Oracle Linux 6278 Published by

Oracle Linux has announced the release of multiple security updates. These include an unbreakable Enterprise kernel security update, a leapp-repository bug fix update, an oracle-ovirt-release-45-el8 bug fix update, a crash bug fix update, a squid security update for aarch64, a krb5 bug fix update, a xerces-c security update, another krb5 bug fix update, updates for oVirt 4.5 including ovirt-engine, ovirt-dependencies, and ovirt-ansible-collection bug fixes, as well as security updates for cups, podman, python3.12-urllib3, and an oVirt 4.5 aopalliance bug fix update, along with an osbuild-composer security update.

ELSA-2024-12830 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2024-12829 Oracle Linux 8 leapp-repository bug fix update
ELBA-2024-12810 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update
ELBA-2024-12832 Oracle Linux 8 crash bug fix update
ELSA-2024-9738 Important: Oracle Linux 7 squid security update (aarch64)
ELBA-2024-12831 Oracle Linux 7 krb5 bug fix update (aarch64)
ELSA-2024-8795 Important: Oracle Linux 7 xerces-c security update (aarch64)
ELSA-2024-9738 Important: Oracle Linux 7 squid security update
ELSA-2024-8795 Important: Oracle Linux 7 xerces-c security update
ELBA-2024-12831 Oracle Linux 7 krb5 bug fix update
ELBA-2024-12817 Oracle Linux 8 oVirt 4.5 ovirt-engine ovirt-dependencies ovirt-ansible-collection bug fix update
ELSA-2024-9470 Low: Oracle Linux 9 cups security update
ELSA-2024-12830 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2024-9454 Important: Oracle Linux 9 podman security update
ELSA-2024-9457 Moderate: Oracle Linux 9 python3.12-urllib3 security update
ELSA-2024-12830 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELBA-2024-12816 Oracle Linux 8 oVirt 4.5 aopalliance bug fix update
ELSA-2024-9456 Important: Oracle Linux 9 osbuild-composer security update




ELSA-2024-12830 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12830

http://linux.oracle.com/errata/ELSA-2024-12830.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-300.163.18.7.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-300.163.18.7.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-300.163.18.7.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-300.163.18.7.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-300.163.18.7.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-300.163.18.7.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-300.163.18.7.el8uek.src.rpm

Related CVEs:

CVE-2024-26734
CVE-2024-27397
CVE-2024-35801
CVE-2024-42269
CVE-2024-42270
CVE-2024-42292
CVE-2024-47674

Description of changes:

[5.15.0-300.163.18.7.el8uek]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285705]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285705]

[5.15.0-300.163.18.6.el8uek]
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 37281022] {CVE-2024-35801}
- devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37281015] {CVE-2024-26734}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279424]
- block: fix inflight io counter leaking when io sumit failure for dm device (Junxiao Bi) [Orabug: 37279421]

[5.15.0-300.163.18.5.el8uek]
- net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37264565]
- rds: Do not invoke the transport's recv_path() while in atomic context (Håkon Bugge) [Orabug: 37264563]

[5.15.0-300.163.18.4.el8uek]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37260320]
- rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Håkon Bugge) [Orabug: 37260304]
- Revert "rds: ib: Make sure receives are posted before connection is up" (Gerd Rausch) [Orabug: 37260292]

[5.15.0-300.163.18.3.el8uek]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37203368]

[5.15.0-300.163.18.2.el8uek]
- netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184791] {CVE-2024-42269}
- netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 37184793] {CVE-2024-27397}
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37189054]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37184802]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37184800]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37184800]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37184800]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37184800]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37184800]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37184800]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37185578]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37185578]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37185578]
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184779] {CVE-2024-42270}
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37184794] {CVE-2024-47674}
- net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad) [Orabug: 37184799]
- fwctl: Allow up to 4k devices (Saeed Mahameed) [Orabug: 37184797]
- mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 37184796]
- mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 37184796]
- mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 37184796]
- mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 37184796]

[5.15.0-300.163.18.1.el8uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37132350]

[5.15.0-300.163.18.el8uek]
- crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37044631]



ELBA-2024-12829 Oracle Linux 8 leapp-repository bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12829

http://linux.oracle.com/errata/ELBA-2024-12829.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
leapp-upgrade-el8toel9-0.20.0-2.0.16.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.16.el8.noarch.rpm

aarch64:
leapp-upgrade-el8toel9-0.20.0-2.0.16.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.16.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//leapp-repository-0.20.0-2.0.16.el8.src.rpm

Description of changes:

[0.20.0-2.0.16]
- Update list of obsoleted GPG keys [Orabug: 37247037]
- Support OL9.5 as a target upgrade path [Orabug: 37247331]
- Support additional GPG key on OL8 and OL9 [Orabug: 37247037]



ELBA-2024-12810 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12810

http://linux.oracle.com/errata/ELBA-2024-12810.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
oracle-ovirt-release-45-el8-1.0-29.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//oracle-ovirt-release-45-el8-1.0-29.el8.src.rpm

Description of changes:

[1.0-1.0.29]
- Remove ansible-core version lock and enable maven:3.8 and nodejs:20 module



ELBA-2024-12832 Oracle Linux 8 crash bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12832

http://linux.oracle.com/errata/ELBA-2024-12832.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
crash-8.0.6-1.0.1.el8.x86_64.rpm
crash-devel-8.0.6-1.0.1.el8.i686.rpm
crash-devel-8.0.6-1.0.1.el8.x86_64.rpm

aarch64:
crash-8.0.6-1.0.1.el8.aarch64.rpm
crash-devel-8.0.6-1.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//crash-8.0.6-1.0.1.el8.src.rpm

Description of changes:

[8.0.6-1.0.1]
- Rebase to upstream crash 8.0.6 [Orabug: 37294221]



ELSA-2024-9738 Important: Oracle Linux 7 squid security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-9738

http://linux.oracle.com/errata/ELSA-2024-9738.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
squid-3.5.20-17.0.3.el7_9.10.aarch64.rpm
squid-migration-script-3.5.20-17.0.3.el7_9.10.aarch64.rpm
squid-sysvinit-3.5.20-17.0.3.el7_9.10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//squid-3.5.20-17.0.3.el7_9.10.src.rpm

Related CVEs:

CVE-2024-45802

Description of changes:

[7:3.5.20-17.0.3]
- Disable ESI support [CVE-2024-45802][Orabug: 37289058]



ELBA-2024-12831 Oracle Linux 7 krb5 bug fix update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-12831

http://linux.oracle.com/errata/ELBA-2024-12831.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
krb5-devel-1.15.1-55.0.5.el7_9.aarch64.rpm
krb5-libs-1.15.1-55.0.5.el7_9.aarch64.rpm
krb5-pkinit-1.15.1-55.0.5.el7_9.aarch64.rpm
krb5-server-1.15.1-55.0.5.el7_9.aarch64.rpm
krb5-server-ldap-1.15.1-55.0.5.el7_9.aarch64.rpm
krb5-workstation-1.15.1-55.0.5.el7_9.aarch64.rpm
libkadm5-1.15.1-55.0.5.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//krb5-1.15.1-55.0.5.el7_9.src.rpm

Description of changes:

[1.15.1-55.0.5]
- Add CVE numbers to the changelog entry for version 1.15.1-55.0.3



ELSA-2024-8795 Important: Oracle Linux 7 xerces-c security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-8795

http://linux.oracle.com/errata/ELSA-2024-8795.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
xerces-c-3.1.1-10.0.1.el7_9.aarch64.rpm
xerces-c-devel-3.1.1-10.0.1.el7_9.aarch64.rpm
xerces-c-doc-3.1.1-10.0.1.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//xerces-c-3.1.1-10.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-37536

Description of changes:

[3.1.1-10.0.1]
- back port fix for CVE-2023-37536 [Orabug: 37241079]



ELSA-2024-9738 Important: Oracle Linux 7 squid security update


Oracle Linux Security Advisory ELSA-2024-9738

http://linux.oracle.com/errata/ELSA-2024-9738.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
squid-3.5.20-17.0.3.el7_9.10.x86_64.rpm
squid-migration-script-3.5.20-17.0.3.el7_9.10.x86_64.rpm
squid-sysvinit-3.5.20-17.0.3.el7_9.10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//squid-3.5.20-17.0.3.el7_9.10.src.rpm

Related CVEs:

CVE-2024-45802

Description of changes:

[7:3.5.20-17.0.3]
- Disable ESI support [CVE-2024-45802][Orabug: 37289058]



ELSA-2024-8795 Important: Oracle Linux 7 xerces-c security update


Oracle Linux Security Advisory ELSA-2024-8795

http://linux.oracle.com/errata/ELSA-2024-8795.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
xerces-c-3.1.1-10.0.1.el7_9.i686.rpm
xerces-c-3.1.1-10.0.1.el7_9.x86_64.rpm
xerces-c-devel-3.1.1-10.0.1.el7_9.i686.rpm
xerces-c-devel-3.1.1-10.0.1.el7_9.x86_64.rpm
xerces-c-doc-3.1.1-10.0.1.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//xerces-c-3.1.1-10.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-37536

Description of changes:

[3.1.1-10.0.1]
- back port fix for CVE-2023-37536 [Orabug: 37241079]



ELBA-2024-12831 Oracle Linux 7 krb5 bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12831

http://linux.oracle.com/errata/ELBA-2024-12831.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
krb5-devel-1.15.1-55.0.5.el7_9.i686.rpm
krb5-devel-1.15.1-55.0.5.el7_9.x86_64.rpm
krb5-libs-1.15.1-55.0.5.el7_9.i686.rpm
krb5-libs-1.15.1-55.0.5.el7_9.x86_64.rpm
krb5-pkinit-1.15.1-55.0.5.el7_9.x86_64.rpm
krb5-server-1.15.1-55.0.5.el7_9.x86_64.rpm
krb5-server-ldap-1.15.1-55.0.5.el7_9.x86_64.rpm
krb5-workstation-1.15.1-55.0.5.el7_9.x86_64.rpm
libkadm5-1.15.1-55.0.5.el7_9.i686.rpm
libkadm5-1.15.1-55.0.5.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//krb5-1.15.1-55.0.5.el7_9.src.rpm

Description of changes:

[1.15.1-55.0.5]
- Add CVE numbers to the changelog entry for version 1.15.1-55.0.3



ELBA-2024-12817 Oracle Linux 8 oVirt 4.5 ovirt-engine ovirt-dependencies ovirt-ansible-collection bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12817

http://linux.oracle.com/errata/ELBA-2024-12817.html

The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network:

x86_64:
ovirt-engine-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-backend-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-dbscripts-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-health-check-bundler-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-restapi-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-base-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-tools-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-tools-backup-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-webadmin-portal-4.5.5-1.28.el8.noarch.rpm
ovirt-engine-websocket-proxy-4.5.5-1.28.el8.noarch.rpm
python3-ovirt-engine-lib-4.5.5-1.28.el8.noarch.rpm
ovirt-dependencies-4.5.3-2.el8.noarch.rpm
ovirt-ansible-collection-3.2.0-1.17.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-4.5.5-1.28.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//ovirt-dependencies-4.5.3-2.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//ovirt-ansible-collection-3.2.0-1.17.el8.src.rpm

Description of changes:

ovirt-engine
[4.5.5-1.28]
- Update ovirt-dependecies package version

[4.5.5-1.27]
- Removed extra quotes getting added to kernel cmdline for kvm hosts.

[4.5.5-1.26]
- Revert apache CSP fix added for security hardening

[4.5.5-1.25]
- slf4j-jdk14 is added to ovirt-dependecy package. Removed requirement on it

ovirt-dependencies
[4.5.3-2]
- Add slf4j-jdk14 dependecy needed when Maven3.8 module is enabled

ovirt-ansible-collection
[3.2.0-1.17]
- Remove unused files after removing dependency on pyhton-jmespath package

[3.2.0-1.16]
- Fixed ovirt roles code to remove dependency on pyhton-jmespath package



ELSA-2024-9470 Low: Oracle Linux 9 cups security update


Oracle Linux Security Advisory ELSA-2024-9470

http://linux.oracle.com/errata/ELSA-2024-9470.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cups-2.3.3op2-31.el9_5.x86_64.rpm
cups-client-2.3.3op2-31.el9_5.x86_64.rpm
cups-devel-2.3.3op2-31.el9_5.i686.rpm
cups-devel-2.3.3op2-31.el9_5.x86_64.rpm
cups-filesystem-2.3.3op2-31.el9_5.noarch.rpm
cups-ipptool-2.3.3op2-31.el9_5.x86_64.rpm
cups-libs-2.3.3op2-31.el9_5.i686.rpm
cups-libs-2.3.3op2-31.el9_5.x86_64.rpm
cups-lpd-2.3.3op2-31.el9_5.x86_64.rpm
cups-printerapp-2.3.3op2-31.el9_5.x86_64.rpm

aarch64:
cups-2.3.3op2-31.el9_5.aarch64.rpm
cups-client-2.3.3op2-31.el9_5.aarch64.rpm
cups-devel-2.3.3op2-31.el9_5.aarch64.rpm
cups-filesystem-2.3.3op2-31.el9_5.noarch.rpm
cups-ipptool-2.3.3op2-31.el9_5.aarch64.rpm
cups-libs-2.3.3op2-31.el9_5.aarch64.rpm
cups-lpd-2.3.3op2-31.el9_5.aarch64.rpm
cups-printerapp-2.3.3op2-31.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//cups-2.3.3op2-31.el9_5.src.rpm

Related CVEs:

CVE-2024-47175

Description of changes:

[1:2.3.3op2-31]
- RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file



ELSA-2024-12830 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12830

http://linux.oracle.com/errata/ELSA-2024-12830.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-300.163.18.7.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-300.163.18.7.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-300.163.18.7.el9uek.src.rpm

Related CVEs:

CVE-2024-26734
CVE-2024-27397
CVE-2024-35801
CVE-2024-42269
CVE-2024-42270
CVE-2024-42292
CVE-2024-47674

Description of changes:

[5.15.0-300.163.18.7.el9uek]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285705]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285705]

[5.15.0-300.163.18.6.el9uek]
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 37281022] {CVE-2024-35801}
- devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37281015] {CVE-2024-26734}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279424]
- block: fix inflight io counter leaking when io sumit failure for dm device (Junxiao Bi) [Orabug: 37279421]

[5.15.0-300.163.18.5.el9uek]
- net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37264565]
- rds: Do not invoke the transport's recv_path() while in atomic context (Håkon Bugge) [Orabug: 37264563]

[5.15.0-300.163.18.4.el9uek]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37260320]
- rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Håkon Bugge) [Orabug: 37260304]
- Revert "rds: ib: Make sure receives are posted before connection is up" (Gerd Rausch) [Orabug: 37260292]

[5.15.0-300.163.18.3.el9uek]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37203368]

[5.15.0-300.163.18.2.el9uek]
- netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184791] {CVE-2024-42269}
- netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 37184793] {CVE-2024-27397}
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37189054]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37184802]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37184800]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37184800]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37184800]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37184800]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37184800]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37184800]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37185578]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37185578]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37185578]
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184779] {CVE-2024-42270}
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37184794] {CVE-2024-47674}
- net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad) [Orabug: 37184799]
- fwctl: Allow up to 4k devices (Saeed Mahameed) [Orabug: 37184797]
- mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 37184796]
- mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 37184796]
- mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 37184796]
- mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 37184796]

[5.15.0-300.163.18.1.el9uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37132350]

[5.15.0-300.163.18.el9uek]
- crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37044631]



ELSA-2024-9454 Important: Oracle Linux 9 podman security update


Oracle Linux Security Advisory ELSA-2024-9454

http://linux.oracle.com/errata/ELSA-2024-9454.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
podman-5.2.2-9.0.1.el9_5.x86_64.rpm
podman-docker-5.2.2-9.0.1.el9_5.noarch.rpm
podman-plugins-5.2.2-9.0.1.el9_5.x86_64.rpm
podman-remote-5.2.2-9.0.1.el9_5.x86_64.rpm
podman-tests-5.2.2-9.0.1.el9_5.x86_64.rpm

aarch64:
podman-5.2.2-9.0.1.el9_5.aarch64.rpm
podman-docker-5.2.2-9.0.1.el9_5.noarch.rpm
podman-plugins-5.2.2-9.0.1.el9_5.aarch64.rpm
podman-remote-5.2.2-9.0.1.el9_5.aarch64.rpm
podman-tests-5.2.2-9.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//podman-5.2.2-9.0.1.el9_5.src.rpm

Related CVEs:

CVE-2024-9341
CVE-2024-9407
CVE-2024-9675
CVE-2024-9676
CVE-2024-34155
CVE-2024-34156
CVE-2024-34158

Description of changes:

[5.2.2-9.0.1]
- Add devices on container startup, not on creation
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]

[4:5.2.2-9]
- update to the latest content of https://github.com/containers/podman/tree/v5.2-rhel
( https://github.com/containers/podman/commit/6df7dfb)
- Resolves: RHEL-61847

[4:5.2.2-8]
- update to the latest content of https://github.com/containers/podman/tree/v5.2-rhel
( https://github.com/containers/podman/commit/c03b5f3)
- Resolves: RHEL-61667

[4:5.2.2-7]
- attempt to fix the TMT testing pipeline
- Resolves: RHEL-59714

[4:5.2.2-6]
- podman gating: test CNI, thanks to Ed Santiago
- Resolves: RHEL-61249

[4:5.2.2-5]
- bump Epoch to 4
- Resolves: RHEL-60963

[2:5.2.2-4]
- update to the latest content of https://github.com/containers/podman/tree/v5.2-rhel
( https://github.com/containers/podman/commit/8e693ce)
- Resolves: RHEL-60963

[2:5.2.2-3]
- update to the latest content of https://github.com/containers/podman/tree/v5.2-rhel
( https://github.com/containers/podman/commit/5f2c188)
- Resolves: RHEL-59703

[2:5.2.2-2]
- Add cni build tag to podman build
- Resolves: RHEL-59714



ELSA-2024-9457 Moderate: Oracle Linux 9 python3.12-urllib3 security update


Oracle Linux Security Advisory ELSA-2024-9457

http://linux.oracle.com/errata/ELSA-2024-9457.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3.12-urllib3-1.26.18-2.el9_5.1.noarch.rpm

aarch64:
python3.12-urllib3-1.26.18-2.el9_5.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//python3.12-urllib3-1.26.18-2.el9_5.1.src.rpm

Related CVEs:

CVE-2024-37891

Description of changes:

[1.26.18-2.1]
- Security fix for CVE-2024-37891
Resolves: RHEL-59997



ELSA-2024-12830 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12830

http://linux.oracle.com/errata/ELSA-2024-12830.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-300.163.18.7.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-300.163.18.7.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-300.163.18.7.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-300.163.18.7.el9uek.src.rpm

Related CVEs:

CVE-2024-26734
CVE-2024-27397
CVE-2024-35801
CVE-2024-42269
CVE-2024-42270
CVE-2024-42292
CVE-2024-47674

Description of changes:

[5.15.0-300.163.18.7.el9uek]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285705]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285705]

[5.15.0-300.163.18.6.el9uek]
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 37281022] {CVE-2024-35801}
- devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37281015] {CVE-2024-26734}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279424]
- block: fix inflight io counter leaking when io sumit failure for dm device (Junxiao Bi) [Orabug: 37279421]

[5.15.0-300.163.18.5.el9uek]
- net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37264565]
- rds: Do not invoke the transport's recv_path() while in atomic context (Håkon Bugge) [Orabug: 37264563]

[5.15.0-300.163.18.4.el9uek]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37260320]
- rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Håkon Bugge) [Orabug: 37260304]
- Revert "rds: ib: Make sure receives are posted before connection is up" (Gerd Rausch) [Orabug: 37260292]

[5.15.0-300.163.18.3.el9uek]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37203368]

[5.15.0-300.163.18.2.el9uek]
- netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184791] {CVE-2024-42269}
- netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 37184793] {CVE-2024-27397}
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37189054]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37184802]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37184800]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37184800]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37184800]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37184800]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37184800]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37184800]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37184800]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37185578]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37185578]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37185578]
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184779] {CVE-2024-42270}
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37184794] {CVE-2024-47674}
- net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad) [Orabug: 37184799]
- fwctl: Allow up to 4k devices (Saeed Mahameed) [Orabug: 37184797]
- mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 37184796]
- mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 37184796]
- mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 37184796]
- mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 37184796]
- mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 37184796]

[5.15.0-300.163.18.1.el9uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37132350]

[5.15.0-300.163.18.el9uek]
- crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37044631]



ELBA-2024-12816 Oracle Linux 8 oVirt 4.5 aopalliance bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12816

http://linux.oracle.com/errata/ELBA-2024-12816.html

The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network:

x86_64:
aopalliance-1.0-20.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//aopalliance-1.0-20.el8.src.rpm

Description of changes:

[1.0-20]
- Build with OpenJDK 8" -s " aopalliance bug fix update



ELSA-2024-9456 Important: Oracle Linux 9 osbuild-composer security update


Oracle Linux Security Advisory ELSA-2024-9456

http://linux.oracle.com/errata/ELSA-2024-9456.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-118-2.0.1.el9_5.x86_64.rpm
osbuild-composer-core-118-2.0.1.el9_5.x86_64.rpm
osbuild-composer-worker-118-2.0.1.el9_5.x86_64.rpm

aarch64:
osbuild-composer-118-2.0.1.el9_5.aarch64.rpm
osbuild-composer-core-118-2.0.1.el9_5.aarch64.rpm
osbuild-composer-worker-118-2.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//osbuild-composer-118-2.0.1.el9_5.src.rpm

Related CVEs:

CVE-2024-34156

Description of changes:

[118-2.0.1]
- Simplify repository names [JIRA: OLDIS-35893]

[118-2]
- Ensure build on latest golang: CVE-2024-34156