Oracle Linux 6176 Published by

The following updates are available for Oracle Linux:

ELSA-2024-0603 Important: Oracle Linux 9 firefox security update
ELSA-2024-0557 Important: Oracle Linux 9 tigervnc security update
ELSA-2024-0602 Important: Oracle Linux 9 thunderbird security update
ELBA-2024-0472 Oracle Linux 9 qemu-kvm bug fix update
ELSA-2024-0608 Important: Oracle Linux 8 firefox security update
ELSA-2024-0609 Important: Oracle Linux 8 thunderbird security update
ELSA-2024-0607 Important: Oracle Linux 8 tigervnc security update
ELSA-2024-0600 Important: Oracle Linux 7 firefox security update (aarch64)
ELSA-2024-0601 Important: Oracle Linux 7 thunderbird security update (aarch64)
ELSA-2024-0601 Important: Oracle Linux 7 thunderbird security update
ELSA-2024-0600 Important: Oracle Linux 7 firefox security update



ELSA-2024-0603 Important: Oracle Linux 9 firefox security update


Oracle Linux Security Advisory ELSA-2024-0603

http://linux.oracle.com/errata/ELSA-2024-0603.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-115.7.0-1.0.1.el9_3.x86_64.rpm
firefox-x11-115.7.0-1.0.1.el9_3.x86_64.rpm

aarch64:
firefox-115.7.0-1.0.1.el9_3.aarch64.rpm
firefox-x11-115.7.0-1.0.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//firefox-115.7.0-1.0.1.el9_3.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0.1.0.1]
- Update to 115.7.0 build 1



ELSA-2024-0557 Important: Oracle Linux 9 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-0557

http://linux.oracle.com/errata/ELSA-2024-0557.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.13.1-3.el9_3.6.x86_64.rpm
tigervnc-icons-1.13.1-3.el9_3.6.noarch.rpm
tigervnc-license-1.13.1-3.el9_3.6.noarch.rpm
tigervnc-selinux-1.13.1-3.el9_3.6.noarch.rpm
tigervnc-server-1.13.1-3.el9_3.6.x86_64.rpm
tigervnc-server-minimal-1.13.1-3.el9_3.6.x86_64.rpm
tigervnc-server-module-1.13.1-3.el9_3.6.x86_64.rpm

aarch64:
tigervnc-1.13.1-3.el9_3.6.aarch64.rpm
tigervnc-icons-1.13.1-3.el9_3.6.noarch.rpm
tigervnc-license-1.13.1-3.el9_3.6.noarch.rpm
tigervnc-selinux-1.13.1-3.el9_3.6.noarch.rpm
tigervnc-server-1.13.1-3.el9_3.6.aarch64.rpm
tigervnc-server-minimal-1.13.1-3.el9_3.6.aarch64.rpm
tigervnc-server-module-1.13.1-3.el9_3.6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//tigervnc-1.13.1-3.el9_3.6.src.rpm

Related CVEs:

CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886

Description of changes:

[1.13.1-3.6]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20389
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20383
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20533
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21213



ELSA-2024-0602 Important: Oracle Linux 9 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-0602

http://linux.oracle.com/errata/ELSA-2024-0602.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-115.7.0-1.0.1.el9_3.x86_64.rpm

aarch64:
thunderbird-115.7.0-1.0.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-115.7.0-1.0.1.el9_3.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0-1.0.1]
- Update to 115.7.0 build1



ELBA-2024-0472 Oracle Linux 9 qemu-kvm bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-0472

http://linux.oracle.com/errata/ELBA-2024-0472.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
qemu-guest-agent-8.0.0-16.el9_3.3.x86_64.rpm
qemu-img-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-audio-pa-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-block-blkio-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-block-curl-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-block-rbd-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-common-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-core-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-device-display-virtio-vga-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-device-usb-host-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-device-usb-redirect-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-docs-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-tools-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-ui-egl-headless-8.0.0-16.el9_3.3.x86_64.rpm
qemu-kvm-ui-opengl-8.0.0-16.el9_3.3.x86_64.rpm
qemu-pr-helper-8.0.0-16.el9_3.3.x86_64.rpm

aarch64:
qemu-guest-agent-8.0.0-16.el9_3.3.aarch64.rpm
qemu-img-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-audio-pa-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-block-blkio-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-block-curl-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-block-rbd-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-common-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-core-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-device-usb-host-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-docs-8.0.0-16.el9_3.3.aarch64.rpm
qemu-kvm-tools-8.0.0-16.el9_3.3.aarch64.rpm
qemu-pr-helper-8.0.0-16.el9_3.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//qemu-kvm-8.0.0-16.el9_3.3.src.rpm

Description of changes:

[8.0.0-16.el9_3.3]
- kvm-target-s390x-dump-Remove-unneeded-dump-info-function.patch [RHEL-16997]
- kvm-dump-Add-arch-cleanup-function.patch [RHEL-16997]
- kvm-target-s390x-arch_dump-Add-arch-cleanup-function-for.patch [RHEL-16997]



ELSA-2024-0608 Important: Oracle Linux 8 firefox security update


Oracle Linux Security Advisory ELSA-2024-0608

http://linux.oracle.com/errata/ELSA-2024-0608.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-115.7.0-1.0.1.el8_9.x86_64.rpm

aarch64:
firefox-115.7.0-1.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//firefox-115.7.0-1.0.1.el8_9.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0.1.0.1]
- Update to 115.7.0 build 1



ELSA-2024-0609 Important: Oracle Linux 8 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-0609

http://linux.oracle.com/errata/ELSA-2024-0609.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-115.7.0-1.0.1.el8_9.x86_64.rpm

aarch64:
thunderbird-115.7.0-1.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-115.7.0-1.0.1.el8_9.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0-1.0.1]
- Update to 115.7.0 build1



ELSA-2024-0607 Important: Oracle Linux 8 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-0607

http://linux.oracle.com/errata/ELSA-2024-0607.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.13.1-2.el8_9.7.x86_64.rpm
tigervnc-icons-1.13.1-2.el8_9.7.noarch.rpm
tigervnc-license-1.13.1-2.el8_9.7.noarch.rpm
tigervnc-selinux-1.13.1-2.el8_9.7.noarch.rpm
tigervnc-server-1.13.1-2.el8_9.7.x86_64.rpm
tigervnc-server-minimal-1.13.1-2.el8_9.7.x86_64.rpm
tigervnc-server-module-1.13.1-2.el8_9.7.x86_64.rpm

aarch64:
tigervnc-1.13.1-2.el8_9.7.aarch64.rpm
tigervnc-icons-1.13.1-2.el8_9.7.noarch.rpm
tigervnc-license-1.13.1-2.el8_9.7.noarch.rpm
tigervnc-selinux-1.13.1-2.el8_9.7.noarch.rpm
tigervnc-server-1.13.1-2.el8_9.7.aarch64.rpm
tigervnc-server-minimal-1.13.1-2.el8_9.7.aarch64.rpm
tigervnc-server-module-1.13.1-2.el8_9.7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.13.1-2.el8_9.7.src.rpm

Related CVEs:

CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886

Description of changes:

[1.13.1-2.7]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20388
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20382
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20530
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21214



ELSA-2024-0600 Important: Oracle Linux 7 firefox security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0600

http://linux.oracle.com/errata/ELSA-2024-0600.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
firefox-115.7.0-1.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-115.7.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0-1.0.1]
- Remove upstream references [Orabug: 30143292]
- Update distribution for Oracle Linux [Orabug: 30143292]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[115.7.0-1]
- Update to 115.7.0 build1



ELSA-2024-0601 Important: Oracle Linux 7 thunderbird security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0601

http://linux.oracle.com/errata/ELSA-2024-0601.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
thunderbird-115.7.0-1.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//thunderbird-115.7.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Enabled aarch64 build

[115.7.0-1]
- Update to 115.7.0 build1

[115.6.0-1]
- Update to 115.6.0 build2



ELSA-2024-0601 Important: Oracle Linux 7 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-0601

http://linux.oracle.com/errata/ELSA-2024-0601.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-115.7.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//thunderbird-115.7.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Enabled aarch64 build

[115.7.0-1]
- Update to 115.7.0 build1

[115.6.0-1]
- Update to 115.6.0 build2



ELSA-2024-0600 Important: Oracle Linux 7 firefox security update


Oracle Linux Security Advisory ELSA-2024-0600

http://linux.oracle.com/errata/ELSA-2024-0600.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-115.7.0-1.0.1.el7_9.i686.rpm
firefox-115.7.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-115.7.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755

Description of changes:

[115.7.0-1.0.1]
- Remove upstream references [Orabug: 30143292]
- Update distribution for Oracle Linux [Orabug: 30143292]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[115.7.0-1]
- Update to 115.7.0 build1