Oracle Linux 6246 Published by

The following updates has been released for Oracle Linux 7:

ELSA-2018-3833 Critical: Oracle Linux 7 firefox security update (aarch64)
ELSA-2018-3834 Important: Oracle Linux 7 ghostscript security and bug fix update (aarch64)
ELSA-2018-3854 Low: Oracle Linux 6 ntp security update



ELSA-2018-3833 Critical: Oracle Linux 7 firefox security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3833

http://linux.oracle.com/errata/ELSA-2018-3833.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
firefox-60.4.0-1.0.1.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-60.4.0-1.0.1.el7.src.rpm



Description of changes:

[60.4.0-1.0.1]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red
Hat file

[60.4.0-1]
- Update to 60.4.0 ESR

[60.3.0-2]
- Added firefox-gnome-shell-extension

[60.3.0-1]
- Update to 60.3.0 ESR

ELSA-2018-3834 Important: Oracle Linux 7 ghostscript security and bug fix update (aarch64)

Oracle Linux Security Advisory ELSA-2018-3834

http://linux.oracle.com/errata/ELSA-2018-3834.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
ghostscript-9.07-31.el7_6.6.aarch64.rpm
ghostscript-cups-9.07-31.el7_6.6.aarch64.rpm
ghostscript-devel-9.07-31.el7_6.6.aarch64.rpm
ghostscript-doc-9.07-31.el7_6.6.noarch.rpm
ghostscript-gtk-9.07-31.el7_6.6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ghostscript-9.07-31.el7_6.6.src.rpm



Description of changes:

[9.07-31.el7_6.6]
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)

[9.07-31.el7_6.5]
- Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)

[9.07-31.el7_6.4]
- Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect "restoration of
privilege" checking when running out of stack during exception handling
- Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c

ELSA-2018-3854 Low: Oracle Linux 6 ntp security update

Oracle Linux Security Advisory ELSA-2018-3854

http://linux.oracle.com/errata/ELSA-2018-3854.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
ntp-4.2.6p5-15.0.1.el6_10.i686.rpm
ntp-doc-4.2.6p5-15.0.1.el6_10.noarch.rpm
ntp-perl-4.2.6p5-15.0.1.el6_10.i686.rpm
ntpdate-4.2.6p5-15.0.1.el6_10.i686.rpm

x86_64:
ntp-4.2.6p5-15.0.1.el6_10.x86_64.rpm
ntp-doc-4.2.6p5-15.0.1.el6_10.noarch.rpm
ntp-perl-4.2.6p5-15.0.1.el6_10.x86_64.rpm
ntpdate-4.2.6p5-15.0.1.el6_10.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/ntp-4.2.6p5-15.0.1.el6_10.src.rpm



Description of changes:

[4.2.6p5-15.0.1]
- add disable monitor to default ntp.conf [CVE-2013-5211]

[4.2.6p5-15]
- fix buffer overflow in parsing of address in ntpq and ntpdc
(CVE-2018-12327)

[4.2.6p5-14]
- fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)

[4.2.6p5-13]
- fix buffer overflow in datum refclock driver (CVE-2017-6462)
- fix crash with invalid unpeer command (CVE-2017-6463)
- fix potential crash with invalid server command (CVE-2017-6464)