Oracle Linux 6265 Published by

The following Oracle Linux security updates are now available:

ELSA-2023-7749 Important: Oracle Linux 9 kernel security update
ELBA-2023-7752 Oracle Linux 9 sssd bug fix update
ELBA-2023-7751 Oracle Linux 9 policycoreutils bug fix and enhancement update
ELBA-2023-13060 Oracle Linux 9 squid bug fix update
ELEA-2023-7251 Oracle Linux 9 microcode_ctl bug fix and enhancement update
ELBA-2023-7758 Oracle Linux 9 osbuild-composer bug fix update
ELBA-2023-7757 Oracle Linux 9 net-snmp bug fix update
ELBA-2023-13000 Oracle Linux 9 util-linux bug fix update
ELBA-2023-13062 Oracle Linux 9 gdb bug fix update
ELSA-2023-7884 Important: Oracle Linux 8 postgresql:15 security update
ELEA-2023-7250 Oracle Linux 8 microcode_ctl bug fix and enhancement update
ELEA-2023-7283 Oracle Linux 7 microcode_ctl bug fix and enhancement update



ELSA-2023-7749 Important: Oracle Linux 9 kernel security update


Oracle Linux Security Advisory ELSA-2023-7749

http://linux.oracle.com/errata/ELSA-2023-7749.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.2.0-362.13.1.el9_3.x86_64.rpm
kernel-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-abi-stablelists-5.14.0-362.13.1.el9_3.noarch.rpm
kernel-core-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-core-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-devel-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-devel-matched-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-modules-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-modules-core-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-debug-modules-extra-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-devel-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-devel-matched-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-doc-5.14.0-362.13.1.el9_3.noarch.rpm
kernel-headers-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-modules-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-modules-core-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-modules-extra-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-tools-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-tools-libs-5.14.0-362.13.1.el9_3.x86_64.rpm
perf-5.14.0-362.13.1.el9_3.x86_64.rpm
python3-perf-5.14.0-362.13.1.el9_3.x86_64.rpm
rtla-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-cross-headers-5.14.0-362.13.1.el9_3.x86_64.rpm
kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.x86_64.rpm

aarch64:
bpftool-7.2.0-362.13.1.el9_3.aarch64.rpm
kernel-headers-5.14.0-362.13.1.el9_3.aarch64.rpm
kernel-tools-5.14.0-362.13.1.el9_3.aarch64.rpm
kernel-tools-libs-5.14.0-362.13.1.el9_3.aarch64.rpm
perf-5.14.0-362.13.1.el9_3.aarch64.rpm
python3-perf-5.14.0-362.13.1.el9_3.aarch64.rpm
kernel-cross-headers-5.14.0-362.13.1.el9_3.aarch64.rpm
kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-362.13.1.el9_3.src.rpm

Related CVEs:

CVE-2023-1192
CVE-2023-5345
CVE-2023-20569
CVE-2023-45871

Description of changes:

[5.14.0-362.13.1.el9_3.OL9]
- x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Josh Poimboeuf) {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569}
- objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Jim Cromie) {CVE-2023-20569}



ELBA-2023-7752 Oracle Linux 9 sssd bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-7752

http://linux.oracle.com/errata/ELBA-2023-7752.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libipa_hbac-2.9.1-4.0.1.el9_3.1.i686.rpm
libipa_hbac-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_autofs-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_certmap-2.9.1-4.0.1.el9_3.1.i686.rpm
libsss_certmap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_idmap-2.9.1-4.0.1.el9_3.1.i686.rpm
libsss_idmap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_nss_idmap-2.9.1-4.0.1.el9_3.1.i686.rpm
libsss_nss_idmap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_simpleifp-2.9.1-4.0.1.el9_3.1.i686.rpm
libsss_simpleifp-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_sudo-2.9.1-4.0.1.el9_3.1.x86_64.rpm
python3-libipa_hbac-2.9.1-4.0.1.el9_3.1.x86_64.rpm
python3-libsss_nss_idmap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
python3-sss-2.9.1-4.0.1.el9_3.1.x86_64.rpm
python3-sss-murmur-2.9.1-4.0.1.el9_3.1.x86_64.rpm
python3-sssdconfig-2.9.1-4.0.1.el9_3.1.noarch.rpm
sssd-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-ad-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-client-2.9.1-4.0.1.el9_3.1.i686.rpm
sssd-client-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-common-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-common-pac-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-dbus-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-idp-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-ipa-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-kcm-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-krb5-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-krb5-common-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-ldap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-nfs-idmap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-polkit-rules-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-proxy-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-tools-2.9.1-4.0.1.el9_3.1.x86_64.rpm
sssd-winbind-idmap-2.9.1-4.0.1.el9_3.1.x86_64.rpm
libsss_nss_idmap-devel-2.9.1-4.0.1.el9_3.1.i686.rpm
libsss_nss_idmap-devel-2.9.1-4.0.1.el9_3.1.x86_64.rpm

aarch64:
libipa_hbac-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_autofs-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_certmap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_idmap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_nss_idmap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_simpleifp-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_sudo-2.9.1-4.0.1.el9_3.1.aarch64.rpm
python3-libipa_hbac-2.9.1-4.0.1.el9_3.1.aarch64.rpm
python3-libsss_nss_idmap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
python3-sss-2.9.1-4.0.1.el9_3.1.aarch64.rpm
python3-sss-murmur-2.9.1-4.0.1.el9_3.1.aarch64.rpm
python3-sssdconfig-2.9.1-4.0.1.el9_3.1.noarch.rpm
sssd-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-ad-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-client-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-common-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-common-pac-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-dbus-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-idp-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-ipa-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-kcm-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-krb5-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-krb5-common-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-ldap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-nfs-idmap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-polkit-rules-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-proxy-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-tools-2.9.1-4.0.1.el9_3.1.aarch64.rpm
sssd-winbind-idmap-2.9.1-4.0.1.el9_3.1.aarch64.rpm
libsss_nss_idmap-devel-2.9.1-4.0.1.el9_3.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//sssd-2.9.1-4.0.1.el9_3.1.src.rpm

Description of changes:

[2.9.1-4.0.1.1]
- HANA validation on RHEL 9.2 issue possibly related to libc/nss_sss behaviour.



ELBA-2023-7751 Oracle Linux 9 policycoreutils bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2023-7751

http://linux.oracle.com/errata/ELBA-2023-7751.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
policycoreutils-3.5-3.el9_3.x86_64.rpm
policycoreutils-dbus-3.5-3.el9_3.noarch.rpm
policycoreutils-devel-3.5-3.el9_3.i686.rpm
policycoreutils-devel-3.5-3.el9_3.x86_64.rpm
policycoreutils-gui-3.5-3.el9_3.noarch.rpm
policycoreutils-newrole-3.5-3.el9_3.x86_64.rpm
policycoreutils-python-utils-3.5-3.el9_3.noarch.rpm
policycoreutils-restorecond-3.5-3.el9_3.x86_64.rpm
policycoreutils-sandbox-3.5-3.el9_3.x86_64.rpm
python3-policycoreutils-3.5-3.el9_3.noarch.rpm

aarch64:
policycoreutils-3.5-3.el9_3.aarch64.rpm
policycoreutils-dbus-3.5-3.el9_3.noarch.rpm
policycoreutils-devel-3.5-3.el9_3.aarch64.rpm
policycoreutils-gui-3.5-3.el9_3.noarch.rpm
policycoreutils-newrole-3.5-3.el9_3.aarch64.rpm
policycoreutils-python-utils-3.5-3.el9_3.noarch.rpm
policycoreutils-restorecond-3.5-3.el9_3.aarch64.rpm
policycoreutils-sandbox-3.5-3.el9_3.aarch64.rpm
python3-policycoreutils-3.5-3.el9_3.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//policycoreutils-3.5-3.el9_3.src.rpm

Description of changes:

[3.5-3]
- Update translations
https://translate.fedoraproject.org/projects/selinux/



ELBA-2023-13060 Oracle Linux 9 squid bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-13060

http://linux.oracle.com/errata/ELBA-2023-13060.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
squid-5.5-6.0.1.el9_3.2.x86_64.rpm

aarch64:
squid-5.5-6.0.1.el9_3.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//squid-5.5-6.0.1.el9_3.2.src.rpm

Description of changes:

[7:5.5-6.0.1.el9_3.2]
- Fix Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" [Orabug: 36109804]



ELEA-2023-7251 Oracle Linux 9 microcode_ctl bug fix and enhancement update


Oracle Linux Enhancement Advisory ELEA-2023-7251

http://linux.oracle.com/errata/ELEA-2023-7251.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
microcode_ctl-20231114-0.1.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//microcode_ctl-20231114-0.1.el9.src.rpm

Description of changes:

[4:20231114-0.1]
- update microcode to Intel 20231114 release
- elide patches on top of Intel's release notes; ship them as-is
- add support for UEK8 [Orabug: 35888087]



ELBA-2023-7758 Oracle Linux 9 osbuild-composer bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-7758

http://linux.oracle.com/errata/ELBA-2023-7758.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-88.2-1.el9_3.x86_64.rpm
osbuild-composer-core-88.2-1.el9_3.x86_64.rpm
osbuild-composer-dnf-json-88.2-1.el9_3.x86_64.rpm
osbuild-composer-worker-88.2-1.el9_3.x86_64.rpm

aarch64:
osbuild-composer-88.2-1.el9_3.aarch64.rpm
osbuild-composer-core-88.2-1.el9_3.aarch64.rpm
osbuild-composer-dnf-json-88.2-1.el9_3.aarch64.rpm
osbuild-composer-worker-88.2-1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//osbuild-composer-88.2-1.el9_3.src.rpm

Description of changes:

[88.2-1]
- Update to upstream 88.2



ELBA-2023-7757 Oracle Linux 9 net-snmp bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-7757

http://linux.oracle.com/errata/ELBA-2023-7757.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
net-snmp-5.9.1-11.0.3.el9_3.1.x86_64.rpm
net-snmp-agent-libs-5.9.1-11.0.3.el9_3.1.i686.rpm
net-snmp-agent-libs-5.9.1-11.0.3.el9_3.1.x86_64.rpm
net-snmp-devel-5.9.1-11.0.3.el9_3.1.i686.rpm
net-snmp-devel-5.9.1-11.0.3.el9_3.1.x86_64.rpm
net-snmp-libs-5.9.1-11.0.3.el9_3.1.i686.rpm
net-snmp-libs-5.9.1-11.0.3.el9_3.1.x86_64.rpm
net-snmp-perl-5.9.1-11.0.3.el9_3.1.x86_64.rpm
net-snmp-utils-5.9.1-11.0.3.el9_3.1.x86_64.rpm
python3-net-snmp-5.9.1-11.0.3.el9_3.1.x86_64.rpm

aarch64:
net-snmp-5.9.1-11.0.3.el9_3.1.aarch64.rpm
net-snmp-agent-libs-5.9.1-11.0.3.el9_3.1.aarch64.rpm
net-snmp-devel-5.9.1-11.0.3.el9_3.1.aarch64.rpm
net-snmp-libs-5.9.1-11.0.3.el9_3.1.aarch64.rpm
net-snmp-perl-5.9.1-11.0.3.el9_3.1.aarch64.rpm
net-snmp-utils-5.9.1-11.0.3.el9_3.1.aarch64.rpm
python3-net-snmp-5.9.1-11.0.3.el9_3.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//net-snmp-5.9.1-11.0.3.el9_3.1.src.rpm

Description of changes:

[1:5.9.1-11.0.3.1]
- fix message severity issue (RHEL-13960)

[1:5.9.1-11.0.2]
- add support for SQLite db backend of rpmdb [Orabug: 36076497]



ELBA-2023-13000 Oracle Linux 9 util-linux bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-13000

http://linux.oracle.com/errata/ELBA-2023-13000.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libblkid-2.37.4-15.0.1.el9.i686.rpm
libblkid-2.37.4-15.0.1.el9.x86_64.rpm
libfdisk-2.37.4-15.0.1.el9.i686.rpm
libfdisk-2.37.4-15.0.1.el9.x86_64.rpm
libmount-2.37.4-15.0.1.el9.i686.rpm
libmount-2.37.4-15.0.1.el9.x86_64.rpm
libsmartcols-2.37.4-15.0.1.el9.i686.rpm
libsmartcols-2.37.4-15.0.1.el9.x86_64.rpm
libuuid-2.37.4-15.0.1.el9.i686.rpm
libuuid-2.37.4-15.0.1.el9.x86_64.rpm
util-linux-2.37.4-15.0.1.el9.x86_64.rpm
util-linux-core-2.37.4-15.0.1.el9.x86_64.rpm
util-linux-user-2.37.4-15.0.1.el9.x86_64.rpm
libblkid-devel-2.37.4-15.0.1.el9.i686.rpm
libblkid-devel-2.37.4-15.0.1.el9.x86_64.rpm
libmount-devel-2.37.4-15.0.1.el9.i686.rpm
libmount-devel-2.37.4-15.0.1.el9.x86_64.rpm
libuuid-devel-2.37.4-15.0.1.el9.i686.rpm
libuuid-devel-2.37.4-15.0.1.el9.x86_64.rpm
python3-libmount-2.37.4-15.0.1.el9.x86_64.rpm
uuidd-2.37.4-15.0.1.el9.x86_64.rpm
libfdisk-devel-2.37.4-15.0.1.el9.i686.rpm
libfdisk-devel-2.37.4-15.0.1.el9.x86_64.rpm
libsmartcols-devel-2.37.4-15.0.1.el9.i686.rpm
libsmartcols-devel-2.37.4-15.0.1.el9.x86_64.rpm

aarch64:
libblkid-2.37.4-15.0.1.el9.aarch64.rpm
libfdisk-2.37.4-15.0.1.el9.aarch64.rpm
libmount-2.37.4-15.0.1.el9.aarch64.rpm
libsmartcols-2.37.4-15.0.1.el9.aarch64.rpm
libuuid-2.37.4-15.0.1.el9.aarch64.rpm
util-linux-2.37.4-15.0.1.el9.aarch64.rpm
util-linux-core-2.37.4-15.0.1.el9.aarch64.rpm
util-linux-user-2.37.4-15.0.1.el9.aarch64.rpm
libblkid-devel-2.37.4-15.0.1.el9.aarch64.rpm
libmount-devel-2.37.4-15.0.1.el9.aarch64.rpm
libuuid-devel-2.37.4-15.0.1.el9.aarch64.rpm
python3-libmount-2.37.4-15.0.1.el9.aarch64.rpm
uuidd-2.37.4-15.0.1.el9.aarch64.rpm
libfdisk-devel-2.37.4-15.0.1.el9.aarch64.rpm
libsmartcols-devel-2.37.4-15.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//util-linux-2.37.4-15.0.1.el9.src.rpm

Description of changes:

[2.37.4-15.0.1]
- Orabug 35995271 - report lost loop device



ELBA-2023-13062 Oracle Linux 9 gdb bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-13062

http://linux.oracle.com/errata/ELBA-2023-13062.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
gdb-10.2-11.0.3.el9.x86_64.rpm
gdb-doc-10.2-11.0.3.el9.noarch.rpm
gdb-gdbserver-10.2-11.0.3.el9.x86_64.rpm
gdb-headless-10.2-11.0.3.el9.x86_64.rpm
gdb-minimal-10.2-11.0.3.el9.x86_64.rpm

aarch64:
gdb-10.2-11.0.3.el9.aarch64.rpm
gdb-doc-10.2-11.0.3.el9.noarch.rpm
gdb-gdbserver-10.2-11.0.3.el9.aarch64.rpm
gdb-headless-10.2-11.0.3.el9.aarch64.rpm
gdb-minimal-10.2-11.0.3.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//gdb-10.2-11.0.3.el9.src.rpm

Description of changes:

[10.2-11.0.3]
- OraBug 35407694 Interrupting pstack with ctrl+c prompts for a kill even if process is not spawned by gdb
Reviewed-by: Jose E. Marchesi



ELSA-2023-7884 Important: Oracle Linux 8 postgresql:15 security update


Oracle Linux Security Advisory ELSA-2023-7884

http://linux.oracle.com/errata/ELSA-2023-7884.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-contrib-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-docs-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-plperl-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-plpython3-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-pltcl-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-private-devel-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-private-libs-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-server-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-server-devel-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-static-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-test-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-test-rpm-macros-15.5-1.module+el8.9.0+90110+d8a562d5.noarch.rpm
postgresql-upgrade-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm
postgresql-upgrade-devel-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm

aarch64:
pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-contrib-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-docs-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-plperl-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-plpython3-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-pltcl-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-private-devel-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-private-libs-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-server-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-server-devel-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-static-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-test-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-test-rpm-macros-15.5-1.module+el8.9.0+90110+d8a562d5.noarch.rpm
postgresql-upgrade-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm
postgresql-upgrade-devel-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//postgresql-15.5-1.module+el8.9.0+90110+d8a562d5.src.rpm

Related CVEs:

CVE-2023-5868
CVE-2023-5869
CVE-2023-5870
CVE-2023-39417
CVE-2023-39418

Description of changes:

pgaudit
[1.7.0-1]
- Update to 1.7.0
- Support postgresql 15
- Related: #2128241

[1.5.0-1]
- Update to version 1.5.0
Related: #1855776

pg_repack
[1.4.8-1]
- Update to version 1.4.8
- Postgresql 15 is supported
- Related: #2128241

[1.4.6-4]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

postgres-decoderbufs
postgresql
[15.5-1]
- Update to upstream version 15.5
- Fixes: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418
- Resolves: RHEL-16088 RHEL-16135 RHEL-16137



ELEA-2023-7250 Oracle Linux 8 microcode_ctl bug fix and enhancement update


Oracle Linux Enhancement Advisory ELEA-2023-7250

http://linux.oracle.com/errata/ELEA-2023-7250.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
microcode_ctl-20231114-0.1.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//microcode_ctl-20231114-0.1.el8.src.rpm

Description of changes:

[4:20231114-0.1]
- update microcode to Intel 20231114 release
- elide patches on top of Intel's release notes; ship them as-is



ELEA-2023-7283 Oracle Linux 7 microcode_ctl bug fix and enhancement update


Oracle Linux Enhancement Advisory ELEA-2023-7283

http://linux.oracle.com/errata/ELEA-2023-7283.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
microcode_ctl-2.1-73.20.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//microcode_ctl-2.1-73.20.0.1.el7_9.src.rpm

Description of changes:

[2:2.1-73.20.0.1]
- don't bother calling dracut if virtualized [Orabug: 35702409]
- also rebuild initramfs for kernel-ueknano [Orabug: 35698043]
- ensure UEK also rebuilds initramfs [Orabug: 34280052]
- for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727]
- set early_microcode="no" in virtualized guests to avoid early load bugs [Orabug: 30618736]
- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*
- enable early and late load for 5.4.17-*
- enable early loading for 06-4f-01 caveat
- remove no longer appropriate caveats for 06-2d-07 and 06-55-04

[2:2.1-73.20]
- Update Intel CPU microcode to microcode-20231009 release, addresses
CVE-2023-23583 (RHEL-3920):
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xac up to 0xb4;
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003a5
up to 0xd0003b9;
- Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000230
up to 0x1000268;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xbc
up to 0xc2;
- Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x2c up
to 0x34;
- Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x46 up
to 0x4e;
- Update of 06-8f-04/0x10 microcode from revision 0x2c000271 up to
0x2c000290;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode from revision
0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-04) from revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-04) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-04) from
revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-04) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-04) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-04) from revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-04) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision
0x2c000271 up to 0x2c000290;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b0004b1
up to 0x2b0004d0;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-05) from revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from
revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-06) from revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-06/0x10 microcode from revision 0x2c000271 up to
0x2c000290;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b0004b1
up to 0x2b0004d0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-06) from revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-08) from
revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-08) from revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-08) from
revision 0x2c000271 up to 0x2c000290;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004b1 up to 0x2b0004d0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode from revision
0x2c000271 up to 0x2c000290;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision
0x2b0004b1 up to 0x2b0004d0;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x2e up to 0x32;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x2e up to 0x32;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x2e up to 0x32;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x2e up to 0x32;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x2e up to 0x32;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x2e
up to 0x32;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x2e up to 0x32;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x2e up to 0x32;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x42c up to 0x430;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x42c up to 0x430;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x42c up to 0x430;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x42c
up to 0x430;
- Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x4 up
to 0x5;
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x59 up
to 0x5d;
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x119 up
to 0x11d;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4119 up to 0x411c;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4119 up to 0x411c;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4119 up to 0x411c;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4119
up to 0x411c;
- Update of 06-be-00/0x11 (ADL-N A0) microcode from revision 0x11 up
to 0x12;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x2e up to 0x32;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x2e up to 0x32;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x2e up
to 0x32;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x2e up to 0x32;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x2e up to 0x32;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x2e up to 0x32;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x2e up to 0x32;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x2e up
to 0x32.