Oracle Linux 6277 Published by

The following security updates are available for Oracle Linux:

ELSA-2024-3669 Important: Oracle Linux 7 less security update (aarch64)
ELSA-2024-3666 Important: Oracle Linux 8 tomcat security and bug fix update
ELSA-2024-3667 Moderate: Oracle Linux 8 cockpit security update
ELSA-2024-3626 Moderate: Oracle Linux 8 libxml2 security update
ELSA-2024-3618 Moderate: Oracle Linux 8 kernel update
ELBA-2024-12411 Oracle Linux 8 scap-security-guide bug fix update
ELBA-2024-12415 Oracle Linux 8 crash bug fix update
ELBA-2024-12401 Oracle Linux 8 oracle-olcne-release-el8 bug fix update
ELSA-2024-3619 Moderate: Oracle Linux 9 kernel security and bug fix update
ELBA-2024-12414 Oracle Linux 9 crash bug fix update
ELBA-2024-12402 Oracle Linux 9 oracle-olcne-release-el9 bug fix update
ELSA-2024-3588 Important: Oracle Linux 7 glibc security update
ELSA-2024-3669 Important: Oracle Linux 7 less security update



ELSA-2024-3669 Important: Oracle Linux 7 less security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-3669

http://linux.oracle.com/errata/ELSA-2024-3669.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
less-458-10.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//less-458-10.el7_9.src.rpm

Related CVEs:

CVE-2024-32487

Description of changes:

[458-10]
- Fix CVE-2024-32487
- Resolves: RHEL-32802



ELSA-2024-3666 Important: Oracle Linux 8 tomcat security and bug fix update


Oracle Linux Security Advisory ELSA-2024-3666

http://linux.oracle.com/errata/ELSA-2024-3666.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
tomcat-9.0.87-1.el8_10.1.noarch.rpm
tomcat-admin-webapps-9.0.87-1.el8_10.1.noarch.rpm
tomcat-docs-webapp-9.0.87-1.el8_10.1.noarch.rpm
tomcat-el-3.0-api-9.0.87-1.el8_10.1.noarch.rpm
tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.noarch.rpm
tomcat-lib-9.0.87-1.el8_10.1.noarch.rpm
tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.noarch.rpm
tomcat-webapps-9.0.87-1.el8_10.1.noarch.rpm

aarch64:
tomcat-9.0.87-1.el8_10.1.noarch.rpm
tomcat-admin-webapps-9.0.87-1.el8_10.1.noarch.rpm
tomcat-docs-webapp-9.0.87-1.el8_10.1.noarch.rpm
tomcat-el-3.0-api-9.0.87-1.el8_10.1.noarch.rpm
tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.noarch.rpm
tomcat-lib-9.0.87-1.el8_10.1.noarch.rpm
tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.noarch.rpm
tomcat-webapps-9.0.87-1.el8_10.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//tomcat-9.0.87-1.el8_10.1.src.rpm

Related CVEs:

CVE-2024-23672
CVE-2024-24549

Description of changes:

[1:9.0.87-1.el8_10.1]
- Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly
- Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-29255
tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-29250
tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)



ELSA-2024-3667 Moderate: Oracle Linux 8 cockpit security update


Oracle Linux Security Advisory ELSA-2024-3667

http://linux.oracle.com/errata/ELSA-2024-3667.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-310.4-1.0.1.el8_10.x86_64.rpm
cockpit-bridge-310.4-1.0.1.el8_10.x86_64.rpm
cockpit-doc-310.4-1.0.1.el8_10.noarch.rpm
cockpit-system-310.4-1.0.1.el8_10.noarch.rpm
cockpit-ws-310.4-1.0.1.el8_10.x86_64.rpm

aarch64:
cockpit-310.4-1.0.1.el8_10.aarch64.rpm
cockpit-bridge-310.4-1.0.1.el8_10.aarch64.rpm
cockpit-doc-310.4-1.0.1.el8_10.noarch.rpm
cockpit-system-310.4-1.0.1.el8_10.noarch.rpm
cockpit-ws-310.4-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//cockpit-310.4-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-2947

Description of changes:

[310.4-1.0.1]
- Update documentation links [Orabug: 34706402]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 33862832]
- Update documentation links [Orabug: 32795691]
- Make documentation links point to Oracle Linux information [Orabug: 30271413] [Orabug: 32013095]
- Fix rendering of hwinfo page on systems with some empty memory slots [Orabug: 32826970]

[310.4-1]
- sosreport: Fix command injection with crafted report names [CVE-2024-2947]
(jira#RHEL-30452)



ELSA-2024-3626 Moderate: Oracle Linux 8 libxml2 security update


Oracle Linux Security Advisory ELSA-2024-3626

http://linux.oracle.com/errata/ELSA-2024-3626.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libxml2-2.9.7-18.el8_10.1.i686.rpm
libxml2-2.9.7-18.el8_10.1.x86_64.rpm
libxml2-devel-2.9.7-18.el8_10.1.i686.rpm
libxml2-devel-2.9.7-18.el8_10.1.x86_64.rpm
python3-libxml2-2.9.7-18.el8_10.1.x86_64.rpm

aarch64:
libxml2-2.9.7-18.el8_10.1.aarch64.rpm
libxml2-devel-2.9.7-18.el8_10.1.aarch64.rpm
python3-libxml2-2.9.7-18.el8_10.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libxml2-2.9.7-18.el8_10.1.src.rpm

Related CVEs:

CVE-2024-25062

Description of changes:

[2.9.7-18.1]
- Fix CVE-2024-25062 (RHEL-31056)



ELSA-2024-3618 Moderate: Oracle Linux 8 kernel update


Oracle Linux Security Advisory ELSA-2024-3618

http://linux.oracle.com/errata/ELSA-2024-3618.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.5.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.5.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.5.1.el8_10.x86_64.rpm
perf-4.18.0-553.5.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.5.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.5.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.5.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.5.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.5.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.5.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.5.1.el8_10.aarch64.rpm
perf-4.18.0-553.5.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.5.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.5.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.5.1.el8_10.src.rpm

Related CVEs:

CVE-2019-25162
CVE-2020-36777
CVE-2021-46934
CVE-2021-47013
CVE-2021-47055
CVE-2021-47118
CVE-2021-47153
CVE-2021-47171
CVE-2021-47185
CVE-2022-48627
CVE-2022-48669
CVE-2023-6240
CVE-2023-52439
CVE-2023-52445
CVE-2023-52477
CVE-2023-52513
CVE-2023-52520
CVE-2023-52528
CVE-2023-52565
CVE-2023-52578
CVE-2023-52594
CVE-2023-52595
CVE-2023-52598
CVE-2023-52606
CVE-2023-52607
CVE-2023-52610
CVE-2024-0340
CVE-2024-23307
CVE-2024-25744
CVE-2024-26593
CVE-2024-26603
CVE-2024-26610
CVE-2024-26615
CVE-2024-26642
CVE-2024-26643
CVE-2024-26659
CVE-2024-26664
CVE-2024-26693
CVE-2024-26694
CVE-2024-26743
CVE-2024-26744
CVE-2024-26779
CVE-2024-26872
CVE-2024-26892
CVE-2024-26897
CVE-2024-26901
CVE-2024-26919
CVE-2024-26933
CVE-2024-26934
CVE-2024-26964
CVE-2024-26973
CVE-2024-26993
CVE-2024-27014
CVE-2024-27048
CVE-2024-27052
CVE-2024-27056
CVE-2024-27059

Description of changes:

[4.18.0-553.5.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64