PCS, Corosync, Java-1.7.0-OpenJDK Security Updates for Oracle Linux
Posted on: 05/01/2018 08:04 AM

The following security updates has been released for Oracle Linux:

ELSA-2018-1060 Important: Oracle Linux 7 pcs security update
ELSA-2018-1169 Important: Oracle Linux 7 corosync security update
ELSA-2018-1270 Important: Oracle Linux 6 java-1.7.0-openjdk security update

ELSA-2018-1060 Important: Oracle Linux 7 pcs security update
Oracle Linux Security Advisory ELSA-2018-1060

http://linux.oracle.com/errata/ELSA-2018-1060.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
pcs-0.9.162-5.0.3.el7_5.1.x86_64.rpm
pcs-snmp-0.9.162-5.0.3.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pcs-0.9.162-5.0.3.el7_5.1.src.rpm



Description of changes:

[0.9.162-5.0.3.el7_5.1]
- Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7
- replace logo pcsd/public/favicon.ico in tarball
- remove Source1 HAM-logo.png

[0.9.162-5.el7_5.1]
- Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing
information disclosure
- Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user
malicious REST call
- Fixed CVE-2018-1000119 rack-protection: Timing attack in
authenticity_token.rb
- Resolves: rhbz#1557253



ELSA-2018-1169 Important: Oracle Linux 7 corosync security update
Oracle Linux Security Advisory ELSA-2018-1169

http://linux.oracle.com/errata/ELSA-2018-1169.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
corosync-2.4.3-2.el7_5.1.x86_64.rpm
corosync-qdevice-2.4.3-2.el7_5.1.x86_64.rpm
corosync-qnetd-2.4.3-2.el7_5.1.x86_64.rpm
corosynclib-2.4.3-2.el7_5.1.i686.rpm
corosynclib-2.4.3-2.el7_5.1.x86_64.rpm
corosynclib-devel-2.4.3-2.el7_5.1.i686.rpm
corosynclib-devel-2.4.3-2.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/corosync-2.4.3-2.el7_5.1.src.rpm



Description of changes:

[2.4.3-2.1]
- Resolves: rhbz#1560467

- totemcrypto: Check length of the packet


ELSA-2018-1270 Important: Oracle Linux 6 java-1.7.0-openjdk security update
Oracle Linux Security Advisory ELSA-2018-1270

http://linux.oracle.com/errata/ELSA-2018-1270.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.0.1.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.0.1.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.0.1.el6_9.i686.rpm
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.0.1.el6_9.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.0.1.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.0.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.0.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.0.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.0.1.el6_9.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.0.1.el6_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/java-1.7.0-openjdk-1.7.0.181-2.6.14.1.0.1.el6_9.src.rpm



Description of changes:

[1:1.7.0.181-2.6.14.1.0.1]
- Update DISTRO_NAME in specfile

[1:1.7.0.181-2.6.14.1]
- Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add
missing ones
- Resolves: rhbz#1559766

[1:1.7.0.181-2.6.14.0]
- Bump to 2.6.14 and u181b00.
- Drop 8197981 Zero 32-bit patch now applied upstream.
- Update RC4 patch (8076221/PR2809) to apply after 8175075 (disable 3DES)
- Resolves: rhbz#1559766





Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/pcscorosyncjava_1_7_openjdk_security_updates_for_oracle_linux.html)