Oracle Linux 6277 Published by

Oracle Linux has received multiple security updates, which encompass bug fixes for ipmctl, edk2, kernel, webkit2gtk3, java-17, java-11, buildah, skopeo, containernetworking-plugins, btrfs-progs, xfsprogs, java-21, java-17, java-11, java-1.8.0-openjdk, 389-ds-base, httpd, and python-setuptools:

ELBA-2024-12719 Oracle Linux 8 ipmctl bug fix update
ELSA-2024-12794 Moderate: Oracle Linux 7 edk2 security update (aarch64)
ELSA-2024-8117 Moderate: Oracle Linux 9 java-1.8.0-openjdk security update
ELSA-2024-8162 Moderate: Oracle Linux 9 kernel security update
ELSA-2024-8127 Moderate: Oracle Linux 9 java-21-openjdk security update
ELSA-2024-8180 Important: Oracle Linux 9 webkit2gtk3 security update
ELSA-2024-8124 Moderate: Oracle Linux 9 java-17-openjdk security update
ELSA-2024-8121 Moderate: Oracle Linux 9 java-11-openjdk security update
ELSA-2024-8112 Important: Oracle Linux 9 buildah security update
ELSA-2024-8111 Important: Oracle Linux 9 skopeo security update
ELSA-2024-8110 Important: Oracle Linux 9 containernetworking-plugins security update
ELBA-2024-12790 Oracle Linux 8 btrfs-progs bug fix update
ELBA-2024-12789 Oracle Linux 8 xfsprogs bug fix update
ELSA-2024-8127 Moderate: Oracle Linux 8 java-21-openjdk security update
ELSA-2024-8124 Moderate: Oracle Linux 8 java-17-openjdk security update
ELSA-2024-8121 Moderate: Oracle Linux 8 java-11-openjdk security update
ELSA-2024-8117 Moderate: Oracle Linux 8 java-1.8.0-openjdk security update
ELSA-2024-7434 Moderate: Oracle Linux 7 389-ds-base security update (aarch64)
ELSA-2024-7101 Important: Oracle Linux 7 httpd security update (aarch64)
ELSA-2024-6662 Important: Oracle Linux 7 python-setuptools security update (aarch64)
ELSA-2024-7101 Important: Oracle Linux 7 httpd security update
ELSA-2024-7434 Moderate: Oracle Linux 7 389-ds-base security update
ELSA-2024-6662 Important: Oracle Linux 7 python-setuptools security update



ELBA-2024-12719 Oracle Linux 8 ipmctl bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12719

http://linux.oracle.com/errata/ELBA-2024-12719.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipmctl-03.00.00.0468-2.0.2.el8.x86_64.rpm
libipmctl5-03.00.00.0468-2.0.2.el8.x86_64.rpm
libipmctl5-devel-03.00.00.0468-2.0.2.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ipmctl-03.00.00.0468-2.0.2.el8.src.rpm

Description of changes:

[03.00.00.0468-2.0.2]
- Allow libipmctl5-devel to provide libipmctl-devel for EPEL compatibility.

[03.00.00.0468-2.0.1]
- Allow libipmctl5 to provide libipmctl for EPEL compatibility.

[03.00.00.0468-1.0.1]
- Update to 03.00.00.0468



ELSA-2024-12794 Moderate: Oracle Linux 7 edk2 security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-12794

http://linux.oracle.com/errata/ELSA-2024-12794.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
AAVMF-1.7.1-3.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//edk2-1.7.1-3.el7.src.rpm

Related CVEs:

CVE-2024-1298
CVE-2023-45236
CVE-2023-45237
CVE-2024-25742

Description of changes:

[1.7.1]
- Create new 1.7.1 release for OL7 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}



ELSA-2024-8117 Moderate: Oracle Linux 9 java-1.8.0-openjdk security update


Oracle Linux Security Advisory ELSA-2024-8117

http://linux.oracle.com/errata/ELSA-2024-8117.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.432.b06-2.0.1.el9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.432.b06-2.0.1.el9.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.432.b06-2.0.1.el9.x86_64.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.432.b06-2.0.1.el9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.432.b06-2.0.1.el9.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.432.b06-2.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el9.src.rpm

Related CVEs:

CVE-2023-48161
CVE-2024-21208
CVE-2024-21210
CVE-2024-21217
CVE-2024-21235

Description of changes:

[1.8.0.432.b06-2.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:1.8.0.432.b06-1]
- Update to shenandoah-jdk8u432-b06 (GA)
- Update release notes for shenandoah-8u432-b06.
- Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version
- Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration
- Bump version of bundled zlib to 1.3.1 following JDK-8324632
- Include backport of JDK-8328999 to update giflib to 5.2.2
- Bump version of bundled giflib to 5.2.2 following JDK-8328999
- Add build scripts to repository to ease remembering all CentOS & RHEL targets and options
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-58794
- Resolves: RHEL-62280
- Resolves: RHEL-61287
- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. **



ELSA-2024-8162 Moderate: Oracle Linux 9 kernel security update


Oracle Linux Security Advisory ELSA-2024-8162

http://linux.oracle.com/errata/ELSA-2024-8162.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.3.0-427.40.1.el9_4.x86_64.rpm
kernel-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-abi-stablelists-5.14.0-427.40.1.el9_4.noarch.rpm
kernel-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-devel-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-devel-matched-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-modules-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-modules-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-modules-extra-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-uki-virt-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-devel-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-devel-matched-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-doc-5.14.0-427.40.1.el9_4.noarch.rpm
kernel-headers-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-modules-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-modules-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-modules-extra-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-tools-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-tools-libs-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-uki-virt-5.14.0-427.40.1.el9_4.x86_64.rpm
perf-5.14.0-427.40.1.el9_4.x86_64.rpm
python3-perf-5.14.0-427.40.1.el9_4.x86_64.rpm
rtla-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-cross-headers-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-tools-libs-devel-5.14.0-427.40.1.el9_4.x86_64.rpm
libperf-5.14.0-427.40.1.el9_4.x86_64.rpm
rv-5.14.0-427.40.1.el9_4.x86_64.rpm

aarch64:
bpftool-7.3.0-427.40.1.el9_4.aarch64.rpm
kernel-headers-5.14.0-427.40.1.el9_4.aarch64.rpm
kernel-tools-5.14.0-427.40.1.el9_4.aarch64.rpm
kernel-tools-libs-5.14.0-427.40.1.el9_4.aarch64.rpm
perf-5.14.0-427.40.1.el9_4.aarch64.rpm
python3-perf-5.14.0-427.40.1.el9_4.aarch64.rpm
kernel-cross-headers-5.14.0-427.40.1.el9_4.aarch64.rpm
kernel-tools-libs-devel-5.14.0-427.40.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-427.40.1.el9_4.src.rpm

Related CVEs:

CVE-2021-47385
CVE-2023-28746
CVE-2023-52658
CVE-2024-27403
CVE-2024-35989
CVE-2024-36889
CVE-2024-36978
CVE-2024-38556
CVE-2024-39483
CVE-2024-39502
CVE-2024-40959
CVE-2024-42079
CVE-2024-42272
CVE-2024-42284

Description of changes:

[5.14.0-427.40.1.el9_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64