Oracle Linux 6261 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-0168 Oracle Linux 7 pki-core bug fix and enhancement update
ELBA-2019-0168 Oracle Linux 7 pki-core bug fix and enhancement update (aarch64)
ELSA-2019-4533 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
ELSA-2019-4533 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update



ELBA-2019-0168 Oracle Linux 7 pki-core bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2019-0168

http://linux.oracle.com/errata/ELBA-2019-0168.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
pki-base-10.5.9-10.el7_6.noarch.rpm
pki-base-java-10.5.9-10.el7_6.noarch.rpm
pki-ca-10.5.9-10.el7_6.noarch.rpm
pki-javadoc-10.5.9-10.el7_6.noarch.rpm
pki-kra-10.5.9-10.el7_6.noarch.rpm
pki-server-10.5.9-10.el7_6.noarch.rpm
pki-symkey-10.5.9-10.el7_6.x86_64.rpm
pki-tools-10.5.9-10.el7_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pki-core-10.5.9-10.el7_6.src.rpm



Description of changes:

[10.5.9-10]
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout
configuration [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
- # Added Batch Update Information to Product Version (mharmsen)

[10.5.9-9]
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on
SystemCertsVerification
if enableOCSP is true [rhel-7.6.z] (jmagne)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

[10.5.9-8]
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z]
(dmoluguw)
- Bugzilla Bug #1645263 - Auth plugins leave passwords in the access
log and audit log using REST [rhel-7.6.z] (dmoluguw)
- Bugzilla Bug #1645429 - pkispawn fails due to name collision with
/var/log/pki/ [rhel-7.6.z] (dmoluguw)
- Bugzilla Bug #1655951 - CC: tools supporting CMC requests output
keyID needs to be captured in file [rhel-7.6.z] (cfu)
- Bugzilla Bug #1656297 - Unable to install with admin-generated keys
[rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

[10.5.9-7]
- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1632116 - CC: missing audit event for CS acting as
TLS client [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be
removed from the default ciphers list [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be
enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder
overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen)
- Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth
[rhel-7.6.z] (cfu)
- Bugzilla Bug #1636490 - Installation of CA using an existing CA fails
[rhel-7.6.z] (edewata)
- Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for
a password [rhel-7.6.z] (edewata)
- Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra,
pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne)
- Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when
there is no space on the disk to write logs [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

ELBA-2019-0168 Oracle Linux 7 pki-core bug fix and enhancement update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-0168

http://linux.oracle.com/errata/ELBA-2019-0168.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
pki-base-10.5.9-10.el7_6.noarch.rpm
pki-base-java-10.5.9-10.el7_6.noarch.rpm
pki-ca-10.5.9-10.el7_6.noarch.rpm
pki-kra-10.5.9-10.el7_6.noarch.rpm
pki-server-10.5.9-10.el7_6.noarch.rpm
pki-symkey-10.5.9-10.el7_6.aarch64.rpm
pki-tools-10.5.9-10.el7_6.aarch64.rpm
pki-javadoc-10.5.9-10.el7_6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pki-core-10.5.9-10.el7_6.src.rpm



Description of changes:

[10.5.9-10]
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout
configuration [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
- # Added Batch Update Information to Product Version (mharmsen)

[10.5.9-9]
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on
SystemCertsVerification
if enableOCSP is true [rhel-7.6.z] (jmagne)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

[10.5.9-8]
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z]
(dmoluguw)
- Bugzilla Bug #1645263 - Auth plugins leave passwords in the access
log and audit log using REST [rhel-7.6.z] (dmoluguw)
- Bugzilla Bug #1645429 - pkispawn fails due to name collision with
/var/log/pki/ [rhel-7.6.z] (dmoluguw)
- Bugzilla Bug #1655951 - CC: tools supporting CMC requests output
keyID needs to be captured in file [rhel-7.6.z] (cfu)
- Bugzilla Bug #1656297 - Unable to install with admin-generated keys
[rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

[10.5.9-7]
- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1632116 - CC: missing audit event for CS acting as
TLS client [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be
removed from the default ciphers list [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be
enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder
overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen)
- Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth
[rhel-7.6.z] (cfu)
- Bugzilla Bug #1636490 - Installation of CA using an existing CA fails
[rhel-7.6.z] (edewata)
- Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for
a password [rhel-7.6.z] (edewata)
- Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra,
pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne)
- Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when
there is no space on the disk to write logs [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

ELSA-2019-4533 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4533

http://linux.oracle.com/errata/ELSA-2019-4533.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.306.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.306.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.306.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.306.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.306.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.306.1.el5uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.306.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.306.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.306.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.306.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.306.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.306.1.el5uek.x86_64.rpm




Description of changes:

[2.6.39-400.306.1.el5uek]
- ext4: validate that metadata blocks do not overlap superblock
(Theodore Ts'o) [Orabug: 28220576] {CVE-2018-1094}
- Provide a NLM_F_* flag void dumping inet/inet6 stats in rtnl_if_info()
(Manish Kumar Singh) [Orabug: 28318718]
- btrfs: relocation: Only remove reloc rb_trees if reloc control has
been initialized (Qu Wenruo) [Orabug: 29301108] {CVE-2018-14609}

ELSA-2019-4533 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4533

http://linux.oracle.com/errata/ELSA-2019-4533.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.306.1.el6uek.i686.rpm
kernel-uek-debug-2.6.39-400.306.1.el6uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.306.1.el6uek.i686.rpm
kernel-uek-devel-2.6.39-400.306.1.el6uek.i686.rpm
kernel-uek-doc-2.6.39-400.306.1.el6uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.306.1.el6uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.306.1.el6uek.noarch.rpm
kernel-uek-doc-2.6.39-400.306.1.el6uek.noarch.rpm
kernel-uek-2.6.39-400.306.1.el6uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.306.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.306.1.el6uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.306.1.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39-400.306.1.el6uek.src.rpm



Description of changes:

[2.6.39-400.306.1.el6uek]
- ext4: validate that metadata blocks do not overlap superblock
(Theodore Ts'o) [Orabug: 28220576] {CVE-2018-1094}
- Provide a NLM_F_* flag void dumping inet/inet6 stats in rtnl_if_info()
(Manish Kumar Singh) [Orabug: 28318718]
- btrfs: relocation: Only remove reloc rb_trees if reloc control has
been initialized (Qu Wenruo) [Orabug: 29301108] {CVE-2018-14609}