Oracle Linux 6192 Published by

The following updates are available for Oracle Linux:

ELSA-2024-0670 Important: Oracle Linux 9 runc security update
ELSA-2024-0533 Moderate: Oracle Linux 9 gnutls security update
ELBA-2024-0476 Oracle Linux 9 cloud-init bug fix update
ELBA-2024-12109 Oracle Linux 9 scap-security-guide bug fix update
ELBA-2024-0471 Oracle Linux 9 389-ds-base bug fix update
ELBA-2024-12102 Oracle Linux 9 evolution-data-server bug fix update
ELSA-2024-12110 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-0647 Moderate: Oracle Linux 8 rpm security update
ELSA-2024-0627 Moderate: Oracle Linux 8 gnutls security update
ELSA-2024-0628 Moderate: Oracle Linux 8 libssh security update
ELBA-2024-12108 Oracle Linux 8 scap-security-guide bug fix update
ELSA-2024-0629 Important: Oracle Linux 7 tigervnc security update (aarch64)
ELBA-2024-12107 Oracle Linux 7 scap-security-guide bug fix update (aarch64)
ELSA-2024-0629 Important: Oracle Linux 7 tigervnc security update
ELBA-2024-12107 Oracle Linux 7 scap-security-guide bug fix update
ELSA-2024-12110 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update




ELSA-2024-0670 Important: Oracle Linux 9 runc security update


Oracle Linux Security Advisory ELSA-2024-0670

http://linux.oracle.com/errata/ELSA-2024-0670.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
runc-1.1.12-1.el9_3.x86_64.rpm

aarch64:
runc-1.1.12-1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//runc-1.1.12-1.el9_3.src.rpm

Related CVEs:

CVE-2024-21626

Description of changes:

[4:1.1.12-1]
- update to https://github.com/opencontainers/runc/releases/tag/v1.1.12
- Related: RHEL-2112

[4:1.1.11-1]
- update to https://github.com/opencontainers/runc/releases/tag/v1.1.11
- Related: RHEL-2112

[4:1.1.10-3]
- Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409
- Related: Jira:RHEL-2792
- Related: Jira:RHEL-7454

[4:1.1.10-2]
- require container-selinux >= 2.224.0 for dmz feature
- Related: Jira:RHEL-2112

[4:1.1.10-1]
- update to https://github.com/opencontainers/runc/releases/tag/v1.1.10
- Related: RHEL-2112



ELSA-2024-0533 Moderate: Oracle Linux 9 gnutls security update


Oracle Linux Security Advisory ELSA-2024-0533

http://linux.oracle.com/errata/ELSA-2024-0533.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnutls-3.7.6-23.el9_3.3.i686.rpm
gnutls-3.7.6-23.el9_3.3.x86_64.rpm
gnutls-c++-3.7.6-23.el9_3.3.i686.rpm
gnutls-c++-3.7.6-23.el9_3.3.x86_64.rpm
gnutls-dane-3.7.6-23.el9_3.3.i686.rpm
gnutls-dane-3.7.6-23.el9_3.3.x86_64.rpm
gnutls-devel-3.7.6-23.el9_3.3.i686.rpm
gnutls-devel-3.7.6-23.el9_3.3.x86_64.rpm
gnutls-utils-3.7.6-23.el9_3.3.x86_64.rpm

aarch64:
gnutls-3.7.6-23.el9_3.3.aarch64.rpm
gnutls-c++-3.7.6-23.el9_3.3.aarch64.rpm
gnutls-dane-3.7.6-23.el9_3.3.aarch64.rpm
gnutls-devel-3.7.6-23.el9_3.3.aarch64.rpm
gnutls-utils-3.7.6-23.el9_3.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//gnutls-3.7.6-23.el9_3.3.src.rpm

Related CVEs:

CVE-2023-5981
CVE-2024-0553
CVE-2024-0567

Description of changes:

[3.7.6-23.3]
- Fixes for CVE-2023-5981, CVE-2024-0553, CVE-2024-0567



ELBA-2024-0476 Oracle Linux 9 cloud-init bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-0476

http://linux.oracle.com/errata/ELBA-2024-0476.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cloud-init-23.1.1-12.0.1.el9_3.noarch.rpm

aarch64:
cloud-init-23.1.1-12.0.1.el9_3.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//cloud-init-23.1.1-12.0.1.el9_3.src.rpm

Description of changes:

[23.1.1-12.0.1]
- NetworkManagerActivator brings up interface failed when using sysconfig renderer [RHEL-18981]



ELBA-2024-12109 Oracle Linux 9 scap-security-guide bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12109

http://linux.oracle.com/errata/ELBA-2024-12109.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.69-3.0.2.el9_3.noarch.rpm
scap-security-guide-doc-0.1.69-3.0.2.el9_3.noarch.rpm

aarch64:
scap-security-guide-0.1.69-3.0.2.el9_3.noarch.rpm
scap-security-guide-doc-0.1.69-3.0.2.el9_3.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//scap-security-guide-0.1.69-3.0.2.el9_3.src.rpm

Description of changes:

[0.1.69-3.0.2]
- Update stig profiles to latest DISA standard, v1r9 for OL8 and V2r14
for OL7 [Orabug: 36237404]
- Add automation content for account_password_pam_faillock_system_auth
& account_password_pam_faillock_password_auth rules [Orabug: 36237404]
- Make sssd rules look into /etc/sssd/conf.d/*.conf files for the desired
configuration [Orabug: 36237404]



ELBA-2024-0471 Oracle Linux 9 389-ds-base bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-0471

http://linux.oracle.com/errata/ELBA-2024-0471.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-2.3.6-5.0.1.el9_3.x86_64.rpm
389-ds-base-libs-2.3.6-5.0.1.el9_3.x86_64.rpm
python3-lib389-2.3.6-5.0.1.el9_3.noarch.rpm
389-ds-base-devel-2.3.6-5.0.1.el9_3.x86_64.rpm

aarch64:
389-ds-base-2.3.6-5.0.1.el9_3.aarch64.rpm
389-ds-base-libs-2.3.6-5.0.1.el9_3.aarch64.rpm
python3-lib389-2.3.6-5.0.1.el9_3.noarch.rpm
389-ds-base-devel-2.3.6-5.0.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//389-ds-base-2.3.6-5.0.1.el9_3.src.rpm

Description of changes:

[2.3.6-5.0.1]
- Resolves: RHEL-17178 - Crash on open/close connections
- Resolves: RHEL-16833 - ns-slapd crash in slapi_attr_basetype



ELBA-2024-12102 Oracle Linux 9 evolution-data-server bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12102

http://linux.oracle.com/errata/ELBA-2024-12102.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
evolution-data-server-3.40.4-6.0.1.el9.i686.rpm
evolution-data-server-3.40.4-6.0.1.el9.x86_64.rpm
evolution-data-server-devel-3.40.4-6.0.1.el9.i686.rpm
evolution-data-server-devel-3.40.4-6.0.1.el9.x86_64.rpm
evolution-data-server-doc-3.40.4-6.0.1.el9.noarch.rpm
evolution-data-server-langpacks-3.40.4-6.0.1.el9.noarch.rpm
evolution-data-server-perl-3.40.4-6.0.1.el9.x86_64.rpm
evolution-data-server-tests-3.40.4-6.0.1.el9.i686.rpm
evolution-data-server-tests-3.40.4-6.0.1.el9.x86_64.rpm

aarch64:
evolution-data-server-3.40.4-6.0.1.el9.aarch64.rpm
evolution-data-server-devel-3.40.4-6.0.1.el9.aarch64.rpm
evolution-data-server-doc-3.40.4-6.0.1.el9.noarch.rpm
evolution-data-server-langpacks-3.40.4-6.0.1.el9.noarch.rpm
evolution-data-server-perl-3.40.4-6.0.1.el9.aarch64.rpm
evolution-data-server-tests-3.40.4-6.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//evolution-data-server-3.40.4-6.0.1.el9.src.rpm

Description of changes:

[3.40.4-6.0.1]
- Enable HTML5 database and local storage features for web view [Orabug: 36211108]



ELSA-2024-12110 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12110

http://linux.oracle.com/errata/ELSA-2024-12110.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.82.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.82.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.82.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.82.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.82.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.82.2.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.82.2.el7uek.src.rpm

Related CVEs:

CVE-2020-26555
CVE-2021-33098
CVE-2023-1077
CVE-2023-42752
CVE-2023-4921

Description of changes:

[4.1.12-124.82.2.el7uek]
- Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959598] {CVE-2020-26555}
- sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181560] {CVE-2023-1077}
- sched/debug: Fix SCHED_WARN_ON() to return a value on !CONFIG_SCHED_DEBUG as well (Ingo Molnar) [Orabug: 35181560]
- sched/debug: Add SCHED_WARN_ON() (Peter Zijlstra) [Orabug: 35181560]

[4.1.12-124.82.1.el7uek]
- igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924002] {CVE-2023-42752}
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814457] {CVE-2023-4921}
- ixgbe: fix large MTU request from VF (Samasth Norway Ananda) [Orabug: 33752821] {CVE-2021-33098}



ELSA-2024-0647 Moderate: Oracle Linux 8 rpm security update


Oracle Linux Security Advisory ELSA-2024-0647

http://linux.oracle.com/errata/ELSA-2024-0647.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3-rpm-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-apidocs-4.14.3-28.0.2.el8_9.noarch.rpm
rpm-build-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-build-libs-4.14.3-28.0.2.el8_9.i686.rpm
rpm-build-libs-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-cron-4.14.3-28.0.2.el8_9.noarch.rpm
rpm-devel-4.14.3-28.0.2.el8_9.i686.rpm
rpm-devel-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-libs-4.14.3-28.0.2.el8_9.i686.rpm
rpm-libs-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-plugin-fapolicyd-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-plugin-ima-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-plugin-prioreset-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-plugin-selinux-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-plugin-syslog-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-plugin-systemd-inhibit-4.14.3-28.0.2.el8_9.x86_64.rpm
rpm-sign-4.14.3-28.0.2.el8_9.x86_64.rpm

aarch64:
python3-rpm-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-apidocs-4.14.3-28.0.2.el8_9.noarch.rpm
rpm-build-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-build-libs-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-cron-4.14.3-28.0.2.el8_9.noarch.rpm
rpm-devel-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-libs-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-plugin-fapolicyd-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-plugin-ima-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-plugin-prioreset-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-plugin-selinux-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-plugin-syslog-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-plugin-systemd-inhibit-4.14.3-28.0.2.el8_9.aarch64.rpm
rpm-sign-4.14.3-28.0.2.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//rpm-4.14.3-28.0.2.el8_9.src.rpm

Related CVEs:

CVE-2021-35937
CVE-2021-35938
CVE-2021-35939

Description of changes:

[4.14.3-28.0.2]
- Import additional patches to fix regressions with CVE-2021-35937,
CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318]

[4.14.3-28.0.1]
- Fixed infinte loop for db_create with error check [Orabug: 36202920]

[4.14.3-28]
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
CVE-2021-35938 and CVE-2021-35939

[4.14.3-27]
- Make brp-python-bytecompile script compatible with Python 3.10+
Resolves: RHEL-6423



ELSA-2024-0627 Moderate: Oracle Linux 8 gnutls security update


Oracle Linux Security Advisory ELSA-2024-0627

http://linux.oracle.com/errata/ELSA-2024-0627.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnutls-3.6.16-8.el8_9.1.i686.rpm
gnutls-3.6.16-8.el8_9.1.x86_64.rpm
gnutls-c++-3.6.16-8.el8_9.1.i686.rpm
gnutls-c++-3.6.16-8.el8_9.1.x86_64.rpm
gnutls-dane-3.6.16-8.el8_9.1.i686.rpm
gnutls-dane-3.6.16-8.el8_9.1.x86_64.rpm
gnutls-devel-3.6.16-8.el8_9.1.i686.rpm
gnutls-devel-3.6.16-8.el8_9.1.x86_64.rpm
gnutls-utils-3.6.16-8.el8_9.1.x86_64.rpm

aarch64:
gnutls-3.6.16-8.el8_9.1.aarch64.rpm
gnutls-c++-3.6.16-8.el8_9.1.aarch64.rpm
gnutls-dane-3.6.16-8.el8_9.1.aarch64.rpm
gnutls-devel-3.6.16-8.el8_9.1.aarch64.rpm
gnutls-utils-3.6.16-8.el8_9.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//gnutls-3.6.16-8.el8_9.1.src.rpm

Related CVEs:

CVE-2024-0553

Description of changes:

[3.6.16-8.1]
- auth/rsa-psk: minimize branching after decryption (RHEL-21550)



ELSA-2024-0628 Moderate: Oracle Linux 8 libssh security update


Oracle Linux Security Advisory ELSA-2024-0628

http://linux.oracle.com/errata/ELSA-2024-0628.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libssh-0.9.6-13.el8_9.i686.rpm
libssh-0.9.6-13.el8_9.x86_64.rpm
libssh-config-0.9.6-13.el8_9.noarch.rpm
libssh-devel-0.9.6-13.el8_9.i686.rpm
libssh-devel-0.9.6-13.el8_9.x86_64.rpm

aarch64:
libssh-0.9.6-13.el8_9.aarch64.rpm
libssh-config-0.9.6-13.el8_9.noarch.rpm
libssh-devel-0.9.6-13.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libssh-0.9.6-13.el8_9.src.rpm

Related CVEs:

CVE-2023-48795

Description of changes:

[0.9.6-13]
- Client and Server side mitigations (CVE-2023-48795)
- Strip extensions from both kex lists for matching (CVE-2023-48795)
- tests: Adjust calculation to strict kex (CVE-2023-48795)



ELBA-2024-12108 Oracle Linux 8 scap-security-guide bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12108

http://linux.oracle.com/errata/ELBA-2024-12108.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.69-2.0.2.el8.noarch.rpm
scap-security-guide-doc-0.1.69-2.0.2.el8.noarch.rpm

aarch64:
scap-security-guide-0.1.69-2.0.2.el8.noarch.rpm
scap-security-guide-doc-0.1.69-2.0.2.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//scap-security-guide-0.1.69-2.0.2.el8.src.rpm

Description of changes:

[0.1.69-2.0.2]
- Update stig profiles to latest DISA standard, v1r9 for OL8 and V2r14
for OL7 [Orabug: 36237375]
- Add automation content for account_password_pam_faillock_system_auth
& account_password_pam_faillock_password_auth rules [Orabug: 36237375]
- Make sssd rules look into /etc/sssd/conf.d/*.conf files for the desired
configuration [Orabug: 36237375]
- Enable OL9 content build [Orabug: 36237513]



ELSA-2024-0629 Important: Oracle Linux 7 tigervnc security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-0629

http://linux.oracle.com/errata/ELSA-2024-0629.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
tigervnc-1.8.0-31.0.1.el7_9.aarch64.rpm
tigervnc-icons-1.8.0-31.0.1.el7_9.noarch.rpm
tigervnc-license-1.8.0-31.0.1.el7_9.noarch.rpm
tigervnc-server-1.8.0-31.0.1.el7_9.aarch64.rpm
tigervnc-server-minimal-1.8.0-31.0.1.el7_9.aarch64.rpm
tigervnc-server-applet-1.8.0-31.0.1.el7_9.noarch.rpm
tigervnc-server-module-1.8.0-31.0.1.el7_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-31.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886

Description of changes:

[1.8.0-31.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch,
xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch,
xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch

[1.8.0-31]
- Fix use after free related to CVE-2024-21886
Resolves: RHEL-20436
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20587

[1.8.0-30]
- Don't try to get pointer position when the pointer becomes a floating device
Resolves: RHEL-20436

[1.8.0-29]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20436
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20427
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20587
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21212



ELBA-2024-12107 Oracle Linux 7 scap-security-guide bug fix update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-12107

http://linux.oracle.com/errata/ELBA-2024-12107.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
scap-security-guide-0.1.69-1.0.3.el7_9.noarch.rpm
scap-security-guide-doc-0.1.69-1.0.3.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//scap-security-guide-0.1.69-1.0.3.el7_9.src.rpm

Description of changes:

[0.1.69-1.0.3]
- Update stig profiles to latest DISA standard V2r14 [Orabug: 36237419]
- Make sssd rules look into /etc/sssd/conf.d/*.conf files for the desired
configuration [Orabug: 36237419]



ELSA-2024-0629 Important: Oracle Linux 7 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-0629

http://linux.oracle.com/errata/ELSA-2024-0629.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.8.0-31.0.1.el7_9.x86_64.rpm
tigervnc-icons-1.8.0-31.0.1.el7_9.noarch.rpm
tigervnc-license-1.8.0-31.0.1.el7_9.noarch.rpm
tigervnc-server-1.8.0-31.0.1.el7_9.x86_64.rpm
tigervnc-server-applet-1.8.0-31.0.1.el7_9.noarch.rpm
tigervnc-server-minimal-1.8.0-31.0.1.el7_9.x86_64.rpm
tigervnc-server-module-1.8.0-31.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-31.0.1.el7_9.src.rpm

Related CVEs:

CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886

Description of changes:

[1.8.0-31.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch,
xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch,
xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch

[1.8.0-31]
- Fix use after free related to CVE-2024-21886
Resolves: RHEL-20436
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20587

[1.8.0-30]
- Don't try to get pointer position when the pointer becomes a floating device
Resolves: RHEL-20436

[1.8.0-29]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20436
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20427
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20587
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21212



ELBA-2024-12107 Oracle Linux 7 scap-security-guide bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12107

http://linux.oracle.com/errata/ELBA-2024-12107.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.69-1.0.3.el7_9.noarch.rpm
scap-security-guide-doc-0.1.69-1.0.3.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//scap-security-guide-0.1.69-1.0.3.el7_9.src.rpm

Description of changes:

[0.1.69-1.0.3]
- Update stig profiles to latest DISA standard V2r14 [Orabug: 36237419]
- Make sssd rules look into /etc/sssd/conf.d/*.conf files for the desired
configuration [Orabug: 36237419]



ELSA-2024-12110 Important: Oracle Linux 6 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12110

http://linux.oracle.com/errata/ELSA-2024-12110.html

The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.82.2.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.82.2.el6uek.noarch.rpm
kernel-uek-4.1.12-124.82.2.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.82.2.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.82.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.82.2.el6uek.x86_64.rpm

Related CVEs:

CVE-2020-26555
CVE-2021-33098
CVE-2023-1077
CVE-2023-42752
CVE-2023-4921

Description of changes:

[4.1.12-124.82.2.el6uek]
- Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959598] {CVE-2020-26555}
- sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181560] {CVE-2023-1077}
- sched/debug: Fix SCHED_WARN_ON() to return a value on !CONFIG_SCHED_DEBUG as well (Ingo Molnar) [Orabug: 35181560]
- sched/debug: Add SCHED_WARN_ON() (Peter Zijlstra) [Orabug: 35181560]

[4.1.12-124.82.1.el6uek]
- igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924002] {CVE-2023-42752}
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814457] {CVE-2023-4921}
- ixgbe: fix large MTU request from VF (Samasth Norway Ananda) [Orabug: 33752821] {CVE-2021-33098}