Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-0063 Oracle Linux 6 sssd bug fix update
ELBA-2019-4511 Oracle Linux 7 iscsi-initiator-utils bug fix update
ELBA-2019-4511 Oracle Linux 7 iscsi-initiator-utils bug fix update (aarch64)
ELBA-2019-4512 Oracle Linux 7 python-configshell bug fix update
ELBA-2019-4512 Oracle Linux 7 python-configshell bug fix update (aarch64)
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4509)



ELBA-2019-0063 Oracle Linux 6 sssd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-0063

http://linux.oracle.com/errata/ELBA-2019-0063.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
libipa_hbac-1.13.3-60.0.2.el6_10.2.i686.rpm
libipa_hbac-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_idmap-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_idmap-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_nss_idmap-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_nss_idmap-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_simpleifp-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_simpleifp-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
python-libipa_hbac-1.13.3-60.0.2.el6_10.2.i686.rpm
python-libsss_nss_idmap-1.13.3-60.0.2.el6_10.2.i686.rpm
python-sss-1.13.3-60.0.2.el6_10.2.i686.rpm
python-sss-murmur-1.13.3-60.0.2.el6_10.2.i686.rpm
python-sssdconfig-1.13.3-60.0.2.el6_10.2.noarch.rpm
sssd-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-ad-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-client-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-common-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-common-pac-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-dbus-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-ipa-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-krb5-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-krb5-common-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-ldap-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-proxy-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-tools-1.13.3-60.0.2.el6_10.2.i686.rpm

x86_64:
libipa_hbac-1.13.3-60.0.2.el6_10.2.i686.rpm
libipa_hbac-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libipa_hbac-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libipa_hbac-devel-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libsss_idmap-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_idmap-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libsss_idmap-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_idmap-devel-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libsss_nss_idmap-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_nss_idmap-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libsss_nss_idmap-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_nss_idmap-devel-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libsss_simpleifp-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_simpleifp-1.13.3-60.0.2.el6_10.2.x86_64.rpm
libsss_simpleifp-devel-1.13.3-60.0.2.el6_10.2.i686.rpm
libsss_simpleifp-devel-1.13.3-60.0.2.el6_10.2.x86_64.rpm
python-libipa_hbac-1.13.3-60.0.2.el6_10.2.x86_64.rpm
python-libsss_nss_idmap-1.13.3-60.0.2.el6_10.2.x86_64.rpm
python-sss-1.13.3-60.0.2.el6_10.2.x86_64.rpm
python-sss-murmur-1.13.3-60.0.2.el6_10.2.x86_64.rpm
python-sssdconfig-1.13.3-60.0.2.el6_10.2.noarch.rpm
sssd-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-ad-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-client-1.13.3-60.0.2.el6_10.2.i686.rpm
sssd-client-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-common-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-common-pac-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-dbus-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-ipa-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-krb5-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-krb5-common-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-ldap-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-proxy-1.13.3-60.0.2.el6_10.2.x86_64.rpm
sssd-tools-1.13.3-60.0.2.el6_10.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/sssd-1.13.3-60.0.2.el6_10.2.src.rpm



Description of changes:

[1.13.3-60.0.2.2]
- Orabug 27246984 - still crashes after upstream patch applied

- Orabug 26746822 - revert patch 0118 to fix LDAP netgroup lookup
problem


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata



ELBA-2019-4511 Oracle Linux 7 iscsi-initiator-utils bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-4511

http://linux.oracle.com/errata/ELBA-2019-4511.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
iscsi-initiator-utils-6.2.0.874-10.0.3.el7.i686.rpm
iscsi-initiator-utils-6.2.0.874-10.0.3.el7.x86_64.rpm
iscsi-initiator-utils-iscsiuio-6.2.0.874-10.0.3.el7.x86_64.rpm
iscsi-initiator-utils-devel-6.2.0.874-10.0.3.el7.i686.rpm
iscsi-initiator-utils-devel-6.2.0.874-10.0.3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/iscsi-initiator-utils-6.2.0.874-10.0.3.el7.src.rpm



Description of changes:

[6.2.0.874-10.0.3]
- Add -10.0.3 version.

[6.2.0.874-10.0.2]
- Use sd_notify() to tell systemd when iscsid is ready. At the same time,
change iscsid.service to use TYPE=notify and NotifyAcess=main, add
'Requires=iscsid.service' into iscsi.service to cooperate with After to
ensure iscsi.service is started after iscsid.service is ready.
[orabug29128380]



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata



ELBA-2019-4511 Oracle Linux 7 iscsi-initiator-utils bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-4511

http://linux.oracle.com/errata/ELBA-2019-4511.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
iscsi-initiator-utils-6.2.0.874-10.0.3.el7.aarch64.rpm
iscsi-initiator-utils-iscsiuio-6.2.0.874-10.0.3.el7.aarch64.rpm
iscsi-initiator-utils-devel-6.2.0.874-10.0.3.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/iscsi-initiator-utils-6.2.0.874-10.0.3.el7.src.rpm



Description of changes:

[6.2.0.874-10.0.3]
- Add -10.0.3 version.

[6.2.0.874-10.0.2]
- Use sd_notify() to tell systemd when iscsid is ready. At the same time,
change iscsid.service to use TYPE=notify and NotifyAcess=main, add
'Requires=iscsid.service' into iscsi.service to cooperate with After to
ensure iscsi.service is started after iscsid.service is ready.
[orabug29128380]

[6.2.0.874-10.0.1]
- Rename 0053-use-red-hat-name.patch to 0153-use-oracle-for-name.patch
and use com.oracle in prefix
change InitiatorName to "iqn.1988-12.com.oracle" (Tianyue Lan) [18791695]

[6.2.0.874-10]
- 1185734 set iscsid.safe_logout to Yes by default

[6.2.0.874-9]
- 1578984 update iscsiuio to v0.7.8.4

[6.2.0.874-8]
- 1278438 enable MaxOutstandingR2T negotiation during login

[6.2.0.874-7]
- 1328694 keep vlan settings in sync for ipv4/ipv6 iface records with
be2iscsi

[6.2.0.874-6]
- 1507945 force start iscsiuio for boot session recovery with qedi
- 1457359 start systemd socket listeners, otherwise if iscsid is started
directly iscsiuio doesn't activate as expected

[6.2.0.874-5]
- 1431622 fix default in iscsi-iname manpage to match Red Hat customization

[6.2.0.874-4]
- 1450756 isolate iscsistart sockets

[6.2.0.874-3]
- 1445686 add missing ping hook for the qedi transport driver

[6.2.0.874-2]
- 1422941 allow disabling of auto scanning sessions, requested for OpenStack

[6.2.0.874-1]
- 1384090 upstream 2.0.874+ with qedi support
- 1414819 iscsid reporting blank emerg messages

[6.2.0.873-35]
- 1362590 Revert iscsiuio pthread changes that result in a race
condition on shutdown

[6.2.0.873-34]
- 1322000 ensure TCP abort on session failure to prevent data corruption
with link flap
- 1294964, 1265073, 1213569 iscsiuio update, fix small ARP table issue
- 1309488 remove broken sysfs cache code to speed up login of many sessions
- 1330348 sync with upstream Open-iSCSI for minor fixes

[6.2.0.873-33]
- 1275139 iscsiuio support for multi-function mode NetXtreme2 HBAs

[6.2.0.873-32]
- 1235684 apply safe_logout setting to flashnode sessions as well
but only when logging out by session id, not by flashnode index

[6.2.0.873-31]
- 1235684 fix safe logout DM name canonicalization, use libmount cache

[6.2.0.873-30]
- 1235684 add iscsid safe logout option

[6.2.0.873-29]
- 1166713 1187792 add missing ExecStart, only newer systemd lets that be
optional for oneshot services

[6.2.0.873-28]
- 1180100 scriptlets were never split out properly for the iscsiuio
subpackage

[6.2.0.873-27]
- 1168556 fix regression in network interface binding

[6.2.0.873-26]
- 1166713 created iscsi-shutdown.service to ensure that session cleanup
happens

[6.2.0.873-25]
- Add --with-slp=no for #1088020

[6.2.0.873-24]
- 1040343 segfault from unexpected netlink event during discovery
- inhibit strict aliasing optimizations in iscsiuio, rpmdiff error

[6.2.0.873-23]
- make sure to pass --with-security=no to isns configure (#1088020)

[6.2.0.873-22]
- 1081798 retry login on host not found error
- 1111925 ignore iscsiadm return in iscsi.service
- 1126524 make sure systemd order against remote mounts is correct
- 963039 add discovery as a valid mode in iscsiadm.8
- sync with upstream

[6.2.0.873-21]
- 1069825
- boot session handling improvements
- Fix iscsi-mark-root for changed iscsiadm output
- Make sure iscsiuio is running for boot session recovery when using the
bnx2i transport by forcing iscsiuio.service start
- Make NM dispatch triggered re-check for autostart sessions async
- Accept exit code 21, no records, from iscsiadm as success in
iscsi.service

[6.2.0.873-20]
- 1049710 host0 being treated as an invalid in the host stats command
- 1015563 revert change to return code when calling login_portal for
sessions
that already exist, as it impacts users scripting around iscsiadm

[6.2.0.873-19]
- 1007388 fixes for iscsiadm to support qla4xxx
- refresh boot session info patches to final version from upstream,
fixes context issues with later patches
- 1006156, 1006161 Add/Update entries in chap table through Open-iSCSI
- 948134 extend support to set additional parameters for network
configuration
- 1049710 update open-iscsi to support host statistics
- 1043019 iscsiuio fix for arp cache flush issue
- 1059332 Fix broken discovery sessions over iser
- 1017393 split out iscsiuio into a seperate sub-package

[6.2.0.873-18]
- Mass rebuild 2014-01-24

[6.2.0.873-17]
- Mass rebuild 2013-12-27

[6.2.0.873-16]
- fix iscsiuio socket activation
- have systemd start socket units on iscsiadm use, if not already listening

[6.2.0.873-15]
- move /sbin to /usr/sbin
- use rpm macros in install rules

[6.2.0.873-14]
- fix iscsiuio hardened build and other compiler flags

[6.2.0.873-13]
- Fix patch 0041 to check session != NULL before calling
iscsi_sysfs_read_boot()

[6.2.0.873-12]
- fix regression in last build, database records can't be accessed

[6.2.0.873-11]
- iscsi boot related fixes
make sure iscsid gets started if there are any boot sessions running
add reload target to fix double session problem when restarting from NM
don't rely on session list passed from initrd, never got fully implemented
remove patches related to running iscsid from initrd, possible to
revisit later

[6.2.0.873-10]
- sync with upstream git, minor context fixes after rebase of
out-of-tree patches
- iscsiuio is merged upstream, remove old source archive and patches
- spec cleanups to fix rpmlint issues

[6.2.0.873-9]
- Fix FTBFS, cleanup spec

[6.2.0.873-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

[6.2.0.873-7]
- Use the systemd tmpfiles service to recreate lockfiles in /var/lock
- 955167 build as a position independent executable
- 894576 fix order of setuid/setgid and drop additional groups

[6.2.0.873-6]
- Don't have iscsiadm scan for autostart record if node db is empty (bug
#951951)

[6.2.0.873-5]
- Fix typo in NM dispatcher script (bug #917058)

[6.2.0.873-4]
- build with libkmod support, instead of calling out to modprobe
- enable socket activation by default

[6.2.0.873-3]
- Fix the postun script to not use ldconfig as the interpreter

[6.2.0.873-2]
- package iscsi_mark_root_nodes script, it's being referenced by the
unit files

[6.2.0.873-1]
- rebase to new upstream code
- systemd conversion
- 565245 Fix multilib issues caused by timestamp in doxygen footers

[6.2.0.872-19]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[6.2.0.872.18]
- 789683 Fix boot slow down when the iscsi service is started
(regression added in 6.2.0.872.16 when the nm wait was added).

[6.2.0.872.17]
- 786174 Change iscsid/iscsi service startup, so it always starts
when called.

[6.2.0.872.16]
- 747479 Fix iscsidevs handling of network requirement

[6.2.0.872-15]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[6.2.0.872.14]
- Fix version string to reflect fedora and not rhel.

[6.2.0.872.13]
- Update iscsi tools.

[6.2.0.872-12]
- Change iscsi init scripts to check for networking being actually up,
rather
then for NetworkManager being started (#692230)

[6.2.0.872-11]
- Fix iscsid autostarting when upgrading from an older version
(add iscsid.startup key to iscsid.conf on upgrade)
- Fix printing of [ OK ] when successfully stopping iscsid
- systemd related fixes:
- Add Should-Start/Stop tgtd to iscsi init script to fix (re)boot from
hanging when using locally hosted targets
- %ghost /var/lock/iscsi and contents (#656605)

[6.2.0.872-10]
- Fix iscsi init scripts check for networking being up (#692230)

[6.2.0.872-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata



ELBA-2019-4512 Oracle Linux 7 python-configshell bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-4512

http://linux.oracle.com/errata/ELBA-2019-4512.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
python-configshell-1.1.fb23-5.0.5.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-configshell-1.1.fb23-5.0.5.el7.src.rpm



Description of changes:

[1:1.1.fb23-5.0.5]
- Add 0007-Fix-regression-caused-by-bug-28918443.patch to fix [Orabug
29172685]



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata



ELBA-2019-4512 Oracle Linux 7 python-configshell bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2019-4512

http://linux.oracle.com/errata/ELBA-2019-4512.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
python-configshell-1.1.fb23-5.0.5.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-configshell-1.1.fb23-5.0.5.el7.src.rpm



Description of changes:

[1:1.1.fb23-5.0.5]
- Add 0007-Fix-regression-caused-by-bug-28918443.patch to fix [Orabug
29172685]

[1:1.1.fb23-5.0.3]
- Add 0006-Acquire-lock-before-accessing-pref.patch to fix [Orabug:
28918443]

[1:1.1.fb23-5.0.1]
- Add 0005-Allow-plus-in-pathnames to fix [Orabug: 28035235]

[1:1.1.fb23-5]
- Respin a new release of python-configshell to avoid problems with TPS
tests

[1:1.1.fb23-4]
- Fix failure when parsing parameters
- Add 0003-Fix-failing-to-pasre-par-val-parameters.patch
- Add 0004-Fix-failing-to-pasre-param-like-cfgstr-par-val.patch

[1:1.1.fb23-3]
- Rename configshell-fix-term.patch to 0001*
- Add 0002-Fix-path-regex-for-and.patch

[1:1.1.fb23-2]
- Add configshell-fix-term.patch

[1:1.1.fb23-1]
- Update to latest in Fedora

[1:1.1.fb18-1]
- Update to latest in Fedora

[1:1.1.fb14-1]
- New upstream release

[1:1.1.fb11-3]
- Update source/URL to current
- Fix changelog

[1:1.1.fb11-1]
- New upstream release

[1:1.1.fb9-2]
- Mass rebuild 2013-12-27

[1:1.1.fb9-1]
- New upstream release
- Remove dependency on python-simpleparse in favor of pyparsing
- Remove BuildRequires

[1:1.1.fb8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

[1:1.1.fb8-1]
- New upstream release
- License now Apache 2.0
- README.md instead of README

[1:1.1.fb7-1]
- New upstream release

[1:1.1.fb6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[1:1.1.fb6-1]
- New upstream release
- Update source URL

[1:1.1.fb5-1]
- New upstream release
- Update Source URL to proper tarball

[1:1.1.fb4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1:1.1.fb4-1]
- New upstream release

[1:1.1.fb3-1]
- New upstream release

[1:1.1.fb2-1]
- New upstream release

[1:1.1.fb1-1]
- New upstream source and release
- Remove patches:
* python-configshell-remove-epydoc-dep.patch
* python-configshell-git-version.patch

[1:1.1-2]
- Properly update changelog
- Sync version with upstream, Epoch used
- Change Source URL to intermediate github repo

[1.99.1.git987b63b-5]
* Rebuild

[1.99.1.git987b63b-4]
- Add patch
- python-configshell-remove-epydoc-dep.patch

[1.99.1.git987b63b-3]
- Address comments from spec review
- drop examples/myshell from doc, it hasn't been updated for API change
- Fully document procedure to generate source .tar.gz
- Remove "." from summary
- Remove commented-out spec todos and other cruft

[1.99.1.git987b63b-2]
- Update to latest git version
- Add urwid builddep

[1.99.1.git987b63b-1]
- Initial packaging



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata



New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4509)

Synopsis: ELSA-2019-4509 can now be patched using Ksplice
CVEs: CVE-2018-19407 CVE-2018-19824 CVE-2018-5848 CVE-2018-7755 CVE-2018-8043

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4509.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-7755: Information leak through floppy disk driver ioctl.

A logic error when using floppy disk driver ioctl could lead to a kernel
address leak. A local attacker could use this flaw to get address of
running kernel and facilitate an attack.

Orabug: 28956514


* CVE-2018-5848: Privilege escalation in the Wilocity Atheros driver.

Improper length validation could lead to integer overflow and undefined
behaviour. A local user could use this flaw to cause a memory corruption
and potentially escalate privileges.

Orabug: 28951264


* CVE-2018-8043: NULL pointer dereference when registering Broadcom UniMAC MDIO bus controller.

A missing check when registering Broadcom UniMAC MDIO bus controller
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.

Orabug: 27677743


* CVE-2018-19824: Use-after-free when registering a malicious USB audio device.

A wrong error handling when registering a malicious USB audio device
exposing 0 interface could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 29042979


* CVE-2018-19407: Denial-of-service in KVM IOAPIC scan.

A missing safety check in KVM's IOAPIC scan path can cause the kernel
to attempt access certain objects that have not been initialized. This
can cause unexpected behavior, including a potential system crash.

Orabug: 29026132


* Incorrect usage of atomic values in Infiniband sockets causes memory starvation.

Incorrect usage of lockless atomic operations when allocating memory for
Infiniband Reliable Datagram Sockets causes the driver to overallocate
memory, potentially resulting in resource starvation for the rest of the
system.

Orabug: 29003422

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata