Oracle Linux 6255 Published by

Oracle has released the following 14 updates for Oracle Linux:

ELBA-2019-1874 Oracle Linux 7 net-snmp bug fix update
ELBA-2019-1876 Oracle Linux 7 rear bug fix update
ELBA-2019-1877 Oracle Linux 7 keepalived bug fix and enhancement update
ELBA-2019-1878 Oracle Linux 7 selinux-policy bug fix update
ELBA-2019-1888 Oracle Linux 7 ModemManager bug fix update
ELBA-2019-1890 Oracle Linux 7 kexec-tools bug fix update
ELBA-2019-1892 Oracle Linux 7 mutter bug fix update
ELBA-2019-1899 Oracle Linux 7 bind bug fix update
ELSA-2019-1883 Important: Oracle Linux 7 qemu-kvm security update
ELSA-2019-1884 Moderate: Oracle Linux 7 libssh2 security update
ELSA-2019-1896 Moderate: Oracle Linux 7 389-ds-base security and bug fix update
ELSA-2019-1898 Low: Oracle Linux 7 httpd security update
ELSA-2019-4729 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4729 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELBA-2019-1874 Oracle Linux 7 net-snmp bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1874

http://linux.oracle.com/errata/ELBA-2019-1874.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
net-snmp-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-agent-libs-5.7.2-38.el7_6.2.i686.rpm
net-snmp-agent-libs-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-devel-5.7.2-38.el7_6.2.i686.rpm
net-snmp-devel-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-gui-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-libs-5.7.2-38.el7_6.2.i686.rpm
net-snmp-libs-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-perl-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-python-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-sysvinit-5.7.2-38.el7_6.2.x86_64.rpm
net-snmp-utils-5.7.2-38.el7_6.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/net-snmp-5.7.2-38.el7_6.2.src.rpm



Description of changes:

[1:5.7.2-38.2]
- fix trapd crash when forward snmp v3 traps (#1709111)

[1:5.7.2-38.1]
- secure magic variable to prevent daemon crash (#1701211)

[1:5.7.2-38]
- backport upstream fixes of memory leaks (#1650393)

ELBA-2019-1876 Oracle Linux 7 rear bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1876

http://linux.oracle.com/errata/ELBA-2019-1876.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
rear-2.4-5.0.1.el7_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/rear-2.4-5.0.1.el7_6.src.rpm



Description of changes:

[2.4-5.0.1]
- Change OS_VENDOR to OracleServer

[2.4-5]
- Apply upstream PR2065 (record permanent MAC address for team members)
Resolves: rhbz1685166

ELBA-2019-1877 Oracle Linux 7 keepalived bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2019-1877

http://linux.oracle.com/errata/ELBA-2019-1877.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
keepalived-1.3.5-8.el7_6.5.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/keepalived-1.3.5-8.el7_6.5.src.rpm



Description of changes:

[1.3.5-8.5]
- Rework previous checker comparison patch (#1716588)

[1.3.5-8.4]
- Make checker variables non global (#1716588)

[1.3.5-8.3]
- Fix comparison of checkers on reload (#1716588)

[1.3.5-8.2]
- Fix build errors (#1678480)

[1.3.5-8.1]
- Fix problems with health checks & real servers after reload/restart
(#1695653)

ELBA-2019-1878 Oracle Linux 7 selinux-policy bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1878

http://linux.oracle.com/errata/ELBA-2019-1878.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
selinux-policy-3.13.1-229.0.4.el7_6.15.noarch.rpm
selinux-policy-devel-3.13.1-229.0.4.el7_6.15.noarch.rpm
selinux-policy-doc-3.13.1-229.0.4.el7_6.15.noarch.rpm
selinux-policy-minimum-3.13.1-229.0.4.el7_6.15.noarch.rpm
selinux-policy-mls-3.13.1-229.0.4.el7_6.15.noarch.rpm
selinux-policy-sandbox-3.13.1-229.0.4.el7_6.15.noarch.rpm
selinux-policy-targeted-3.13.1-229.0.4.el7_6.15.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/selinux-policy-3.13.1-229.0.4.el7_6.15.src.rpm



Description of changes:

[3.13.1-229.0.4]
- Make rpm_transition_script() a nested optional policy in init policy
module [Orabug: 29661269]
- Allow cloud_init_t to dbus chat with systemd_logind_t [Orabug: 29399653]
- Add fs_relabel_pstore_dirs() interface. [Orabug: 28260775]
- Allow systemd running as init_t to relabel pstore directories.
[Orabug: 28260775]
- Allow udev_t to load modules [Orabug: 28260775]
- Allow insmod_t to load modules BZ(1544189) [Orabug: 28260775]
- Allow chronyd_t to execute shell scripts [Orabug: 28260775]
- SELinux support for cgroup2 filesystem. [OraBug 28127822]
- refpolicy: Define getrlimit permission for class process [OraBug 28229492]
- Add vhost-scsi to be vhost_device_t type [OraBug 27774921]
- Obsolete docker-engine-selinux [OraBug 26439663]
- Fix container selinux policy [OraBug 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

[3.13.1-229.15]
- Allow sbd_t domain to use nsswitch
Resolves: rhbz#1728592

[3.13.1-229.14]
- Allow nrpe_t domain to read process state of systemd_logind_t
- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo
boolean is turned on
- Allow nrpe_t domain to be dbus cliennt
- Allow ngaios to use chown capability
Resolves: rhbz#1692893

[3.13.1-229.13]
- Update Nagios policy when sudo is used
Resolves: rhbz#1692893

ELBA-2019-1888 Oracle Linux 7 ModemManager bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1888

http://linux.oracle.com/errata/ELBA-2019-1888.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
ModemManager-1.6.10-3.el7_6.i686.rpm
ModemManager-1.6.10-3.el7_6.x86_64.rpm
ModemManager-devel-1.6.10-3.el7_6.i686.rpm
ModemManager-devel-1.6.10-3.el7_6.x86_64.rpm
ModemManager-glib-1.6.10-3.el7_6.i686.rpm
ModemManager-glib-1.6.10-3.el7_6.x86_64.rpm
ModemManager-glib-devel-1.6.10-3.el7_6.i686.rpm
ModemManager-glib-devel-1.6.10-3.el7_6.x86_64.rpm
ModemManager-vala-1.6.10-3.el7_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ModemManager-1.6.10-3.el7_6.src.rpm



Description of changes:

[1.6.10-3]
- Don't grab cdc_ether devices on Sierra QMI modems (rh #1712031)

[1.6.10-2]
- Increase QMI open timeout
- Fix a race on WDS Start Network cancellation (rh #1676808)

ELBA-2019-1890 Oracle Linux 7 kexec-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1890

http://linux.oracle.com/errata/ELBA-2019-1890.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kexec-tools-2.0.15-21.0.3.el7_6.4.x86_64.rpm
kexec-tools-anaconda-addon-2.0.15-21.0.3.el7_6.4.x86_64.rpm
kexec-tools-eppic-2.0.15-21.0.3.el7_6.4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kexec-tools-2.0.15-21.0.3.el7_6.4.src.rpm



Description of changes:

[2.0.15-21.0.3]
- change makedumpfile fixed size buffer for VMCOREINFO
(isaac.chen@oracle.com) [Orabug: 29612733]
- rebase
kexec-tools-2.0.8-dracut-module-setup-ibft-avoid-dup-config.patch
(brian.maly@oracle.com) [Orabug: 28872281]
- don't patch files in SOURCES directory. That breaks building from the
srpm (dave.kleikamp@oracle.com)
- dracut-module-setup: avoid duplicate config for ibft [Orabug: 22780125]
- kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline
(Sriharsha Yadagudde) [Orabug: 19134999]
- kdumpctl: verify if kernel support securelevel interface
(Sriharsha Yadagudde) [Orabug: 18905671]

[2.0.15-21.4]
- [Hyper-V] Error applying Memory changes to larger size

ELBA-2019-1892 Oracle Linux 7 mutter bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1892

http://linux.oracle.com/errata/ELBA-2019-1892.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
mutter-3.28.3-8.el7_6.i686.rpm
mutter-3.28.3-8.el7_6.x86_64.rpm
mutter-devel-3.28.3-8.el7_6.i686.rpm
mutter-devel-3.28.3-8.el7_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/mutter-3.28.3-8.el7_6.src.rpm



Description of changes:

[3.28.3-8]
- Handle lack of XRANDR (#1714959)

ELBA-2019-1899 Oracle Linux 7 bind bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1899

http://linux.oracle.com/errata/ELBA-2019-1899.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
bind-9.9.4-74.el7_6.2.x86_64.rpm
bind-chroot-9.9.4-74.el7_6.2.x86_64.rpm
bind-devel-9.9.4-74.el7_6.2.i686.rpm
bind-devel-9.9.4-74.el7_6.2.x86_64.rpm
bind-libs-9.9.4-74.el7_6.2.i686.rpm
bind-libs-9.9.4-74.el7_6.2.x86_64.rpm
bind-libs-lite-9.9.4-74.el7_6.2.i686.rpm
bind-libs-lite-9.9.4-74.el7_6.2.x86_64.rpm
bind-license-9.9.4-74.el7_6.2.noarch.rpm
bind-lite-devel-9.9.4-74.el7_6.2.i686.rpm
bind-lite-devel-9.9.4-74.el7_6.2.x86_64.rpm
bind-pkcs11-9.9.4-74.el7_6.2.x86_64.rpm
bind-pkcs11-devel-9.9.4-74.el7_6.2.i686.rpm
bind-pkcs11-devel-9.9.4-74.el7_6.2.x86_64.rpm
bind-pkcs11-libs-9.9.4-74.el7_6.2.i686.rpm
bind-pkcs11-libs-9.9.4-74.el7_6.2.x86_64.rpm
bind-pkcs11-utils-9.9.4-74.el7_6.2.x86_64.rpm
bind-sdb-9.9.4-74.el7_6.2.x86_64.rpm
bind-sdb-chroot-9.9.4-74.el7_6.2.x86_64.rpm
bind-utils-9.9.4-74.el7_6.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/bind-9.9.4-74.el7_6.2.src.rpm



Description of changes:

[32:9.9.4-74.2]
- Fix unstable zone transfers (#1724071)
- Understand keep-response-order for backward compatibility

ELSA-2019-1883 Important: Oracle Linux 7 qemu-kvm security update

Oracle Linux Security Advisory ELSA-2019-1883

http://linux.oracle.com/errata/ELSA-2019-1883.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
qemu-img-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-common-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-tools-1.5.3-160.el7_6.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-kvm-1.5.3-160.el7_6.3.src.rpm



Description of changes:

[1.5.3-160.el7_6.3]
- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1669067]
- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch
[bz#1669067]
- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch
[bz#1669067]
- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669067]
- Resolves: bz#1669067
(CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in
tcp_emu() [rhel-7.6.z])

ELSA-2019-1884 Moderate: Oracle Linux 7 libssh2 security update

Oracle Linux Security Advisory ELSA-2019-1884

http://linux.oracle.com/errata/ELSA-2019-1884.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
libssh2-1.4.3-12.0.1.el7_6.3.i686.rpm
libssh2-1.4.3-12.0.1.el7_6.3.x86_64.rpm
libssh2-devel-1.4.3-12.0.1.el7_6.3.i686.rpm
libssh2-devel-1.4.3-12.0.1.el7_6.3.x86_64.rpm
libssh2-docs-1.4.3-12.0.1.el7_6.3.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libssh2-1.4.3-12.0.1.el7_6.3.src.rpm



Description of changes:

[1.4.3-12.0.1.el7_6.3]
- Bump and rebuild.

[1.4.3-12.el7_6.3]
- fix out-of-bounds memory comparison with specially crafted message
channel request (CVE-2019-3862)

ELSA-2019-1896 Moderate: Oracle Linux 7 389-ds-base security and bug fix update

Oracle Linux Security Advisory ELSA-2019-1896

http://linux.oracle.com/errata/ELSA-2019-1896.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/389-ds-base-1.3.8.4-25.1.el7_6.src.rpm



Description of changes:

[1.3.8.4-25.1]
- Bump version to 1.3.8.4-25.1
- Resolves: Bug 1718689 - dse.ldif strip-off string after 1023 character
(missing patch file)

[1.3.8.4-25]
- Bump version to 1.3.8.4-25
- Resolves: Bug 1722828 - referint update should discard any changes if
mep update fails
- Resolves: Bug 1718689 - dse.ldif strip-off string after 1023 character
- Resolves: Bug 1719720 - CVE-2019-3883 389-ds-base: DoS via hanging
secured connections

[1.3.8.4-24]
- Bump version to 1.3.8.4-24
- Resolves: Bug 1718184 - segfault when using pam passthru and addn
plugins together

ELSA-2019-1898 Low: Oracle Linux 7 httpd security update

Oracle Linux Security Advisory ELSA-2019-1898

http://linux.oracle.com/errata/ELSA-2019-1898.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
httpd-2.4.6-89.0.1.el7_6.1.x86_64.rpm
httpd-devel-2.4.6-89.0.1.el7_6.1.x86_64.rpm
httpd-manual-2.4.6-89.0.1.el7_6.1.noarch.rpm
httpd-tools-2.4.6-89.0.1.el7_6.1.x86_64.rpm
mod_ldap-2.4.6-89.0.1.el7_6.1.x86_64.rpm
mod_proxy_html-2.4.6-89.0.1.el7_6.1.x86_64.rpm
mod_session-2.4.6-89.0.1.el7_6.1.x86_64.rpm
mod_ssl-2.4.6-89.0.1.el7_6.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/httpd-2.4.6-89.0.1.el7_6.1.src.rpm



Description of changes:

[2.4.6-89.0.1]
- replace index.html with Oracle's index page oracle_index.html

[2.4.6-89.1]
- Resolves: #1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce
generation
in mod_auth_digest

ELSA-2019-4729 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4729

http://linux.oracle.com/errata/ELSA-2019-4729.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.29.3.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.29.3.el6uek.noarch.rpm
kernel-uek-4.1.12-124.29.3.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.29.3.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.29.3.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.29.3.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.29.3.el6uek.src.rpm



Description of changes:

[4.1.12-124.29.3.el6uek]
- mlx4_core: change log_num_{qp,rdmarc} with scale_profile (Mukesh Kacker) [Orabug: 30064080]

[4.1.12-124.29.2.el6uek]
- scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [Orabug: 30052805]

[4.1.12-124.29.1.el6uek]
- USB: check usb_get_extra_descriptor for proper size (Mathias Payer) [Orabug: 29755247] {CVE-2018-20169}
- rds: ib: Fix dereference of conn when NULL and cleanup thereof (Håkon Bugge) [Orabug: 29924849]
- ext4: zero out the unused memory region in the extent tree block (Sriram Rajagopalan) [Orabug: 29925523] {CVE-2019-11833} {CVE-2019-11833}
- ip_sockglue: Fix missing-check bug in ip_ra_control() (Gen Zhang) [Orabug: 29926005] {CVE-2019-12381}
- ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() (Gen Zhang) [Orabug: 29926057] {CVE-2019-12378}
- x86/microcode: fix x86_spec_ctrl_mask on late loading. (Mihai Carabas) [Orabug: 29941248]
- net: rds: fix rds recv memory leak (Zhu Yanjun) [Orabug: 30034815]

ELSA-2019-4729 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2019-4729

http://linux.oracle.com/errata/ELSA-2019-4729.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.29.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.29.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.29.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.29.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.29.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.29.3.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.29.3.el7uek.src.rpm



Description of changes:

[4.1.12-124.29.3.el7uek]
- mlx4_core: change log_num_{qp,rdmarc} with scale_profile (Mukesh Kacker) [Orabug: 30064080]

[4.1.12-124.29.2.el7uek]
- scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [Orabug: 30052805]

[4.1.12-124.29.1.el7uek]
- USB: check usb_get_extra_descriptor for proper size (Mathias Payer) [Orabug: 29755247] {CVE-2018-20169}
- rds: ib: Fix dereference of conn when NULL and cleanup thereof (Håkon Bugge) [Orabug: 29924849]
- ext4: zero out the unused memory region in the extent tree block (Sriram Rajagopalan) [Orabug: 29925523] {CVE-2019-11833} {CVE-2019-11833}
- ip_sockglue: Fix missing-check bug in ip_ra_control() (Gen Zhang) [Orabug: 29926005] {CVE-2019-12381}
- ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() (Gen Zhang) [Orabug: 29926057] {CVE-2019-12378}
- x86/microcode: fix x86_spec_ctrl_mask on late loading. (Mihai Carabas) [Orabug: 29941248]
- net: rds: fix rds recv memory leak (Zhu Yanjun) [Orabug: 30034815]