ELSA-2024-0026 Important: Oracle Linux 7 firefox security update (aarch64)
ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update (aarch64)
ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update (aarch64)
ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update (aarch64)
ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update (aarch64)
ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update
ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update
ELSA-2024-0026 Important: Oracle Linux 7 firefox security update
ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update
ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update
ELSA-2024-0026 Important: Oracle Linux 7 firefox security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-0026
http://linux.oracle.com/errata/ELSA-2024-0026.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
firefox-115.6.0-1.0.1.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-115.6.0-1.0.1.el7_9.src.rpm
Related CVEs:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867
Description of changes:
[115.6.0-1.0.1]
- Remove upstream references [Orabug: 30143292]
- Update distribution for Oracle Linux [Orabug: 30143292]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file
[115.6.0-1]
- Update to 115.6.0 build1
ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-0027
http://linux.oracle.com/errata/ELSA-2024-0027.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
thunderbird-115.6.0-1.0.1.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//thunderbird-115.6.0-1.0.1.el7_9.src.rpm
Related CVEs:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-50761
CVE-2023-50762
Description of changes:
[115.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Enabled aarch64 build
[115.6.0-1]
- Update to 115.6.0 build2
ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-0006
http://linux.oracle.com/errata/ELSA-2024-0006.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
tigervnc-1.8.0-28.0.1.el7_9.aarch64.rpm
tigervnc-icons-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-license-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-1.8.0-28.0.1.el7_9.aarch64.rpm
tigervnc-server-minimal-1.8.0-28.0.1.el7_9.aarch64.rpm
tigervnc-server-applet-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-module-1.8.0-28.0.1.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-28.0.1.el7_9.src.rpm
Related CVEs:
CVE-2023-6377
CVE-2023-6478
Description of changes:
[1.8.0-28.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch
[1.8.0-28]
- Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
[1.8.0-27]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
- CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18427
ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-0013
http://linux.oracle.com/errata/ELSA-2024-0013.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
gstreamer1-plugins-bad-free-1.10.4-4.el7_9.aarch64.rpm
gstreamer1-plugins-bad-free-devel-1.10.4-4.el7_9.aarch64.rpm
gstreamer1-plugins-bad-free-gtk-1.10.4-4.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//gstreamer1-plugins-bad-free-1.10.4-4.el7_9.src.rpm
Related CVEs:
CVE-2023-44446
Description of changes:
[1.10.4-4]
- Patch CVE-2023-44446: MXF demuxer use-after-free
- Disable gtk-doc to fix build
- Resolves: RHEL-16793
ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-0009
http://linux.oracle.com/errata/ELSA-2024-0009.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
xorg-x11-server-common-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xephyr-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xorg-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-devel-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-source-1.20.4-25.el7_9.noarch.rpm
xorg-x11-server-Xdmx-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xnest-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xvfb-1.20.4-25.el7_9.aarch64.rpm
xorg-x11-server-Xwayland-1.20.4-25.el7_9.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//xorg-x11-server-1.20.4-25.el7_9.src.rpm
Related CVEs:
CVE-2023-6377
CVE-2023-6478
Description of changes:
[1.20.4-25]
- CVE fix for: CVE-2023-6377, CVE-2023-6478
Resolves: https://issues.redhat.com/browse/RHEL-18416
Resolves: https://issues.redhat.com/browse/RHEL-18428
ELSA-2024-0013 Important: Oracle Linux 7 gstreamer1-plugins-bad-free security update
Oracle Linux Security Advisory ELSA-2024-0013
http://linux.oracle.com/errata/ELSA-2024-0013.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer1-plugins-bad-free-1.10.4-4.el7_9.i686.rpm
gstreamer1-plugins-bad-free-1.10.4-4.el7_9.x86_64.rpm
gstreamer1-plugins-bad-free-devel-1.10.4-4.el7_9.i686.rpm
gstreamer1-plugins-bad-free-devel-1.10.4-4.el7_9.x86_64.rpm
gstreamer1-plugins-bad-free-gtk-1.10.4-4.el7_9.i686.rpm
gstreamer1-plugins-bad-free-gtk-1.10.4-4.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//gstreamer1-plugins-bad-free-1.10.4-4.el7_9.src.rpm
Related CVEs:
CVE-2023-44446
Description of changes:
[1.10.4-4]
- Patch CVE-2023-44446: MXF demuxer use-after-free
- Disable gtk-doc to fix build
- Resolves: RHEL-16793
ELSA-2024-0027 Important: Oracle Linux 7 thunderbird security update
Oracle Linux Security Advisory ELSA-2024-0027
http://linux.oracle.com/errata/ELSA-2024-0027.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
thunderbird-115.6.0-1.0.1.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//thunderbird-115.6.0-1.0.1.el7_9.src.rpm
Related CVEs:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-50761
CVE-2023-50762
Description of changes:
[115.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Enabled aarch64 build
[115.6.0-1]
- Update to 115.6.0 build2
ELSA-2024-0026 Important: Oracle Linux 7 firefox security update
Oracle Linux Security Advisory ELSA-2024-0026
http://linux.oracle.com/errata/ELSA-2024-0026.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
firefox-115.6.0-1.0.1.el7_9.i686.rpm
firefox-115.6.0-1.0.1.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-115.6.0-1.0.1.el7_9.src.rpm
Related CVEs:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867
Description of changes:
[115.6.0-1.0.1]
- Remove upstream references [Orabug: 30143292]
- Update distribution for Oracle Linux [Orabug: 30143292]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file
[115.6.0-1]
- Update to 115.6.0 build1
ELSA-2024-0006 Important: Oracle Linux 7 tigervnc security update
Oracle Linux Security Advisory ELSA-2024-0006
http://linux.oracle.com/errata/ELSA-2024-0006.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
tigervnc-1.8.0-28.0.1.el7_9.x86_64.rpm
tigervnc-icons-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-license-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-1.8.0-28.0.1.el7_9.x86_64.rpm
tigervnc-server-applet-1.8.0-28.0.1.el7_9.noarch.rpm
tigervnc-server-minimal-1.8.0-28.0.1.el7_9.x86_64.rpm
tigervnc-server-module-1.8.0-28.0.1.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-28.0.1.el7_9.src.rpm
Related CVEs:
CVE-2023-6377
CVE-2023-6478
Description of changes:
[1.8.0-28.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch
[1.8.0-28]
- Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
[1.8.0-27]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
- CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18427
ELSA-2024-0009 Important: Oracle Linux 7 xorg-x11-server security update
Oracle Linux Security Advisory ELSA-2024-0009
http://linux.oracle.com/errata/ELSA-2024-0009.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
xorg-x11-server-Xdmx-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xephyr-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xnest-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xorg-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xvfb-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-Xwayland-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-common-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-devel-1.20.4-25.el7_9.i686.rpm
xorg-x11-server-devel-1.20.4-25.el7_9.x86_64.rpm
xorg-x11-server-source-1.20.4-25.el7_9.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//xorg-x11-server-1.20.4-25.el7_9.src.rpm
Related CVEs:
CVE-2023-6377
CVE-2023-6478
Description of changes:
[1.20.4-25]
- CVE fix for: CVE-2023-6377, CVE-2023-6478
Resolves: https://issues.redhat.com/browse/RHEL-18416
Resolves: https://issues.redhat.com/browse/RHEL-18428
