Oracle Linux 6244 Published by

Four new updates have been released for Oracle Linux 8:

ELSA-2024-4252 Moderate: Oracle Linux 8 nghttp2 security update
ELSA-2024-4243 Moderate: Oracle Linux 8 python3 security update
ELSA-2024-4235 Important: Oracle Linux 8 389-ds security update
ELBA-2024-4229 Oracle Linux 8 cloud-init bug fix update




ELSA-2024-4252 Moderate: Oracle Linux 8 nghttp2 security update


Oracle Linux Security Advisory ELSA-2024-4252

http://linux.oracle.com/errata/ELSA-2024-4252.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libnghttp2-1.33.0-6.el8_10.1.i686.rpm
libnghttp2-1.33.0-6.el8_10.1.x86_64.rpm
libnghttp2-devel-1.33.0-6.el8_10.1.i686.rpm
libnghttp2-devel-1.33.0-6.el8_10.1.x86_64.rpm
nghttp2-1.33.0-6.el8_10.1.x86_64.rpm

aarch64:
libnghttp2-1.33.0-6.el8_10.1.aarch64.rpm
libnghttp2-devel-1.33.0-6.el8_10.1.aarch64.rpm
nghttp2-1.33.0-6.el8_10.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nghttp2-1.33.0-6.el8_10.1.src.rpm

Related CVEs:

CVE-2024-28182

Description of changes:

[1.33.0-6.1]
- fix CONTINUATION frames DoS (CVE-2024-27316)

[1.33.0-6]
- fix CONTINUATION frames DoS (CVE-2024-28182)



ELSA-2024-4243 Moderate: Oracle Linux 8 python3 security update


Oracle Linux Security Advisory ELSA-2024-4243

http://linux.oracle.com/errata/ELSA-2024-4243.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3.12-3.12.3-2.el8_10.x86_64.rpm
python3.12-devel-3.12.3-2.el8_10.i686.rpm
python3.12-devel-3.12.3-2.el8_10.x86_64.rpm
python3.12-libs-3.12.3-2.el8_10.i686.rpm
python3.12-libs-3.12.3-2.el8_10.x86_64.rpm
python3.12-rpm-macros-3.12.3-2.el8_10.noarch.rpm
python3.12-tkinter-3.12.3-2.el8_10.x86_64.rpm
python3.12-3.12.3-2.el8_10.i686.rpm
python3.12-debug-3.12.3-2.el8_10.i686.rpm
python3.12-debug-3.12.3-2.el8_10.x86_64.rpm
python3.12-idle-3.12.3-2.el8_10.i686.rpm
python3.12-idle-3.12.3-2.el8_10.x86_64.rpm
python3.12-test-3.12.3-2.el8_10.i686.rpm
python3.12-test-3.12.3-2.el8_10.x86_64.rpm
python3.12-tkinter-3.12.3-2.el8_10.i686.rpm

aarch64:
python3.12-3.12.3-2.el8_10.aarch64.rpm
python3.12-devel-3.12.3-2.el8_10.aarch64.rpm
python3.12-libs-3.12.3-2.el8_10.aarch64.rpm
python3.12-rpm-macros-3.12.3-2.el8_10.noarch.rpm
python3.12-tkinter-3.12.3-2.el8_10.aarch64.rpm
python3.12-debug-3.12.3-2.el8_10.aarch64.rpm
python3.12-idle-3.12.3-2.el8_10.aarch64.rpm
python3.12-test-3.12.3-2.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//python3.12-3.12.3-2.el8_10.src.rpm

Related CVEs:

CVE-2024-0450

Description of changes:

[3.12.3-2]
- Enable importing of hash-based .pyc files under FIPS mode
Resolves: RHEL-40776

[3.12.3-1]
- Update to 3.12.3
Related: RHEL-33685

[3.12.2-3]
- Move all test modules to the python3-test package, namely:
- __phello__
- _xxsubinterpreters
- xxlimited
- xxlimited_35
- xxsubtype

[3.12.2-2]
- Fix tests for XMLPullParser with Expat with fixed CVE

[3.12.2-1]
- Update to 3.12.2
Resolves: RHEL-33685



ELSA-2024-4235 Important: Oracle Linux 8 389-ds security update


Oracle Linux Security Advisory ELSA-2024-4235

http://linux.oracle.com/errata/ELSA-2024-4235.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-1.4.3.39-7.module+el8.10.0+90358+1275b17f.x86_64.rpm
389-ds-base-devel-1.4.3.39-7.module+el8.10.0+90358+1275b17f.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.39-7.module+el8.10.0+90358+1275b17f.x86_64.rpm
389-ds-base-libs-1.4.3.39-7.module+el8.10.0+90358+1275b17f.x86_64.rpm
389-ds-base-snmp-1.4.3.39-7.module+el8.10.0+90358+1275b17f.x86_64.rpm
python3-lib389-1.4.3.39-7.module+el8.10.0+90358+1275b17f.noarch.rpm

aarch64:
389-ds-base-1.4.3.39-7.module+el8.10.0+90358+1275b17f.aarch64.rpm
389-ds-base-devel-1.4.3.39-7.module+el8.10.0+90358+1275b17f.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.39-7.module+el8.10.0+90358+1275b17f.aarch64.rpm
389-ds-base-libs-1.4.3.39-7.module+el8.10.0+90358+1275b17f.aarch64.rpm
389-ds-base-snmp-1.4.3.39-7.module+el8.10.0+90358+1275b17f.aarch64.rpm
python3-lib389-1.4.3.39-7.module+el8.10.0+90358+1275b17f.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//389-ds-base-1.4.3.39-7.module+el8.10.0+90358+1275b17f.src.rpm

Related CVEs:

CVE-2024-2199
CVE-2024-3657

Description of changes:

[1.4.3.39-7]
- Bump version to 1.4.3.39-7
- Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z]

[1.4.3.39-6]
- Bump version to 1.4.3.39-6
- Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z]

[1.4.3.39-5]
- Bump version to 1.4.3.39-5
- Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z]

[1.4.3.39-4]
- Bump version to 1.4.3.39-4
- Resolves: RHEL-34818 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c
- Resolves: RHEL-34824 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request



ELBA-2024-4229 Oracle Linux 8 cloud-init bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-4229

http://linux.oracle.com/errata/ELBA-2024-4229.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cloud-init-23.4-7.0.1.el8_10.3.noarch.rpm

aarch64:
cloud-init-23.4-7.0.1.el8_10.3.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//cloud-init-23.4-7.0.1.el8_10.3.src.rpm

Description of changes:

[23.4-7.0.1.3]
- Update IPv6 IMDS endpoint to ULA and drop NIC identifier [Orabug: 35965980]
- Enable IPv6 [Orabug: 36502414]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Increase retry value and add timeout for OCI [Orabug: 35329883]
- Fix log file permissions [Orabug: 35302985]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]
- Make Oracle datasource detect dracut based config files [Orabug: 29956753]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros