Oracle Linux 6137 Published by

Updated tigervnc, firefox, and thunderbird packages have been released for Oracle Linux:

ELSA-2024-0010 Important: Oracle Linux 9 tigervnc security update
ELSA-2024-0025 Important: Oracle Linux 9 firefox security update
ELSA-2024-0001 Important: Oracle Linux 9 thunderbird security update
ELSA-2024-0012 Important: Oracle Linux 8 firefox security update
ELSA-2024-0046 Important: Oracle Linux 8 squid:4 security update
ELSA-2024-0018 Important: Oracle Linux 8 tigervnc security update
ELSA-2024-0003 Important: Oracle Linux 8 thunderbird security update




ELSA-2024-0010 Important: Oracle Linux 9 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-0010

http://linux.oracle.com/errata/ELSA-2024-0010.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.13.1-3.el9_3.3.x86_64.rpm
tigervnc-icons-1.13.1-3.el9_3.3.noarch.rpm
tigervnc-license-1.13.1-3.el9_3.3.noarch.rpm
tigervnc-selinux-1.13.1-3.el9_3.3.noarch.rpm
tigervnc-server-1.13.1-3.el9_3.3.x86_64.rpm
tigervnc-server-minimal-1.13.1-3.el9_3.3.x86_64.rpm
tigervnc-server-module-1.13.1-3.el9_3.3.x86_64.rpm

aarch64:
tigervnc-1.13.1-3.el9_3.3.aarch64.rpm
tigervnc-icons-1.13.1-3.el9_3.3.noarch.rpm
tigervnc-license-1.13.1-3.el9_3.3.noarch.rpm
tigervnc-selinux-1.13.1-3.el9_3.3.noarch.rpm
tigervnc-server-1.13.1-3.el9_3.3.aarch64.rpm
tigervnc-server-minimal-1.13.1-3.el9_3.3.aarch64.rpm
tigervnc-server-module-1.13.1-3.el9_3.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//tigervnc-1.13.1-3.el9_3.3.src.rpm

Related CVEs:

CVE-2023-5367
CVE-2023-6377
CVE-2023-6478

Description of changes:

[1.13.1-3.3]
- xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
- xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
- xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)



ELSA-2024-0025 Important: Oracle Linux 9 firefox security update


Oracle Linux Security Advisory ELSA-2024-0025

http://linux.oracle.com/errata/ELSA-2024-0025.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-115.6.0-1.0.1.el9_3.x86_64.rpm
firefox-x11-115.6.0-1.0.1.el9_3.x86_64.rpm

aarch64:
firefox-115.6.0-1.0.1.el9_3.aarch64.rpm
firefox-x11-115.6.0-1.0.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//firefox-115.6.0-1.0.1.el9_3.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867

Description of changes:

[115.6.0-1.0.1]
- Udate to 115.6.0 build1
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file



ELSA-2024-0001 Important: Oracle Linux 9 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-0001

http://linux.oracle.com/errata/ELSA-2024-0001.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-115.6.0-1.0.1.el9_3.x86_64.rpm

aarch64:
thunderbird-115.6.0-1.0.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-115.6.0-1.0.1.el9_3.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-50761
CVE-2023-50762

Description of changes:

[115.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
- Update to 115.6.0 build2



ELSA-2024-0012 Important: Oracle Linux 8 firefox security update


Oracle Linux Security Advisory ELSA-2024-0012

http://linux.oracle.com/errata/ELSA-2024-0012.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-115.6.0-1.0.1.el8_9.x86_64.rpm

aarch64:
firefox-115.6.0-1.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//firefox-115.6.0-1.0.1.el8_9.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867

Description of changes:

[115.6.0-1.0.1]
- Update to 115.6.0 build1
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file



ELSA-2024-0046 Important: Oracle Linux 8 squid:4 security update


Oracle Linux Security Advisory ELSA-2024-0046

http://linux.oracle.com/errata/ELSA-2024-0046.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
squid-4.15-7.module+el8.9.0+90111+615ac445.5.x86_64.rpm

aarch64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
squid-4.15-7.module+el8.9.0+90111+615ac445.5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//squid-4.15-7.module+el8.9.0+90111+615ac445.5.src.rpm

Related CVEs:

CVE-2023-46724
CVE-2023-46728
CVE-2023-49285
CVE-2023-49286

Description of changes:

libecap
squid
[7:4.15-7.5]
- Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
- Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
- Fix squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
- Fix squid: Incorrect Check of Function Return Value In Helper Process management(CVE-2023-49286)

[7:4.15-7.3]
- Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824)

[7:4.15-7.1]
- Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest
Authentication
- Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1
and ICAP



ELSA-2024-0018 Important: Oracle Linux 8 tigervnc security update


Oracle Linux Security Advisory ELSA-2024-0018

http://linux.oracle.com/errata/ELSA-2024-0018.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.13.1-2.el8_9.4.x86_64.rpm
tigervnc-icons-1.13.1-2.el8_9.4.noarch.rpm
tigervnc-license-1.13.1-2.el8_9.4.noarch.rpm
tigervnc-selinux-1.13.1-2.el8_9.4.noarch.rpm
tigervnc-server-1.13.1-2.el8_9.4.x86_64.rpm
tigervnc-server-minimal-1.13.1-2.el8_9.4.x86_64.rpm
tigervnc-server-module-1.13.1-2.el8_9.4.x86_64.rpm

aarch64:
tigervnc-1.13.1-2.el8_9.4.aarch64.rpm
tigervnc-icons-1.13.1-2.el8_9.4.noarch.rpm
tigervnc-license-1.13.1-2.el8_9.4.noarch.rpm
tigervnc-selinux-1.13.1-2.el8_9.4.noarch.rpm
tigervnc-server-1.13.1-2.el8_9.4.aarch64.rpm
tigervnc-server-minimal-1.13.1-2.el8_9.4.aarch64.rpm
tigervnc-server-module-1.13.1-2.el8_9.4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.13.1-2.el8_9.4.src.rpm

Related CVEs:

CVE-2023-6377
CVE-2023-6478

Description of changes:

[1.13.1-2.4]
- xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
- xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)
- xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
- xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)



ELSA-2024-0003 Important: Oracle Linux 8 thunderbird security update


Oracle Linux Security Advisory ELSA-2024-0003

http://linux.oracle.com/errata/ELSA-2024-0003.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-115.6.0-1.0.1.el8_9.x86_64.rpm

aarch64:
thunderbird-115.6.0-1.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-115.6.0-1.0.1.el8_9.src.rpm

Related CVEs:

CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-50761
CVE-2023-50762

Description of changes:

[115.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js

[115.6.0-1]
- Update to 115.6.0 build2