Oracle Linux 6278 Published by

The following security updates has been released for Oracle Linux:

ELBA-2018-4256 Oracle Linux 7 sssd bug fix update
ELBA-2018-4257 Oracle Linux 7 sssd bug fix update (aarch64)
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4215)
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4233)



ELBA-2018-4256 Oracle Linux 7 sssd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-4256

http://linux.oracle.com/errata/ELBA-2018-4256.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libipa_hbac-1.16.0-19.0.1.el7_5.8.i686.rpm
libipa_hbac-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_autofs-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_idmap-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_idmap-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_nss_idmap-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_nss_idmap-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_simpleifp-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_simpleifp-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_sudo-1.16.0-19.0.1.el7_5.8.x86_64.rpm
python-libipa_hbac-1.16.0-19.0.1.el7_5.8.x86_64.rpm
python-libsss_nss_idmap-1.16.0-19.0.1.el7_5.8.x86_64.rpm
python-sss-1.16.0-19.0.1.el7_5.8.x86_64.rpm
python-sssdconfig-1.16.0-19.0.1.el7_5.8.noarch.rpm
python-sss-murmur-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-ad-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-client-1.16.0-19.0.1.el7_5.8.i686.rpm
sssd-client-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-common-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-common-pac-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-dbus-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-ipa-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-krb5-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-krb5-common-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-ldap-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-libwbclient-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-proxy-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-tools-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libipa_hbac-devel-1.16.0-19.0.1.el7_5.8.i686.rpm
libipa_hbac-devel-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_idmap-devel-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_idmap-devel-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_nss_idmap-devel-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_nss_idmap-devel-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_simpleifp-devel-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_simpleifp-devel-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-libwbclient-devel-1.16.0-19.0.1.el7_5.8.i686.rpm
sssd-libwbclient-devel-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-polkit-rules-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-winbind-idmap-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_certmap-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_certmap-1.16.0-19.0.1.el7_5.8.x86_64.rpm
libsss_certmap-devel-1.16.0-19.0.1.el7_5.8.i686.rpm
libsss_certmap-devel-1.16.0-19.0.1.el7_5.8.x86_64.rpm
sssd-kcm-1.16.0-19.0.1.el7_5.8.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.0-19.0.1.el7_5.8.src.rpm



Description of changes:

[1.16.0-19.0.1.el7_5.8]
- id can't find name for range outside min/max [Orabug 28107658]



ELBA-2018-4257 Oracle Linux 7 sssd bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-4257

http://linux.oracle.com/errata/ELBA-2018-4257.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
libipa_hbac-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_autofs-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_certmap-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_idmap-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_nss_idmap-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_simpleifp-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_sudo-1.16.0-19.0.1.el7_5.8.aarch64.rpm
python-libipa_hbac-1.16.0-19.0.1.el7_5.8.aarch64.rpm
python-libsss_nss_idmap-1.16.0-19.0.1.el7_5.8.aarch64.rpm
python-sss-1.16.0-19.0.1.el7_5.8.aarch64.rpm
python-sssdconfig-1.16.0-19.0.1.el7_5.8.noarch.rpm
python-sss-murmur-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-ad-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-client-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-common-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-common-pac-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-dbus-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-ipa-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-kcm-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-krb5-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-krb5-common-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-ldap-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-libwbclient-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-polkit-rules-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-proxy-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-tools-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-winbind-idmap-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libipa_hbac-devel-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_certmap-devel-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_idmap-devel-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_nss_idmap-devel-1.16.0-19.0.1.el7_5.8.aarch64.rpm
libsss_simpleifp-devel-1.16.0-19.0.1.el7_5.8.aarch64.rpm
sssd-libwbclient-devel-1.16.0-19.0.1.el7_5.8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.0-19.0.1.el7_5.8.src.rpm



Description of changes:

[1.16.0-19.0.1.el7_5.8]
- id can't find name for range outside min/max [Orabug 28107658]

New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4215)

Synopsis: ELSA-2018-4215 can now be patched using Ksplice
CVEs: CVE-2018-3620 CVE-2018-3646

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4215.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-3620, CVE-2018-3646: Information leak in Intel CPUs under terminal fault.

A flaw in terminal fault handling on Intel CPUs could result in
information leaks across privilege boundaries including between
processes on a system or between virtual machines.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4233)

Synopsis: ELSA-2018-4233 can now be patched using Ksplice
CVEs: CVE-2018-14634

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4233.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-14634: Privilege escalation in ELF executables.

An integer overflow in the argument setup for a new ELF executable could
result in attacker controlled corruption of the user stack when
executing a SUID binary. A local, unprivileged user could use this flaw
to gain superuser privileges.

Orabug: 28710010

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.