Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELSA-2019-3157 Moderate: Oracle Linux 7 java-1.7.0-openjdk security update
ELSA-2019-3157 Moderate: Oracle Linux 7 java-1.7.0-openjdk security update (aarch64)
ELSA-2019-3158 Moderate: Oracle Linux 6 java-1.7.0-openjdk security update
New Ksplice updates for OL 7, RHEL 7, CentOS 7, and Scientific Linux 7 (RHSA-2019:3055)
New Ksplice updates for Oracle Enhanced RHCK 7 (ELSA-2019-3055)
New Ksplice updates for RHCK 7 (ELSA-2019-3055)
New Ksplice updates for RHEL 7 (RHSA-2019:3055)
New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4812)



ELSA-2019-3157 Moderate: Oracle Linux 7 java-1.7.0-openjdk security update

Oracle Linux Security Advisory ELSA-2019-3157

http://linux.oracle.com/errata/ELSA-2019-3157.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7_7.x86_64.rpm
java-1.7.0-openjdk-accessibility-1.7.0.241-2.6.20.0.0.1.el7_7.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.0.1.el7_7.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.0.1.el7_7.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.241-2.6.20.0.0.1.el7_7.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.0.1.el7_7.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.0.1.el7_7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7_7.src.rpm



Description of changes:

[1:1.7.0.241-2.6.20.0.0.1]
- Update DISTRO_NAME in specfile

[1:1.7.0.241-2.6.20.0]
- Bump to 2.6.20 and OpenJDK 7u241-b01.
- Drop PR1834/RH1022017 which is now handled by JDK-8228825 upstream.
- Resolves: rhbz#1753423

ELSA-2019-3157 Moderate: Oracle Linux 7 java-1.7.0-openjdk security update (aarch64)

Oracle Linux Security Advisory ELSA-2019-3157

http://linux.oracle.com/errata/ELSA-2019-3157.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7_7.aarch64.rpm
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.0.1.el7_7.aarch64.rpm
java-1.7.0-openjdk-headless-1.7.0.241-2.6.20.0.0.1.el7_7.aarch64.rpm
java-1.7.0-openjdk-accessibility-1.7.0.241-2.6.20.0.0.1.el7_7.aarch64.rpm
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.0.1.el7_7.aarch64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.0.1.el7_7.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.0.1.el7_7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7_7.src.rpm



Description of changes:

[1:1.7.0.241-2.6.20.0.0.1]
- Update DISTRO_NAME in specfile

[1:1.7.0.241-2.6.20.0]
- Bump to 2.6.20 and OpenJDK 7u241-b01.
- Drop PR1834/RH1022017 which is now handled by JDK-8228825 upstream.
- Resolves: rhbz#1753423

ELSA-2019-3158 Moderate: Oracle Linux 6 java-1.7.0-openjdk security update

Oracle Linux Security Advisory ELSA-2019-3158

http://linux.oracle.com/errata/ELSA-2019-3158.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el6_10.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.0.1.el6_10.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.0.1.el6_10.i686.rpm
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.0.1.el6_10.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.0.1.el6_10.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el6_10.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.0.1.el6_10.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.0.1.el6_10.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.0.1.el6_10.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.0.1.el6_10.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el6_10.src.rpm



Description of changes:

[1:1.7.0.241-2.6.20.0.0.1]
- Update DISTRO_NAME in specfile

[1:1.7.0.241-2.6.20.0]
- Bump to 2.6.20 and OpenJDK 7u241-b01.
- Drop PR1834/RH1022017 which is now handled by JDK-8228825 upstream.
- Drop JDK-8226318/RH1738637 which is now included upstream.
- Resolves: rhbz#1753423

New Ksplice updates for OL 7, RHEL 7, CentOS 7, and Scientific Linux 7 (RHSA-2019:3055)

Synopsis: RHSA-2019:3055 can now be patched using Ksplice
CVEs: CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506

Systems running RHCK on Oracle Linux 7, Red Hat Enterprise Linux 7,
CentOS 7, and Scientific Linux 7 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2019:3055.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 7, RHEL 7,
CentOS 7, and Scientific Linux 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-10126, CVE-2019-3846: Heap overflow when parsing fields in Marvell WiFi-Ex driver.

A missing check on user input when parsing BSS and IE in Marvell
WiFi-Ex driver could let a local attacker cause a heap overflow and a
denial-of-service.


* CVE-2018-20856: Use-after-free in block device core.

A failure to initialize part of a structure in the block device allocation
path can lead to a use-after-free of certain kernel structures, which can
result in a kernel panic. This could be used to cause a denial of service.


* CVE-2019-9506: Information disclosure when transmitting over bluetooth.

The Bluetooth BR/EDR specification permits sufficiently low encryption key
length and does not prevent an attacker from influencing the key length
negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.

This is the fix in kernel to disallow arbitrarily short encryption key.
However, the actual bug is in the protocol so we encourage customers to
also upgrade the firmware on their bluetooth device.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for Oracle Enhanced RHCK 7 (ELSA-2019-3055)

Synopsis: ELSA-2019-3055 can now be patched using Ksplice
CVEs: CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-3055.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-3055.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-10126, CVE-2019-3846: Heap overflow when parsing fields in Marvell WiFi-Ex driver.

A missing check on user input when parsing BSS and IE in Marvell
WiFi-Ex driver could let a local attacker cause a heap overflow and a
denial-of-service.


* CVE-2018-20856: Use-after-free in block device core.

A failure to initialize part of a structure in the block device allocation
path can lead to a use-after-free of certain kernel structures, which can
result in a kernel panic. This could be used to cause a denial of service.


* CVE-2019-9506: Information disclosure when transmitting over bluetooth.

The Bluetooth BR/EDR specification permits sufficiently low encryption key
length and does not prevent an attacker from influencing the key length
negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.

This is the fix in kernel to disallow arbitrarily short encryption key.
However, the actual bug is in the protocol so we encourage customers to
also upgrade the firmware on their bluetooth device.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for RHCK 7 (ELSA-2019-3055)

Synopsis: ELSA-2019-3055 can now be patched using Ksplice
CVEs: CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-3055.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-3055.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-10126, CVE-2019-3846: Heap overflow when parsing fields in Marvell WiFi-Ex driver.

A missing check on user input when parsing BSS and IE in Marvell
WiFi-Ex driver could let a local attacker cause a heap overflow and a
denial-of-service.


* CVE-2018-20856: Use-after-free in block device core.

A failure to initialize part of a structure in the block device allocation
path can lead to a use-after-free of certain kernel structures, which can
result in a kernel panic. This could be used to cause a denial of service.


* CVE-2019-9506: Information disclosure when transmitting over bluetooth.

The Bluetooth BR/EDR specification permits sufficiently low encryption key
length and does not prevent an attacker from influencing the key length
negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.

This is the fix in kernel to disallow arbitrarily short encryption key.
However, the actual bug is in the protocol so we encourage customers to
also upgrade the firmware on their bluetooth device.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for RHEL 7 (RHSA-2019:3055)

Synopsis: RHSA-2019:3055 can now be patched using Ksplice
CVEs: CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506

Systems running Red Hat Enterprise Linux 7 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2019:3055.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHEL 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-10126, CVE-2019-3846: Heap overflow when parsing fields in Marvell WiFi-Ex driver.

A missing check on user input when parsing BSS and IE in Marvell
WiFi-Ex driver could let a local attacker cause a heap overflow and a
denial-of-service.


* CVE-2018-20856: Use-after-free in block device core.

A failure to initialize part of a structure in the block device allocation
path can lead to a use-after-free of certain kernel structures, which can
result in a kernel panic. This could be used to cause a denial of service.


* CVE-2019-9506: Information disclosure when transmitting over bluetooth.

The Bluetooth BR/EDR specification permits sufficiently low encryption key
length and does not prevent an attacker from influencing the key length
negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.

This is the fix in kernel to disallow arbitrarily short encryption key.
However, the actual bug is in the protocol so we encourage customers to
also upgrade the firmware on their bluetooth device.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4812)

Synopsis: ELSA-2019-4812 can now be patched using Ksplice
CVEs: CVE-2011-5327 CVE-2019-14283

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4812.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4812.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-14283: Denial-of-service in floppy disk geometry setting during insertion.

Missing input validation in the floppy disk geometry setting calls could
allow a malicious local user with access to the floppy device to cause
an out-of-bounds access either crashing the system or leaking the
contents of kernel memory.

Orabug: 30318221


* CVE-2011-5327: Denial-of-service when using TCM Virtual SAS target and Linux/SCSI LDD fabric loopback module.

A logic error when using TCM Virtual SAS target and Linux/SCSI LDD
fabric loopback module could lead to an out-of-bounds access. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 30254296

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.