Oracle Linux 6279 Published by

The following updates are available for Oracle Linux:

ELSA-2024-2033 Moderate: Oracle Linux 9 libreswan security and bug fix update
ELSA-2024-2037 Important: Oracle Linux 8 tigervnc security update
ELBA-2024-2004-1 Oracle Linux 7 kernel bug fix update
ELSA-2024-2004 Important: Oracle Linux 7 kernel security and bug fix update
ELSA-2024-2055 Important: Oracle Linux 9 buildah security update
ELBA-2024-12344 Oracle Linux 9 selinux-policy bug fix update




ELSA-2024-2033 Moderate: Oracle Linux 9 libreswan security and bug fix update


Oracle Linux Security Advisory ELSA-2024-2033

http://linux.oracle.com/errata/ELSA-2024-2033.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libreswan-4.12-1.0.1.el9_3.1.x86_64.rpm

aarch64:
libreswan-4.12-1.0.1.el9_3.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//libreswan-4.12-1.0.1.el9_3.1.src.rpm

Related CVEs:

CVE-2024-2357

Description of changes:

[4.12-1.0.1.1]
- Add libreswan-oracle.patch to detect Oracle Linux distro

[4.12-1.1]
- Fix CVE-2024-2357 (RHEL-29734)
- x509: unpack IPv6 general names based on length (RHEL-32719)

[4.12-1]
- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
- Resolves: rhbz#2215956

[4.9-5]
- Just bumping up the version to include bugs for CVE-2023-2295. There is no
code fix for it. Fix for it is including the code fix for CVE-2023-30570.
- Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the
Red Hat Enterprise Linux
- Resolves: rhbz#2189777, rhbz#2190148

[4.9-4]
- Just bumping up the version as an incorrect 9.3 build was created.
- Related: rhbz#2187171

[4.9-3]
- Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash
libreswan
- Resolves: rhbz#2187171

[4.9-2]
- Fix CVE-2023-23009: remote DoS via crafted TS payload with an
incorrect selector length (rhbz#2173674)

[4.9-1]
- Update to 4.9. Resolves: rhbz#2128669
- Switch to using %autopatch as in Fedora



ELSA-2024-2037 Important: Oracle Linux 8 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-2037

http://linux.oracle.com/errata/ELSA-2024-2037.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.13.1-2.el8_9.10.x86_64.rpm
tigervnc-icons-1.13.1-2.el8_9.10.noarch.rpm
tigervnc-license-1.13.1-2.el8_9.10.noarch.rpm
tigervnc-selinux-1.13.1-2.el8_9.10.noarch.rpm
tigervnc-server-1.13.1-2.el8_9.10.x86_64.rpm
tigervnc-server-minimal-1.13.1-2.el8_9.10.x86_64.rpm
tigervnc-server-module-1.13.1-2.el8_9.10.x86_64.rpm

aarch64:
tigervnc-1.13.1-2.el8_9.10.aarch64.rpm
tigervnc-icons-1.13.1-2.el8_9.10.noarch.rpm
tigervnc-license-1.13.1-2.el8_9.10.noarch.rpm
tigervnc-selinux-1.13.1-2.el8_9.10.noarch.rpm
tigervnc-server-1.13.1-2.el8_9.10.aarch64.rpm
tigervnc-server-minimal-1.13.1-2.el8_9.10.aarch64.rpm
tigervnc-server-module-1.13.1-2.el8_9.10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.13.1-2.el8_9.10.src.rpm

Related CVEs:

CVE-2024-31080
CVE-2024-31081
CVE-2024-31083

Description of changes:

[1.13.1-2.10]
- Fix crash caused by fix for CVE-2024-31083
Resolves: RHEL-30981

[1.13.1-2.9]
- Rebuild (z-stream target)
Resolves: RHEL-31011
Resolves: RHEL-30981
Resolves: RHEL-30998

[1.13.1-2.8]
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-31011
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
Resolves: RHEL-30981
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Resolves: RHEL-30998

[1.13.1-3.7]
- Fix use after free related to CVE-2024-21886
Resolves: RHEL-20432
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20583

[1.13.1-3.6]
- Don't try to get pointer position when the pointer becomes a floating device
Resolves: RHEL-20432

[1.13.1-3.5]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20432
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20420
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20583
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21252

[1.13.1-2.4]
- Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18409

[1.13.1-2.3]
- Rebuild (selinux-policy)
Resolves: RHEL-18409
Resolves: RHEL-18421

[1.13.1-2.2]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18409
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18421

[1.13.1-2.1]
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15229



ELBA-2024-2004-1 Oracle Linux 7 kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-2004-1

http://linux.oracle.com/errata/ELBA-2024-2004-1.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.118.1.0.2.el7.noarch.rpm
kernel-debug-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-devel-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-doc-3.10.0-1160.118.1.0.2.el7.noarch.rpm
kernel-headers-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-tools-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
perf-3.10.0-1160.118.1.0.2.el7.x86_64.rpm
python-perf-3.10.0-1160.118.1.0.2.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-3.10.0-1160.118.1.0.2.el7.src.rpm

Description of changes:

[3.10.0-1160.118.1.0.2.el7.OL7]
- md/raid5: fix oops during stripe resizing (Ritika Srivastava) [Orabug: 34048726]
- blk-mq: Remove generation seqeunce (Ritika Srivastava) [Orabug: 33964689]
- block: init flush rq ref count to 1 (Ritika Srivastava) [Orabug: 33964689]
- block: fix null pointer dereference in blk_mq_rq_timed_out() (Ritika Srivastava) [Orabug: 33964689]
- [xen/netfront] stop tx queues during live migration (Orabug: 33446314)
- [xen/balloon] Support xend-based toolstack (Orabug: 28663970)
- [x86/apic/x2apic] avoid allocate multiple irq vectors for a single interrupt on multiple cpu, otherwise irq vectors would be used up when there are only 2 cpu online per node. [Orabug: 28691156]
- [bonding] avoid repeated display of same link status change. [Orabug: 28109857]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [Orabug: 22552377]
- kexec: Increase KEXEC_AUTO_RESERVED_SIZE to 256M [Orabug: 31517048]

[3.10.0-1160.118.1.0.1.el7.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.118.1.el7.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64