Oracle Linux 6154 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-3659 Oracle Linux 7 libguestfs bug fix update (aarch64)
ELSA-2018-3663 Moderate: Oracle Linux 7 sos-collector security update
ELSA-2018-3663 Moderate: Oracle Linux 7 sos-collector security update (aarch64)
ELSA-2018-4288 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4288 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for Oracle Enhanced RHCK 7 (ELSA-2018-3651)
New Ksplice updates for RHCK 7 (RHSA-2018:3651)
OVMBA-2018-0280 Oracle VM 3.4 tzdata bug fix update



ELBA-2018-3659 Oracle Linux 7 libguestfs bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-3659

http://linux.oracle.com/errata/ELBA-2018-3659.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
libguestfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-inspect-icons-1.38.2-12.0.1.el7_6.1.noarch.rpm
libguestfs-java-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-tools-1.38.2-12.0.1.el7_6.1.noarch.rpm
libguestfs-tools-c-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-xfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
perl-Sys-Guestfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
python-libguestfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-bash-completion-1.38.2-12.0.1.el7_6.1.noarch.rpm
libguestfs-benchmarking-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-devel-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-gobject-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-gobject-devel-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-java-devel-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-javadoc-1.38.2-12.0.1.el7_6.1.noarch.rpm
libguestfs-man-pages-ja-1.38.2-12.0.1.el7_6.1.noarch.rpm
libguestfs-man-pages-uk-1.38.2-12.0.1.el7_6.1.noarch.rpm
libguestfs-rescue-1.38.2-12.0.1.el7_6.1.aarch64.rpm
libguestfs-rsync-1.38.2-12.0.1.el7_6.1.aarch64.rpm
lua-guestfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
ocaml-libguestfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
ocaml-libguestfs-devel-1.38.2-12.0.1.el7_6.1.aarch64.rpm
ruby-libguestfs-1.38.2-12.0.1.el7_6.1.aarch64.rpm
virt-dib-1.38.2-12.0.1.el7_6.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libguestfs-1.38.2-12.0.1.el7_6.1.src.rpm



Description of changes:

[1:1.38.2-12.0.1]
- Set DISTRO_ORACLE_LINUX corresponding to ol
- Remove 0001-update-distro-for-oracle.patch
To support OL, update related code about /etc/os-release [bug 28760753]
- Update packagelist.in for OL

[1:1.38.2-12.el7_6.1]
- v2v: update documentation regarding SHA-2 certificates in Windows 7 and
Windows Server 2008 R2
resolves: rhbz#1632788
- v2v: fix rhev-apt firstboot command for Windows
resolves: rhbz#1625216

[1:1.38.2-12]
- Rebase to libguestfs 1.38.2 in RHEL 7.6.
resolves: rhbz#1551055
- v2v: warn about unknown VMware controller types
resolves: rhbz#1510801
- df: show correct sizes in human-readable mode for filesystems with
block size = 512
resolves: rhbz#1525262
- v2v: fix example URL in man page
resolves: rhbz#1540535
- Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key
resolves: rhbz#1541525
- Fix qemu-img-ma dependency in non-x86_64 architectures
resolves: rhbz#1568676
- v2v: update "resume=/dev/sdaX" entries in GRUB command lines
resolves: rhbz#1532224
- v2v: fix virtio-rng and memballoon OVF fragment for RHV
resolves: rhbz#1550168
- v2v: detect whether the root filesystem was not mounted in read-write mode
resolves: rhbz#1567763
- v2v: import OVAs with snapshots
resolves: rhbz#1570407
- v2v: ship a newer version of rhev-apt.exe
resolves: rhbz#1571237
- Move the osinfo-db dependency to libguestfs-tools-c, since it's the only
place where it used now (by virt-builder-repository).
- v2v: new 'rhv-upload' method to stream images directly to oVirt/RHV using
oVirt REST API
resolves: rhbz#1557273
- Start lvmetad earlier when booting the appliance
resolves: rhbz#1581810
- v2v: fix kernel detection in Ubuntu guests since 18.04
resolves: rhbz#1591248
- v2v: convert the CPU topology correctly
resolves: rhbz#1541908
- Add a new inspect_get_osinfo API, and add its result to the output of
virt-inspector
resolves: rhbz#1544842
- Pass absolute paths to NBD sockets when using the libvirt backend
resolves: rhbz#1588451
- v2v: do not write only without in libvirt XMLs
resolves: rhbz#1591789
- v2v: depend on nbdkit, nbdkit-plugin-python2, and nbdkit-plugin-vddk,
used for -it vddk, and -o rhv-upload
resolves: rhbz#1589776
resolves: rhbz#1608718
- v2v/p2v: disable on aarch64, since it is not supported (nor even working)
there
resolves: rhbz#1601488
- v2v: handle srN devices in libvirt XML (for virt-p2v)
resolves: rhbz#1612785
- Do not use the -cpu parameter under any circumstances for ppc64le.
resolves: rhbz#1605071

[1:1.36.10-6]
- Rebase to libguestfs 1.36.10 in RHEL 7.5.
resolves: rhbz#1472272
- Build against OCaml 4.05
resolves: rhbz#1447981
- Enable the copyonread flag when running the appliance using libvirt.
resolves: rhbz#1466563
- Make sure kernel-rt is never used as Requires.
resolves: rhbz#1471651
- v2v: disable unconfiguration of manually installed VMware tools.
resolves: rhbz#1477905
- v2v: prefer pigz or pxz for uncompressing OVA files, if available
resolves: rhbz#1448739
- resize: handle empty UUIDs for swap partitions
resolves: rhbz#1482737
- v2v: remove mention of --dcpath in an error message
resolves: rhbz#1486197
- Disables the QEMU image file locking when opening disks as read-only
resolves: rhbz#1417306
resolves: rhbz#1503497
- Briefly document the format used for URIs
resolves: rhbz#1450325
- v2v: deal with grub2 configurations without a default set
resolves: rhbz#1472288
- v2v: warn when a guest has passthrough devices
resolves: rhbz#1472719
- v2v: fix three regular expressions
resolves: rhbz#1494555
- v2v: enable conversion of full-disk LUKS-encrypted Linux guests
resolves: rhbz#1451665
- v2v: new 'vddk' import method
resolves: rhbz#1477912
resolves: rhbz#1513884
- Enable libguestfs to work on z Systems
resolves: rhbz#1479526
- p2v: fx check for sudo requiring a password
resolves: rhbz#1500673
- v2v: handle disks with snapshots in vCenter
resolves: rhbz#1172425
- rescue: backport improved version
resolves: rhbz#1438710
- v2v: improve bootloader detection
resolves: rhbz#1508299
- v2v: parse MAC address of network interfaces in OVF files
resolves: rhbz#1506572
- Unconditionally depend on libvirt-daemon-kvm >= 3.9.0-1, which will always
pull the right qemu-kvm too, and thus remove the unversioned dependencies
on it
resolves: rhbz#1500870
- v2v: fix RPM file owned test
resolves: rhbz#1503958
- Do not open read-only disks using in the libvirt backend
resolves: rhbz#1518517
- v2v: handle better when grubby does not report any default kernel
resolves: rhbz#1519204
- v2v: enhance vmx import method to access via SSH
resolves: rhbz#1523767
- builder: fix caching of templates when using --cache-all-templates
resolves: rhbz#1523650

[1:1.36.3-6]
- Rebase to libguestfs 1.36 in RHEL 7.4.
resolves: rhbz#1359086
- v2v: always use names for libvirt pools
resolves: rhbz#1141631
- v2v: correctly find GRUB in RHEL UEFI guests
- v2v: uninstall VMware tools packages from guests
resolves: rhbz#1155150
- v2v: install RHEV-APT only when using -o rhev/-o vdsm
resolves: rhbz#1161019
- New API: btrfs-filesystem-show
resolves: rhbz#1164765
- p2v: always enable debugging when running virt-v2v
resolves: rhbz#1167623
- libguestfs prefers virtio-pci on aarch64
resolves: rhbz#1237250
- v2v: make sure to copy all the driver files on Windows
resolves: rhbz#1255610
- Better tolerate corrupted Windows hivex; bump the hivex BuildRequires and
Requires to >= 1.3.10-5.8.el7
resolves: rhbz#1311890
- v2v: ignore all the environment variables for proxy when exporting from
vCenter
resolves: rhbz#1354507
- virt-sysprep can deal with full-LUKS encrypted guests
resolves: rhbz#1362649
- All the tools have bash completion scripts.
resolves: rhbz#1367738
- v2v: do not remove Processor and Intelppm nodes in Windows guests
resolves: rhbz#1372668
- Fix SELinux relabelling in old RHEL 6 guests, by adjusting a broken
regular expression in file_contexts file
resolves: rhbz#1374232
- v2v: set all the properties on creation when exporting to Glance
resolves: rhbz#1374405
- v2v: set hw_video_model when exporting to Glance
resolves: rhbz#1374651
- v2v: fix OVA conversion as root using the libvirt backend
resolves: rhbz#1375157
- Various improvements and fixes to the documentation
resolves: rhbz#1377081
resolves: rhbz#1390876
resolves: rhbz#1398070
resolves: rhbz#1425306
- v2v: support and
resolves: rhbz#1378022
- v2v: allow libvirt >= 2.1.0 for vCenter conversions
resolves: rhbz#1379240
- p2v: enable mnemonics in the GUI
resolves: rhbz#1379289
- Split virt-p2v, and the tools for it, in an own package: virt-p2v-maker
resolves: rhbz#1382275
- Correctly parse mount options in btrfs entries in /etc/fstab.
resolves: rhbz#1383517
- Read secrets from libvirt domains, when inspecting them
resolves: rhbz#1392798
- v2v: add --vdsm-compat=1.1 flag for VDSM
resolves: rhbz#1400205
- Fix inspection with UsrMove and /usr in a separate partition
resolves: rhbz#1401474
- v2v: improve import compatibility with OVAs produced by AWS
resolves: rhbz#1402301
- resize: allow URIs for the output disk
resolves: rhbz#1404182
- Disable EDD when launching the appliance
resolves: rhbz#1404287
- v2v: increase the memory allocated to the appliance
resolves: rhbz#1418283
- p2v: switch from GTK+ 2 to GTK+ 3
- p2v: add dbus-devel as BuildRequires to disable suspension during the
conversion
- libguestfs-java: bump the java-headless Require to >= 1.7.0, matching the
Build-Require, and the generated bytecode
resolves: rhbz#1364518
- Do not try to use/write to /var/cache/yum & /var/log/yum.log
- Bump ocaml-findlib-devel BuildRequires to >= 1.3.3-7.el7, because of
RHBZ#1403897
- v2v: remove --dcpath & --dcPath from --help output too
resolves: rhbz#1429430
- v2v: force VNC as display for -i disk, as SDL is not supported
resolves: rhbz#1372671
- v2v, p2v: rename rhvm network to ovirtmgmt
resolves: rhbz#1429491
- v2v: when exporting to local disk, check that UEFI firmware is installed
before conversion
resolves: rhbz#1429506
- dib: actually generate SHA256 checksums when using --checksum
resolves: rhbz#1430184
- v2v: do not mention SUSE Xen hosts as supported
resolves: rhbz#1430203
- v2v: depend on OVMF/AAVMF, for converting EFI guests
resolves: rhbz#1429643
- v2v: use absolute path when using an OVA as backing file
resolves: rhbz#1430680
- v2v: support Debian/Ubuntu guests
resolves: rhbz#1387213
- sysprep: remove DHCP_HOSTNAME entries
resolves: rhbz#1427529
- v2v: avoid repeated "run virt-v2v -v -x" message on error
resolves: rhbz#1167623
- bash-completion: add script for virt-v2v-copy-to-local
resolves: rhbz#1367738
- v2v: fix virtio block driver installation for Windows 10 and Windows 2016
resolves: rhbz#1434737
- Replace the libosinfo dependency with osinfo-db, since we are only using
the osinfo database.
- v2v: fix virtio driver installation for Windows 8 UEFI
resolves: rhbz#1431579
- v2v: new 'vmx' import method
resolves: rhbz#1441197
- v2v: properly identify Windows 2016 guests when exporting them to RHV-M
resolves: rhbz#1447202
- Run pvresize in non-interactive mode
resolves: rhbz#1460692
- resize: make sure the input disk is read-only
resolves: rhbz#1463714
- Switch qemu-kvm-rhev dependency to qemu-kvm on aarch64
resolves: rhbz#1463646

ELSA-2018-3663 Moderate: Oracle Linux 7 sos-collector security update

Oracle Linux Security Advisory ELSA-2018-3663

http://linux.oracle.com/errata/ELSA-2018-3663.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
sos-collector-1.5-3.0.1.el7_6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sos-collector-1.5-3.0.1.el7_6.src.rpm



Description of changes:

[1.5-3.0.1]
- To recognize OL system[OraBug 28807430]
- import os module to detect /etc/redhat-release [OraBug 28740046]

[1.5-3]
- Resolve race condition in cluster profile loading
- Quote all options globally
- RHBZ#1633515
- RHBZ#1647955

[1.5-2]
- Fix cluster option reporting

[1.5-1]
- Update to version 1.5
- Resolves CVE-2018-14650

ELSA-2018-3663 Moderate: Oracle Linux 7 sos-collector security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3663

http://linux.oracle.com/errata/ELSA-2018-3663.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
sos-collector-1.5-3.0.1.el7_6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sos-collector-1.5-3.0.1.el7_6.src.rpm



Description of changes:

[1.5-3.0.1]
- To recognize OL system[OraBug 28807430]
- import os module to detect /etc/redhat-release [OraBug 28740046]

[1.5-3]
- Resolve race condition in cluster profile loading
- Quote all options globally
- RHBZ#1633515
- RHBZ#1647955

[1.5-2]
- Fix cluster option reporting

[1.5-1]
- Update to version 1.5
- Resolves CVE-2018-14650

ELSA-2018-4288 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4288

http://linux.oracle.com/errata/ELSA-2018-4288.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.22.4.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.22.4.el6uek.noarch.rpm
kernel-uek-4.1.12-124.22.4.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.22.4.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.22.4.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.22.4.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.22.4.el6uek.src.rpm



Description of changes:

[4.1.12-124.22.4.el6uek]
- Revert commit 8bd274934987 ("block: fix bdi vs gendisk lifetime
mismatch") (Ashish Samant) [Orabug: 28968102]
- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28703712]
- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris
Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace
(Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally
(Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris
Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris
Ostrovsky) [Orabug: 28814570]

[4.1.12-124.22.3.el6uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran
Alon) [Orabug: 28122104]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar
Samudrala) [Orabug: 28122104]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar
Samudrala) [Orabug: 28122104]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug:
28122104]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug:
28122104]
- net: introduce lower state changed info structure for LAG lowers (Jiri
Pirko) [Orabug: 28122104]
- net: introduce change lower state notifier (Jiri Pirko) [Orabug:
28122104]
- net: add info struct for LAG changeupper (Jiri Pirko) [Orabug: 28122104]
- net: add possibility to pass information about upper device via
notifier (Jiri Pirko) [Orabug: 28122104]
- net: Check CHANGEUPPER notifier return value (Ido Schimmel) [Orabug:
28122104]
- net: introduce change upper device notifier change info (Jiri Pirko)
[Orabug: 28122104]
- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit
(Daniel Jordan) [Orabug: 28271063]
- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel
Jordan) [Orabug: 28271063]
- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec
ctrl MSR (Daniel Jordan) [Orabug: 28271063]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath
Patil) [Orabug: 28798861]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart)
[Orabug: 28855939]
- scsi: virtio_scsi: let host do exception handling (Paolo Bonzini)
[Orabug: 28856913]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug:
28857027]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander
Potapenko) [Orabug: 28892656] {CVE-2018-1000204}
- cdrom: fix improper type cast, which can leat to information leak.
(Young_X) [Orabug: 28929767] {CVE-2018-16658} {CVE-2018-10940}
{CVE-2018-18710}

ELSA-2018-4288 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4288

http://linux.oracle.com/errata/ELSA-2018-4288.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.22.4.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.22.4.el7uek.noarch.rpm
kernel-uek-4.1.12-124.22.4.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.22.4.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.22.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.22.4.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.22.4.el7uek.src.rpm



Description of changes:

[4.1.12-124.22.4.el7uek]
- Revert commit 8bd274934987 ("block: fix bdi vs gendisk lifetime
mismatch") (Ashish Samant) [Orabug: 28968102]
- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28703712]
- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris
Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace
(Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally
(Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris
Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris
Ostrovsky) [Orabug: 28814570]

[4.1.12-124.22.3.el7uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran
Alon) [Orabug: 28122104]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar
Samudrala) [Orabug: 28122104]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar
Samudrala) [Orabug: 28122104]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug:
28122104]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug:
28122104]
- net: introduce lower state changed info structure for LAG lowers (Jiri
Pirko) [Orabug: 28122104]
- net: introduce change lower state notifier (Jiri Pirko) [Orabug:
28122104]
- net: add info struct for LAG changeupper (Jiri Pirko) [Orabug: 28122104]
- net: add possibility to pass information about upper device via
notifier (Jiri Pirko) [Orabug: 28122104]
- net: Check CHANGEUPPER notifier return value (Ido Schimmel) [Orabug:
28122104]
- net: introduce change upper device notifier change info (Jiri Pirko)
[Orabug: 28122104]
- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit
(Daniel Jordan) [Orabug: 28271063]
- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel
Jordan) [Orabug: 28271063]
- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec
ctrl MSR (Daniel Jordan) [Orabug: 28271063]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath
Patil) [Orabug: 28798861]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart)
[Orabug: 28855939]
- scsi: virtio_scsi: let host do exception handling (Paolo Bonzini)
[Orabug: 28856913]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug:
28857027]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander
Potapenko) [Orabug: 28892656] {CVE-2018-1000204}
- cdrom: fix improper type cast, which can leat to information leak.
(Young_X) [Orabug: 28929767] {CVE-2018-16658} {CVE-2018-10940}
{CVE-2018-18710}

New Ksplice updates for Oracle Enhanced RHCK 7 (ELSA-2018-3651)

Synopsis: ELSA-2018-3651 can now be patched using Ksplice
CVEs: CVE-2018-14633 CVE-2018-14646

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-3651.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Provide an interface to freeze tasks.

Provides an alternative method for freezing selected tasks using a flag
in struct task_struct. This is useful starting with 3.3 due to
freezer changes.


* Workaround for alternative instruction inconsistencies.

Some RHEL7 kernels apply different alternative instructions between the
Kernel and modules, this prevents Ksplice update modules from patching core
Kernel code. This update works around the problem by ensuring alternative
instructions are applied in Ksplice updates to the Kernel in the same way
they would have been at boot.


* CVE-2018-14646: Denial-of-service in network namespace netlink capabilities.

A NULL pointer dereference in the netlink code for a network namespaced
process could result in a kernel crash. A local user in the namespace
could use this flaw to crash the host.


* CVE-2018-14633: Remote privilege escalation in iSCSI CHAP authentication.

A stack buffer overflow in the iSCSI CHAP authentication code could
allow an unauthenticated remote attacker to corrupt stack memory and
crash the system or potentially, execute code on the target system.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for RHCK 7 (RHSA-2018:3651)

Synopsis: ELSA-2018-3651 can now be patched using Ksplice
CVEs: CVE-2018-14633 CVE-2018-14646

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, ELSA-2018-3651.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-14646: Denial-of-service in network namespace netlink capabilities.

A NULL pointer dereference in the netlink code for a network namespaced
process could result in a kernel crash. A local user in the namespace
could use this flaw to crash the host.


* CVE-2018-14633: Remote privilege escalation in iSCSI CHAP authentication.

A stack buffer overflow in the iSCSI CHAP authentication code could
allow an unauthenticated remote attacker to corrupt stack memory and
crash the system or potentially, execute code on the target system.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

OVMBA-2018-0280 Oracle VM 3.4 tzdata bug fix update

Oracle VM Bug Fix Advisory OVMBA-2018-0280

The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:

x86_64:
tzdata-2018g-1.el6.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/tzdata-2018g-1.el6.src.rpm



Description of changes:

[2018g-1]
- Rebase to tzdata-2018g
- Morocco will remain at UTC+1 rather than switching back to UTC+0 as
planned. This change is effective Octobober 28, 2018.

[2018f-1]
- Europe/Volgograd will change from UTC+3 to UTC+4 on October 28,2018.
- Add patch to remove use of 25:00.
- Drop previous change to DST in Brazil. The government rescinded the
change.

[2018-5]
- Bump the Release and rebuild noarch.

[2018e-4]
- Brazil moved the start of DST from the first Sunday in November
to the third Sunday in November.