KRB5, Freeradius, Grafana, and more updates for Oracle Linux

Oracle Linux 6242 Published 2024-10-02 06:39 by Philipp Esselbach

News

Oracle Linux has issued several updates, including a bug fix and enhancement for ca-certificates, a krb5 security update, a freeradius security update, a grafana security update, a 389-ds-base security update, a kernel security update, a freeradius security update, a systemd bug fix update, and a ca-certificates update:

ELBA-2024-5837 Oracle Linux 7 ca-certificates bug fix and enhancement update (aarch64)
ELSA-2024-5076 Moderate: Oracle Linux 7 krb5 security update
ELSA-2024-4911 Important: Oracle Linux 7 freeradius security update (aarch64)
ELSA-2024-7349 Moderate: Oracle Linux 8 grafana security update
ELSA-2024-6153 Moderate: Oracle Linux 7 389-ds-base security update (aarch64)
ELSA-2024-6153 Moderate: Oracle Linux 7 389-ds-base security update
ELSA-2024-6994 Important: Oracle Linux 7 kernel security update
ELSA-2024-4911 Important: Oracle Linux 7 freeradius security update
ELBA-2024-12706 Oracle Linux 7 systemd bug fix update
ELBA-2024-5837 Oracle Linux 7 ca-certificates bug fix and enhancement update

ELBA-2024-5837 Oracle Linux 7 ca-certificates bug fix and enhancement update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2024-5837

http://linux.oracle.com/errata/ELBA-2024-5837.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
ca-certificates-2024.2.69_v8.0.303-71.0.1.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//ca-certificates-2024.2.69_v8.0.303-71.0.1.el7_9.src.rpm

Description of changes:

[2024.2.69_v8.0.303-71.0.1]
- Update to CKBI 2.69_v8.0.303 from NSS 3.101.1 [Orabug: 36990889]
- Removing:
- # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
- # Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
- # Certificate "Security Communication Root CA"
- # Certificate "Camerfirma Chambers of Commerce Root"
- # Certificate "Hongkong Post Root CA 1"
- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
- # Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
- # Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
- # Certificate "TrustCor RootCert CA-1"
- # Certificate "TrustCor RootCert CA-2"
- # Certificate "TrustCor ECA-1"
- # Certificate "FNMT-RCM"
- Adding:
- # Certificate "LAWtrust Root CA2 (4096)"
- # Certificate "Sectigo Public Email Protection Root E46"
- # Certificate "Sectigo Public Email Protection Root R46"
- # Certificate "Sectigo Public Server Authentication Root E46"
- # Certificate "Sectigo Public Server Authentication Root R46"
- # Certificate "SSL.com TLS RSA Root CA 2022"
- # Certificate "SSL.com TLS ECC Root CA 2022"
- # Certificate "SSL.com Client ECC Root CA 2022"
- # Certificate "SSL.com Client RSA Root CA 2022"
- # Certificate "Atos TrustedRoot Root CA ECC G2 2020"
- # Certificate "Atos TrustedRoot Root CA RSA G2 2020"
- # Certificate "Atos TrustedRoot Root CA ECC TLS 2021"
- # Certificate "Atos TrustedRoot Root CA RSA TLS 2021"
- # Certificate "TrustAsia Global Root CA G3"
- # Certificate "TrustAsia Global Root CA G4"
- # Certificate "CommScope Public Trust ECC Root-01"
- # Certificate "CommScope Public Trust ECC Root-02"
- # Certificate "CommScope Public Trust RSA Root-01"
- # Certificate "CommScope Public Trust RSA Root-02"
- # Certificate "D-Trust SBR Root CA 1 2022"
- # Certificate "D-Trust SBR Root CA 2 2022"
- # Certificate "Telekom Security SMIME ECC Root 2021"
- # Certificate "Telekom Security TLS ECC Root 2020"
- # Certificate "Telekom Security SMIME RSA Root 2023"
- # Certificate "Telekom Security TLS RSA Root 2023"
- # Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
- # Certificate "SECOM Trust.net"
- # Certificate "Chambers of Commerce Root"
- # Certificate "VeriSign Class 2 Public Primary Certification Authority - G3"
- # Certificate "SSL.com Code Signing RSA Root CA 2022"
- # Certificate "SSL.com Code Signing ECC Root CA 2022"

ELSA-2024-5076 Moderate: Oracle Linux 7 krb5 security update

Oracle Linux Security Advisory ELSA-2024-5076

http://linux.oracle.com/errata/ELSA-2024-5076.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
krb5-devel-1.15.1-55.0.3.el7_9.i686.rpm
krb5-devel-1.15.1-55.0.3.el7_9.x86_64.rpm
krb5-libs-1.15.1-55.0.3.el7_9.i686.rpm
krb5-libs-1.15.1-55.0.3.el7_9.x86_64.rpm
krb5-pkinit-1.15.1-55.0.3.el7_9.x86_64.rpm
krb5-server-1.15.1-55.0.3.el7_9.x86_64.rpm
krb5-server-ldap-1.15.1-55.0.3.el7_9.x86_64.rpm
krb5-workstation-1.15.1-55.0.3.el7_9.x86_64.rpm
libkadm5-1.15.1-55.0.3.el7_9.i686.rpm
libkadm5-1.15.1-55.0.3.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//krb5-1.15.1-55.0.3.el7_9.src.rpm

Related CVEs:

CVE-2024-37370
CVE-2024-37371

Description of changes:

[1.15.1-55.0.3]
- Length check when parsing GSS token encapsulation [Orabug: 36927256]
- Add a simple DER support header [Orabug: 36927256]
- Fix vulnerabilities in GSS message token handling [Orabug: 36927256]

ELSA-2024-4911 Important: Oracle Linux 7 freeradius security update (aarch64)

Oracle Linux Security Advisory ELSA-2024-4911

http://linux.oracle.com/errata/ELSA-2024-4911.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
freeradius-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-devel-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-doc-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-krb5-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-ldap-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-mysql-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-perl-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-postgresql-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-python-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-sqlite-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-unixODBC-3.0.13-15.0.1.el7.aarch64.rpm
freeradius-utils-3.0.13-15.0.1.el7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//freeradius-3.0.13-15.0.1.el7.src.rpm

Related CVEs:

CVE-2024-3596

Description of changes:

[3.0.13-15.0.1]
- Fixes CVE-2024-3596 security issue [Orabug: 36904288]

ELSA-2024-7349 Moderate: Oracle Linux 8 grafana security update

Oracle Linux Security Advisory ELSA-2024-7349

http://linux.oracle.com/errata/ELSA-2024-7349.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-9.2.10-18.el8_10.x86_64.rpm
grafana-selinux-9.2.10-18.el8_10.x86_64.rpm

aarch64:
grafana-9.2.10-18.el8_10.aarch64.rpm
grafana-selinux-9.2.10-18.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//grafana-9.2.10-18.el8_10.src.rpm

Related CVEs:

CVE-2024-24791

Description of changes:

[9.2.10-18]
- Resolves RHEL-47191

ELSA-2024-6153 Moderate: Oracle Linux 7 389-ds-base security update (aarch64)

Oracle Linux Security Advisory ELSA-2024-6153

http://linux.oracle.com/errata/ELSA-2024-6153.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
389-ds-base-1.3.11.1-5.0.1.el7_9.aarch64.rpm
389-ds-base-libs-1.3.11.1-5.0.1.el7_9.aarch64.rpm
389-ds-base-devel-1.3.11.1-5.0.1.el7_9.aarch64.rpm
389-ds-base-snmp-1.3.11.1-5.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//389-ds-base-1.3.11.1-5.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-5953

Description of changes:

[1.3.11.1-5.0.1]
- Security fix for CVE-2024-5953 [Orabug: 37016708][CVE-2024-5953]

ELSA-2024-6153 Moderate: Oracle Linux 7 389-ds-base security update

Oracle Linux Security Advisory ELSA-2024-6153

http://linux.oracle.com/errata/ELSA-2024-6153.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-1.3.11.1-5.0.1.el7_9.x86_64.rpm
389-ds-base-devel-1.3.11.1-5.0.1.el7_9.x86_64.rpm
389-ds-base-libs-1.3.11.1-5.0.1.el7_9.x86_64.rpm
389-ds-base-snmp-1.3.11.1-5.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//389-ds-base-1.3.11.1-5.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-5953

Description of changes:

[1.3.11.1-5.0.1]
- Security fix for CVE-2024-5953 [Orabug: 37016708][CVE-2024-5953]

ELSA-2024-6994 Important: Oracle Linux 7 kernel security update

Oracle Linux Security Advisory ELSA-2024-6994

http://linux.oracle.com/errata/ELSA-2024-6994.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.5.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.5.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.5.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.5.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-3.10.0-1160.119.1.0.5.el7.src.rpm

Related CVEs:

CVE-2024-41071

Description of changes:

[3.10.0-1160.119.1.0.5.el7.OL7]
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Kees Cook) [Orabug: 37092983]

ELSA-2024-4911 Important: Oracle Linux 7 freeradius security update

Oracle Linux Security Advisory ELSA-2024-4911

http://linux.oracle.com/errata/ELSA-2024-4911.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
freeradius-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-devel-3.0.13-15.0.1.el7.i686.rpm
freeradius-devel-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-doc-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-krb5-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-ldap-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-mysql-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-perl-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-postgresql-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-python-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-sqlite-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-unixODBC-3.0.13-15.0.1.el7.x86_64.rpm
freeradius-utils-3.0.13-15.0.1.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//freeradius-3.0.13-15.0.1.el7.src.rpm

Related CVEs:

CVE-2024-3596

Description of changes:

[3.0.13-15.0.1]
- Fixes CVE-2024-3596 security issue [Orabug: 36904288]

ELBA-2024-12706 Oracle Linux 7 systemd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2024-12706

http://linux.oracle.com/errata/ELBA-2024-12706.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
libgudev1-219-78.0.15.el7_9.9.i686.rpm
libgudev1-219-78.0.15.el7_9.9.x86_64.rpm
libgudev1-devel-219-78.0.15.el7_9.9.i686.rpm
libgudev1-devel-219-78.0.15.el7_9.9.x86_64.rpm
systemd-219-78.0.15.el7_9.9.x86_64.rpm
systemd-devel-219-78.0.15.el7_9.9.i686.rpm
systemd-devel-219-78.0.15.el7_9.9.x86_64.rpm
systemd-libs-219-78.0.15.el7_9.9.i686.rpm
systemd-libs-219-78.0.15.el7_9.9.x86_64.rpm
systemd-python-219-78.0.15.el7_9.9.x86_64.rpm
systemd-sysv-219-78.0.15.el7_9.9.x86_64.rpm
systemd-journal-gateway-219-78.0.15.el7_9.9.x86_64.rpm
systemd-networkd-219-78.0.15.el7_9.9.x86_64.rpm
systemd-resolved-219-78.0.15.el7_9.9.i686.rpm
systemd-resolved-219-78.0.15.el7_9.9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//systemd-219-78.0.15.el7_9.9.src.rpm

Description of changes:

[219-78.0.15]
- Drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432]

ELBA-2024-5837 Oracle Linux 7 ca-certificates bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2024-5837

http://linux.oracle.com/errata/ELBA-2024-5837.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
ca-certificates-2024.2.69_v8.0.303-71.0.1.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//ca-certificates-2024.2.69_v8.0.303-71.0.1.el7_9.src.rpm

Description of changes:

[2024.2.69_v8.0.303-71.0.1]
- Update to CKBI 2.69_v8.0.303 from NSS 3.101.1 [Orabug: 36990889]
- Removing:
- # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
- # Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
- # Certificate "Security Communication Root CA"
- # Certificate "Camerfirma Chambers of Commerce Root"
- # Certificate "Hongkong Post Root CA 1"
- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
- # Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
- # Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
- # Certificate "TrustCor RootCert CA-1"
- # Certificate "TrustCor RootCert CA-2"
- # Certificate "TrustCor ECA-1"
- # Certificate "FNMT-RCM"
- Adding:
- # Certificate "LAWtrust Root CA2 (4096)"
- # Certificate "Sectigo Public Email Protection Root E46"
- # Certificate "Sectigo Public Email Protection Root R46"
- # Certificate "Sectigo Public Server Authentication Root E46"
- # Certificate "Sectigo Public Server Authentication Root R46"
- # Certificate "SSL.com TLS RSA Root CA 2022"
- # Certificate "SSL.com TLS ECC Root CA 2022"
- # Certificate "SSL.com Client ECC Root CA 2022"
- # Certificate "SSL.com Client RSA Root CA 2022"
- # Certificate "Atos TrustedRoot Root CA ECC G2 2020"
- # Certificate "Atos TrustedRoot Root CA RSA G2 2020"
- # Certificate "Atos TrustedRoot Root CA ECC TLS 2021"
- # Certificate "Atos TrustedRoot Root CA RSA TLS 2021"
- # Certificate "TrustAsia Global Root CA G3"
- # Certificate "TrustAsia Global Root CA G4"
- # Certificate "CommScope Public Trust ECC Root-01"
- # Certificate "CommScope Public Trust ECC Root-02"
- # Certificate "CommScope Public Trust RSA Root-01"
- # Certificate "CommScope Public Trust RSA Root-02"
- # Certificate "D-Trust SBR Root CA 1 2022"
- # Certificate "D-Trust SBR Root CA 2 2022"
- # Certificate "Telekom Security SMIME ECC Root 2021"
- # Certificate "Telekom Security TLS ECC Root 2020"
- # Certificate "Telekom Security SMIME RSA Root 2023"
- # Certificate "Telekom Security TLS RSA Root 2023"
- # Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
- # Certificate "SECOM Trust.net"
- # Certificate "Chambers of Commerce Root"
- # Certificate "VeriSign Class 2 Public Primary Certification Authority - G3"
- # Certificate "SSL.com Code Signing RSA Root CA 2022"
- # Certificate "SSL.com Code Signing ECC Root CA 2022"

RHACS, OpenShift, JBoss, and more updates for RHEL

Grafana security update for AlmaLinux 8

KRB5, Freeradius, Grafana, and more updates for Oracle Linux

ELBA-2024-5837 Oracle Linux 7 ca-certificates bug fix and enhancement update (aarch64)

ELSA-2024-5076 Moderate: Oracle Linux 7 krb5 security update

ELSA-2024-4911 Important: Oracle Linux 7 freeradius security update (aarch64)

ELSA-2024-7349 Moderate: Oracle Linux 8 grafana security update

ELSA-2024-6153 Moderate: Oracle Linux 7 389-ds-base security update (aarch64)

ELSA-2024-6153 Moderate: Oracle Linux 7 389-ds-base security update

ELSA-2024-6994 Important: Oracle Linux 7 kernel security update

ELSA-2024-4911 Important: Oracle Linux 7 freeradius security update

ELBA-2024-12706 Oracle Linux 7 systemd bug fix update

ELBA-2024-5837 Oracle Linux 7 ca-certificates bug fix and enhancement update

Windows

Linux

macOS

Community