Oracle Linux 6266 Published by

The following updates has been released for Oracle Linux:

ELSA-2018-0260 Moderate: Oracle Linux 7 systemd security update
ELSA-2018-0262 Important: Oracle Linux 6 thunderbird security update
ELSA-2018-0262 Important: Oracle Linux 7 thunderbird security update
New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-0151-1)
New Ksplice updates for RHCK 7 (ELSA-2018-0151)



ELSA-2018-0260 Moderate: Oracle Linux 7 systemd security update

Oracle Linux Security Advisory ELSA-2018-0260

http://linux.oracle.com/errata/ELSA-2018-0260.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libgudev1-219-42.0.2.el7_4.7.i686.rpm
libgudev1-219-42.0.2.el7_4.7.x86_64.rpm
libgudev1-devel-219-42.0.2.el7_4.7.i686.rpm
libgudev1-devel-219-42.0.2.el7_4.7.x86_64.rpm
systemd-219-42.0.2.el7_4.7.x86_64.rpm
systemd-devel-219-42.0.2.el7_4.7.i686.rpm
systemd-devel-219-42.0.2.el7_4.7.x86_64.rpm
systemd-journal-gateway-219-42.0.2.el7_4.7.x86_64.rpm
systemd-libs-219-42.0.2.el7_4.7.i686.rpm
systemd-libs-219-42.0.2.el7_4.7.x86_64.rpm
systemd-networkd-219-42.0.2.el7_4.7.x86_64.rpm
systemd-python-219-42.0.2.el7_4.7.x86_64.rpm
systemd-resolved-219-42.0.2.el7_4.7.i686.rpm
systemd-resolved-219-42.0.2.el7_4.7.x86_64.rpm
systemd-sysv-219-42.0.2.el7_4.7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/systemd-219-42.0.2.el7_4.7.src.rpm



Description of changes:

[219-42.0.2.7]
- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug:
25897792] (tony.l.lam@oracle.com)
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug:
18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]

[219-42.7]
- automount: ack automount requests even when already mounted (#1535135)

ELSA-2018-0262 Important: Oracle Linux 6 thunderbird security update

Oracle Linux Security Advisory ELSA-2018-0262

http://linux.oracle.com/errata/ELSA-2018-0262.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
thunderbird-52.6.0-1.0.1.el6_9.i686.rpm

x86_64:
thunderbird-52.6.0-1.0.1.el6_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/thunderbird-52.6.0-1.0.1.el6_9.src.rpm



Description of changes:

[52.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js

[52.6.0-1]
- Update to 52.6.0

ELSA-2018-0262 Important: Oracle Linux 7 thunderbird security update

Oracle Linux Security Advisory ELSA-2018-0262

http://linux.oracle.com/errata/ELSA-2018-0262.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
thunderbird-52.6.0-1.0.1.el7_4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-52.6.0-1.0.1.el7_4.src.rpm



Description of changes:

[52.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js

[52.6.0-1]
- Update to 52.6.0

New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-0151-1)

Synopsis: ELBA-2018-0151-1 can now be patched using Ksplice
CVEs: CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-5715 CVE-2017-7472

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2018-0151-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-7472: Denial-of-service when setting default request-key keyring.

A logic error when a user set default request-key keyring multiple
times could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a kernel panic.


* CVE-2015-8539: Denial-of-service when updating a negatively instantiated user cryptographic key.

A lack of checking the key was not negatively instantiated when updating a
user cryptographic key could lead to a BUG assertion to trigger. A local,
unprivileged user could use this flaw to cause a denial-of-service.


* CVE-2017-12193: Denial-of-service in generic associative array implementation.

A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.


* CVE-2017-12192: Denial-of-service when reading negative key.

Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.


* CVE-2017-15649: Use-after-free in AF_PACKET socket fanout.

A logic error when enabling fanout on a socket can result in the socket
being added to a list twice, which can lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service or possibly
escalate privileges.


* Improved fix to CVE-2017-5715: Speculative execution branch target injection.

Under specific conditions, speculation restrictions could fail to be
applied on kernel entry allowing a bypass of Spectre protections.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for RHCK 7 (ELSA-2018-0151)

Synopsis: ELSA-2018-0151 can now be patched using Ksplice
CVEs: CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-5715 CVE-2017-7472

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-0151.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-7472: Denial-of-service when setting default request-key keyring.

A logic error when a user set default request-key keyring multiple
times could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a kernel panic.


* CVE-2015-8539: Denial-of-service when updating a negatively instantiated user cryptographic key.

A lack of checking the key was not negatively instantiated when updating a
user cryptographic key could lead to a BUG assertion to trigger. A local,
unprivileged user could use this flaw to cause a denial-of-service.


* CVE-2017-12193: Denial-of-service in generic associative array implementation.

A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.


* CVE-2017-12192: Denial-of-service when reading negative key.

Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.


* CVE-2017-15649: Use-after-free in AF_PACKET socket fanout.

A logic error when enabling fanout on a socket can result in the socket
being added to a list twice, which can lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service or possibly
escalate privileges.


* Improved fix to CVE-2017-5715: Speculative execution branch target injection.

Under specific conditions, speculation restrictions could fail to be
applied on kernel entry allowing a bypass of Spectre protections.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.