Oracle Linux 6277 Published by

Oracle Linux has received security updates, encompassing bug fixes, enhancements, and security updates:

ELBA-2024-8805 Oracle Linux 9 tzdata bug fix and enhancement update
ELSA-2024-8729 Moderate: Oracle Linux 8 firefox security update
ELSA-2024-8793 Moderate: Oracle Linux 9 thunderbird security update
ELSA-2024-8800 Important: Oracle Linux 9 openexr security update
ELSA-2024-8726 Moderate: Oracle Linux 9 firefox security update
ELBA-2024-12804 Oracle Linux 8 oraclelinux-automation-manager-release-el8 bug fix update
ELSA-2024-8798 Moderate: Oracle Linux 8 xorg-x11-server and xorg-x11-server-Xwayland security update
ELSA-2024-8790 Moderate: Oracle Linux 8 thunderbird security update




ELBA-2024-8805 Oracle Linux 9 tzdata bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-8805

http://linux.oracle.com/errata/ELBA-2024-8805.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
tzdata-2024b-2.el9.noarch.rpm
tzdata-java-2024b-2.el9.noarch.rpm

aarch64:
tzdata-2024b-2.el9.noarch.rpm
tzdata-java-2024b-2.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//tzdata-2024b-2.el9.src.rpm

Description of changes:

[2024b-2]
- Harden against links to removed zones (RHEL-60063)

[2024b-1]
- Update to tzdata-2024b
- Improve historical data for Mexico, Mongolia, and Portugal.
- System V names are now obsolescent.
- The main data form now uses %z.
- The code now conforms to RFC 8536 for early timestamps.
- Support POSIX.1-2024, which removes asctime_r and ctime_r.
- Assume POSIX.2-1992 or later for shell scripts.
- SUPPORT_C89 now defaults to 1.
- Include two upstream patches for month names as in April vs Apr.

[2024a-2]
- Add java patch to fix incorrect calculations for
Africa/Casablanca starting in 2027. (RHEL-26860)



ELSA-2024-8729 Moderate: Oracle Linux 8 firefox security update


Oracle Linux Security Advisory ELSA-2024-8729

http://linux.oracle.com/errata/ELSA-2024-8729.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-128.4.0-1.0.1.el8_10.x86_64.rpm

aarch64:
firefox-128.4.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//firefox-128.4.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-10458
CVE-2024-10459
CVE-2024-10460
CVE-2024-10461
CVE-2024-10462
CVE-2024-10463
CVE-2024-10464
CVE-2024-10465
CVE-2024-10466
CVE-2024-10467

Description of changes:

[128.4.0-1.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789]

[128.4.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[128.4.0-1]
- Update to 128.4.0 build1



ELSA-2024-8793 Moderate: Oracle Linux 9 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-8793

http://linux.oracle.com/errata/ELSA-2024-8793.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-128.4.0-1.0.1.el9_4.x86_64.rpm

aarch64:
thunderbird-128.4.0-1.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-128.4.0-1.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-10458
CVE-2024-10459
CVE-2024-10460
CVE-2024-10461
CVE-2024-10462
CVE-2024-10463
CVE-2024-10464
CVE-2024-10465
CVE-2024-10466
CVE-2024-10467

Description of changes:

[128.4.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079813]
- Add Oracle prefs

[128.4.0]
- Add OpenELA debranding

[128.4.0-1]
- Update to 128.4.0 build1



ELSA-2024-8800 Important: Oracle Linux 9 openexr security update


Oracle Linux Security Advisory ELSA-2024-8800

http://linux.oracle.com/errata/ELSA-2024-8800.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
openexr-3.1.1-2.el9_4.1.x86_64.rpm
openexr-libs-3.1.1-2.el9_4.1.i686.rpm
openexr-libs-3.1.1-2.el9_4.1.x86_64.rpm
openexr-devel-3.1.1-2.el9_4.1.i686.rpm
openexr-devel-3.1.1-2.el9_4.1.x86_64.rpm

aarch64:
openexr-3.1.1-2.el9_4.1.aarch64.rpm
openexr-libs-3.1.1-2.el9_4.1.aarch64.rpm
openexr-devel-3.1.1-2.el9_4.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//openexr-3.1.1-2.el9_4.1.src.rpm

Related CVEs:

CVE-2023-5841

Description of changes:

[3.1.1-2.1]
- fix CVE-2023-5481 (RHEL-64162)



ELSA-2024-8726 Moderate: Oracle Linux 9 firefox security update


Oracle Linux Security Advisory ELSA-2024-8726

http://linux.oracle.com/errata/ELSA-2024-8726.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-128.4.0-1.0.1.el9_4.x86_64.rpm
firefox-x11-128.4.0-1.0.1.el9_4.x86_64.rpm

aarch64:
firefox-128.4.0-1.0.1.el9_4.aarch64.rpm
firefox-x11-128.4.0-1.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//firefox-128.4.0-1.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-10458
CVE-2024-10459
CVE-2024-10460
CVE-2024-10461
CVE-2024-10462
CVE-2024-10463
CVE-2024-10464
CVE-2024-10465
CVE-2024-10466
CVE-2024-10467

Description of changes:

[128.4.0-1.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[128.4.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[128.4.0-1]
- Update to 128.4.0 build1



ELBA-2024-12804 Oracle Linux 8 oraclelinux-automation-manager-release-el8 bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12804

http://linux.oracle.com/errata/ELBA-2024-12804.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
oraclelinux-automation-manager-release-el8-2.2-4.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//oraclelinux-automation-manager-release-el8-2.2-4.el8.src.rpm

Description of changes:

[2.2-4]
- Add condition to no change repo file when ol8_automation2 is enabled

[2.2-3]
- Do not install yum-utils if dnf is not installed or in transaction [JIRA: OLDIS-38673]

[- 2.2-2]
- Keep original repo file if automation1.0 repository is enabled

[2.2-1]
- Bump version to match OLAM 2.2



ELSA-2024-8798 Moderate: Oracle Linux 8 xorg-x11-server and xorg-x11-server-Xwayland security update


Oracle Linux Security Advisory ELSA-2024-8798

http://linux.oracle.com/errata/ELSA-2024-8798.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xdmx-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-Xephyr-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-Xnest-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-Xorg-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-Xvfb-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-Xwayland-21.1.3-17.el8_10.x86_64.rpm
xorg-x11-server-common-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-devel-1.20.11-25.el8_10.i686.rpm
xorg-x11-server-devel-1.20.11-25.el8_10.x86_64.rpm
xorg-x11-server-source-1.20.11-25.el8_10.noarch.rpm

aarch64:
xorg-x11-server-Xdmx-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-Xephyr-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-Xnest-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-Xorg-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-Xvfb-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-Xwayland-21.1.3-17.el8_10.aarch64.rpm
xorg-x11-server-common-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-devel-1.20.11-25.el8_10.aarch64.rpm
xorg-x11-server-source-1.20.11-25.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//xorg-x11-server-1.20.11-25.el8_10.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//xorg-x11-server-Xwayland-21.1.3-17.el8_10.src.rpm

Related CVEs:

CVE-2024-9632

Description of changes:

xorg-x11-server
[1.20.11-25]
- CVE fix for CVE-2024-9632

xorg-x11-server-Xwayland
[21.1.3-17]
- Fix for CVE-2024-9632 - (RHEL-61995)



ELSA-2024-8790 Moderate: Oracle Linux 8 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-8790

http://linux.oracle.com/errata/ELSA-2024-8790.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-128.4.0-1.0.1.el8_10.x86_64.rpm

aarch64:
thunderbird-128.4.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-128.4.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-10458
CVE-2024-10459
CVE-2024-10460
CVE-2024-10461
CVE-2024-10462
CVE-2024-10463
CVE-2024-10464
CVE-2024-10465
CVE-2024-10466
CVE-2024-10467

Description of changes:

[128.4.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079820]
- Add Oracle prefs file

[128.4.0]
- Add OpenELA debranding

[128.4.0-1]
- Update to 128.4.0 build1