Oracle Linux 6272 Published by

Oracle Linux has been updated with security enhancements, featuring the pam:1.5.1 update, a moderate update for perl-App-cpanminus, as well as a bug fix and enhancement update for .NET 8.0:

ELSA-2024-10244 Important: Oracle Linux 9 pam:1.5.1 security update
ELSA-2024-10218 Moderate: Oracle Linux 9 perl-App-cpanminus security update
ELBA-2024-9569 Oracle Linux 8 .NET 8.0 bug fix and enhancement update




ELSA-2024-10244 Important: Oracle Linux 9 pam:1.5.1 security update


Oracle Linux Security Advisory ELSA-2024-10244

http://linux.oracle.com/errata/ELSA-2024-10244.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
pam-1.5.1-22.0.1.el9_5.i686.rpm
pam-1.5.1-22.0.1.el9_5.x86_64.rpm
pam-devel-1.5.1-22.0.1.el9_5.i686.rpm
pam-devel-1.5.1-22.0.1.el9_5.x86_64.rpm
pam-docs-1.5.1-22.0.1.el9_5.x86_64.rpm

aarch64:
pam-1.5.1-22.0.1.el9_5.aarch64.rpm
pam-devel-1.5.1-22.0.1.el9_5.aarch64.rpm
pam-docs-1.5.1-22.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//pam-1.5.1-22.0.1.el9_5.src.rpm

Related CVEs:

CVE-2024-10963

Description of changes:

[1.5.1-22.0.1]
- pam_access: clean up the remote host matching code [Orabug: 36771903]
- pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534]

[1.5.1-22]
- pam_access: rework resolving of tokens as hostname.
Resolves: CVE-2024-10963 and RHEL-66245

[1.5.1-21]
- pam_unix: always run the helper to obtain shadow password file entries.
CVE-2024-10041. Resolves: RHEL-62880



ELSA-2024-10218 Moderate: Oracle Linux 9 perl-App-cpanminus security update


Oracle Linux Security Advisory ELSA-2024-10218

http://linux.oracle.com/errata/ELSA-2024-10218.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
perl-App-cpanminus-1.7044-14.1.el9_5.noarch.rpm

aarch64:
perl-App-cpanminus-1.7044-14.1.el9_5.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//perl-App-cpanminus-1.7044-14.1.el9_5.src.rpm

Related CVEs:

CVE-2024-45321

Description of changes:

[1.7044-14.1]
- Patch the code to use https instead of http (CVE-2024-45321)
- Resolves: RHEL-56519



ELBA-2024-9569 Oracle Linux 8 .NET 8.0 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-9569

http://linux.oracle.com/errata/ELBA-2024-9569.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
aspnetcore-runtime-dbg-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
aspnetcore-targeting-pack-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
dotnet-apphost-pack-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
dotnet-hostfxr-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
dotnet-runtime-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
dotnet-runtime-dbg-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
dotnet-sdk-8.0-8.0.111-1.0.1.el8_10.1.x86_64.rpm
dotnet-sdk-dbg-8.0-8.0.111-1.0.1.el8_10.1.x86_64.rpm
dotnet-targeting-pack-8.0-8.0.11-1.0.1.el8_10.1.x86_64.rpm
dotnet-templates-8.0-8.0.111-1.0.1.el8_10.1.x86_64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.111-1.0.1.el8_10.1.x86_64.rpm

aarch64:
aspnetcore-runtime-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
aspnetcore-runtime-dbg-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
aspnetcore-targeting-pack-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
dotnet-apphost-pack-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
dotnet-hostfxr-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
dotnet-runtime-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
dotnet-runtime-dbg-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
dotnet-sdk-8.0-8.0.111-1.0.1.el8_10.1.aarch64.rpm
dotnet-sdk-dbg-8.0-8.0.111-1.0.1.el8_10.1.aarch64.rpm
dotnet-targeting-pack-8.0-8.0.11-1.0.1.el8_10.1.aarch64.rpm
dotnet-templates-8.0-8.0.111-1.0.1.el8_10.1.aarch64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.111-1.0.1.el8_10.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//dotnet8.0-8.0.111-1.0.1.el8_10.1.src.rpm

Description of changes:

[8.0.111-1.0.1.1]
- Add support for Oracle Linux

[8.0.111-1.1]
- Disable packages provided by another .NET version
- Related: RHEL-65366

[8.0.111-1]
- Update to .NET SDK 8.0.111 and Runtime 8.0.11
- Resolves: RHEL-65366