ELBA-2024-12443 Oracle Linux 9 selinux-policy bug fix update
ELBA-2024-3824 Oracle Linux 9 cloud-init bug fix update
ELSA-2024-3968 Moderate: Oracle Linux 8 container-tools:ol8 bug fix and enhancement update
ELSA-2024-3980 Important: Oracle Linux 7 flatpak security update (aarch64)
ELSA-2024-3980 Important: Oracle Linux 7 flatpak security update
ELBA-2024-12443 Oracle Linux 9 selinux-policy bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-12443
http://linux.oracle.com/errata/ELBA-2024-12443.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
selinux-policy-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-doc-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-mls-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-sandbox-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-targeted-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-devel-38.1.35-2.0.3.el9_4.noarch.rpm
aarch64:
selinux-policy-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-doc-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-mls-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-sandbox-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-targeted-38.1.35-2.0.3.el9_4.noarch.rpm
selinux-policy-devel-38.1.35-2.0.3.el9_4.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//selinux-policy-38.1.35-2.0.3.el9_4.src.rpm
Description of changes:
[38.1.35-2.0.3]
- Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
ELBA-2024-3824 Oracle Linux 9 cloud-init bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-3824
http://linux.oracle.com/errata/ELBA-2024-3824.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
cloud-init-23.4-7.0.1.el9_4.3.noarch.rpm
aarch64:
cloud-init-23.4-7.0.1.el9_4.3.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//cloud-init-23.4-7.0.1.el9_4.3.src.rpm
Description of changes:
[23.4-7.0.1.el9_4.3]
- NetworkManagerActivator brings up interface failed when using sysconfig renderer [RHEL-18981]
- Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168]
- Increase retry value and add timeout for OCI [Orabug: 35329883]
- Fix log file permission [Orabug: 35302969]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- Make Oracle datasource detect dracut based config files [Orabug: 29956753]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros
ELSA-2024-3968 Moderate: Oracle Linux 8 container-tools:ol8 bug fix and enhancement update
Oracle Linux Security Advisory ELSA-2024-3968
http://linux.oracle.com/errata/ELSA-2024-3968.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
aardvark-dns-1.10.0-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
buildah-1.33.7-2.module+el8.10.0+90352+16362864.x86_64.rpm
buildah-tests-1.33.7-2.module+el8.10.0+90352+16362864.x86_64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90298+77a9814d.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
containernetworking-plugins-1.4.0-2.module+el8.10.0+90298+77a9814d.x86_64.rpm
containers-common-1-81.0.1.module+el8.10.0+90298+77a9814d.x86_64.rpm
container-selinux-2.229.0-2.module+el8.10.0+90298+77a9814d.noarch.rpm
crit-3.18-5.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
criu-3.18-5.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
criu-devel-3.18-5.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
criu-libs-3.18-5.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
crun-1.14.3-2.module+el8.10.0+90298+77a9814d.x86_64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
libslirp-4.4.0-2.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
netavark-1.10.3-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
podman-4.9.4-3.0.1.module+el8.10.0+90352+16362864.x86_64.rpm
podman-catatonit-4.9.4-3.0.1.module+el8.10.0+90352+16362864.x86_64.rpm
podman-docker-4.9.4-3.0.1.module+el8.10.0+90352+16362864.noarch.rpm
podman-gvproxy-4.9.4-3.0.1.module+el8.10.0+90352+16362864.x86_64.rpm
podman-plugins-4.9.4-3.0.1.module+el8.10.0+90352+16362864.x86_64.rpm
podman-remote-4.9.4-3.0.1.module+el8.10.0+90352+16362864.x86_64.rpm
podman-tests-4.9.4-3.0.1.module+el8.10.0+90352+16362864.x86_64.rpm
python3-criu-3.18-5.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
python3-podman-4.9.0-1.module+el8.10.0+90298+77a9814d.noarch.rpm
runc-1.1.12-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
skopeo-1.14.3-2.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
skopeo-tests-1.14.3-2.module+el8.10.0+90337+0d7b6e74.x86_64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90298+77a9814d.x86_64.rpm
udica-0.2.6-21.module+el8.10.0+90337+0d7b6e74.noarch.rpm
aarch64:
aardvark-dns-1.10.0-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
buildah-1.33.7-2.module+el8.10.0+90352+16362864.aarch64.rpm
buildah-tests-1.33.7-2.module+el8.10.0+90352+16362864.aarch64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90298+77a9814d.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
containernetworking-plugins-1.4.0-2.module+el8.10.0+90298+77a9814d.aarch64.rpm
containers-common-1-81.0.1.module+el8.10.0+90298+77a9814d.aarch64.rpm
container-selinux-2.229.0-2.module+el8.10.0+90298+77a9814d.noarch.rpm
crit-3.18-5.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
criu-3.18-5.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
criu-devel-3.18-5.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
criu-libs-3.18-5.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
crun-1.14.3-2.module+el8.10.0+90298+77a9814d.aarch64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
libslirp-4.4.0-2.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
netavark-1.10.3-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
podman-4.9.4-3.0.1.module+el8.10.0+90352+16362864.aarch64.rpm
podman-catatonit-4.9.4-3.0.1.module+el8.10.0+90352+16362864.aarch64.rpm
podman-docker-4.9.4-3.0.1.module+el8.10.0+90352+16362864.noarch.rpm
podman-gvproxy-4.9.4-3.0.1.module+el8.10.0+90352+16362864.aarch64.rpm
podman-plugins-4.9.4-3.0.1.module+el8.10.0+90352+16362864.aarch64.rpm
podman-remote-4.9.4-3.0.1.module+el8.10.0+90352+16362864.aarch64.rpm
podman-tests-4.9.4-3.0.1.module+el8.10.0+90352+16362864.aarch64.rpm
python3-criu-3.18-5.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
python3-podman-4.9.0-1.module+el8.10.0+90298+77a9814d.noarch.rpm
runc-1.1.12-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
skopeo-1.14.3-2.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
skopeo-tests-1.14.3-2.module+el8.10.0+90337+0d7b6e74.aarch64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90298+77a9814d.aarch64.rpm
udica-0.2.6-21.module+el8.10.0+90337+0d7b6e74.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//aardvark-dns-1.10.0-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//buildah-1.33.7-2.module+el8.10.0+90352+16362864.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//cockpit-podman-84.1-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//conmon-2.1.10-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//containernetworking-plugins-1.4.0-2.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//containers-common-1-81.0.1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//container-selinux-2.229.0-2.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//criu-3.18-5.module+el8.10.0+90337+0d7b6e74.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//crun-1.14.3-2.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//fuse-overlayfs-1.13-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//libslirp-4.4.0-2.module+el8.10.0+90337+0d7b6e74.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//netavark-1.10.3-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//podman-4.9.4-3.0.1.module+el8.10.0+90352+16362864.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-podman-4.9.0-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//runc-1.1.12-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//skopeo-1.14.3-2.module+el8.10.0+90337+0d7b6e74.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//slirp4netns-1.2.3-1.module+el8.10.0+90298+77a9814d.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//udica-0.2.6-21.module+el8.10.0+90337+0d7b6e74.src.rpm
Related CVEs:
CVE-2024-28176
CVE-2024-28180
Description of changes:
aardvark-dns
[2:1.10.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0
- Related: Jira:RHEL-2110
[2:1.9.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0
- Related: Jira:RHEL-2110
[2:1.8.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0
- Related: Jira:RHEL-2110
buildah
[2:1.33.7-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/997beea)
- Resolves: RHEL-28725
cockpit-podman
[84.1-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1
- Related: Jira:RHEL-25557
[84-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84
- Related: Jira:RHEL-2110
[83-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/83
- Related: Jira:RHEL-2110
[82-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/82
- Related: Jira:RHEL-2110
[81-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/81
- Related: Jira:RHEL-2110
[80-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/80
- Related: Jira:RHEL-2110
[79-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/79
- Related: Jira:RHEL-2110
[78-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/78
- Related: Jira:RHEL-2110
[77-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/77
- Related: Jira:RHEL-2110
[75-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/75
- Related: #2176055
conmon
[3:2.1.10-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.10
- Related: Jira:RHEL-2110
[3:2.1.8-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.8
- Related: #2176055
containernetworking-plugins
[1:1.4.0-2]
- rebuild
- Resolves: RHEL-18390
[1:1.4.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0
- Related: Jira:RHEL-2110
containers-common
[2:1-81.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)
[2:1-81]
- Update shortnames from Pyxis
- Related: Jira:RHEL-2110
[2:1-80]
- bump release to preserve upgrade path
- Resolves: Jira:RHEL-12277
container-selinux
[2:2.229.0-2]
- remove watch statements properly for RHEL8 and lower
- Related: Jira:RHEL-2110
[2:2.229.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0
- Related: Jira:RHEL-2110
[2:2.228.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1
- Related: Jira:RHEL-2110
[2:2.228.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0
- Related: Jira:RHEL-2110
[2:2.227.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0
- Related: Jira:RHEL-2110
[2:2.226.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0
- remove dependency on policycoreutils-python-utils as it pulls in python
- Related: Jira:RHEL-2110
[2:2.224.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0
- Related: Jira:RHEL-2110
[2:2.222.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0
- Related: Jira:RHEL-2110
criu
[3.18-5]
- rebuild to preserve upgrade path
- Related: RHEL-32671
[3.18-4]
- switch to egg-info on 8.9
- Related: #2176055
[3.18-3]
- remove --progress-bar option
- Related: #2176055
[3.18-2]
- update to 3.18
- Related: #2176055
[3.17-1]
- update to 3.17
- Resolves: #2175794
crun
[1.14.3-2]
- remove BR libgcrypt-devel, no longer needed
- Related: Jira:RHEL-2110
[1.14.3-1]
- update to https://github.com/containers/crun/releases/tag/1.14.3
- Related: Jira:RHEL-2110
[1.14.1-1]
- update to https://github.com/containers/crun/releases/tag/1.14.1
- Related: Jira:RHEL-2110
[1.14-1]
- update to https://github.com/containers/crun/releases/tag/1.14
- Related: Jira:RHEL-2110
[1.13-1]
- update to https://github.com/containers/crun/releases/tag/1.13
- Related: Jira:RHEL-2110
[1.12-1]
- update to https://github.com/containers/crun/releases/tag/1.12
- Related: Jira:RHEL-2110
[1.11.2-1]
- update to https://github.com/containers/crun/releases/tag/1.11.2
- Related: Jira:RHEL-2110
[1.11.1-1]
- update to https://github.com/containers/crun/releases/tag/1.11.1
- Related: Jira:RHEL-2110
[1.11-1]
- update to https://github.com/containers/crun/releases/tag/1.11
- Related: Jira:RHEL-2110
[1.9.2-1]
- update to https://github.com/containers/crun/releases/tag/1.9.2
- Related: Jira:RHEL-2110
[1.9.1-1]
- update to https://github.com/containers/crun/releases/tag/1.9.1
- Related: Jira:RHEL-2110
[1.9-1]
- update to https://github.com/containers/crun/releases/tag/1.9
- Related: Jira:RHEL-2110
fuse-overlayfs
[1.13-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13
- Related: Jira:RHEL-2110
libslirp
[4.4.0-2]
- rebuild to preserve upgrade path 8.9 -> 8.10
- Related: RHEL-32671
netavark
[2:1.10.3-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.3
- Related: Jira:RHEL-2110
[2:1.10.2-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.2
- Related: Jira:RHEL-2110
[2:1.10.1-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.1
- Related: Jira:RHEL-2110
[2:1.10.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.0
- Related: Jira:RHEL-2110
[2:1.9.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.9.0
- Related: Jira:RHEL-2110
[2:1.8.0-2]
- fix directory for systemd units
- Related: Jira:RHEL-2110
[2:1.8.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.8.0
- Related: Jira:RHEL-2110
oci-seccomp-bpf-hook
[1.2.10-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10
- Related: Jira:RHEL-2110
podman
[4:4.9.4-3.0.1]
- Add devices on container startup, not on creation
[4:4.9.4-3]
- BR: /usr/bin/man
- Related: RHEL-28727
[4:4.9.4-2]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/6464b2c)
- Resolves: RHEL-28727
python-podman
[4.9.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.9.0
- Related: Jira:RHEL-2110
[4.8.2-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.8.2
- Related: Jira:RHEL-2110
[4.8.0.post1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.8.0.post1
- Related: Jira:RHEL-2110
[4.7.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.7.0
- Related: Jira:RHEL-2110
runc
skopeo
[2:1.14.3-2]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14
( https://github.com/containers/skopeo/commit/5f2b9af)
- Resolves: RHEL-28728
[2:1.14.3-1]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14
( https://github.com/containers/skopeo/commit/4a2bc3a)
- Resolves: RHEL-28226
slirp4netns
[1.2.3-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3
- Related: Jira:RHEL-2110
[1.2.2-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2
- Related: Jira:RHEL-2110
udica
[0.2.6-21]
- bump release to preserve update path
- Resolves: RHEL-32671
[0.2.6-20]
- bump release to preserve update path
- Related: #2139052
ELSA-2024-3980 Important: Oracle Linux 7 flatpak security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-3980
http://linux.oracle.com/errata/ELSA-2024-3980.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
flatpak-1.0.9-13.el7_9.aarch64.rpm
flatpak-libs-1.0.9-13.el7_9.aarch64.rpm
flatpak-builder-1.0.0-13.el7_9.aarch64.rpm
flatpak-devel-1.0.9-13.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//flatpak-1.0.9-13.el7_9.src.rpm
Related CVEs:
CVE-2024-32462
Description of changes:
[1.0.9-13]
- Fix CVE-2024-32462
ELSA-2024-3980 Important: Oracle Linux 7 flatpak security update
Oracle Linux Security Advisory ELSA-2024-3980
http://linux.oracle.com/errata/ELSA-2024-3980.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
flatpak-1.0.9-13.el7_9.x86_64.rpm
flatpak-builder-1.0.0-13.el7_9.x86_64.rpm
flatpak-devel-1.0.9-13.el7_9.x86_64.rpm
flatpak-libs-1.0.9-13.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//flatpak-1.0.9-13.el7_9.src.rpm
Related CVEs:
CVE-2024-32462
Description of changes:
[1.0.9-13]
- Fix CVE-2024-32462