Oracle Linux 6137 Published by

The following security updates are available for Oracle Linux:

ELSA-2024-0026 Important: Oracle Linux 7 firefox security update (aarch64)
ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update (aarch64)
ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update (aarch64)
ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update (aarch64)
ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update (aarch64)
ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update
ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update
ELSA-2024-0026 Important: Oracle Linux 7 firefox security update
ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update
ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update



ELSA-2024-0026 Important: Oracle Linux 7 firefox security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0026

http://linux.oracle.com/errata/ELSA-2024-0026.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
firefox-115.6.0-1.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-115.6.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867

Description of changes:

[115.6.0-1.0.1]
- Remove upstream references [Orabug: 30143292]
- Update distribution for Oracle Linux [Orabug: 30143292]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[115.6.0-1]
- Update to 115.6.0 build1



ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0027

http://linux.oracle.com/errata/ELSA-2024-0027.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
thunderbird-115.6.0-1.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//thunderbird-115.6.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-50761
CVE-2023-50762

Description of changes:

[115.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Enabled aarch64 build

[115.6.0-1]
- Update to 115.6.0 build2



ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0006

http://linux.oracle.com/errata/ELSA-2024-0006.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
tigervnc-1.8.0-28.0.1.el7_9.aarch64.rpm
tigervnc-icons-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-license-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-1.8.0-28.0.1.el7_9.aarch64.rpm
tigervnc-server-minimal-1.8.0-28.0.1.el7_9.aarch64.rpm
tigervnc-server-applet-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-module-1.8.0-28.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-28.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6377
CVE-2023-6478

Description of changes:

[1.8.0-28.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch

[1.8.0-28]
- Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415

[1.8.0-27]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
- CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18427



ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0013

http://linux.oracle.com/errata/ELSA-2024-0013.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
gstreamer1-plugins-bad-free-1.10.4-4.el7_9.aarch64.rpm
gstreamer1-plugins-bad-free-devel-1.10.4-4.el7_9.aarch64.rpm
gstreamer1-plugins-bad-free-gtk-1.10.4-4.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//gstreamer1-plugins-bad-free-1.10.4-4.el7_9.src.rpm

Related CVEs:

CVE-2023-44446

Description of changes:

[1.10.4-4]
- Patch CVE-2023-44446: MXF demuxer use-after-free
- Disable gtk-doc to fix build
- Resolves: RHEL-16793



ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0009

http://linux.oracle.com/errata/ELSA-2024-0009.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
xorg-x11-server-common-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xephyr-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xorg-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-devel-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-source-1.20.4-25.el7_9.noarch.rpm
xorg-x11-server-Xdmx-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xnest-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xvfb-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xwayland-1.20.4-25.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//xorg-x11-server-1.20.4-25.el7_9.src.rpm

Related CVEs:

CVE-2023-6377
CVE-2023-6478

Description of changes:

[1.20.4-25]
- CVE fix for: CVE-2023-6377, CVE-2023-6478
Resolves: https://issues.redhat.com/browse/RHEL-18416
Resolves: https://issues.redhat.com/browse/RHEL-18428



ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update


Oracle Linux Security Advisory ELSA-2024-0013

http://linux.oracle.com/errata/ELSA-2024-0013.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
gstreamer1-plugins-bad-free-1.10.4-4.el7_9.i686.rpm
gstreamer1-plugins-bad-free-1.10.4-4.el7_9.x86_64.rpm
gstreamer1-plugins-bad-free-devel-1.10.4-4.el7_9.i686.rpm
gstreamer1-plugins-bad-free-devel-1.10.4-4.el7_9.x86_64.rpm
gstreamer1-plugins-bad-free-gtk-1.10.4-4.el7_9.i686.rpm
gstreamer1-plugins-bad-free-gtk-1.10.4-4.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//gstreamer1-plugins-bad-free-1.10.4-4.el7_9.src.rpm

Related CVEs:

CVE-2023-44446

Description of changes:

[1.10.4-4]
- Patch CVE-2023-44446: MXF demuxer use-after-free
- Disable gtk-doc to fix build
- Resolves: RHEL-16793



ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-0027

http://linux.oracle.com/errata/ELSA-2024-0027.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-115.6.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//thunderbird-115.6.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-50761
CVE-2023-50762

Description of changes:

[115.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Enabled aarch64 build

[115.6.0-1]
- Update to 115.6.0 build2



ELSA-2024-0026 Important: Oracle Linux 7 firefox security update


Oracle Linux Security Advisory ELSA-2024-0026

http://linux.oracle.com/errata/ELSA-2024-0026.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-115.6.0-1.0.1.el7_9.i686.rpm
firefox-115.6.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-115.6.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867

Description of changes:

[115.6.0-1.0.1]
- Remove upstream references [Orabug: 30143292]
- Update distribution for Oracle Linux [Orabug: 30143292]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[115.6.0-1]
- Update to 115.6.0 build1



ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-0006

http://linux.oracle.com/errata/ELSA-2024-0006.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.8.0-28.0.1.el7_9.x86_64.rpm
tigervnc-icons-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-license-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-1.8.0-28.0.1.el7_9.x86_64.rpm
tigervnc-server-applet-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-minimal-1.8.0-28.0.1.el7_9.x86_64.rpm
tigervnc-server-module-1.8.0-28.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-28.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6377
CVE-2023-6478

Description of changes:

[1.8.0-28.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch

[1.8.0-28]
- Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415

[1.8.0-27]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
- CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18427



ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update


Oracle Linux Security Advisory ELSA-2024-0009

http://linux.oracle.com/errata/ELSA-2024-0009.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xdmx-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xephyr-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xnest-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xorg-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xvfb-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xwayland-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-common-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-devel-1.20.4-25.el7_9.i686.rpm
xorg-x11-server-devel-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-source-1.20.4-25.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//xorg-x11-server-1.20.4-25.el7_9.src.rpm

Related CVEs:

CVE-2023-6377
CVE-2023-6478

Description of changes:

[1.20.4-25]
- CVE fix for: CVE-2023-6377, CVE-2023-6478
Resolves: https://issues.redhat.com/browse/RHEL-18416
Resolves: https://issues.redhat.com/browse/RHEL-18428