Oracle Linux 6255 Published by

The following two updates are available for Oracle Linux:

ELBA-2017-3642 Oracle Linux 6 nss-softokn bug fix update
ELSA-2017-3221 Moderate: Oracle Linux 7 php security update



ELBA-2017-3642 Oracle Linux 6 nss-softokn bug fix update

Oracle Linux Bug Fix Advisory ELBA-2017-3642

http://linux.oracle.com/errata/ELBA-2017-3642.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
nss-softokn-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-devel-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-freebl-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-freebl-devel-3.14.3-23.3.0.1.el6_8.i686.rpm

x86_64:
nss-softokn-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-3.14.3-23.3.0.1.el6_8.x86_64.rpm
nss-softokn-devel-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-devel-3.14.3-23.3.0.1.el6_8.x86_64.rpm
nss-softokn-freebl-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-freebl-3.14.3-23.3.0.1.el6_8.x86_64.rpm
nss-softokn-freebl-devel-3.14.3-23.3.0.1.el6_8.i686.rpm
nss-softokn-freebl-devel-3.14.3-23.3.0.1.el6_8.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/nss-softokn-3.14.3-23.3.0.1.el6_8.src.rpm



Description of changes:

[3.14.3-23.3.0.1]
- Add fips140-2 DSA Known Answer Test fix [Orabug 26696773]
- Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug
26617866],
[Orabug 26617833], [Orabug 26617780]
- Add fips140-2 ECDSA Known Answer Test fix [Orabug 26696762]
- Add fips140-2 RSA Key Generation fix [Orabug 26618348]
- Add fips140-2 AES Key Wrap fix [Orabug 26617904]

ELSA-2017-3221 Moderate: Oracle Linux 7 php security update

Oracle Linux Security Advisory ELSA-2017-3221

http://linux.oracle.com/errata/ELSA-2017-3221.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
php-5.4.16-43.el7_4.x86_64.rpm
php-bcmath-5.4.16-43.el7_4.x86_64.rpm
php-cli-5.4.16-43.el7_4.x86_64.rpm
php-common-5.4.16-43.el7_4.x86_64.rpm
php-dba-5.4.16-43.el7_4.x86_64.rpm
php-devel-5.4.16-43.el7_4.x86_64.rpm
php-embedded-5.4.16-43.el7_4.x86_64.rpm
php-enchant-5.4.16-43.el7_4.x86_64.rpm
php-fpm-5.4.16-43.el7_4.x86_64.rpm
php-gd-5.4.16-43.el7_4.x86_64.rpm
php-intl-5.4.16-43.el7_4.x86_64.rpm
php-ldap-5.4.16-43.el7_4.x86_64.rpm
php-mbstring-5.4.16-43.el7_4.x86_64.rpm
php-mysql-5.4.16-43.el7_4.x86_64.rpm
php-mysqlnd-5.4.16-43.el7_4.x86_64.rpm
php-odbc-5.4.16-43.el7_4.x86_64.rpm
php-pdo-5.4.16-43.el7_4.x86_64.rpm
php-pgsql-5.4.16-43.el7_4.x86_64.rpm
php-process-5.4.16-43.el7_4.x86_64.rpm
php-pspell-5.4.16-43.el7_4.x86_64.rpm
php-recode-5.4.16-43.el7_4.x86_64.rpm
php-snmp-5.4.16-43.el7_4.x86_64.rpm
php-soap-5.4.16-43.el7_4.x86_64.rpm
php-xml-5.4.16-43.el7_4.x86_64.rpm
php-xmlrpc-5.4.16-43.el7_4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-43.el7_4.src.rpm



Description of changes:

[5.4.16-43]
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168