Oracle Linux 6259 Published by

Oracle Linux has received a number of security upgrades, including the mild expat security update, kernel security update, Thunderbird security update, Firefox security update, and Thunderbird security update:

ELSA-2024-6754 Moderate: Oracle Linux 9 expat security update
ELSA-2024-5259 Important: Oracle Linux 7 kernel security update
ELSA-2024-6683 Important: Oracle Linux 9 thunderbird security update
ELSA-2024-6681 Important: Oracle Linux 9 firefox security update
ELSA-2024-6682 Important: Oracle Linux 8 firefox security update
ELSA-2024-6684 Important: Oracle Linux 8 thunderbird security update




ELSA-2024-6754 Moderate: Oracle Linux 9 expat security update


Oracle Linux Security Advisory ELSA-2024-6754

http://linux.oracle.com/errata/ELSA-2024-6754.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
expat-2.5.0-2.el9_4.1.i686.rpm
expat-2.5.0-2.el9_4.1.x86_64.rpm
expat-devel-2.5.0-2.el9_4.1.i686.rpm
expat-devel-2.5.0-2.el9_4.1.x86_64.rpm

aarch64:
expat-2.5.0-2.el9_4.1.aarch64.rpm
expat-devel-2.5.0-2.el9_4.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//expat-2.5.0-2.el9_4.1.src.rpm

Related CVEs:

CVE-2024-45490
CVE-2024-45491
CVE-2024-45492

Description of changes:

[2.5.0-2.1]
- Fix multiple CVEs
- Fix CVE-2024-45492 integer overflow
- Fix CVE-2024-45491 Integer Overflow or Wraparound
- Fix CVE-2024-45490 Negative Length Parsing Vulnerability
- Resolves: RHEL-57510
- Resolves: RHEL-57497
- Resolves: RHEL-56763



ELSA-2024-5259 Important: Oracle Linux 7 kernel security update


Oracle Linux Security Advisory ELSA-2024-5259

http://linux.oracle.com/errata/ELSA-2024-5259.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.3.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.3.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.3.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.3.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-3.10.0-1160.119.1.0.3.el7.src.rpm

Related CVEs:

CVE-2022-1011
CVE-2024-36971

Description of changes:

[3.10.0-1160.119.1.0.3.el7.OL7]
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36947298]

[3.10.0-1160.119.1.0.2.el7.OL7]
- md/raid5: fix oops during stripe resizing (Ritika Srivastava) [Orabug: 34048726]
- blk-mq: Remove generation seqeunce (Ritika Srivastava) [Orabug: 33964689]
- block: init flush rq ref count to 1 (Ritika Srivastava) [Orabug: 33964689]
- block: fix null pointer dereference in blk_mq_rq_timed_out() (Ritika Srivastava) [Orabug: 33964689]
- [xen/netfront] stop tx queues during live migration (Orabug: 33446314)
- [xen/balloon] Support xend-based toolstack (Orabug: 28663970)
- [x86/apic/x2apic] avoid allocate multiple irq vectors for a single interrupt on multiple cpu, otherwise irq vectors would be used up when there are only 2 cpu online per node. [Orabug: 28691156]
- [bonding] avoid repeated display of same link status change. [Orabug: 28109857]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [Orabug: 22552377]
- kexec: Increase KEXEC_AUTO_RESERVED_SIZE to 256M [Orabug: 31517048]



ELSA-2024-6683 Important: Oracle Linux 9 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-6683

http://linux.oracle.com/errata/ELSA-2024-6683.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-128.2.0-1.0.1.el9_4.x86_64.rpm

aarch64:
thunderbird-128.2.0-1.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-128.2.0-1.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-7652
CVE-2024-8381
CVE-2024-8382
CVE-2024-8384
CVE-2024-8385
CVE-2024-8386
CVE-2024-8387
CVE-2024-8394

Description of changes:

[128.2.0-1.0.1]
- Add Oracle prefs

[128.2.0]
- Add OpenELA debranding

[128.2.0-1]
- Update to 128.2.0

[128.1.1-2]
- Update to 128.1.1

[128.0-1]
- Update to 128.0 final

[128.0b4-1]
- Update to 128.0b4

[115.12.1-1]
- Update to 115.12.1 build1

[115.12.0-2]
- Update to 115.12.0 build2

[115.12.0-1]
- Update to 115.12.0 build1

[115.11.0-1]
- Update to 115.11.0 build2

[115.10.0-2]
- Update to 115.10.0 build2

[115.10.0-1]
- Update to 115.10.0 build1
- Revert expat CVE-2023-52425 fix

[115.9.0-1]
- Update to 115.9.0 build1
- Fix expat CVE-2023-52425

[115.8.0-1]
- Update to 115.8.0 build1

[115.7.0-1]
- Update to 115.7.0 build1

[115.6.0-1]
- Update to 115.6.0 build2

[115.5.0-1]
- Update to 115.5.0 build1

[115.4.1-1]
- Update to 115.4.1 build1

[115.4.0-3]
- Update to 115.4.0 build3

[115.4.0-2]
- Update to 115.4.0 build2

[115.4.0-1]
- Update to 115.4.0 build1

[115.3.1-1]
- Update to 115.3.1 build1

[115.3.0-1]
- Update to 115.3.0

[115.2.1-5]
- Update to 115.2.1

[102.11.0-1]
- Update to 102.11.0 build1

[102.10.0-2]
- Update to 102.10.0 build2

[102.10.0-1]
- Update to 102.10.0 build1

[102.9.0-2]
- Update to 102.9.0 build1

[102.8.0-2]
- Update to 102.8.0 build2

[102.8.0-1]
- Update to 102.8.0 build1

[102.7.1-2]
- Update to 102.7.1 build2

[102.7.1-1]
- Update to 102.7.1 build1

[102.7.0-1]
- Update to 102.7.0 build1

[102.6.0-2]
- Update to 102.6.0 build2

[102.6.0-1]
- Update to 102.6.0 build1

[102.5.0-3]
- Use openssl for the librnp crypto backend to enable the openpgp encryption

[102.5.0-2]
- Update to 102.5.0 build2

[102.5.0-1]
- Update to 102.5.0 build1

[102.4.0-1]
- Update to 102.4.0 build1

[102.3.0-4]
- Fix for expat CVE-2022-40674



ELSA-2024-6681 Important: Oracle Linux 9 firefox security update


Oracle Linux Security Advisory ELSA-2024-6681

http://linux.oracle.com/errata/ELSA-2024-6681.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-128.2.0-1.0.1.el9_4.x86_64.rpm
firefox-x11-128.2.0-1.0.1.el9_4.x86_64.rpm

aarch64:
firefox-128.2.0-1.0.1.el9_4.aarch64.rpm
firefox-x11-128.2.0-1.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//firefox-128.2.0-1.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-7652
CVE-2024-8381
CVE-2024-8382
CVE-2024-8383
CVE-2024-8384
CVE-2024-8385
CVE-2024-8386
CVE-2024-8387

Description of changes:

[128.2.0-1.0.1]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[128.2.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[128.2.0-1]
- Update to 128.2.0

[115.10.0-1]
- Update to 115.10.0 build1

[115.9.1-2]
- Removed expat CVE fix

[115.9.1-1]
- Update to 115.9.1

[115.9.0-2]
- Update to 115.9.0 build2

[115.9.0-1]
- Update to 115.9.0 build1
- Fix expat CVE-2023-52425

[115.8.0-1]
- Update to 115.8.0 build1

[115.7.0-1]
- Update to 115.7.0 build1

[115.6.0-1]
- Update to 115.6.0 build1

[115.5.0-1]
- Update to 115.5.0 build1

[115.4.0-1]
- Update to 115.4.0 build1
- Add fix for CVE-2023-44488
- Set homepage from os-release HOME_URL

[115.3.1-1]
- Update to 115.3.1

[115.3.0-1]
- Update to 115.3.0 ESR

[115.2.0-3]
- Update to 115.2.0 ESR

[115.1.0-1]
- Update to 115.1.0 ESR

[115.0.2-1]
- Update to 115.0.2 ESR

[115.0b8-1]
- Update to 115.0b8

[102.11.0-2]
- Update to 102.11.0 build2

[102.11.0-1]
- Update to 102.11.0 build1

[102.10.0-1]
- Update to 102.10.0 build1

[102.9.0-4]
- Update to 102.9.0 build2

[102.9.0-2]
- removed disable-openh264-download

[102.9.0-1]
- Update to 102.9.0 build1

[102.8.0-2]
- Update to 102.8.0 build2

[102.8.0-1]
- Update to 102.8.0 build1

[102.7.0-1]
- Update to 102.7.0 build1

[102.6.0-2]
- Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9

[102.6.0-1]
- Update to 102.6.0 build1

[102.5.0-2]
- Added libwebrtc screencast patch for newer features

[102.5.0-1]
- Update to 102.5.0 build1

[102.4.0-1]
- Update to 102.4.0 build1

[102.3.0-7]
- Fix for expat CVE-2022-40674 and non functional webrtc



ELSA-2024-6682 Important: Oracle Linux 8 firefox security update


Oracle Linux Security Advisory ELSA-2024-6682

http://linux.oracle.com/errata/ELSA-2024-6682.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-128.2.0-1.0.1.el8_10.x86_64.rpm

aarch64:
firefox-128.2.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//firefox-128.2.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-7652
CVE-2024-8381
CVE-2024-8382
CVE-2024-8383
CVE-2024-8384
CVE-2024-8385
CVE-2024-8386
CVE-2024-8387

Description of changes:

[128.2.0-1.0.1]
- Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file

[128.2.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[128.2.0-1]
- Update to 128.2.0



ELSA-2024-6684 Important: Oracle Linux 8 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-6684

http://linux.oracle.com/errata/ELSA-2024-6684.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-128.2.0-1.0.1.el8_10.x86_64.rpm

aarch64:
thunderbird-128.2.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-128.2.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-7652
CVE-2024-8381
CVE-2024-8382
CVE-2024-8384
CVE-2024-8385
CVE-2024-8386
CVE-2024-8387
CVE-2024-8394

Description of changes:

[128.2.0-1.0.1]
- Add Oracle prefs file

[128.2.0]
- Add OpenELA debranding

[128.2.0-1]
- Update to 128.2.0

[128.1.1-2]
- Update to 128.1.1

[128.0-1]
- Update to 128.0 final

[128.0b4-1]
- Update to 128.0b4