Oracle Linux 6277 Published by

The following security updates have been released for Oracle Linux:

ELBA-2024-4228 Oracle Linux 8 gnome-shell-extensions bug fix update
ELBA-2024-4232 Oracle Linux 8 Bug fix of nmstate
ELBA-2024-4234 Oracle Linux 8 jq update
ELBA-2024-4213 Oracle Linux 8 xorg-x11-server bug fix update
ELSA-2024-4212 Moderate: Oracle Linux 9 golang security update
ELSA-2024-4278 Important: Oracle Linux 9 qemu-kvm security update
ELSA-2024-12468 Important: Oracle Linux 9 openssh security update
ELBA-2024-12469 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update
ELSA-2024-4222 Important: Oracle Linux 7 pki-core security update (aarch64)
ELBA-2024-4221 Oracle Linux 7 jss bug fix and enhancement update (aarch64)
ELBA-2024-12467 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update
ELBA-2024-12469 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)
ELSA-2024-4222 Important: Oracle Linux 7 pki-core security update
ELBA-2024-4221 Oracle Linux 7 jss bug fix and enhancement update
ELBA-2024-12467 Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel bug fix update
ELBA-2024-4238 Oracle Linux 8 fence-agents bug fix update
ELBA-2024-4248 Oracle Linux 8 python3.11 bug fix update
ELBA-2024-4240 Oracle Linux 8 google-noto-cjk-fonts bug fix update



ELBA-2024-4228 Oracle Linux 8 gnome-shell-extensions bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-4228

http://linux.oracle.com/errata/ELBA-2024-4228.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnome-classic-session-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-classification-banner-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-common-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-custom-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-dash-to-panel-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-heads-up-display-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-window-list-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-39.el8_10.noarch.rpm

aarch64:
gnome-classic-session-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-classification-banner-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-common-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-custom-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-dash-to-panel-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-heads-up-display-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-window-list-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-39.el8_10.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-39.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//gnome-shell-extensions-3.32.1-39.el8_10.src.rpm

Description of changes:

[3.32.1-39]
- Fix tooltip animation times
Resolves: RHEL-33681



ELBA-2024-4232 Oracle Linux 8 Bug fix of nmstate


Oracle Linux Bug Fix Advisory ELBA-2024-4232

http://linux.oracle.com/errata/ELBA-2024-4232.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nmstate-1.4.6-2.0.1.el8_10.x86_64.rpm
nmstate-libs-1.4.6-2.0.1.el8_10.i686.rpm
nmstate-libs-1.4.6-2.0.1.el8_10.x86_64.rpm
nmstate-plugin-ovsdb-1.4.6-2.0.1.el8_10.noarch.rpm
python3-libnmstate-1.4.6-2.0.1.el8_10.noarch.rpm
nmstate-devel-1.4.6-2.0.1.el8_10.i686.rpm
nmstate-devel-1.4.6-2.0.1.el8_10.x86_64.rpm

aarch64:
nmstate-1.4.6-2.0.1.el8_10.aarch64.rpm
nmstate-libs-1.4.6-2.0.1.el8_10.aarch64.rpm
nmstate-plugin-ovsdb-1.4.6-2.0.1.el8_10.noarch.rpm
python3-libnmstate-1.4.6-2.0.1.el8_10.noarch.rpm
nmstate-devel-1.4.6-2.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nmstate-1.4.6-2.0.1.el8_10.src.rpm

Description of changes:

[1.4.6-2.0.1]
- Do not fail on unknown option of bond and vlan [Orabug: 35799030]

[1.4.6-2]
- Fix clib SONAME. RHEL-32218

[1.4.6-1]
- Do not touch interface DNS if global DNS is used. RHEL-32218



ELBA-2024-4234 Oracle Linux 8 jq update


Oracle Linux Bug Fix Advisory ELBA-2024-4234

http://linux.oracle.com/errata/ELBA-2024-4234.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
jq-1.6-9.el8_10.i686.rpm
jq-1.6-9.el8_10.x86_64.rpm
jq-devel-1.6-9.el8_10.i686.rpm
jq-devel-1.6-9.el8_10.x86_64.rpm

aarch64:
jq-1.6-9.el8_10.aarch64.rpm
jq-devel-1.6-9.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//jq-1.6-9.el8_10.src.rpm

Description of changes:

[1.6-9]
- Fix SAST findings in jq 1.6
- Resolves: RHEL-37827



ELBA-2024-4213 Oracle Linux 8 xorg-x11-server bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-4213

http://linux.oracle.com/errata/ELBA-2024-4213.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xdmx-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-Xephyr-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-Xnest-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-Xorg-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-Xvfb-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-common-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-devel-1.20.11-24.el8_10.i686.rpm
xorg-x11-server-devel-1.20.11-24.el8_10.x86_64.rpm
xorg-x11-server-source-1.20.11-24.el8_10.noarch.rpm

aarch64:
xorg-x11-server-Xdmx-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-Xephyr-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-Xnest-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-Xorg-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-Xvfb-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-common-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-devel-1.20.11-24.el8_10.aarch64.rpm
xorg-x11-server-source-1.20.11-24.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//xorg-x11-server-1.20.11-24.el8_10.src.rpm

Description of changes:

[1.20.11-24]
- Fix regression caused by the fix for CVE-2024-31083



ELSA-2024-4212 Moderate: Oracle Linux 9 golang security update


Oracle Linux Security Advisory ELSA-2024-4212

http://linux.oracle.com/errata/ELSA-2024-4212.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
go-toolset-1.21.11-1.el9_4.x86_64.rpm
golang-1.21.11-1.el9_4.x86_64.rpm
golang-bin-1.21.11-1.el9_4.x86_64.rpm
golang-docs-1.21.11-1.el9_4.noarch.rpm
golang-misc-1.21.11-1.el9_4.noarch.rpm
golang-src-1.21.11-1.el9_4.noarch.rpm
golang-tests-1.21.11-1.el9_4.noarch.rpm

aarch64:
go-toolset-1.21.11-1.el9_4.aarch64.rpm
golang-1.21.11-1.el9_4.aarch64.rpm
golang-bin-1.21.11-1.el9_4.aarch64.rpm
golang-docs-1.21.11-1.el9_4.noarch.rpm
golang-misc-1.21.11-1.el9_4.noarch.rpm
golang-src-1.21.11-1.el9_4.noarch.rpm
golang-tests-1.21.11-1.el9_4.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//golang-1.21.11-1.el9_4.src.rpm

Related CVEs:

CVE-2024-24789
CVE-2024-24790

Description of changes:

[1.21.11-1]
- Update to Go 1.21.11 that fixes CVE-2024-24789 and CVE-2024-24790
- Resolves: RHEL-40275



ELSA-2024-4278 Important: Oracle Linux 9 qemu-kvm security update


Oracle Linux Security Advisory ELSA-2024-4278

http://linux.oracle.com/errata/ELSA-2024-4278.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
qemu-guest-agent-8.2.0-11.el9_4.4.x86_64.rpm
qemu-img-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-audio-pa-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-block-blkio-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-block-curl-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-block-rbd-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-common-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-core-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-device-display-virtio-vga-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-device-usb-host-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-device-usb-redirect-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-docs-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-tools-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-ui-egl-headless-8.2.0-11.el9_4.4.x86_64.rpm
qemu-kvm-ui-opengl-8.2.0-11.el9_4.4.x86_64.rpm
qemu-pr-helper-8.2.0-11.el9_4.4.x86_64.rpm

aarch64:
qemu-guest-agent-8.2.0-11.el9_4.4.aarch64.rpm
qemu-img-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-audio-pa-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-block-blkio-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-block-curl-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-block-rbd-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-common-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-core-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-device-usb-host-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-device-usb-redirect-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-docs-8.2.0-11.el9_4.4.aarch64.rpm
qemu-kvm-tools-8.2.0-11.el9_4.4.aarch64.rpm
qemu-pr-helper-8.2.0-11.el9_4.4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//qemu-kvm-8.2.0-11.el9_4.4.src.rpm

Related CVEs:

CVE-2024-4467

Description of changes:

[8.2.0-11.el9_4.4]
- Fixing CVE-2024-4467
- Resolves: RHEL-35610



ELSA-2024-12468 Important: Oracle Linux 9 openssh security update


Oracle Linux Security Advisory ELSA-2024-12468

http://linux.oracle.com/errata/ELSA-2024-12468.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
openssh-8.7p1-38.0.2.el9.x86_64.rpm
openssh-clients-8.7p1-38.0.2.el9.x86_64.rpm
openssh-keycat-8.7p1-38.0.2.el9.x86_64.rpm
openssh-server-8.7p1-38.0.2.el9.x86_64.rpm
openssh-askpass-8.7p1-38.0.2.el9.x86_64.rpm
pam_ssh_agent_auth-0.10.4-5.38.0.2.el9.x86_64.rpm

aarch64:
openssh-8.7p1-38.0.2.el9.aarch64.rpm
openssh-clients-8.7p1-38.0.2.el9.aarch64.rpm
openssh-keycat-8.7p1-38.0.2.el9.aarch64.rpm
openssh-server-8.7p1-38.0.2.el9.aarch64.rpm
openssh-askpass-8.7p1-38.0.2.el9.aarch64.rpm
pam_ssh_agent_auth-0.10.4-5.38.0.2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//openssh-8.7p1-38.0.2.el9.src.rpm

Related CVEs:

CVE-2024-6387

Description of changes:

[8.7p1-38.0.2]
- Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468]
Resolves CVE-2024-6387



ELBA-2024-12469 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12469

http://linux.oracle.com/errata/ELBA-2024-12469.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.537.4.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.537.4.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.537.4.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.537.4.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.537.4.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.537.4.1.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.537.4.1.el7uek.src.rpm

Description of changes:

[4.14.35-2047.537.4.1.el7uek]
- crypto: algif_aead - fix uninitialized ctx->init (Ondrej Mosnacek) [Orabug: 36792593]



ELSA-2024-4222 Important: Oracle Linux 7 pki-core security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-4222

http://linux.oracle.com/errata/ELSA-2024-4222.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
pki-base-10.5.18-32.el7_9.noarch.rpm
pki-base-java-10.5.18-32.el7_9.noarch.rpm
pki-ca-10.5.18-32.el7_9.noarch.rpm
pki-kra-10.5.18-32.el7_9.noarch.rpm
pki-server-10.5.18-32.el7_9.noarch.rpm
pki-symkey-10.5.18-32.el7_9.aarch64.rpm
pki-tools-10.5.18-32.el7_9.aarch64.rpm
pki-javadoc-10.5.18-32.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//pki-core-10.5.18-32.el7_9.src.rpm

Related CVEs:

CVE-2023-4727

Description of changes:

[10.5.18-32]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.4):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.4):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-31]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.3):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.3):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-30]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-29]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.1):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.1):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-28]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)



ELBA-2024-4221 Oracle Linux 7 jss bug fix and enhancement update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-4221

http://linux.oracle.com/errata/ELBA-2024-4221.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
jss-4.4.9-4.el7_9.aarch64.rpm
jss-javadoc-4.4.9-4.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//jss-4.4.9-4.el7_9.src.rpm

Description of changes:

[4.4.9-4]
- Updated nspr-devel and nss-devel build requirements as well as nss runtime
requirements [mharmsen]
- RHEL-18401 - JSS - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHEL 7.9.z] [jmagne]
- JSS: add RSA PSS support
Add PSS cases to algorithm name translating method [jmagne]
- Add GitLab synchronization job [edewata]
- Add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z]
Back port AES KWP wrap alg support only for JSS in this branch to allow for
the TMS bug referenced above to work. [jmagne]
- Empty commit to fix commit msg from previous commit
JSS- add AES support for TMS server-side keygen on latest HSM / FIPS
environment [RHCS 9.7.z]
Back port AES KWP wrap alg support only for JSS in this branch to allow for
the TMS bug referenced above to work. [jmagne]
- RHEL-23935 - JSS - PrettyPrintCert does not properly translate AIA
information into a readable format [RHEL 7.9.z] [mfargett]
- Fix AIA extension print
The "Authority Info Access" extension was not included in the oid
extension map so it was not correctly printed.
This add AIA extension to the oid map. [mfargett]
- Fix SIA extension
The "Subject Info Access" extension was not included in the oid
extension map so it was not correctly printed.
This add SIA extension to the oid map. [mfargett]



ELBA-2024-12467 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12467

http://linux.oracle.com/errata/ELBA-2024-12467.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.87.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.87.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.87.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.87.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.87.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.87.2.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.87.2.el7uek.src.rpm

Description of changes:

[4.1.12-124.87.2.el7uek]
- net: sched: fix race condition in qdisc_graft() (Eric Dumazet) [Orabug: 35250827] {CVE-2023-0590}

[4.1.12-124.87.1.el7uek]
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) [Orabug: 36654101] {CVE-2023-6932}
- net: convert ip_mc_list.refcnt from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 36654101]
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810544] {CVE-2023-4623}
- tcp: Reduce chance of collisions in inet6_hashfn(). (Stewart Smith) [Orabug: 35754477] {CVE-2023-1206}



ELBA-2024-12469 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-12469

http://linux.oracle.com/errata/ELBA-2024-12469.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
perf-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
python-perf-4.14.35-2047.537.4.1.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.537.4.1.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.537.4.1.el7uek.src.rpm

Description of changes:

[4.14.35-2047.537.4.1.el7uek]
- crypto: algif_aead - fix uninitialized ctx->init (Ondrej Mosnacek) [Orabug: 36792593]



ELSA-2024-4222 Important: Oracle Linux 7 pki-core security update


Oracle Linux Security Advisory ELSA-2024-4222

http://linux.oracle.com/errata/ELSA-2024-4222.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
pki-base-10.5.18-32.el7_9.noarch.rpm
pki-base-java-10.5.18-32.el7_9.noarch.rpm
pki-ca-10.5.18-32.el7_9.noarch.rpm
pki-javadoc-10.5.18-32.el7_9.noarch.rpm
pki-kra-10.5.18-32.el7_9.noarch.rpm
pki-server-10.5.18-32.el7_9.noarch.rpm
pki-symkey-10.5.18-32.el7_9.x86_64.rpm
pki-tools-10.5.18-32.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//pki-core-10.5.18-32.el7_9.src.rpm

Related CVEs:

CVE-2023-4727

Description of changes:

[10.5.18-32]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.4):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.4):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-31]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.3):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.3):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-30]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-29]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.1):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.1):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)

[10.5.18-28]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)



ELBA-2024-4221 Oracle Linux 7 jss bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-4221

http://linux.oracle.com/errata/ELBA-2024-4221.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
jss-4.4.9-4.el7_9.x86_64.rpm
jss-javadoc-4.4.9-4.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//jss-4.4.9-4.el7_9.src.rpm

Description of changes:

[4.4.9-4]
- Updated nspr-devel and nss-devel build requirements as well as nss runtime
requirements [mharmsen]
- RHEL-18401 - JSS - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHEL 7.9.z] [jmagne]
- JSS: add RSA PSS support
Add PSS cases to algorithm name translating method [jmagne]
- Add GitLab synchronization job [edewata]
- Add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z]
Back port AES KWP wrap alg support only for JSS in this branch to allow for
the TMS bug referenced above to work. [jmagne]
- Empty commit to fix commit msg from previous commit
JSS- add AES support for TMS server-side keygen on latest HSM / FIPS
environment [RHCS 9.7.z]
Back port AES KWP wrap alg support only for JSS in this branch to allow for
the TMS bug referenced above to work. [jmagne]
- RHEL-23935 - JSS - PrettyPrintCert does not properly translate AIA
information into a readable format [RHEL 7.9.z] [mfargett]
- Fix AIA extension print
The "Authority Info Access" extension was not included in the oid
extension map so it was not correctly printed.
This add AIA extension to the oid map. [mfargett]
- Fix SIA extension
The "Subject Info Access" extension was not included in the oid
extension map so it was not correctly printed.
This add SIA extension to the oid map. [mfargett]



ELBA-2024-12467 Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12467

http://linux.oracle.com/errata/ELBA-2024-12467.html

The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.87.2.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.87.2.el6uek.noarch.rpm
kernel-uek-4.1.12-124.87.2.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.87.2.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.87.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.87.2.el6uek.x86_64.rpm

Description of changes:

[4.1.12-124.87.2.el6uek]
- net: sched: fix race condition in qdisc_graft() (Eric Dumazet) [Orabug: 35250827] {CVE-2023-0590}

[4.1.12-124.87.1.el6uek]
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) [Orabug: 36654101] {CVE-2023-6932}
- net: convert ip_mc_list.refcnt from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 36654101]
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810544] {CVE-2023-4623}
- tcp: Reduce chance of collisions in inet6_hashfn(). (Stewart Smith) [Orabug: 35754477] {CVE-2023-1206}


ELBA-2024-4238 Oracle Linux 8 fence-agents bug fix update

Oracle Linux Bug Fix Advisory ELBA-2024-4238

http://linux.oracle.com/errata/ELBA-2024-4238.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
fence-agents-all-4.2.1-129.el8_10.2.x86_64.rpm
fence-agents-amt-ws-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-apc-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-apc-snmp-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-bladecenter-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-brocade-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-cisco-mds-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-cisco-ucs-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-common-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-compute-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-drac5-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-eaton-snmp-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-emerson-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-eps-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-heuristics-ping-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-hpblade-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ibm-powervs-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ibm-vpc-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ibmblade-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ifmib-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo-moonshot-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo-mp-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo-ssh-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo2-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-intelmodular-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ipdu-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ipmilan-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-kdump-4.2.1-129.el8_10.2.x86_64.rpm
fence-agents-kubevirt-4.2.1-129.el8_10.2.x86_64.rpm
fence-agents-lpar-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-mpath-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-redfish-4.2.1-129.el8_10.2.x86_64.rpm
fence-agents-rhevm-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-rsa-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-rsb-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-sbd-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-scsi-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-virsh-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-vmware-rest-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-vmware-soap-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-wti-4.2.1-129.el8_10.2.noarch.rpm

aarch64:
fence-agents-all-4.2.1-129.el8_10.2.aarch64.rpm
fence-agents-amt-ws-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-apc-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-apc-snmp-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-bladecenter-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-brocade-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-cisco-mds-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-cisco-ucs-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-common-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-compute-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-drac5-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-eaton-snmp-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-emerson-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-eps-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-heuristics-ping-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-hpblade-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ibm-powervs-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ibm-vpc-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ibmblade-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ifmib-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo-moonshot-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo-mp-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo-ssh-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ilo2-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-intelmodular-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ipdu-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-ipmilan-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-kdump-4.2.1-129.el8_10.2.aarch64.rpm
fence-agents-kubevirt-4.2.1-129.el8_10.2.aarch64.rpm
fence-agents-mpath-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-redfish-4.2.1-129.el8_10.2.aarch64.rpm
fence-agents-rhevm-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-rsa-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-rsb-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-sbd-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-scsi-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-virsh-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-vmware-rest-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-vmware-soap-4.2.1-129.el8_10.2.noarch.rpm
fence-agents-wti-4.2.1-129.el8_10.2.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//fence-agents-4.2.1-129.el8_10.2.src.rpm

Description of changes:

[4.2.1-129.2]
- fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer
Resolves: RHEL-7734
- bundled jinja2: fix CVE-2024-34064
Resolves: RHEL-35655



ELBA-2024-4248 Oracle Linux 8 python3.11 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2024-4248

http://linux.oracle.com/errata/ELBA-2024-4248.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3.11-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-devel-3.11.9-2.0.1.el8_10.i686.rpm
python3.11-devel-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-libs-3.11.9-2.0.1.el8_10.i686.rpm
python3.11-libs-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-rpm-macros-3.11.9-2.0.1.el8_10.noarch.rpm
python3.11-tkinter-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-3.11.9-2.0.1.el8_10.i686.rpm
python3.11-debug-3.11.9-2.0.1.el8_10.i686.rpm
python3.11-debug-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-idle-3.11.9-2.0.1.el8_10.i686.rpm
python3.11-idle-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-test-3.11.9-2.0.1.el8_10.i686.rpm
python3.11-test-3.11.9-2.0.1.el8_10.x86_64.rpm
python3.11-tkinter-3.11.9-2.0.1.el8_10.i686.rpm

aarch64:
python3.11-3.11.9-2.0.1.el8_10.aarch64.rpm
python3.11-devel-3.11.9-2.0.1.el8_10.aarch64.rpm
python3.11-libs-3.11.9-2.0.1.el8_10.aarch64.rpm
python3.11-rpm-macros-3.11.9-2.0.1.el8_10.noarch.rpm
python3.11-tkinter-3.11.9-2.0.1.el8_10.aarch64.rpm
python3.11-debug-3.11.9-2.0.1.el8_10.aarch64.rpm
python3.11-idle-3.11.9-2.0.1.el8_10.aarch64.rpm
python3.11-test-3.11.9-2.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//python3.11-3.11.9-2.0.1.el8_10.src.rpm

Description of changes:

[3.11.9-2.0.1]
- Update rpm-macros description [Orabug: 36024572]

[3.11.9-2]
- Enable importing of hash-based .pyc files under FIPS mode
Resolves: RHEL-40783



ELBA-2024-4240 Oracle Linux 8 google-noto-cjk-fonts bug fix update

Oracle Linux Bug Fix Advisory ELBA-2024-4240

http://linux.oracle.com/errata/ELBA-2024-4240.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
google-noto-cjk-fonts-common-20230817-1.el8_10.noarch.rpm
google-noto-sans-cjk-ttc-fonts-20230817-1.el8_10.noarch.rpm
google-noto-serif-cjk-ttc-fonts-20230817-1.el8_10.noarch.rpm
google-noto-sans-cjk-jp-fonts-20230817-1.el8_10.noarch.rpm

aarch64:
google-noto-cjk-fonts-common-20230817-1.el8_10.noarch.rpm
google-noto-sans-cjk-ttc-fonts-20230817-1.el8_10.noarch.rpm
google-noto-serif-cjk-ttc-fonts-20230817-1.el8_10.noarch.rpm
google-noto-sans-cjk-jp-fonts-20230817-1.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//google-noto-cjk-fonts-20230817-1.el8_10.src.rpm

Description of changes:

[20230817-1]
- Update Noto CJK to Sans 2.004 and Serif 2.002
- Resolves: RHEL-29145