Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-4247 Oracle Linux 6 rhn-client-tools bug fix update
ELSA-2018-2916 Important: Oracle Linux 7 spamassassin security update (aarch64)
ELSA-2018-4246 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
ELSA-2018-4248 Important: Oracle Linux 6 openssl security update
ELSA-2018-4249 Important: Oracle Linux 7 openssl security update
ELSA-2018-4250 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update



ELBA-2018-4247 Oracle Linux 6 rhn-client-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-4247

http://linux.oracle.com/errata/ELBA-2018-4247.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
rhn-check-1.0.0.1-45.0.4.el6.noarch.rpm
rhn-client-tools-1.0.0.1-45.0.4.el6.noarch.rpm
rhn-setup-1.0.0.1-45.0.4.el6.noarch.rpm
rhn-setup-gnome-1.0.0.1-45.0.4.el6.noarch.rpm

x86_64:
rhn-check-1.0.0.1-45.0.4.el6.noarch.rpm
rhn-client-tools-1.0.0.1-45.0.4.el6.noarch.rpm
rhn-setup-1.0.0.1-45.0.4.el6.noarch.rpm
rhn-setup-gnome-1.0.0.1-45.0.4.el6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/rhn-client-tools-1.0.0.1-45.0.4.el6.src.rpm



Description of changes:

[1.0.0.1-45.0.4]
- Fixed repo name for oci [Bug 27526493]


ELSA-2018-2916 Important: Oracle Linux 7 spamassassin security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-2916

http://linux.oracle.com/errata/ELSA-2018-2916.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
spamassassin-3.4.0-4.el7_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/spamassassin-3.4.0-4.el7_5.src.rpm



Description of changes:

[3.4.0-4]
- Add missing Requires for perl(XSLoader) and perl(ExtUtils::MakeMaker),
- which are no longer auto-generated due to a (expected) change in rpm-build
- Related: rhbz#1632998

[3.4.0-3]
- Fix CVE-2018-11781 - Local user code injection in the meta rule syntax
- Fix CVE-2017-15705 - Certain unclosed tags in crafted emails allow for
- scan timeouts and resulting denial of service
- Resolves: rhbz#1632998

ELSA-2018-4246 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4246

http://linux.oracle.com/errata/ELSA-2018-4246.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.302.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.302.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.302.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.302.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.302.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.302.1.el5uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.302.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.302.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.302.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.302.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.302.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.302.1.el5uek.x86_64.rpm



Description of changes:

[2.6.39-400.302.1.el5uek]
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459479] {CVE-2018-13405}
- ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459730]
{CVE-2018-7566}
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map
(Håkon Bugge) [Orabug: 28539910] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664549] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664580] {CVE-2017-13695}
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug:
28710024] {CVE-2018-14634}

ELSA-2018-4248 Important: Oracle Linux 6 openssl security update

Oracle Linux Security Advisory ELSA-2018-4248

http://linux.oracle.com/errata/ELSA-2018-4248.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
openssl-1.0.1e-57.0.6.el6.i686.rpm
openssl-devel-1.0.1e-57.0.6.el6.i686.rpm
openssl-perl-1.0.1e-57.0.6.el6.i686.rpm
openssl-static-1.0.1e-57.0.6.el6.i686.rpm

x86_64:
openssl-1.0.1e-57.0.6.el6.i686.rpm
openssl-1.0.1e-57.0.6.el6.x86_64.rpm
openssl-devel-1.0.1e-57.0.6.el6.i686.rpm
openssl-devel-1.0.1e-57.0.6.el6.x86_64.rpm
openssl-perl-1.0.1e-57.0.6.el6.x86_64.rpm
openssl-static-1.0.1e-57.0.6.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/openssl-1.0.1e-57.0.6.el6.src.rpm



Description of changes:

[1.0.1e-57.0.6]
- Oracle bug 28730228: backport CVE-2018-0732
- Oracle bug 28758493: backport CVE-2018-0737

ELSA-2018-4249 Important: Oracle Linux 7 openssl security update

Oracle Linux Security Advisory ELSA-2018-4249

http://linux.oracle.com/errata/ELSA-2018-4249.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
openssl-1.0.2k-12.0.3.el7.x86_64.rpm
openssl-devel-1.0.2k-12.0.3.el7.i686.rpm
openssl-devel-1.0.2k-12.0.3.el7.x86_64.rpm
openssl-libs-1.0.2k-12.0.3.el7.i686.rpm
openssl-libs-1.0.2k-12.0.3.el7.x86_64.rpm
openssl-perl-1.0.2k-12.0.3.el7.x86_64.rpm
openssl-static-1.0.2k-12.0.3.el7.i686.rpm
openssl-static-1.0.2k-12.0.3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/openssl-1.0.2k-12.0.3.el7.src.rpm



Description of changes:

[1.0.2k-12.0.3]
- Oracle bug 28672370: backport CVE-2018-0732
- Oracle bug 28672351: backport CVE-2018-0737

ELSA-2018-4250 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4250

http://linux.oracle.com/errata/ELSA-2018-4250.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.302.2.el6uek.i686.rpm
kernel-uek-debug-2.6.39-400.302.2.el6uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.302.2.el6uek.i686.rpm
kernel-uek-devel-2.6.39-400.302.2.el6uek.i686.rpm
kernel-uek-doc-2.6.39-400.302.2.el6uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.302.2.el6uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.302.2.el6uek.noarch.rpm
kernel-uek-doc-2.6.39-400.302.2.el6uek.noarch.rpm
kernel-uek-2.6.39-400.302.2.el6uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.302.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.302.2.el6uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.302.2.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39-400.302.2.el6uek.src.rpm



Description of changes:

[2.6.39-400.302.2.el6uek]
- Revert "Fix up non-directory creation in SGID directories" (Brian
Maly) [Orabug: 28781234]

[2.6.39-400.302.1.el6uek]
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459479] {CVE-2018-13405}
- ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459730]
{CVE-2018-7566}
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map
(Håkon Bugge) [Orabug: 28539910] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664549] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664580] {CVE-2017-13695}
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug:
28710024] {CVE-2018-14634}