Oracle Linux 6137 Published by

Oracle Linux users can get security updates for PostgreSQL, lvm2, and curl:

ELSA-2023-7783 Important: Oracle Linux 7 postgresql security update
ELBA-2023-13038 Oracle Linux 8 lvm2 bug fix update
ELSA-2023-7783 Important: Oracle Linux 7 postgresql security update (aarch64)
ELSA-2023-7743 Low: Oracle Linux 7 curl security update (aarch64)
ELSA-2023-7743 Low: Oracle Linux 7 curl security update




ELSA-2023-7783 Important: Oracle Linux 7 postgresql security update


Oracle Linux Security Advisory ELSA-2023-7783

http://linux.oracle.com/errata/ELSA-2023-7783.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
postgresql-9.2.24-9.el7_9.i686.rpm
postgresql-9.2.24-9.el7_9.x86_64.rpm
postgresql-contrib-9.2.24-9.el7_9.x86_64.rpm
postgresql-devel-9.2.24-9.el7_9.i686.rpm
postgresql-devel-9.2.24-9.el7_9.x86_64.rpm
postgresql-docs-9.2.24-9.el7_9.x86_64.rpm
postgresql-libs-9.2.24-9.el7_9.i686.rpm
postgresql-libs-9.2.24-9.el7_9.x86_64.rpm
postgresql-plperl-9.2.24-9.el7_9.x86_64.rpm
postgresql-plpython-9.2.24-9.el7_9.x86_64.rpm
postgresql-pltcl-9.2.24-9.el7_9.x86_64.rpm
postgresql-server-9.2.24-9.el7_9.x86_64.rpm
postgresql-static-9.2.24-9.el7_9.i686.rpm
postgresql-static-9.2.24-9.el7_9.x86_64.rpm
postgresql-test-9.2.24-9.el7_9.x86_64.rpm
postgresql-upgrade-9.2.24-9.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//postgresql-9.2.24-9.el7_9.src.rpm

Related CVEs:

CVE-2023-5869

Description of changes:

[9.2.24-9]
- Backport fix for CVE-2023-5869



ELBA-2023-13038 Oracle Linux 8 lvm2 bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-13038

http://linux.oracle.com/errata/ELBA-2023-13038.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
device-mapper-1.02.181-13.0.2.el8_9.x86_64.rpm
device-mapper-event-1.02.181-13.0.2.el8_9.x86_64.rpm
device-mapper-event-devel-1.02.181-13.0.2.el8_9.i686.rpm
device-mapper-event-devel-1.02.181-13.0.2.el8_9.x86_64.rpm
device-mapper-devel-1.02.181-13.0.2.el8_9.i686.rpm
device-mapper-devel-1.02.181-13.0.2.el8_9.x86_64.rpm
device-mapper-event-libs-1.02.181-13.0.2.el8_9.i686.rpm
device-mapper-event-libs-1.02.181-13.0.2.el8_9.x86_64.rpm
device-mapper-libs-1.02.181-13.0.2.el8_9.i686.rpm
device-mapper-libs-1.02.181-13.0.2.el8_9.x86_64.rpm
lvm2-2.03.14-13.0.2.el8_9.x86_64.rpm
lvm2-dbusd-2.03.14-13.0.2.el8_9.noarch.rpm
lvm2-libs-2.03.14-13.0.2.el8_9.i686.rpm
lvm2-libs-2.03.14-13.0.2.el8_9.x86_64.rpm
lvm2-lockd-2.03.14-13.0.2.el8_9.x86_64.rpm
lvm2-devel-2.03.14-13.0.2.el8_9.i686.rpm
lvm2-devel-2.03.14-13.0.2.el8_9.x86_64.rpm

aarch64:
device-mapper-1.02.181-13.0.2.el8_9.aarch64.rpm
device-mapper-event-devel-1.02.181-13.0.2.el8_9.aarch64.rpm
device-mapper-devel-1.02.181-13.0.2.el8_9.aarch64.rpm
device-mapper-event-1.02.181-13.0.2.el8_9.aarch64.rpm
device-mapper-event-libs-1.02.181-13.0.2.el8_9.aarch64.rpm
device-mapper-libs-1.02.181-13.0.2.el8_9.aarch64.rpm
lvm2-2.03.14-13.0.2.el8_9.aarch64.rpm
lvm2-dbusd-2.03.14-13.0.2.el8_9.noarch.rpm
lvm2-libs-2.03.14-13.0.2.el8_9.aarch64.rpm
lvm2-lockd-2.03.14-13.0.2.el8_9.aarch64.rpm
lvm2-devel-2.03.14-13.0.2.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//lvm2-2.03.14-13.0.2.el8_9.src.rpm

Description of changes:

[2.03.14-13.0.2]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]



ELSA-2023-7783 Important: Oracle Linux 7 postgresql security update (aarch64)


Oracle Linux Security Advisory ELSA-2023-7783

http://linux.oracle.com/errata/ELSA-2023-7783.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
postgresql-9.2.24-9.el7_9.aarch64.rpm
postgresql-contrib-9.2.24-9.el7_9.aarch64.rpm
postgresql-devel-9.2.24-9.el7_9.aarch64.rpm
postgresql-docs-9.2.24-9.el7_9.aarch64.rpm
postgresql-libs-9.2.24-9.el7_9.aarch64.rpm
postgresql-plperl-9.2.24-9.el7_9.aarch64.rpm
postgresql-plpython-9.2.24-9.el7_9.aarch64.rpm
postgresql-pltcl-9.2.24-9.el7_9.aarch64.rpm
postgresql-server-9.2.24-9.el7_9.aarch64.rpm
postgresql-test-9.2.24-9.el7_9.aarch64.rpm
postgresql-static-9.2.24-9.el7_9.aarch64.rpm
postgresql-upgrade-9.2.24-9.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//postgresql-9.2.24-9.el7_9.src.rpm

Related CVEs:

CVE-2023-5869

Description of changes:

[9.2.24-9]
- Backport fix for CVE-2023-5869



ELSA-2023-7743 Low: Oracle Linux 7 curl security update (aarch64)


Oracle Linux Security Advisory ELSA-2023-7743

http://linux.oracle.com/errata/ELSA-2023-7743.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm
libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm
libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//curl-7.29.0-59.0.3.el7_9.2.src.rpm

Related CVEs:

CVE-2022-43552

Description of changes:

[7.29.0-59.0.3.el7_9.2]
- load CA certificates even with --insecure [Orabug: 32836997]
- Fix TFTP small blocksize heap buffer overflow ( https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers ( https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison ( https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication ( https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf ( https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code ( https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds ( https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation ( https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies ( https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # ( https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.2]
- fix HTTP proxy deny use after free (CVE-2022-43552)
- rebuild certs with 2048-bit RSA keys



ELSA-2023-7743 Low: Oracle Linux 7 curl security update


Oracle Linux Security Advisory ELSA-2023-7743

http://linux.oracle.com/errata/ELSA-2023-7743.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm
libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm
libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm
libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm
libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//curl-7.29.0-59.0.3.el7_9.2.src.rpm

Related CVEs:

CVE-2022-43552

Description of changes:

[7.29.0-59.0.3.el7_9.2]
- load CA certificates even with --insecure [Orabug: 32836997]
- Fix TFTP small blocksize heap buffer overflow ( https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers ( https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison ( https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication ( https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf ( https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code ( https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds ( https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation ( https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies ( https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # ( https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.2]
- fix HTTP proxy deny use after free (CVE-2022-43552)
- rebuild certs with 2048-bit RSA keys