1.el8.x86_64.rpm

aarch64:
dtrace-2.0.1-1.el8.aarch64.rpm
dtrace-devel-2.0.1-1.el8.aarch64.rpm
dtrace-testsuite-2.0.1-1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//dtrace-2.0.1-1.el8.src.rpm

Description of changes:

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]



ELBA-2024-3624 Oracle Linux 8 scap-security-guide bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-3624

http://linux.oracle.com/errata/ELBA-2024-3624.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.73-1.0.1.el8_10.noarch.rpm
scap-security-guide-doc-0.1.73-1.0.1.el8_10.noarch.rpm

aarch64:
scap-security-guide-0.1.73-1.0.1.el8_10.noarch.rpm
scap-security-guide-doc-0.1.73-1.0.1.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//scap-security-guide-0.1.73-1.0.1.el8_10.src.rpm

Description of changes:

[0.1.73-1.0.1]
- Rebase oracle patches to v0.1.73-1 [Orabug: 36702208]
- Update OL8 to implement OL9 STIG profile to match DISA STIG draft for OL9 [Orabug: 36680605]

[0.1.73.openela.1.0]
- Make OpenELA a derivative of RHEL

[0.1.73-1]
- Rebase scap-security-guide package to version 0.1.73 (RHEL-36733)
- Change crypto policy used in the CUI profile to FIPS (RHEL-30346)
- Fix file path identification in Rsyslog configuration (RHEL-17202)
- Use a correct chrony server address in STIG profile (RHEL-1814)
- Don't BuildRequire /usr/bin/python3 (RHEL-2244)



ELBA-2024-12427 Oracle Linux 8 dtrace bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12427

http://linux.oracle.com/errata/ELBA-2024-12427.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.1-1.el8.x86_64.rpm
dtrace-devel-2.0.1-1.el8.x86_64.rpm
dtrace-testsuite-2.0.1-1.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//dtrace-2.0.1-1.el8.src.rpm

Description of changes:

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]



ELBA-2024-12428 Oracle Linux 8 dtrace bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12428

http://linux.oracle.com/errata/ELBA-2024-12428.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
dtrace-2.0.1-1.el8.aarch64.rpm
dtrace-devel-2.0.1-1.el8.aarch64.rpm
dtrace-testsuite-2.0.1-1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//dtrace-2.0.1-1.el8.src.rpm

Description of changes:

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]

[2.0.0-1.14]
- Implement provider: io. (Eugene Loh, Kris Van Hees)
- Implement actions: print(). (Alan Maguire)
- Implement subroutines: link_ntop(), cleanpath(). (Eugene Loh)
- Implement options: -xcpu, -xaggpercpu. (Eugene Loh)
- Improve providers: pid (offset-based probes) and rawtp (arg info).
- Improve options: -xlockmem (improve default). (Eugene Loh)
- Ensure USDT probes can survive dtprobed restarts. (Nick Alcock)
- Improve USDT probe creation/deletion. (Nick Alcock)
- Improve support for DTrace with upstream kernels. (Nick Alcock)
- Improve support for compiling DTrace in older environments. (Kris Van Hees)
- Add support for aggregations of stacks. (Eugene Loh)
- Improve lexer parsing (top-level wildcard ambiguities and numerals).
(Nick Alcock)
- Fix END probe execution with multiple tracers. (Nick Alcock)
- Preemptive BPF program execution for DTrace probes is not allowed.
- Buffer overrun fix for systems with non-sequential online CPU ids.
(Kris Van Hees, Nick Alcock) [Orabug: 36356681]
- Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 36329725]

[2.0.0-1.13.2]
- Support using DTrace with upstream kernels.
- Implement provider: ip.
- Implement actions: trunc(), pcap().
- Implement subroutines: inet_ntoa6().
- Implement subroutines: inet_ntop(). (Eugene Loh)
- Support modules.builtin.ranges for builtin module-symbol association.
- Provide a BTF-to-CTF convertor to provide (limited) kernel type information
when CTF is not available.
- Remove dependency on waitfd(). (Nick Alcock)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)

[2.0.0-1.13.1]
- Restart dtprobed when upgrading DTrace.
- Report and clean up orphaned tracing events after each test.

[2.0.0-1.13]
- Full support for is-enabled USDT probes. (Nick Alcock)
- Report error on programs that exceed aggsize or dynvarsize.
- Support for drop counters for principal, speculation, and aggregation buffers
and for dynamic variables.
- Implement probe: proc:::signal-clear.
- Implement provider: sched (partial implementation).
- Implement provider: lockstat (for kernels >= 5.10.0 and UEK6 with fix).
- Support NULL strings. (Eugene Loh)
- Support uregs[] on older kernels. (Eugene Loh)
- New option: lonknommap. (Nick Alcock)
- Support for USDT probes in programs in different fs namespaces. (Nick Alcock)
- Support for USDT probes in non-PIE executables. (Nick Alcock)
- Fix dtprobed to support DOF that exceeds 64KiB. (Nick Alcock)
[Orabug: 35411920]
- Do not modify input files with dtrace -G if unchanged. (Steven Sistare)
[Orbug: 35417184]
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees) [Orabug: 35435195]
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 35435195]

[2.0.0-1.12]
- Fix evaluation order of bcopy() arguments and lift non-alloca restriction
on the source address. (Eugene Loh, Kris Van Hees)
- Implement actions: clear(), tracemem(). (Kris Van Hees, Eugene Loh)
- Implement subroutines: copyout(), copyinstr(). (Kris Van Hees, Eugene Loh)
- Implement options: switchrate, aggrate.
- Implement provider: cpc. (Eugene Loh)
- Implement provider: proc.
- Implement built-in variable: uregs. (Eugene Loh)
- Increase strtab maximum size.
- Support using indirect load instructions for pointers to alloca()'d and
DTrace managed memory. (Kris Van Hees, Eugene Loh)
- Fix arg0 and arg1 for profile-* and tick-* probes. (Eugene Loh)
- Implement runtime bounds checking for scalar array access. (Eugene Loh)
- Updated manpage and moved to dtrace.8.
- Support arbitrary address pointers for basename(), dirname(), strchr(),
strrchr(), and inet_ntoa(). (Eugene Loh) [Orabug: 34857846]
- Add runtime bounds checking for scalar array access. (Eugene Loh)
[Orabug: 35045463]
- Various testsuite fixes and improvements. [Orabug: 34829509]
- Various code improvements. [Orabug: 34829509]

[2.0.0-1.11.1]
- Support both libfuse 2 and libfuse 3.

[2.0.0-1.11]
- Add initial support for USDT. (Nick Alcock, Kris Van Hees)
- Add support for aggregation keys. (Eugene Loh, Kris Van Hees)
- Add support for copyin(), copyinto(), and copyinstr().
- Add support for built-in variable args[] and sdt probe arg types.
- Fix arg handling for various probes. (Eugene Loh)
- Add basic support for setopt().
- Add -xlockmem, with useful error message. (Eugene Loh)
- Fix -xverbose, -xcpp, and -xctfpath
- Fix handling of multiple args after --. (Nick Alcock)
- Have the pid provider ignore compiler-generated internal function names.
- Fix various bugs with typecasting and internal integer storage. (Eugene Loh)
- Fix access to scalars in kernel space.
- Fix libproc search of rtld_global due to glibc changes. (Nick Alcock)
[Orabug: 32856318]
- Truly decouple per-CPU BPF agg maps with a "map of maps."
- Unused dual aggregation copies (DT_AGG_NUM_COPIES) have been removed.
(Eugene Loh)
- Various testsuite fixes and improvements. [Orabug: 34251899]
- Various code improvements. [Orabug: 34251899]

[2.0.0-1.10]
- Add support for associative arrays.
- Add support for allcoa() and bcopy(). (Nick Alcock)
- Add support for inet_ntoa(), progenyof(), getmajor(), getminor(),
mutex_owned(), mutex_owner(), mutex_type_adaptive(), mutex_type_spin(),
rw_read_held(), rw_write_held(), and rw_iswriter(). (Eugene Loh)
- Improved fault handling. (Nick Alcock, Kris Van Hees)
- Various disassembler improvements, esp. annotations.
- Strings are no longer stored using a length prefix.
- The trace() action now supports arrays, structs, and unions.
- Various testsuite fixes and improvements. [Orabug: 34112342]
- Various code improvements. [Orabug: 34112342]

[2.0.0-1.9.1]
- Add support for UEK7. [Orabug: 33806867]

[2.0.0-1.9]
- Add support for strtok(). (Eugene Loh)
- Implement TLS (thread-local storage) variables.
- Add support for basename(), dirname(). (Eugene Loh)
- Generic hash table improvements and consistent use of htabs. (Nick Alcock)
- CTF improvements in view of better kernel support. (Nick Alcock)
- Add support for ftruncate(). (Eugene Loh)
- Add support for rand(). (Eugene Loh)
- Fix string constant handling for strings longer than strsize.
- Optimization of substr(), strjoin(), and storing strings in the trace buffer.
- Various string handling fixes and improvements. (Eugene Loh, Kris Van Hees)
[Orabug: 33651682]
- Various testsuite fixes and improvements. [Orabug: 33651682]
- Various code improvements. [Orabug: 33651682]

[2.0.0-1.8]
- Support running dtrace under valgrind. (Nick Alcock) [Orabug: 32760574]
- Implementation of speculative tracing. (Nick Alcock)
- Add support for string comparison. (Eugene Loh)
- Add support for strchr(), strrchr(), index(), rindex(), strstr(), lltostr().
(Eugene Loh)
- Add support for symbols in compressed kernel modules. (Nick Alcock)
- Add support for htonl, htonll, htons, ntohl, ntohll, ntohs. (Eugene Loh)
- Various testsuite fixes and improvements. [Orabug: 33474154]
- Various code improvements. [Orabug: 33474154]

[2.0.0-1.7]
- Implement argument retrieval for SDT probes.
- Introduce 'bpflog' runtime option to request BPF verifier log.
- Implementation improvements for memry copy operations.
- Fix type alignment handling for enums.
- Fix ERROR-in-BEGIN probe handling.
- Transition from variable-length string size to 2-byte string size.
- Fix size of string data in the trace output buffer.
- Fix data size for value copy.
- Add support for strjoin() subroutine.
- Add support for substr() subroutine.

[2.0.0-1.6]
- Consolidated development of newly ported features. [Orabug: 33037106]
- Implement built-in variables: probeprov, probemod, probefunc, probename.
- Implement built-in variables: caller, stackdepth, ucaller, ustackdepth,
errno, walltimestamp. (Eugene Loh)
- Implement actions: stack(), ustack(). (Eugene Loh)
- Implement subroutine: strlen().
- Implement option: -Z (partial). (Eugene Loh)
- Added support for string constants and string values.
- Added support for strings to trace().
- Fixed storage size determination for global and local variables.
- Improved storage layout for global and local variables.
- Mark aggregation actions as non-data recording actions. (Eugene Loh)
- Load string constant table into the 'strtab' BPF map.
- Load probe description data into the 'probes' BPF map.
- Consolidate all string hash functions into a single hash function.
- Implement variable length integer support.
- Store the length of each string as a variable length integer inline with its
character stream.
- Improve memcpy() internal BPF function.
- Testsuite improvements. (Eugene Loh)



ELSA-2024-3670 Moderate: Oracle Linux 8 ruby:3.3 security, bug fix, and enhancement update


Oracle Linux Security Advisory ELSA-2024-3670

http://linux.oracle.com/errata/ELSA-2024-3670.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
ruby-bundled-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
ruby-bundled-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
ruby-default-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
ruby-devel-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
ruby-devel-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
ruby-doc-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-bigdecimal-3.1.5-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
rubygem-bigdecimal-3.1.5-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
rubygem-bundler-2.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-io-console-0.7.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
rubygem-io-console-0.7.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
rubygem-irb-1.11.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-json-2.7.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
rubygem-json-2.7.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
rubygem-minitest-5.20.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm
rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm
rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-power_assert-2.0.3-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-psych-5.1.2-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
rubygem-psych-5.1.2-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
rubygem-racc-1.7.3-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
rubygem-racc-1.7.3-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
rubygem-rake-13.1.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-rbs-3.4.0-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
rubygem-rbs-3.4.0-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm
rubygem-rdoc-6.6.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-rexml-3.2.6-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-rss-0.3.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygems-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygems-devel-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-test-unit-3.6.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-typeprof-0.21.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
ruby-libs-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm
ruby-libs-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm

aarch64:
ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
ruby-bundled-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
ruby-default-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
ruby-devel-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
ruby-doc-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-bigdecimal-3.1.5-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
rubygem-bundler-2.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-io-console-0.7.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
rubygem-irb-1.11.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-json-2.7.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
rubygem-minitest-5.20.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm
rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm
rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm
rubygem-power_assert-2.0.3-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-psych-5.1.2-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
rubygem-racc-1.7.3-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
rubygem-rake-13.1.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-rbs-3.4.0-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm
rubygem-rdoc-6.6.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-rexml-3.2.6-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-rss-0.3.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygems-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygems-devel-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-test-unit-3.6.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
rubygem-typeprof-0.21.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm
ruby-libs-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.src.rpm

Related CVEs:

CVE-2024-27280
CVE-2024-27281
CVE-2024-27282

Description of changes:

ruby
[3.3.1-2]
- Upgrade to Ruby 3.3.1.
Resolves: RHEL-37446
- Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Resolves: RHEL-37448
- Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Resolves: RHEL-37449
- Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Resolves: RHEL-37447

rubygem-abrt
rubygem-mysql2
[0.5.5-1]
- Upgrade to mysql2 0.5.5.
Related: RHEL-17090

rubygem-pg
[1.5.4-1]
- Upgrade to pg 1.5.4.
Related: RHEL-17090

[1.3.2-1]
- Update to pg 1.3.2 by merging Fedora rawhide branch (commit: 39bbd1b)
Resolves: rhbz#2063772



ELBA-2024-12420 Oracle Linux 8 cockpit-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12420

http://linux.oracle.com/errata/ELBA-2024-12420.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-composer-50-1.0.2.el8.noarch.rpm

aarch64:
cockpit-composer-50-1.0.2.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//cockpit-composer-50-1.0.2.el8.src.rpm

Description of changes:

[50-1.0.2]
- Add runner for ol8 and ol9 [Orabug: 36400619]



ELBA-2024-12423 Oracle Linux 8 osbuild-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12423

http://linux.oracle.com/errata/ELBA-2024-12423.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-101-1.0.2.el8.x86_64.rpm
osbuild-composer-worker-101-1.0.2.el8.x86_64.rpm
osbuild-composer-core-101-1.0.2.el8.x86_64.rpm

aarch64:
osbuild-composer-101-1.0.2.el8.aarch64.rpm
osbuild-composer-worker-101-1.0.2.el8.aarch64.rpm
osbuild-composer-core-101-1.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//osbuild-composer-101-1.0.2.el8.src.rpm

Description of changes:

[101-1.0.2]
- support for building OL8/9 images on Oracle Linux 8 [Orabug: 36400619]

[101-1.0.1]



ELBA-2024-12422 Oracle Linux 8 osbuild bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12422

http://linux.oracle.com/errata/ELBA-2024-12422.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-110-1.0.1.el8.noarch.rpm
osbuild-ostree-110-1.0.1.el8.noarch.rpm
osbuild-selinux-110-1.0.1.el8.noarch.rpm
python3-osbuild-110-1.0.1.el8.noarch.rpm
osbuild-luks2-110-1.0.1.el8.noarch.rpm
osbuild-lvm2-110-1.0.1.el8.noarch.rpm
osbuild-depsolve-dnf-110-1.0.1.el8.noarch.rpm
osbuild-tools-110-1.0.1.el8.noarch.rpm

aarch64:
osbuild-110-1.0.1.el8.noarch.rpm
osbuild-ostree-110-1.0.1.el8.noarch.rpm
osbuild-selinux-110-1.0.1.el8.noarch.rpm
python3-osbuild-110-1.0.1.el8.noarch.rpm
osbuild-luks2-110-1.0.1.el8.noarch.rpm
osbuild-lvm2-110-1.0.1.el8.noarch.rpm
osbuild-depsolve-dnf-110-1.0.1.el8.noarch.rpm
osbuild-tools-110-1.0.1.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//osbuild-110-1.0.1.el8.src.rpm

Description of changes:

[110-1.0.1]
- Add runner for ol8 and ol9 [Orabug: 36400619]