Oracle Linux 6254 Published by

The following updates are available for Oracle Linux:

ELBA-2024-5055 Oracle Linux 9 bootc bug fix update
ELBA-2024-4266 Oracle Linux 8 kexec-tools bug fix update
ELSA-2024-12571 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-12570 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update




ELBA-2024-5055 Oracle Linux 9 bootc bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-5055

http://linux.oracle.com/errata/ELBA-2024-5055.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bootc-0.1.14-1.el9_4.x86_64.rpm

aarch64:
bootc-0.1.14-1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//bootc-0.1.14-1.el9_4.src.rpm

Description of changes:

[0.1.14-1]
- Update to 0.1.14
Resolves: #RHEL-50683, #RHEL-50684, #RHEL-50685



ELBA-2024-4266 Oracle Linux 8 kexec-tools bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-4266

http://linux.oracle.com/errata/ELBA-2024-4266.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kexec-tools-2.0.28-1.0.5.el8_10.x86_64.rpm

aarch64:
kexec-tools-2.0.28-1.0.5.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kexec-tools-2.0.28-1.0.5.el8_10.src.rpm

Description of changes:

[2.0.28-1.0.5]
- Fix KEXEC_KERNEL_CHECK IMA rule & valid PE signature regression [Orabug: 36560887]
- Increase crashkernel reservation for aarch64 [Orabug: 35887460]
- kdumpctl check if FIPS is enabled [Orabug: 35982140]
- Backport of upstream crash hotplug support [Orabug: 35884454]
- Drop kexec-tools-2.0.25-makedumpfile-sadump-fix-failure-of-reading-memory-when-5-le.patch
- Insert new udev rules for crash hotplug into 98-kexec.rules
- sadump: fix failure of reading memory when 5-level paging is enabled
- Update UEK reserved sizes [Orabug: 35224510]
- makedumpfile: fix issue where manpage wont load [Orabug: 34219528]
- add requires for virt-what [Orabug: 34015178]
- kdump/kexec: fix saving vmcore-dmesg.txt failed on aarch64 with UEK7 [Orabug: 33748084]
- kdump: skip lvm private devices [Orabug: 33822070]
- Merge 8.4 extra patches for SB boot environment [Orabug: 33512440]
- Merge SRPM/ol8-u4 orabug patches into SRPM/ol8-u5 [Orabug: 33471981]
- Reformat orabug33822070-kdump-skip-lvm-private-devices.patch [Orabug: 33822070]
- Drop oracle specific patches no longer applicable [Orabug: 32258986] [Orabug: 33748084]



ELSA-2024-12571 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12571

http://linux.oracle.com/errata/ELSA-2024-12571.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.88.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.88.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.88.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.88.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.88.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.88.3.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.88.3.el7uek.src.rpm

Related CVEs:

CVE-2023-52813
CVE-2021-47495
CVE-2024-36946
CVE-2024-36941
CVE-2024-36934
CVE-2024-27020
CVE-2024-41090
CVE-2024-41091
CVE-2023-52528
CVE-2023-52880
CVE-2024-26642
CVE-2024-25739
CVE-2022-24448

Description of changes:

[4.1.12-124.88.3.el7uek]
- crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) [Orabug: 36806710] {CVE-2023-52813}
- usbnet: sanity check for maxpacket (Oliver Neukum) [Orabug: 36806658] {CVE-2021-47495}
- phonet: fix rtm_phonet_notify() skb allocation (Eric Dumazet) [Orabug: 36683487] {CVE-2024-36946}
- wifi: nl80211: don't free NULL coalescing rule (Johannes Berg) [Orabug: 36683466] {CVE-2024-36941}
- bna: ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36683433] {CVE-2024-36934}
- bna: use memdup_user to copy userspace buffers (Ivan Vecera) [Orabug: 36683433] {CVE-2024-36934}
- new helper: memdup_user_nul() (Al Viro) [Orabug: 36683433] {CVE-2024-36934}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Ziyang Xuan) [Orabug: 36598047] {CVE-2024-27020}
- netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Pablo Neira Ayuso) [Orabug: 36598047] {CVE-2024-27020}
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879159] {CVE-2024-41090} {CVE-2024-41091}

[4.1.12-124.88.2.el7uek]
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) [Orabug: 36802310] {CVE-2023-52528}
- usbnet/smsc75xx: silence uninitialized variable warning (Dan Carpenter) {CVE-2023-52528}
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) [Orabug: 36685663] {CVE-2023-52880}
- netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) [Orabug: 36530112] {CVE-2024-26642}
- ubi: Check for too small LEB size in VTBL code (Richard Weinberger) [Orabug: 36356637] {CVE-2024-25739}

[4.1.12-124.88.1.el7uek]
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448}
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448}



ELSA-2024-12570 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12570

http://linux.oracle.com/errata/ELSA-2024-12570.html

The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.88.3.el6uek.x86_64.rpm
kernel-uek-doc-4.1.12-124.88.3.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.88.3.el6uek.noarch.rpm
kernel-uek-devel-4.1.12-124.88.3.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.88.3.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.88.3.el6uek.x86_64.rpm

Related CVEs:

CVE-2023-52813
CVE-2021-47495
CVE-2024-36946
CVE-2024-36941
CVE-2024-36934
CVE-2024-27020
CVE-2024-41090
CVE-2024-41091
CVE-2023-52528
CVE-2023-52880
CVE-2024-26642
CVE-2024-25739
CVE-2022-24448

Description of changes:

[4.1.12-124.88.3.el6uek]
- crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) [Orabug: 36806710] {CVE-2023-52813}
- usbnet: sanity check for maxpacket (Oliver Neukum) [Orabug: 36806658] {CVE-2021-47495}
- phonet: fix rtm_phonet_notify() skb allocation (Eric Dumazet) [Orabug: 36683487] {CVE-2024-36946}
- wifi: nl80211: don't free NULL coalescing rule (Johannes Berg) [Orabug: 36683466] {CVE-2024-36941}
- bna: ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36683433] {CVE-2024-36934}
- bna: use memdup_user to copy userspace buffers (Ivan Vecera) [Orabug: 36683433] {CVE-2024-36934}
- new helper: memdup_user_nul() (Al Viro) [Orabug: 36683433] {CVE-2024-36934}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Ziyang Xuan) [Orabug: 36598047] {CVE-2024-27020}
- netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Pablo Neira Ayuso) [Orabug: 36598047] {CVE-2024-27020}
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879159] {CVE-2024-41090} {CVE-2024-41091}

[4.1.12-124.88.2.el6uek]
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) [Orabug: 36802310] {CVE-2023-52528}
- usbnet/smsc75xx: silence uninitialized variable warning (Dan Carpenter) {CVE-2023-52528}
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) [Orabug: 36685663] {CVE-2023-52880}
- netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) [Orabug: 36530112] {CVE-2024-26642}
- ubi: Check for too small LEB size in VTBL code (Richard Weinberger) [Orabug: 36356637] {CVE-2024-25739}

[4.1.12-124.88.1.el6uek]
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448}
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448}