Oracle Linux 6138 Published by

A nftables bug fix and enhancement update has been released for Oracle Linux 9.

El-errata: ELBA-2023-0950 Oracle Linux 9 nftables bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2023-0950

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:




Description of changes:

- tests: add a test case for map update from packet path with concat (Phil Sutter) [2094894]
- netlink_linearize: fix timeout with map updates (Phil Sutter) [2094894]
- netlink_delinearize: fix decoding of concat data element (Phil Sutter) [2094894]

- monitor: Sanitize startup race condition (Phil Sutter) [2130721]
- evaluate: set eval ctx for add/update statements with integer constants (Phil Sutter) [2094894]
- src: allow anon set concatenation with ether and vlan (Phil Sutter) [2094887]
- evaluate: search stacked header list for matching payload dep (Phil Sutter) [2094887]
- netlink_delinearize: also postprocess OP_AND in set element context (Phil Sutter) [2094887]
- tests: add a test case for ether and vlan listing (Phil Sutter) [2094887]
- debug: dump the l2 protocol stack (Phil Sutter) [2094887]
- proto: track full stack of seen l2 protocols, not just cumulative offset (Phil Sutter) [2094887]
- netlink_delinearize: postprocess binary ands in concatenations (Phil Sutter) [2094887]
- netlink_delinearize: allow postprocessing on concatenated elements (Phil Sutter) [2094887]
- intervals: check for EXPR_F_REMOVE in case of element mismatch (Phil Sutter) [2115627]
- intervals: fix crash when trying to remove element in empty set (Phil Sutter) [2115627]
- scanner: don't pop active flex scanner scope (Phil Sutter) [2113874]
- parser: add missing synproxy scope closure (Phil Sutter) [2113874]
- tests/py: Add a test for failing ipsec after counter (Phil Sutter) [2113874]
- doc: Document limitations of ipsec expression with xfrm_interface (Phil Sutter) [1806431]

- One more attempt at fixing expected error records (Phil Sutter) [1973687]

- Realy fix expected error records (Phil Sutter) [1973687]

- Fix expected error records (Phil Sutter) [1973687]

- Add expected error records for testsuite runs (Phil Sutter) [1973687]

- Prevent port-shadow attacks in sample nat config (Phil Sutter) [2061940]