Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-4671 Oracle Linux 7 iscsi-initiator-utils bug fix update (aarch64)
ELSA-2019-4668 Important: Oracle Linux 7 edk2 security update (aarch64)
ELSA-2019-4672 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4672 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELBA-2019-4671 Oracle Linux 7 iscsi-initiator-utils bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-4671

http://linux.oracle.com/errata/ELBA-2019-4671.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
iscsi-initiator-utils-6.2.0.874-10.0.9.el7.aarch64.rpm
iscsi-initiator-utils-iscsiuio-6.2.0.874-10.0.9.el7.aarch64.rpm
iscsi-initiator-utils-devel-6.2.0.874-10.0.9.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/iscsi-initiator-utils-6.2.0.874-10.0.9.el7.src.rpm



Description of changes:

[6.2.0.874-10.0.9]
- Moddify iscsi-mark-root nodes script to not mark nodes when iscsi.service
is restarted.
[Orabug: 29715514]


ELSA-2019-4668 Important: Oracle Linux 7 edk2 security update (aarch64)

Oracle Linux Security Advisory ELSA-2019-4668

http://linux.oracle.com/errata/ELSA-2019-4668.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
AAVMF-1.2-5.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/edk2-1.2-5.el7.src.rpm



Description of changes:

[1:1.2-5.el7]
- Update spec file to remove 'modprobe kvm-intel' and remove
--enable-kvm arg to ovmf_vars_generator so qemu will not require kvm
kernel module. (Aaron Young) - Update spec file to modprobe kvm_intel
module prior to running qemu to enroll default keys. (Aaron Young) -
Enroll Oracle cert/key for OL secureboot support. (Aaron Young)

[1:1.2-2.el7]
- Change Image.c image load error to DEBUG_WARN from DEBUG_ERROR since
it is normal for some images to fail to load if the associated hardware
is not present. Such is the case with Ramfb. (Aaron Young) [Orabug:
28868674]
- Fix AAVMF build. Pull in OpenSSL code (as is done for x86_64) (Aaron
Young) - Update AAVMF change log for version 1.2 (Aaron Young)

[1:1.2-1.el7]
- Update spec files and OVMF change log to version 1.2

ELSA-2019-4672 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4672

http://linux.oracle.com/errata/ELSA-2019-4672.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.35.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.35.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.35.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.35.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.35.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.35.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.35.1.el6uek-0.4.5-3.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.35.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.35.1.el6uek-0.4.5-3.el6.src.rpm



Description of changes:

kernel-uek

kernel-uek
[3.8.13-118.35.1.el6uek]
- Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786787] {CVE-2011-1079} {CVE-2019-11884}
- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [Orabug: 29791038] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Make cpu_vuln_whitelist __cpuinitconst (Patrick Colp) [Orabug: 29792023]
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29792061] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}

ELSA-2019-4672 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4672

http://linux.oracle.com/errata/ELSA-2019-4672.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.35.1.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.35.1.el7uek.noarch.rpm
kernel-uek-3.8.13-118.35.1.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.35.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.35.1.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.35.1.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.35.1.el7uek-0.4.5-3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.35.1.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.35.1.el7uek-0.4.5-3.el7.src.rpm



Description of changes:

kernel-uek

[3.8.13-118.35.1.el7uek]
- Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786787] {CVE-2011-1079} {CVE-2019-11884}
- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [Orabug: 29791038] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Make cpu_vuln_whitelist __cpuinitconst (Patrick Colp) [Orabug: 29792023]
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29792061] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}