The following updates has been released for Oracle Linux:
ELSA-2018-0260 Moderate: Oracle Linux 7 systemd security update
ELSA-2018-0262 Important: Oracle Linux 6 thunderbird security update
ELSA-2018-0262 Important: Oracle Linux 7 thunderbird security update
New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-0151-1)
New Ksplice updates for RHCK 7 (ELSA-2018-0151)
ELSA-2018-0260 Moderate: Oracle Linux 7 systemd security update
ELSA-2018-0262 Important: Oracle Linux 6 thunderbird security update
ELSA-2018-0262 Important: Oracle Linux 7 thunderbird security update
New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-0151-1)
New Ksplice updates for RHCK 7 (ELSA-2018-0151)
ELSA-2018-0260 Moderate: Oracle Linux 7 systemd security update
Oracle Linux Security Advisory ELSA-2018-0260
http://linux.oracle.com/errata/ELSA-2018-0260.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
libgudev1-219-42.0.2.el7_4.7.i686.rpm
libgudev1-219-42.0.2.el7_4.7.x86_64.rpm
libgudev1-devel-219-42.0.2.el7_4.7.i686.rpm
libgudev1-devel-219-42.0.2.el7_4.7.x86_64.rpm
systemd-219-42.0.2.el7_4.7.x86_64.rpm
systemd-devel-219-42.0.2.el7_4.7.i686.rpm
systemd-devel-219-42.0.2.el7_4.7.x86_64.rpm
systemd-journal-gateway-219-42.0.2.el7_4.7.x86_64.rpm
systemd-libs-219-42.0.2.el7_4.7.i686.rpm
systemd-libs-219-42.0.2.el7_4.7.x86_64.rpm
systemd-networkd-219-42.0.2.el7_4.7.x86_64.rpm
systemd-python-219-42.0.2.el7_4.7.x86_64.rpm
systemd-resolved-219-42.0.2.el7_4.7.i686.rpm
systemd-resolved-219-42.0.2.el7_4.7.x86_64.rpm
systemd-sysv-219-42.0.2.el7_4.7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/systemd-219-42.0.2.el7_4.7.src.rpm
Description of changes:
[219-42.0.2.7]
- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug:
25897792] (tony.l.lam@oracle.com)
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug:
18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
[219-42.7]
- automount: ack automount requests even when already mounted (#1535135)
ELSA-2018-0262 Important: Oracle Linux 6 thunderbird security update
Oracle Linux Security Advisory ELSA-2018-0262
http://linux.oracle.com/errata/ELSA-2018-0262.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
thunderbird-52.6.0-1.0.1.el6_9.i686.rpm
x86_64:
thunderbird-52.6.0-1.0.1.el6_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/thunderbird-52.6.0-1.0.1.el6_9.src.rpm
Description of changes:
[52.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js
[52.6.0-1]
- Update to 52.6.0
ELSA-2018-0262 Important: Oracle Linux 7 thunderbird security update
Oracle Linux Security Advisory ELSA-2018-0262
http://linux.oracle.com/errata/ELSA-2018-0262.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
thunderbird-52.6.0-1.0.1.el7_4.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-52.6.0-1.0.1.el7_4.src.rpm
Description of changes:
[52.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js
[52.6.0-1]
- Update to 52.6.0
New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-0151-1)
Synopsis: ELBA-2018-0151-1 can now be patched using Ksplice
CVEs: CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-5715 CVE-2017-7472
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2018-0151-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-7472: Denial-of-service when setting default request-key keyring.
A logic error when a user set default request-key keyring multiple
times could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a kernel panic.
* CVE-2015-8539: Denial-of-service when updating a negatively instantiated user cryptographic key.
A lack of checking the key was not negatively instantiated when updating a
user cryptographic key could lead to a BUG assertion to trigger. A local,
unprivileged user could use this flaw to cause a denial-of-service.
* CVE-2017-12193: Denial-of-service in generic associative array implementation.
A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.
* CVE-2017-12192: Denial-of-service when reading negative key.
Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.
* CVE-2017-15649: Use-after-free in AF_PACKET socket fanout.
A logic error when enabling fanout on a socket can result in the socket
being added to a list twice, which can lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service or possibly
escalate privileges.
* Improved fix to CVE-2017-5715: Speculative execution branch target injection.
Under specific conditions, speculation restrictions could fail to be
applied on kernel entry allowing a bypass of Spectre protections.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for RHCK 7 (ELSA-2018-0151)
Synopsis: ELSA-2018-0151 can now be patched using Ksplice
CVEs: CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-5715 CVE-2017-7472
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-0151.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-7472: Denial-of-service when setting default request-key keyring.
A logic error when a user set default request-key keyring multiple
times could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a kernel panic.
* CVE-2015-8539: Denial-of-service when updating a negatively instantiated user cryptographic key.
A lack of checking the key was not negatively instantiated when updating a
user cryptographic key could lead to a BUG assertion to trigger. A local,
unprivileged user could use this flaw to cause a denial-of-service.
* CVE-2017-12193: Denial-of-service in generic associative array implementation.
A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.
* CVE-2017-12192: Denial-of-service when reading negative key.
Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.
* CVE-2017-15649: Use-after-free in AF_PACKET socket fanout.
A logic error when enabling fanout on a socket can result in the socket
being added to a list twice, which can lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service or possibly
escalate privileges.
* Improved fix to CVE-2017-5715: Speculative execution branch target injection.
Under specific conditions, speculation restrictions could fail to be
applied on kernel entry allowing a bypass of Spectre protections.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.