Oracle Linux 6277 Published by

The following updates are available for Oracle Linux:

ELBA-2024-12351 Oracle Linux 9 ndctl bug fix update
ELSA-2024-2002 Moderate: Oracle Linux 7 grub2 security update
ELSA-2024-1959 Important: Oracle Linux 7 shim security update




ELBA-2024-12351 Oracle Linux 9 ndctl bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12351

http://linux.oracle.com/errata/ELBA-2024-12351.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ndctl-73-1.0.2.el9.x86_64.rpm
ndctl-devel-73-1.0.2.el9.x86_64.rpm
ndctl-libs-73-1.0.2.el9.x86_64.rpm
daxctl-73-1.0.2.el9.x86_64.rpm
daxctl-libs-73-1.0.2.el9.x86_64.rpm
daxctl-devel-73-1.0.2.el9.x86_64.rpm
cxl-cli-73-1.0.2.el9.x86_64.rpm
cxl-devel-73-1.0.2.el9.x86_64.rpm
cxl-libs-73-1.0.2.el9.x86_64.rpm
daxctl-devel-73-1.0.2.el9.i686.rpm
daxctl-libs-73-1.0.2.el9.i686.rpm
ndctl-devel-73-1.0.2.el9.i686.rpm
ndctl-libs-73-1.0.2.el9.i686.rpm
cxl-cli-73-1.0.2.el9.i686.rpm
cxl-devel-73-1.0.2.el9.i686.rpm
cxl-libs-73-1.0.2.el9.i686.rpm
daxctl-73-1.0.2.el9.i686.rpm
ndctl-73-1.0.2.el9.i686.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ndctl-73-1.0.2.el9.src.rpm

Description of changes:

[73-1.0.2]
- ndctl: dump key load failure logs to stdout (Orabug: 35403391)

[73-1.0.1]
- Update to 73

[72.1-1.0.1]
- Update to 72.1

[72-1.0.1]
- Update to 72



ELSA-2024-2002 Moderate: Oracle Linux 7 grub2 security update


Oracle Linux Security Advisory ELSA-2024-2002

http://linux.oracle.com/errata/ELSA-2024-2002.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
grub2-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-common-2.02-0.87.0.26.el7_9.14.noarch.rpm
grub2-efi-ia32-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-efi-ia32-modules-2.02-0.87.0.26.el7_9.14.noarch.rpm
grub2-efi-x64-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-efi-x64-cdboot-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-efi-x64-modules-2.02-0.87.0.26.el7_9.14.noarch.rpm
grub2-pc-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-pc-modules-2.02-0.87.0.26.el7_9.14.noarch.rpm
grub2-tools-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-tools-extra-2.02-0.87.0.26.el7_9.14.x86_64.rpm
grub2-tools-minimal-2.02-0.87.0.26.el7_9.14.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//grub2-2.02-0.87.0.26.el7_9.14.src.rpm

Related CVEs:

CVE-2022-2601

Description of changes:

[2.02-0.87.0.26.el7.14]
- Replace bugzilla.oracle.com reference [Orabug: 35477723]
- Backport kernel EFI allocation pacthes [Orabug: 34301086]
- Add to the list CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28734, CVE-2022-28735, CVE-2022-28736 [JIRA: OLDIS-16371]
- bump SBAT generation [JIRA: OLDIS-16371]
- Cleanup XEN shell script (Alex Burmashev) [Orabug: 33851417]
- Update SBAT data (Alex Burmashev) [Orabug: 33851417]
- efinet: change SNP open call (Alex Burmashev) [Orabug: 32646964]
- disable buggy 0183-efinet-retransmit-if-our-device-is-busy.patch [Orabug: 27982684]
- Patch multiboot2 to the recent state [Orabug: 32950597]
- Enable multiboot2 for UEFI ( non Secureboot ) mode [Orabug: 32950597]
- Update signing certificate [Orabug: 32670043]
- Update shim and certificates dependencies [Orabug: 32670043]
- xfs: Don't attempt to iterate over empty directory [Orabug: 32584717]
- add SBAT metadata for Oracle Linux grub2
- Use similar format for menu entry in grub environment block
- config file. [Orabug: 32172943]
- Fix degradation in multiboot2 code [Orabug: 32069510]
- Update signing certificate for efi binaries
- Update upstream references [Orabug: 30138841]
- Restore symlink to grub environment file, that was removed during grub2-efi update
if grub2 package is also installed on UEFI machines [Orabug: 27345750]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for [Orabug: 18504756]
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev)
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]



ELSA-2024-1959 Important: Oracle Linux 7 shim security update


Oracle Linux Security Advisory ELSA-2024-1959

http://linux.oracle.com/errata/ELSA-2024-1959.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
mokutil-15.8-1.0.3.el7.x86_64.rpm
shim-unsigned-x64-15.8-2.0.3.el7.x86_64.rpm
shim-x64-15.8-1.0.3.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//shim-15.8-2.0.3.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates//shim-signed-15.8-1.0.3.el7.src.rpm

Related CVEs:

CVE-2023-40546
CVE-2023-40547
CVE-2023-40548
CVE-2023-40549
CVE-2023-40550
CVE-2023-40551

Description of changes:

shim
[- 15.8-2.0.3.el7]
- Set shim.ol sbat generation to 3 [Orabug: 36271343]

[- 15.8-2.0.1.el7]
- Set SBAT_AUTOMATIC_DATE to 2021030218 [Orabug: 36271343]
- Rebuild with Oracle certificates [Orabug: 36271343]
- Full list of fixed CVEs: CVE-2023-40546, CVE-2023-40547,
CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36271343]

[15.8-2.el7]
- Rebuild to fix the commit ident and MAKEFLAGS
Resolves: RHEL-11254

[15.8-1.el7]
- Update to shim-15.8 for CVE-2023-40547
Resolves: RHEL-11254

shim-signed
[15.8-1.0.3]
- Update shimx64.efi signed by Microsoft [Orabug: 36271343]

[15.8-1.0.1]
- Set shim.ol sbat generation to 3 [Orabug: 36271343]
- Set SBAT_AUTOMATIC_DATE to 2021030218 [Orabug: 36271343]
- Rebuild with Oracle certificates [Orabug: 36271343]
- Full list of fixed CVEs: CVE-2023-40546, CVE-2023-40547,
CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36271343]
- Disable ia32 build [Orabug: 36271343]