Oracle Linux 6277 Published by

The following updates have been released for Oracle Linux:

ELBA-2024-12595 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update
ELBA-2024-5691 Oracle Linux 9 ca-certificates bug fix and enhancement update
ELSA-2024-5693 Important: Oracle Linux 9 tomcat security update
ELBA-2024-12595 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update
ELBA-2024-12595 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update




ELBA-2024-12595 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12595

http://linux.oracle.com/errata/ELBA-2024-12595.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-209.161.7.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-209.161.7.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-209.161.7.2.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-209.161.7.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-209.161.7.2.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-209.161.7.2.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-209.161.7.2.el8uek.src.rpm

Description of changes:

[5.15.0-209.161.7.2.el8uek]
- KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: Allow APICv APIC ID inhibit to be cleared (Greg Edwards) [Orabug: 36967641]



ELBA-2024-5691 Oracle Linux 9 ca-certificates bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-5691

http://linux.oracle.com/errata/ELBA-2024-5691.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch.rpm

aarch64:
ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.src.rpm

Description of changes:

[2024.2.69_v8.0.303-91.4]
- update-ca-trust: return warnings on a unsupported argument instead of error

[2024.2.69_v8.0.303-91.3]
- Temporarily generate the directory-hash files in %install ...(next item)
- Add list of ghost files from directory-hash to %files

[2024.2.69_v8.0.303-91.2]
- Remove write permissions from directory-hash

[2024.2.69_v8.0.303-91.1]
- Reduce dependency on p11-kit to only the trust subpackage
- Own the Directory-hash directory

[2024.2.69_v8.0.303-91.0]
- Fix release number

[2024.2.69_v8.0.303-91]
- Update to CKBI 2.69_v8.0.303 from NSS 3.101.1
- GLOBALTRUST 2020 root CA certificate set CKA_NSS_{SERVER|EMAIL}_DISTRUST_AFTER

[2024.2.68_v8.0.302-91]
- Update to CKBI 2.68_v8.0.302 from NSS 3.101
- Removing:
- # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
- # Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
- # Certificate "Security Communication Root CA"
- # Certificate "Camerfirma Chambers of Commerce Root"
- # Certificate "Hongkong Post Root CA 1"
- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
- # Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
- # Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
- # Certificate "TrustCor RootCert CA-1"
- # Certificate "TrustCor RootCert CA-2"
- # Certificate "TrustCor ECA-1"
- # Certificate "FNMT-RCM"
- Adding:
- # Certificate "LAWtrust Root CA2 (4096)"
- # Certificate "Sectigo Public Email Protection Root E46"
- # Certificate "Sectigo Public Email Protection Root R46"
- # Certificate "Sectigo Public Server Authentication Root E46"
- # Certificate "Sectigo Public Server Authentication Root R46"
- # Certificate "SSL.com TLS RSA Root CA 2022"
- # Certificate "SSL.com TLS ECC Root CA 2022"
- # Certificate "SSL.com Client ECC Root CA 2022"
- # Certificate "SSL.com Client RSA Root CA 2022"
- # Certificate "Atos TrustedRoot Root CA ECC G2 2020"
- # Certificate "Atos TrustedRoot Root CA RSA G2 2020"
- # Certificate "Atos TrustedRoot Root CA ECC TLS 2021"
- # Certificate "Atos TrustedRoot Root CA RSA TLS 2021"
- # Certificate "TrustAsia Global Root CA G3"
- # Certificate "TrustAsia Global Root CA G4"
- # Certificate "CommScope Public Trust ECC Root-01"
- # Certificate "CommScope Public Trust ECC Root-02"
- # Certificate "CommScope Public Trust RSA Root-01"
- # Certificate "CommScope Public Trust RSA Root-02"
- # Certificate "D-Trust SBR Root CA 1 2022"
- # Certificate "D-Trust SBR Root CA 2 2022"
- # Certificate "Telekom Security SMIME ECC Root 2021"
- # Certificate "Telekom Security TLS ECC Root 2020"
- # Certificate "Telekom Security SMIME RSA Root 2023"
- # Certificate "Telekom Security TLS RSA Root 2023"
- # Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
- # Certificate "SECOM Trust.net"
- # Certificate "Chambers of Commerce Root"
- # Certificate "VeriSign Class 2 Public Primary Certification Authority - G3"
- # Certificate "SSL.com Code Signing RSA Root CA 2022"
- # Certificate "SSL.com Code Signing ECC Root CA 2022"

[2024.2.68_v8.0.302-91.0]
- update-ca-trust: Fix bug in update-ca-trust so we don't depened on util-unix

[2024.2.68_v8.0.302-91.0]
- Skip %post if getopt is missing (recent change made update-ca-trust use it)

[2024.2.68_v8.0.302-91.0]
- update-ca-trust: Support --output and non-root operation (rhbz#2241240)

[2024.2.68_v8.0.302-91.0]
- update License: field to SPDX



ELSA-2024-5693 Important: Oracle Linux 9 tomcat security update


Oracle Linux Security Advisory ELSA-2024-5693

http://linux.oracle.com/errata/ELSA-2024-5693.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
tomcat-9.0.87-1.el9_4.2.noarch.rpm
tomcat-admin-webapps-9.0.87-1.el9_4.2.noarch.rpm
tomcat-docs-webapp-9.0.87-1.el9_4.2.noarch.rpm
tomcat-el-3.0-api-9.0.87-1.el9_4.2.noarch.rpm
tomcat-jsp-2.3-api-9.0.87-1.el9_4.2.noarch.rpm
tomcat-lib-9.0.87-1.el9_4.2.noarch.rpm
tomcat-servlet-4.0-api-9.0.87-1.el9_4.2.noarch.rpm
tomcat-webapps-9.0.87-1.el9_4.2.noarch.rpm

aarch64:
tomcat-9.0.87-1.el9_4.2.noarch.rpm
tomcat-admin-webapps-9.0.87-1.el9_4.2.noarch.rpm
tomcat-docs-webapp-9.0.87-1.el9_4.2.noarch.rpm
tomcat-el-3.0-api-9.0.87-1.el9_4.2.noarch.rpm
tomcat-jsp-2.3-api-9.0.87-1.el9_4.2.noarch.rpm
tomcat-lib-9.0.87-1.el9_4.2.noarch.rpm
tomcat-servlet-4.0-api-9.0.87-1.el9_4.2.noarch.rpm
tomcat-webapps-9.0.87-1.el9_4.2.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//tomcat-9.0.87-1.el9_4.2.src.rpm

Related CVEs:

CVE-2024-34750

Description of changes:

[1:9.0.87-1.el9_4.2]
- Resolves: RHEL-46162
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)



ELBA-2024-12595 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12595

http://linux.oracle.com/errata/ELBA-2024-12595.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-209.161.7.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-209.161.7.2.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-209.161.7.2.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-209.161.7.2.el9uek.src.rpm

Description of changes:

[5.15.0-209.161.7.2.el9uek]
- KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: Allow APICv APIC ID inhibit to be cleared (Greg Edwards) [Orabug: 36967641]



ELBA-2024-12595 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12595

http://linux.oracle.com/errata/ELBA-2024-12595.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-209.161.7.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-209.161.7.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-209.161.7.2.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-209.161.7.2.el9uek.src.rpm

Description of changes:

[5.15.0-209.161.7.2.el9uek]
- KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [Orabug: 36967640]
- KVM: x86: Allow APICv APIC ID inhibit to be cleared (Greg Edwards) [Orabug: 36967641]