From el-errata at oss.oracle.com Sat Mar 1 12:22:53 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Sat, 1 Mar 2025 12:22:53 +0000 Subject: [El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20100) References: <d4f8c45bd487860fba221923d02e879a.apache@ksplice.com> Message-ID: <mailman.15.1740831784.18.el-errata@oss.oracle.com> Synopsis: ELSA-2025-20100 can now be patched using Ksplice CVEs: CVE-2024-38538 CVE-2024-49996 CVE-2024-50264 CVE-2024-50265 CVE-2024-50273 CVE-2024-50278 CVE-2024-50279 CVE-2024-50301 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53140 CVE-2024-53141 CVE-2024-53146 CVE-2024-53155 CVE-2024-53173 CVE-2024-53174 CVE-2024-53680 CVE-2024-56558 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56637 CVE-2024-56650 CVE-2024-56739 CVE-2024-56770 CVE-2024-57850 CVE-2024-57901 CVE-2024-57902 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20100. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20100.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-38538: Data corruption in 802.1d Ethernet Bridging. A missing check when sending a short skb in the 802.1d Ethernet Bridging driver could lead to use of uninitialized memory. An attacker could use this flaw to cause data corruption. * CVE-2024-49996: Privilege escalation in SMB3 and CIFS driver. A missing check when parsing NFS reparse points in the SMB3 and CIFS driver could lead to an out-of-bounds memory access. A remote attacker could use this flaw to escalate privileges. * CVE-2024-50264: Privilege escalation in Virtual Socket protocol driver. A missing variable initialization during loopback communication in the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-50265: Denial-of-service in OCFS2 filesystem. A logic error when setting extended attributes in the OCFS2 filesystem could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50273: Denial-of-service in Btrfs filesystem driver. A logic error when handling delayed reference counting in the Btrfs filesystem driver could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50278, CVE-2024-50279: Privilege escalation in Cache target driver. Logic errors when manipulating cache in the Cache target driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-50301: Privilege escalation in Keyring subsystem. A missing check when checking if a key can be used in the Keyring subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-53103: Privilege escalation in Virtual Socket protocol driver. A missing variable initialization when destroying socket in the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53104: Privilege escalation in USB Video Class driver. A missing check when using the UVC driver could lead to an out-of-bounds memory write. A local attacker could use this flaw to escalate privileges. * CVE-2024-53112: Denial-of-service in OCFS2 filesystem. A missing check when using OCFS2_IOC_GROUP_ADD ioctl in the OCFS2 filesystem could lead to a kernel assertion failure. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53140: Privilege escalation in netlink driver. A logic error when using the netlink driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53141: Privilege escalation in netfilter (IP set) subsystem. A missing check when updating the bitmap for IP addresses in the netfilter subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-53146: Information leak in NFS server driver. A logic error when using the NFS server driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to extract sensitive information. * CVE-2024-53155: Information leak in OCFS2 filesystem. A missing variable initialization when using the OCFS2 filesystem could lead to use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * CVE-2024-53173: Privilege escalation in NFS client driver. A logic error when opening multiple files concurrently in the NFS client driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53174: Privilege escalation in SUNRPC networking stack. A missing check when using the SUNRPC networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53680: Denial-of-service in IP virtual server driver. Undefined behaviour in the IP virtual server driver could lead to a kernel panic. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56558: Privilege escalation in NFS server driver. A missing check when using the NFS server driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56600: Privilege escalation in IPv6 networking stack. A missing variable initialization when creating a socket fails in the IPv6 networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56601: Privilege escalation in IPv4 networking stack. A missing variable initialization when creating a socket fails in the IPv4 networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56602: Privilege escalation in IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver. A missing variable initialization when creating a socket fails in the IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56603: Privilege escalation in CAN bus subsystem driver. A missing variable initialization when creating a CAN socket fails in the CAN bus subsystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56605: Privilege escalation in Bluetooth subsystem driver. A missing variable initialization when creating a l2cap socket fails in the Bluetooth subsystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56606: Privilege escalation in packet protocol networking stack. A logic error when using the packet protocol networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56637: Denial-of-service in netfilter (IP set) subsystem. A logic error when using the netfilter (IP set) subsystem could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56650: Privilege escalation in netfilter subsystem. A missing check when using the netfilter subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-56739: Denial-of-service in RTC subsystem. A locking error when using the RTC subsystem could lead to kernel soft-lockup. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56770: Privilege escalation in network emulator. A logic error when using the network emulator could lead to an integer overflow. A local attacker could use this flaw to escalate privileges. * CVE-2024-57850: Memory corruption in JFFS2 filesystem. A missing check when using the JFFS2 filesystem could lead to an out-of-bounds memory write. A local attacker could use this flaw to cause memory corruption. * CVE-2024-57901, CVE-2024-57902: Remote denial-of-service in packet protocol networking stack. A logic error when receiving a message using the packet protocol networking stack could lead to a kernel panic. A remote attacker could use this flaw to cause a denial-of-service. * Denial-of-service in Mellanox network adapter driver. A logic error in the Mellanox network adapter driver code causes truncation of the user access region (UAR) page index when using the dynamic UAR feature if there are more than 35,000 completion queues, leading to severe performance degradation and eventually a denial-of-service. Orabug: 37029739 * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2022-49034, CVE-2024-43098, CVE-2024-50051, CVE-2024-50269, CVE-2024-50287, CVE-2024-50296, CVE-2024-53130, CVE-2024-53131, CVE-2024-53145, CVE-2024-53148, CVE-2024-53158, CVE-2024-53161, CVE-2024-53165, CVE-2024-53181, CVE-2024-53183, CVE-2024-53184, CVE-2024-56548, CVE-2024-56562, CVE-2024-56567, CVE-2024-56572, CVE-2024-56581, CVE-2024-56586, CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598, CVE-2024-56619, CVE-2024-56634, CVE-2024-56643, CVE-2024-56645, CVE-2024-56659, CVE-2024-56691, CVE-2024-56700, CVE-2024-56704, CVE-2024-56723, CVE-2024-56724, CVE-2024-56746, CVE-2024-56766, CVE-2024-56781, CVE-2024-57849 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Mon Mar 3 13:22:49 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:22:49 -0800 Subject: [El-errata] ELSA-2025-1659 Moderate: Oracle Linux 9 kernel security update Message-ID: <mailman.16.1741008181.18.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1659 http://linux.oracle.com/errata/ELSA-2025-1659.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-7.4.0-503.26.1.el9_5.x86_64.rpm kernel-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-abi-stablelists-5.14.0-503.26.1.el9_5.noarch.rpm kernel-core-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-cross-headers-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-core-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-devel-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-devel-matched-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-modules-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-modules-core-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-modules-extra-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-debug-uki-virt-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-devel-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-devel-matched-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-doc-5.14.0-503.26.1.el9_5.noarch.rpm kernel-headers-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-modules-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-modules-core-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-modules-extra-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-tools-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-tools-libs-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-tools-libs-devel-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-uki-virt-5.14.0-503.26.1.el9_5.x86_64.rpm kernel-uki-virt-addons-5.14.0-503.26.1.el9_5.x86_64.rpm libperf-5.14.0-503.26.1.el9_5.x86_64.rpm perf-5.14.0-503.26.1.el9_5.x86_64.rpm python3-perf-5.14.0-503.26.1.el9_5.x86_64.rpm rtla-5.14.0-503.26.1.el9_5.x86_64.rpm rv-5.14.0-503.26.1.el9_5.x86_64.rpm aarch64: bpftool-7.4.0-503.26.1.el9_5.aarch64.rpm kernel-cross-headers-5.14.0-503.26.1.el9_5.aarch64.rpm kernel-headers-5.14.0-503.26.1.el9_5.aarch64.rpm kernel-tools-5.14.0-503.26.1.el9_5.aarch64.rpm kernel-tools-libs-5.14.0-503.26.1.el9_5.aarch64.rpm kernel-tools-libs-devel-5.14.0-503.26.1.el9_5.aarch64.rpm perf-5.14.0-503.26.1.el9_5.aarch64.rpm python3-perf-5.14.0-503.26.1.el9_5.aarch64.rpm rtla-5.14.0-503.26.1.el9_5.aarch64.rpm rv-5.14.0-503.26.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.26.1.el9_5.src.rpm Related CVEs: CVE-2023-52490 Description of changes: - [5.14.0-503.26.1.el9_5.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-503.26.1.el9_5] - redhat: drop Y issues from changelog (Jan Stancek) - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78075] {CVE-2024-53104} [5.14.0-503.25.1.el9_5] - md/md-bitmap: fix writing non bitmap pages (CKI Backport Bot) [RHEL-76800] [5.14.0-503.24.1.el9_5] - smb: client: fix potential race in cifs_put_tcon() (Jay Shin) [RHEL-73594 RHEL-70959] - smb: client: don't try following DFS links in cifs_tree_connect() (Jay Shin) [RHEL-73594 RHEL-70959] - smb: client: allow reconnect when sending ioctl (Jay Shin) [RHEL-73594 RHEL-70959] - smb: client: get rid of @nlsc param in cifs_tree_connect() (Jay Shin) [RHEL-73594 RHEL-70959] - smb: client: allow more DFS referrals to be cached (Jay Shin) [RHEL-73594 RHEL-70959] - smb3: fix broken reconnect when password changing on the server by allowing password rotation (Jay Shin) [RHEL-73594 RHEL-57983] - i40e: Fix handling changed priv flags (Kamal Heib) [RHEL-69857 RHEL-30524] - mm: migrate: fix getting incorrect page mapping during page migration (Rafael Aquini) [RHEL-70898 RHEL-27742 RHEL-28873] {CVE-2023-52490} - mm: migrate: record the mlocked page status to remove unnecessary lru drain (Rafael Aquini) [RHEL-70898 RHEL-27742] - mm: convert migrate_pages() to work on folios (Rafael Aquini) [RHEL-70898 RHEL-27742] - migrate_pages_batch: simplify retrying and failure counting of large folios (Rafael Aquini) [RHEL-70898 RHEL-27742] From el-errata at oss.oracle.com Mon Mar 3 13:22:50 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:22:50 -0800 Subject: [El-errata] ELSA-2025-1915 Important: Oracle Linux 9 emacs security update Message-ID: <mailman.17.1741008183.18.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1915 http://linux.oracle.com/errata/ELSA-2025-1915.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: emacs-27.2-11.el9_5.1.x86_64.rpm emacs-common-27.2-11.el9_5.1.x86_64.rpm emacs-filesystem-27.2-11.el9_5.1.noarch.rpm emacs-lucid-27.2-11.el9_5.1.x86_64.rpm emacs-nox-27.2-11.el9_5.1.x86_64.rpm aarch64: emacs-27.2-11.el9_5.1.aarch64.rpm emacs-common-27.2-11.el9_5.1.aarch64.rpm emacs-filesystem-27.2-11.el9_5.1.noarch.rpm emacs-lucid-27.2-11.el9_5.1.aarch64.rpm emacs-nox-27.2-11.el9_5.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//emacs-27.2-11.el9_5.1.src.rpm Related CVEs: CVE-2025-1244 Description of changes: [1:27.2-11.1] - Eliminate use of obsolete patch syntax (RHEL-80443) [1:27.2-11] - Fix man.el shell injection vulnerability (RHEL-79025) From el-errata at oss.oracle.com Mon Mar 3 13:23:09 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:23:09 -0800 Subject: [El-errata] ELBA-2025-20130 Oracle Linux 8 adaptived bug fix update Message-ID: <mailman.18.1741008200.18.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20130 http://linux.oracle.com/errata/ELBA-2025-20130.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: adaptived-1.0.1-1.el8.x86_64.rpm aarch64: adaptived-1.0.1-1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//adaptived-1.0.1-1.el8.src.rpm Description of changes: [1.0.1] - Update to v1.0.1 of upstream adaptived [1.0.0] - Initial release - Delete the devel build RPM - Disable the automated tests in the spec file From el-errata at oss.oracle.com Mon Mar 3 13:22:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:22:47 -0800 Subject: [El-errata] ELBA-2025-20141 Oracle Linux 9 mcelog bug fix update Message-ID: <mailman.19.1741008201.18.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20141 http://linux.oracle.com/errata/ELBA-2025-20141.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mcelog-204-1.0.1.el9.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//mcelog-204-1.0.1.el9.src.rpm Description of changes: [3:204-1.0.1] - Rebase to version 204 [Orabug: 37632539] From el-errata at oss.oracle.com Mon Mar 3 13:23:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:23:03 -0800 Subject: [El-errata] ELBA-2025-20139 Oracle Linux 9 adaptived bug fix update Message-ID: <mailman.20.1741008201.18.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20139 http://linux.oracle.com/errata/ELBA-2025-20139.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: adaptived-1.0.1-1.el9.x86_64.rpm aarch64: adaptived-1.0.1-1.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//adaptived-1.0.1-1.el9.src.rpm Description of changes: [1.0.1] - Initial release of adaptived on OL9 - Utilize v1.0.1 of upstream adaptived From el-errata at oss.oracle.com Mon Mar 3 13:22:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:22:57 -0800 Subject: [El-errata] ELBA-2025-1817 Oracle Linux 8 kmod-redhat-oracleasm bug fix and enhancement update Message-ID: <mailman.23.1741008203.18.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-1817 http://linux.oracle.com/errata/ELBA-2025-1817.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kmod-redhat-oracleasm-2.0.8-18.2.0.1.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kmod-redhat-oracleasm-2.0.8-18.2.0.1.el8_10.src.rpm Description of changes: [2.0.8-18.2.0.1] - fix Release string. [Orabug: 35011371] - add OL signature [2.0.8-18.2] - Add Obsoletes: tags for 8.4.z kernel-specific sub-packages (RHEL-76082). - Rebuild against kernel-4.18.0-553.el8_10. From el-errata at oss.oracle.com Mon Mar 3 13:22:55 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:22:55 -0800 Subject: [El-errata] ELBA-2025-20141 Oracle Linux 8 mcelog bug fix update Message-ID: <mailman.24.1741008209.18.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20141 http://linux.oracle.com/errata/ELBA-2025-20141.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mcelog-204-1.0.1.el8.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mcelog-204-1.0.1.el8.src.rpm Description of changes: [3:204-1.0.1] - Rebase to version 204 [Orabug: 37632649] From el-errata at oss.oracle.com Mon Mar 3 13:22:58 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 03 Mar 2025 05:22:58 -0800 Subject: [El-errata] ELSA-2025-1917 Important: Oracle Linux 8 emacs security update Message-ID: <mailman.25.1741008212.18.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1917 http://linux.oracle.com/errata/ELSA-2025-1917.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: emacs-26.1-13.el8_10.x86_64.rpm emacs-common-26.1-13.el8_10.x86_64.rpm emacs-filesystem-26.1-13.el8_10.noarch.rpm emacs-lucid-26.1-13.el8_10.x86_64.rpm emacs-nox-26.1-13.el8_10.x86_64.rpm emacs-terminal-26.1-13.el8_10.noarch.rpm aarch64: emacs-26.1-13.el8_10.aarch64.rpm emacs-common-26.1-13.el8_10.aarch64.rpm emacs-filesystem-26.1-13.el8_10.noarch.rpm emacs-lucid-26.1-13.el8_10.aarch64.rpm emacs-nox-26.1-13.el8_10.aarch64.rpm emacs-terminal-26.1-13.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//emacs-26.1-13.el8_10.src.rpm Related CVEs: CVE-2025-1244 Description of changes: [1:26.1-13] - Fix man.el shell injection vulnerability (RHEL-79016) From el-errata at oss.oracle.com Fri Mar 7 12:56:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:56:51 -0800 Subject: [El-errata] ELBA-2025-20142 Oracle Linux 9 cockpit bug fix update Message-ID: <mailman.3.1741352222.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20142 http://linux.oracle.com/errata/ELBA-2025-20142.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: cockpit-323.1-1.0.3.el9_5.x86_64.rpm cockpit-bridge-323.1-1.0.3.el9_5.x86_64.rpm cockpit-doc-323.1-1.0.3.el9_5.noarch.rpm cockpit-system-323.1-1.0.3.el9_5.noarch.rpm cockpit-ws-323.1-1.0.3.el9_5.x86_64.rpm cockpit-packagekit-323.1-1.0.3.el9_5.noarch.rpm cockpit-pcp-323.1-1.0.3.el9_5.x86_64.rpm cockpit-storaged-323.1-1.0.3.el9_5.noarch.rpm aarch64: cockpit-323.1-1.0.3.el9_5.aarch64.rpm cockpit-bridge-323.1-1.0.3.el9_5.aarch64.rpm cockpit-doc-323.1-1.0.3.el9_5.noarch.rpm cockpit-system-323.1-1.0.3.el9_5.noarch.rpm cockpit-ws-323.1-1.0.3.el9_5.aarch64.rpm cockpit-packagekit-323.1-1.0.3.el9_5.noarch.rpm cockpit-pcp-323.1-1.0.3.el9_5.aarch64.rpm cockpit-storaged-323.1-1.0.3.el9_5.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//cockpit-323.1-1.0.3.el9_5.src.rpm Description of changes: [323.1-1.0.3] - Moved update-motd out of cockpit_ws_t selinux context [Orabug: 37578946] From el-errata at oss.oracle.com Fri Mar 7 12:56:52 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:56:52 -0800 Subject: [El-errata] ELBA-2025-20145 Oracle Linux 9 openssh bug fix update Message-ID: <mailman.4.1741352224.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20145 http://linux.oracle.com/errata/ELBA-2025-20145.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openssh-8.7p1-43.0.2.el9.x86_64.rpm openssh-askpass-8.7p1-43.0.2.el9.x86_64.rpm openssh-clients-8.7p1-43.0.2.el9.x86_64.rpm openssh-keycat-8.7p1-43.0.2.el9.x86_64.rpm openssh-server-8.7p1-43.0.2.el9.x86_64.rpm pam_ssh_agent_auth-0.10.4-5.43.0.2.el9.x86_64.rpm aarch64: openssh-8.7p1-43.0.2.el9.aarch64.rpm openssh-askpass-8.7p1-43.0.2.el9.aarch64.rpm openssh-clients-8.7p1-43.0.2.el9.aarch64.rpm openssh-keycat-8.7p1-43.0.2.el9.aarch64.rpm openssh-server-8.7p1-43.0.2.el9.aarch64.rpm pam_ssh_agent_auth-0.10.4-5.43.0.2.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//openssh-8.7p1-43.0.2.el9.src.rpm Description of changes: [8.7p1-43.0.2] - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand [Orabug: 37647064] From el-errata at oss.oracle.com Fri Mar 7 12:56:54 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:56:54 -0800 Subject: [El-errata] ELBA-2025-2263 Oracle Linux 9 kernel bug fix and enhancement update Message-ID: <mailman.5.1741352224.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2263 http://linux.oracle.com/errata/ELBA-2025-2263.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-7.4.0-503.29.1.el9_5.x86_64.rpm kernel-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-abi-stablelists-5.14.0-503.29.1.el9_5.noarch.rpm kernel-core-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-core-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-devel-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-devel-matched-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-modules-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-modules-core-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-modules-extra-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-debug-uki-virt-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-devel-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-devel-matched-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-doc-5.14.0-503.29.1.el9_5.noarch.rpm kernel-headers-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-modules-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-modules-core-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-modules-extra-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-tools-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-tools-libs-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-uki-virt-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-uki-virt-addons-5.14.0-503.29.1.el9_5.x86_64.rpm perf-5.14.0-503.29.1.el9_5.x86_64.rpm python3-perf-5.14.0-503.29.1.el9_5.x86_64.rpm rtla-5.14.0-503.29.1.el9_5.x86_64.rpm rv-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-cross-headers-5.14.0-503.29.1.el9_5.x86_64.rpm kernel-tools-libs-devel-5.14.0-503.29.1.el9_5.x86_64.rpm libperf-5.14.0-503.29.1.el9_5.x86_64.rpm aarch64: bpftool-7.4.0-503.29.1.el9_5.aarch64.rpm kernel-tools-5.14.0-503.29.1.el9_5.aarch64.rpm kernel-tools-libs-5.14.0-503.29.1.el9_5.aarch64.rpm perf-5.14.0-503.29.1.el9_5.aarch64.rpm python3-perf-5.14.0-503.29.1.el9_5.aarch64.rpm rtla-5.14.0-503.29.1.el9_5.aarch64.rpm rv-5.14.0-503.29.1.el9_5.aarch64.rpm kernel-cross-headers-5.14.0-503.29.1.el9_5.aarch64.rpm kernel-tools-libs-devel-5.14.0-503.29.1.el9_5.aarch64.rpm kernel-headers-5.14.0-503.29.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.29.1.el9_5.src.rpm Description of changes: - [5.14.0-503.29.1.el9_5.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-503.29.1.el9_5] - rhel-9.5: gate on kernel-qe tests results not cki ones (Bruno Goncalves) - ice: implement low latency PHY timer updates (Petr Oros) [RHEL-75466] - ice: check low latency PHY timer update firmware capability (Petr Oros) [RHEL-75466] - ice: add lock to protect low latency interface (Petr Oros) [RHEL-75466] - ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_* (Petr Oros) [RHEL-75466] - ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810 (Petr Oros) [RHEL-75466] - smb: client: get rid of kstrdup() in get_ses_refpath() (Paulo Alcantara) [RHEL-72875] - smb: client: fix noisy when tree connecting to DFS interlink targets (Paulo Alcantara) [RHEL-72875] - smb: client: don't trust DFSREF_STORAGE_SERVER bit (Paulo Alcantara) [RHEL-72875] - smb: client: don't check for @leaf_fullpath in match_server() (Paulo Alcantara) [RHEL-72875] - smb: client: get rid of TCP_Server_Info::refpath_lock (Paulo Alcantara) [RHEL-72875] - smb: client: don't retry DFS targets on server shutdown (Paulo Alcantara) [RHEL-72875] - smb: client: fix return value of parse_dfs_referrals() (Paulo Alcantara) [RHEL-72875] - smb: client: optimize referral walk on failed link targets (Paulo Alcantara) [RHEL-72875] - smb: client: provide dns_resolve_{unc,name} helpers (Paulo Alcantara) [RHEL-72875] - smb: client: parse DNS domain name from domain= option (Paulo Alcantara) [RHEL-72875] - smb: client: fix DFS mount against old servers with NTLMSSP (Paulo Alcantara) [RHEL-72875] - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (Paulo Alcantara) [RHEL-72875] - smb: client: introduce av_for_each_entry() helper (Paulo Alcantara) [RHEL-72875] - smb: client: fix double free of TCP_Server_Info::hostname (Paulo Alcantara) [RHEL-72875] - cifs: support mounting with alternate password to allow password rotation (Paulo Alcantara) [RHEL-72875] - cifs: support reconnect with alternate password for SMB1 (Paulo Alcantara) [RHEL-72875] - smb: client: sync the root session and superblock context passwords before automounting (Paulo Alcantara) [RHEL-72875] - cifs: unlock on error in smb3_reconfigure() (Paulo Alcantara) [RHEL-72875] - cifs: during remount, make sure passwords are in sync (Paulo Alcantara) [RHEL-72875] - smb: client: Handle kstrdup failures for passwords (Paulo Alcantara) [RHEL-72875] {CVE-2024-50120} - smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-72875] {CVE-2024-54680} - smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-72875] {CVE-2024-53095} - Fix spelling errors in Server Message Block (Paulo Alcantara) [RHEL-72875] - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (CKI Backport Bot) [RHEL-78423] [5.14.0-503.28.1.el9_5] - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (CKI Backport Bot) [RHEL-73726] - intel_idle: Disable promotion to C1E on Jasper Lake and Elkhart Lake (David Arcari) [RHEL-62985] - intel_idle: add Granite Rapids Xeon support (David Arcari) [RHEL-62985] - intel_idle: Switch to new Intel CPU model defines (David Arcari) [RHEL-62985] - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (David Arcari) [RHEL-59001] - x86/resctrl: Read supported bandwidth sources from CPUID (David Arcari) [RHEL-59001] - x86/resctrl: Remove hard-coded memory bandwidth limit (David Arcari) [RHEL-59001] - mei: me: disable RPL-S on SPS and IGN firmwares (CKI Backport Bot) [RHEL-60895] - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (Jay Shin) [RHEL-75935] - smb: client: disable directory caching when dir_cache_timeout is zero (Jay Shin) [RHEL-75935] - smb: client: remove unnecessary checks in open_cached_dir() (Jay Shin) [RHEL-75935] - smb: prevent use-after-free due to open_cached_dir error paths (Jay Shin) [RHEL-75935] {CVE-2024-53177} - smb: Don't leak cfid when reconnect races with open_cached_dir (Jay Shin) [RHEL-75935] {CVE-2024-53178} - smb3: request handle caching when caching directories (Jay Shin) [RHEL-75935] - bnxt_en: Unregister PTP during PCI shutdown and suspend (Michal Schmidt) [RHEL-69514] - bnxt_en: Refactor bnxt_ptp_init() (Michal Schmidt) [RHEL-69514] - smb: client: ignore unhandled reparse tags (Jay Shin) [RHEL-77743] - smb: client: fix oops due to unset link speed (Jay Shin) [RHEL-77359] [5.14.0-503.27.1.el9_5] - NFS: enable nconnect for RDMA (Benjamin Coddington) [RHEL-77179] - Revert "scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo" (Dick Kennedy) [RHEL-70933] - idpf: fix idpf_vc_core_init error path (CKI Backport Bot) [RHEL-70191] - idpf: avoid vport access in idpf_get_link_ksettings (CKI Backport Bot) [RHEL-70191] - ip6mr: fix tables suspicious RCU usage (Andrea Claudi) [RHEL-71730] - ipmr: tune the ipmr_can_free_table() checks. (Andrea Claudi) [RHEL-71730] - ipmr: add debug check for mr table cleanup (Andrea Claudi) [RHEL-71730] - net: ip6mr: add RTM_GETROUTE netlink op (Andrea Claudi) [RHEL-71730] - i40e: add ability to reset VF for Tx and Rx MDD events (Michal Schmidt) [RHEL-75972] - tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [RHEL-62215] - mptcp: handle consistently DSS corruption (Paolo Abeni) [RHEL-62215] From el-errata at oss.oracle.com Fri Mar 7 12:56:55 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:56:55 -0800 Subject: [El-errata] ELSA-2025-2035 Important: Oracle Linux 9 webkit2gtk3 security update Message-ID: <mailman.6.1741352225.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2035 http://linux.oracle.com/errata/ELSA-2025-2035.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: webkit2gtk3-2.46.6-1.el9_5.i686.rpm webkit2gtk3-2.46.6-1.el9_5.x86_64.rpm webkit2gtk3-devel-2.46.6-1.el9_5.i686.rpm webkit2gtk3-devel-2.46.6-1.el9_5.x86_64.rpm webkit2gtk3-jsc-2.46.6-1.el9_5.i686.rpm webkit2gtk3-jsc-2.46.6-1.el9_5.x86_64.rpm webkit2gtk3-jsc-devel-2.46.6-1.el9_5.i686.rpm webkit2gtk3-jsc-devel-2.46.6-1.el9_5.x86_64.rpm aarch64: webkit2gtk3-2.46.6-1.el9_5.aarch64.rpm webkit2gtk3-devel-2.46.6-1.el9_5.aarch64.rpm webkit2gtk3-jsc-2.46.6-1.el9_5.aarch64.rpm webkit2gtk3-jsc-devel-2.46.6-1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//webkit2gtk3-2.46.6-1.el9_5.src.rpm Related CVEs: CVE-2024-54543 CVE-2025-24143 CVE-2025-24150 CVE-2025-24158 CVE-2025-24162 Description of changes: [2.46.6-1] - Update to 2.46.6 From el-errata at oss.oracle.com Fri Mar 7 12:56:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:56:57 -0800 Subject: [El-errata] ELSA-2025-2359 Important: Oracle Linux 9 firefox security update Message-ID: <mailman.7.1741352225.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2359 http://linux.oracle.com/errata/ELSA-2025-2359.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.8.0-1.0.1.el9_5.x86_64.rpm firefox-x11-128.8.0-1.0.1.el9_5.x86_64.rpm aarch64: firefox-128.8.0-1.0.1.el9_5.aarch64.rpm firefox-x11-128.8.0-1.0.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//firefox-128.8.0-1.0.1.el9_5.src.rpm Related CVEs: CVE-2025-1930 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933 CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937 CVE-2025-1938 Description of changes: [128.8.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.8.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.8.0-1] - Update to 128.8.0 build1 From el-errata at oss.oracle.com Fri Mar 7 12:57:01 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:01 -0800 Subject: [El-errata] ELBA-2025-20129 Oracle Linux 8 oracle-database-preinstall-23ai bug fix update Message-ID: <mailman.8.1741352229.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20129 http://linux.oracle.com/errata/ELBA-2025-20129.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: oracle-database-preinstall-23ai-1.0-4.el8.x86_64.rpm aarch64: oracle-database-preinstall-23ai-1.0-4.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//oracle-database-preinstall-23ai-1.0-4.el8.src.rpm Description of changes: [[1.0-4.el8]] - Added minimum versions for some of the dependencies [Orabug: 37001816] - Added minimum versions for aarch64 [Orabug: 37187987] - Remove ethtool from dependencies [Orabug: 37222009] [[1.0-3.el8]] - Add gcc, libgfortran and libnsl2 to the dependencies [Orabug: 37068703] From el-errata at oss.oracle.com Fri Mar 7 12:57:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:03 -0800 Subject: [El-errata] ELBA-2025-20144 Oracle Linux 8 mokutil bug fix update Message-ID: <mailman.9.1741352231.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20144 http://linux.oracle.com/errata/ELBA-2025-20144.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mokutil-0.6.0-1.0.2.el8.x86_64.rpm aarch64: mokutil-0.6.0-1.0.2.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mokutil-0.6.0-1.0.2.el8.src.rpm Description of changes: [0.6.0-1.0.2] - Show usage instead of aborting on bad flags [Orabug: 37565815] [0.6.0-1.0.1] - Update to 0.6.0 [Orabug: 33770149] - Fix build with keyutils [Orabug: 33770149] From el-errata at oss.oracle.com Fri Mar 7 12:57:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:04 -0800 Subject: [El-errata] ELBA-2025-2352 Oracle Linux 8 kernel bug fix and enhancement update Message-ID: <mailman.10.1741352232.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2352 http://linux.oracle.com/errata/ELBA-2025-2352.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.42.1.el8_10.noarch.rpm kernel-core-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.42.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.42.1.el8_10.x86_64.rpm perf-4.18.0-553.42.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.42.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.42.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.42.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.42.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.42.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.42.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.42.1.el8_10.aarch64.rpm perf-4.18.0-553.42.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.42.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.42.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.42.1.el8_10.src.rpm Description of changes: [4.18.0-553.42.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-553.42.1.el8_10] - net: skb: exclude the single page frag cache for too small alloc (Paolo Abeni) [RHEL-66261] - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Olga Kornievskaia) [RHEL-79458] - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) [RHEL-64950] - scsi: st: Don't set pos_unknown just after device recognition (John Meneghini) [RHEL-78415] - ovl: fix use inode directly in rcu-walk mode (Miklos Szeredi) [RHEL-76161] - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Kamal Heib) [RHEL-75826] [4.18.0-553.41.1.el8_10] - virtio-net: correctly enable callback during start_xmit (Laurent Vivier) [RHEL-72886] - dm snapshot: fix lockup in dm_exception_table_exit (Benjamin Marzinski) [RHEL-76230 RHEL-34599] From el-errata at oss.oracle.com Fri Mar 7 12:57:05 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:05 -0800 Subject: [El-errata] ELSA-2025-2034 Important: Oracle Linux 8 webkit2gtk3 security update Message-ID: <mailman.11.1741352234.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2034 http://linux.oracle.com/errata/ELSA-2025-2034.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: webkit2gtk3-2.46.6-1.el8_10.i686.rpm webkit2gtk3-2.46.6-1.el8_10.x86_64.rpm webkit2gtk3-devel-2.46.6-1.el8_10.i686.rpm webkit2gtk3-devel-2.46.6-1.el8_10.x86_64.rpm webkit2gtk3-jsc-2.46.6-1.el8_10.i686.rpm webkit2gtk3-jsc-2.46.6-1.el8_10.x86_64.rpm webkit2gtk3-jsc-devel-2.46.6-1.el8_10.i686.rpm webkit2gtk3-jsc-devel-2.46.6-1.el8_10.x86_64.rpm aarch64: webkit2gtk3-2.46.6-1.el8_10.aarch64.rpm webkit2gtk3-devel-2.46.6-1.el8_10.aarch64.rpm webkit2gtk3-jsc-2.46.6-1.el8_10.aarch64.rpm webkit2gtk3-jsc-devel-2.46.6-1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//webkit2gtk3-2.46.6-1.el8_10.src.rpm Related CVEs: CVE-2024-54543 CVE-2025-24143 CVE-2025-24150 CVE-2025-24158 CVE-2025-24162 Description of changes: [2.46.6-1] - Update to 2.46.6 From el-errata at oss.oracle.com Fri Mar 7 12:57:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:07 -0800 Subject: [El-errata] ELSA-2025-2452 Important: Oracle Linux 8 firefox security update Message-ID: <mailman.14.1741352235.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2452 http://linux.oracle.com/errata/ELSA-2025-2452.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.8.0-1.0.1.el8_10.x86_64.rpm aarch64: firefox-128.8.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//firefox-128.8.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-1930 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933 CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937 CVE-2025-1938 Description of changes: [128.8.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789] [128.8.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.8.0-1] - Update to 128.8.0 build1 From el-errata at oss.oracle.com Fri Mar 7 12:57:12 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:12 -0800 Subject: [El-errata] ELSA-2024-11049 Important: Oracle Linux 7 squid security update Message-ID: <mailman.15.1741352241.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2024-11049 http://linux.oracle.com/errata/ELSA-2024-11049.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: squid-3.5.20-17.0.5.el7_9.13.x86_64.rpm squid-migration-script-3.5.20-17.0.5.el7_9.13.x86_64.rpm squid-sysvinit-3.5.20-17.0.5.el7_9.13.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//squid-3.5.20-17.0.5.el7_9.13.src.rpm Related CVEs: CVE-2023-46846 Description of changes: [7:3.5.20-17.0.5.13] - Fixed cve 2023-46846 for http and icap request/response smuggling [Orabug: 37326730] From el-errata at oss.oracle.com Fri Mar 7 12:57:14 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:14 -0800 Subject: [El-errata] ELSA-2025-1250 Moderate: Oracle Linux 7 python-jinja2 security update Message-ID: <mailman.16.1741352244.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1250 http://linux.oracle.com/errata/ELSA-2025-1250.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: python-jinja2-2.7.2-4.0.1.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//python-jinja2-2.7.2-4.0.1.el7.src.rpm Related CVEs: CVE-2024-56326 Description of changes: [2.7.2-4.0.1] - Fix for CVE-2024-56326 [Orabug: 37576737] From el-errata at oss.oracle.com Fri Mar 7 12:57:15 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 04:57:15 -0800 Subject: [El-errata] ELSA-2025-1255 Moderate: Oracle Linux 7 doxygen security update Message-ID: <mailman.17.1741352244.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1255 http://linux.oracle.com/errata/ELSA-2025-1255.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: doxygen-1.8.5-4.0.1.el7.x86_64.rpm doxygen-doxywizard-1.8.5-4.0.1.el7.x86_64.rpm doxygen-latex-1.8.5-4.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//doxygen-1.8.5-4.0.1.el7.src.rpm Related CVEs: CVE-2020-11023 Description of changes: [1:1.8.5-4.0.1] - Fix CVE-2020-11022 and CVE-2022-11023 in vendored jQuery [Orabug: 37577394] From el-errata at oss.oracle.com Fri Mar 7 16:49:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 07 Mar 2025 08:49:31 -0800 Subject: [El-errata] ELSA-2025-1352 Moderate: Oracle Linux 7 krb5 security update Message-ID: <mailman.18.1741366179.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1352 http://linux.oracle.com/errata/ELSA-2025-1352.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: krb5-devel-1.15.1-55.0.9.el7_9.i686.rpm krb5-devel-1.15.1-55.0.9.el7_9.x86_64.rpm krb5-libs-1.15.1-55.0.9.el7_9.i686.rpm krb5-libs-1.15.1-55.0.9.el7_9.x86_64.rpm krb5-pkinit-1.15.1-55.0.9.el7_9.x86_64.rpm krb5-server-1.15.1-55.0.9.el7_9.x86_64.rpm krb5-server-ldap-1.15.1-55.0.9.el7_9.x86_64.rpm krb5-workstation-1.15.1-55.0.9.el7_9.x86_64.rpm libkadm5-1.15.1-55.0.9.el7_9.i686.rpm libkadm5-1.15.1-55.0.9.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//krb5-1.15.1-55.0.9.el7_9.src.rpm Related CVEs: CVE-2025-24528 Description of changes: [1.15.1-55.0.9] - Fixes CVE-2025-24528 , Prevent overflow when calculating ulog block size [Orabug: 37587301] From el-errata at oss.oracle.com Mon Mar 10 11:32:46 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 10 Mar 2025 04:32:46 -0700 Subject: [El-errata] ELBA-2025-20146 Oracle Linux 8 oracle-common-release bug fix update Message-ID: <mailman.54.1741606378.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20146 http://linux.oracle.com/errata/ELBA-2025-20146.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: oracle-java-jdk-release-el8-1.0-5.el8.x86_64.rpm aarch64: oracle-java-jdk-release-el8-1.0-5.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//oracle-common-release-1.0-5.el8.src.rpm Description of changes: [1.0-5] - Initial release From el-errata at oss.oracle.com Mon Mar 10 11:32:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 10 Mar 2025 04:32:51 -0700 Subject: [El-errata] ELBA-2025-20147 Oracle Linux 9 oracle-common-release bug fix update Message-ID: <mailman.55.1741606380.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20147 http://linux.oracle.com/errata/ELBA-2025-20147.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: oracle-java-jdk-release-el9-1.0-5.el9.x86_64.rpm aarch64: oracle-java-jdk-release-el9-1.0-5.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//oracle-common-release-1.0-5.el9.src.rpm Description of changes: [1.0-5] - Initial release From el-errata at oss.oracle.com Tue Mar 11 12:06:00 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 05:06:00 -0700 Subject: [El-errata] ELSA-2025-20152 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: <mailman.60.1741694773.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-20152 http://linux.oracle.com/errata/ELSA-2025-20152.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-container-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-core-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-306.177.4.el9uek.noarch.rpm kernel-uek-modules-5.15.0-306.177.4.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-306.177.4.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el9uek.src.rpm Related CVEs: CVE-2024-36899 CVE-2024-47687 CVE-2024-47707 CVE-2024-53110 CVE-2024-53124 CVE-2024-53162 CVE-2024-56631 CVE-2024-56672 CVE-2024-57804 Description of changes: [5.15.0-306.177.4.el9uek] - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman) - drm/v3d: Assign job pointer to NULL before signaling the fence (Ma?ra Canal) - scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804} [5.15.0-306.177.3.el9uek] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219] - mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586] - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162} - vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163] - vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110} - vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163] - net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163] - vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687} - vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clarify meaning thorough function rename (Dragos Tatulea) [Orabug: 37296163] - vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163] - vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163] - vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163] - vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163] - virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163] - vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163] - vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163] - vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163] - vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163] - vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163] - vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163] - vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163] - vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163] - vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493] [5.15.0-306.177.2.el9uek] - LTS version: v5.15.177 (Vijayendra Suman) - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann) - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631} - x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross) - nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang) - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707} - vsock/virtio: discard packets if the transport changes (Stefano Garzarella) - blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672} - iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol) - iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol) - drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrj?l?) - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal) - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899} - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) - filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen) - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella) - vsock: reset socket state when de-assigning the transport (Stefano Garzarella) - vsock/virtio: cancel close work in the destructor (Stefano Garzarella) - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit) - nvmet: propagate npwg topology (Luis Chamberlain) - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov) - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede) - kheaders: Ignore silly-rename files (David Howells) - fs: fix missing declaration of init_files (Zhang Kunbo) - hfs: Sanity check the root record (Leo Stone) - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) - i2c: rcar: fix NACK handling when being a target (Wolfram Sang) - i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang) - drm/v3d: Ensure job pointer is set to NULL after job completion (Ma?ra Canal) - net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad) - net: xilinx: axienet: Fix IRQ coalescing packet count overflow (Sean Anderson) - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter) - pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev) - bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla) - phy: usb: Fix clock imbalance for suspend/resume (Justin Chen) - phy: usb: Use slow clock for wake enabled suspend (Justin Chen) - mptcp: fix TCP options overflow. (Paolo Abeni) - mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang) - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) - ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) - phy: usb: Toggle the PHY power during init (Justin Chen) - phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper) - of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta) - of: address: Store number of bus flag cells rather than bool (Rob Herring) - of: address: Remove duplicated functions (Herve Codina) - of: address: Fix address translation when address-size is greater than 2 (Herve Codina) - of/address: Add support for 3 address cell bus (Rob Herring) - of: unittest: Add bus address range parsing tests (Rob Herring) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis) - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai) - iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-K?nig) - iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori) - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam) - iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song) - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K) - usb: fix reference leak in usb_new_device() (Ma Ke) - USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng) - USB: usblp: return error when setting unsupported protocol (Jun Yan) - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) - topology: Keep the cpumask unchanged when printing cpumap (Li Huafei) - usb: dwc3: gadget: fix writing NYET threshold (Andr? Draszik) - USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold) - usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel) - staging: iio: ad9832: Correct phase range check (Zicheng Qu) - staging: iio: ad9834: Correct phase range check (Zicheng Qu) - USB: serial: option: add Neoway N723-EA support (Michal Hrusecky) - USB: serial: option: add MeiG Smart SRM815 (Chukun Pan) - md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han) - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu) - drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen) - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede) - riscv: Fix sleeping in invalid context in die() (Nam Cao) - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: udp_port: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka) - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) - afs: Fix the maximum cell name length (David Howells) - ksmbd: fix a missing return value check bug (Wentao Liang) - drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin) - netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso) - netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso) - tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington) - cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy) - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP) - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan) - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing) - net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor) - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura) - ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai) - exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo) - exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo) - dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai) - dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai) - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) - jbd2: flush filesystem device before updating tail sequence (Zhang Yi) - ceph: give up on paths longer than PATH_MAX (Max Kellermann) [5.15.0-306.176.1.el9uek] - mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug: 37503579] - mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579] - assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579] - assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579] - mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525] - mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525] - PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525] - uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080] - cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421] - cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421] From el-errata at oss.oracle.com Tue Mar 11 12:06:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 05:06:08 -0700 Subject: [El-errata] ELSA-2025-20152 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: <mailman.61.1741694777.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-20152 http://linux.oracle.com/errata/ELSA-2025-20152.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-core-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-debug-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-debug-core-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-devel-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-doc-5.15.0-306.177.4.el9uek.noarch.rpm kernel-uek-modules-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-container-5.15.0-306.177.4.el9uek.x86_64.rpm kernel-uek-container-debug-5.15.0-306.177.4.el9uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el9uek.src.rpm Related CVEs: CVE-2024-36899 CVE-2024-47687 CVE-2024-47707 CVE-2024-53110 CVE-2024-53124 CVE-2024-53162 CVE-2024-56631 CVE-2024-56672 CVE-2024-57804 Description of changes: [5.15.0-306.177.4.el9uek] - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman) - drm/v3d: Assign job pointer to NULL before signaling the fence (Ma?ra Canal) - scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804} [5.15.0-306.177.3.el9uek] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219] - mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586] - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162} - vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163] - vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110} - vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163] - net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163] - vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687} - vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clarify meaning thorough function rename (Dragos Tatulea) [Orabug: 37296163] - vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163] - vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163] - vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163] - vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163] - virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163] - vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163] - vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163] - vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163] - vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163] - vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163] - vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163] - vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163] - vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163] - vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493] [5.15.0-306.177.2.el9uek] - LTS version: v5.15.177 (Vijayendra Suman) - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann) - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631} - x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross) - nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang) - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707} - vsock/virtio: discard packets if the transport changes (Stefano Garzarella) - blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672} - iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol) - iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol) - drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrj?l?) - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal) - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899} - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) - filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen) - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella) - vsock: reset socket state when de-assigning the transport (Stefano Garzarella) - vsock/virtio: cancel close work in the destructor (Stefano Garzarella) - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit) - nvmet: propagate npwg topology (Luis Chamberlain) - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov) - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede) - kheaders: Ignore silly-rename files (David Howells) - fs: fix missing declaration of init_files (Zhang Kunbo) - hfs: Sanity check the root record (Leo Stone) - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) - i2c: rcar: fix NACK handling when being a target (Wolfram Sang) - i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang) - drm/v3d: Ensure job pointer is set to NULL after job completion (Ma?ra Canal) - net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad) - net: xilinx: axienet: Fix IRQ coalescing packet count overflow (Sean Anderson) - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter) - pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev) - bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla) - phy: usb: Fix clock imbalance for suspend/resume (Justin Chen) - phy: usb: Use slow clock for wake enabled suspend (Justin Chen) - mptcp: fix TCP options overflow. (Paolo Abeni) - mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang) - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) - ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) - phy: usb: Toggle the PHY power during init (Justin Chen) - phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper) - of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta) - of: address: Store number of bus flag cells rather than bool (Rob Herring) - of: address: Remove duplicated functions (Herve Codina) - of: address: Fix address translation when address-size is greater than 2 (Herve Codina) - of/address: Add support for 3 address cell bus (Rob Herring) - of: unittest: Add bus address range parsing tests (Rob Herring) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis) - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai) - iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-K?nig) - iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori) - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam) - iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song) - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K) - usb: fix reference leak in usb_new_device() (Ma Ke) - USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng) - USB: usblp: return error when setting unsupported protocol (Jun Yan) - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) - topology: Keep the cpumask unchanged when printing cpumap (Li Huafei) - usb: dwc3: gadget: fix writing NYET threshold (Andr? Draszik) - USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold) - usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel) - staging: iio: ad9832: Correct phase range check (Zicheng Qu) - staging: iio: ad9834: Correct phase range check (Zicheng Qu) - USB: serial: option: add Neoway N723-EA support (Michal Hrusecky) - USB: serial: option: add MeiG Smart SRM815 (Chukun Pan) - md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han) - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu) - drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen) - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede) - riscv: Fix sleeping in invalid context in die() (Nam Cao) - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: udp_port: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka) - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) - afs: Fix the maximum cell name length (David Howells) - ksmbd: fix a missing return value check bug (Wentao Liang) - drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin) - netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso) - netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso) - tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington) - cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy) - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP) - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan) - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing) - net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor) - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura) - ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai) - exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo) - exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo) - dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai) - dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai) - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) - jbd2: flush filesystem device before updating tail sequence (Zhang Yi) - ceph: give up on paths longer than PATH_MAX (Max Kellermann) [5.15.0-306.176.1.el9uek] - mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug: 37503579] - mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579] - assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579] - assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579] - mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525] - mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525] - PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525] - uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080] - cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421] - cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421] From el-errata at oss.oracle.com Tue Mar 11 12:06:14 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 05:06:14 -0700 Subject: [El-errata] ELSA-2025-20152 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: <mailman.64.1741694784.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-20152 http://linux.oracle.com/errata/ELSA-2025-20152.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-core-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-306.177.4.el8uek.noarch.rpm kernel-uek-modules-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-container-5.15.0-306.177.4.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-306.177.4.el8uek.x86_64.rpm aarch64: bpftool-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-core-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-306.177.4.el8uek.noarch.rpm kernel-uek-modules-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-container-5.15.0-306.177.4.el8uek.aarch64.rpm kernel-uek-container-debug-5.15.0-306.177.4.el8uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-306.177.4.el8uek.src.rpm Related CVEs: CVE-2024-36899 CVE-2024-47687 CVE-2024-47707 CVE-2024-53110 CVE-2024-53124 CVE-2024-53162 CVE-2024-56631 CVE-2024-56672 CVE-2024-57804 Description of changes: [5.15.0-306.177.4.el8uek] - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman) - drm/v3d: Assign job pointer to NULL before signaling the fence (Ma?ra Canal) - scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (Ranjan Kumar) [Orabug: 37472354] {CVE-2024-57804} [5.15.0-306.177.3.el8uek] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530219] - mm, madvise: fix potential workingset node list_lru leaks (Kairui Song) [Orabug: 37464586] - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (Dan Carpenter) [Orabug: 37427536] {CVE-2024-53162} - vdpa/mlx5: Fix error path during device add (Dragos Tatulea) [Orabug: 37296163] - vp_vdpa: fix id_table array not null terminated error (Xiaoguang Wang) [Orabug: 37296163] {CVE-2024-53110} - vdpa/mlx5: Postpone MR deletion (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce init/destroy for MR resources (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename mr_mtx -> lock (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Extract mr members in own resource struct (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename function (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Delete direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Create direct MKEYs in parallel (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize VQ suspend/resume for CVQ MQ command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Small improvement for change_num_qps() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Keep notifiers during suspend but ignore (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Parallelize device suspend (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq modify commands (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use async API for vq query command (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce async fw command wrapper (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Introduce error logging function (Dragos Tatulea) [Orabug: 37296163] - net/mlx5: Support throttled commands from async API (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa_sim_net: Add the support of set mac address (Cindy Lu) [Orabug: 37296163] - vdpa: support set mac address from vdpa tool (Cindy Lu) [Orabug: 37296163] - vdpa/mlx5: Fix invalid mr resource destroy (Dragos Tatulea) [Orabug: 37296163] {CVE-2024-47687} - vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Don't reset VQs more than necessary (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Re-create HW VQs under certain conditions (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Pre-create hardware VQs at vdpa .dev_add time (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Use suspend/resume during VQP change (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Forward error in suspend/resume device (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Consolidate all VQ modify to Ready to use resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add error code for suspend/resume VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Accept Init -> Ready VQ transition in resume_vq() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Allow creation of blank VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set mkey modified flags on all VQs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Start off rqt_size with max VQPs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Set an initial size on the VQ (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the VQ features field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Add support for modifying the virtio_version VQ field (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Rename init_mvqs (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clear and reinitialize software VQ data on reset (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Initialize and reset device with one queue pair (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Remove duplicate suspend code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Iterate over active VQs during suspend/resume (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant check in teardown_virtqueues() (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Drop redundant code (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Make setup/teardown_vq_resources() symmetrical (Dragos Tatulea) [Orabug: 37296163] - vdpa/mlx5: Clarify meaning thorough function rename (Dragos Tatulea) [Orabug: 37296163] - vhost-vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - vp_vdpa: don't allocate unused msix vectors (Yuxue Liu) [Orabug: 37296163] - vdpa: Convert sprintf/snprintf to sysfs_emit (Li Zhijian) [Orabug: 37296163] - vp_vdpa: Fix return value check vp_vdpa_request_irq (Yuxue Liu) [Orabug: 37296163] - vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE (Michael S. Tsirkin) [Orabug: 37296163] - virtio_vdpa: create vqs with the actual size (Zhu Lingshan) [Orabug: 37296163] - vdpa_sim: implement vdpa_config_ops.get_vq_size for vDPA simulator (Zhu Lingshan) [Orabug: 37296163] - vp_vdpa: implement vdpa_config_ops.get_vq_size (Zhu Lingshan) [Orabug: 37296163] - vDPA: introduce get_vq_size to vdpa_config_ops (Zhu Lingshan) [Orabug: 37296163] - vhost-vdpa: uapi to support reporting per vq size (Zhu Lingshan) [Orabug: 37296163] - vdpa: skip suspend/resume ops if not DRIVER_OK (Steve Sistare) [Orabug: 37296163] - vdpa_sim: reset must not run (Steve Sistare) [Orabug: 37296163] - vdpa: Block vq property changes in DRIVER_OK (Dragos Tatulea) [Orabug: 37296163] - vdpa: Track device suspended state (Dragos Tatulea) [Orabug: 37296163] - vdpa: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 37296163] - SUNRPC: do not retry on EKEYEXPIRED when user TGT ticket expired (Dai Ngo) [Orabug: 34162493] [5.15.0-306.177.2.el8uek] - LTS version: v5.15.177 (Vijayendra Suman) - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann) - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388795] {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane) [Orabug: 37434117] {CVE-2024-56631} - x86/xen: fix SLS mitigation in xen_hypercall_iret() (Juergen Gross) - nfsd: add list_head nf_gc to struct nfsd_file (Youzhong Yang) - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200706] {CVE-2024-47707} - vsock/virtio: discard packets if the transport changes (Stefano Garzarella) - blk-cgroup: Fix UAF in blkcg_unpin_online() (Tejun Heo) [Orabug: 37434276] {CVE-2024-56672} - iio: adc: rockchip_saradc: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on (Jean-Baptiste Maneyrol) - iio: imu: inv_icm42600: fix spi burst write not supported (Jean-Baptiste Maneyrol) - drm/i915/fb: Relax clear color alignment to 64 bytes (Ville Syrj?l?) - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal) - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Zhongqiu Han) [Orabug: 36683269] {CVE-2024-36899} - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) - filemap: avoid truncating 64-bit offset to 32 bits (Marco Nelissen) - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (Stefano Garzarella) - vsock: reset socket state when de-assigning the transport (Stefano Garzarella) - vsock/virtio: cancel close work in the destructor (Stefano Garzarella) - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit) - nvmet: propagate npwg topology (Luis Chamberlain) - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov) - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (Hans de Goede) - kheaders: Ignore silly-rename files (David Howells) - fs: fix missing declaration of init_files (Zhang Kunbo) - hfs: Sanity check the root record (Leo Stone) - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) - i2c: rcar: fix NACK handling when being a target (Wolfram Sang) - i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang) - drm/v3d: Ensure job pointer is set to NULL after job completion (Ma?ra Canal) - net/mlx5: Fix RDMA TX steering prio (Patrisious Haddad) - net: xilinx: axienet: Fix IRQ coalescing packet count overflow (Sean Anderson) - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter) - pktgen: Avoid out-of-bounds access in get_imix_entries (Artem Chernyshev) - bpf: Fix bpf_sk_select_reuseport() memory leak (Michal Luczaj) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla) - phy: usb: Fix clock imbalance for suspend/resume (Justin Chen) - phy: usb: Use slow clock for wake enabled suspend (Justin Chen) - mptcp: fix TCP options overflow. (Paolo Abeni) - mptcp: drop port parameter of mptcp_pm_add_addr_signal (Geliang Tang) - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) - ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) - phy: usb: Toggle the PHY power during init (Justin Chen) - phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers (Al Cooper) - of: address: Preserve the flags portion on 1:1 dma-ranges mapping (Andrea della Porta) - of: address: Store number of bus flag cells rather than bool (Rob Herring) - of: address: Remove duplicated functions (Herve Codina) - of: address: Fix address translation when address-size is greater than 2 (Herve Codina) - of/address: Add support for 3 address cell bus (Rob Herring) - of: unittest: Add bus address range parsing tests (Rob Herring) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis) - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (Yu Kuai) - iio: adc: ad7124: Disable all channels at probe time (Uwe Kleine-K?nig) - iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori) - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam) - iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song) - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (Prashanth K) - usb: fix reference leak in usb_new_device() (Ma Ke) - USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng) - USB: usblp: return error when setting unsupported protocol (Jun Yan) - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) - topology: Keep the cpumask unchanged when printing cpumap (Li Huafei) - usb: dwc3: gadget: fix writing NYET threshold (Andr? Draszik) - USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold) - usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel) - staging: iio: ad9832: Correct phase range check (Zicheng Qu) - staging: iio: ad9834: Correct phase range check (Zicheng Qu) - USB: serial: option: add Neoway N723-EA support (Michal Hrusecky) - USB: serial: option: add MeiG Smart SRM815 (Chukun Pan) - md/raid5: fix atomicity violation in raid5_cache_count (Gui-Dong Han) - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity (Kuan-Wei Chiu) - drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen) - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede) - riscv: Fix sleeping in invalid context in die() (Nam Cao) - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: udp_port: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0)) - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY (Mikulas Patocka) - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) - afs: Fix the maximum cell name length (David Howells) - ksmbd: fix a missing return value check bug (Wentao Liang) - drm/mediatek: Add support for 180-degree rotation in the display driver (Jason-JH.Lin) - netfilter: conntrack: clamp maximum hashtable size to INT_MAX (Pablo Neira Ayuso) - netfilter: nf_tables: imbalance in flowtable binding (Pablo Neira Ayuso) - tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington) - cxgb4: Avoid removal of uninserted tid (Anumula Murali Mohan Reddy) - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (Kalesh AP) - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan) - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing) - net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor) - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura) - ASoC: mediatek: disable buffer pre-allocation (Chen-Yu Tsai) - exfat: fix the infinite loop in __exfat_free_cluster() (Yuezhang Mo) - exfat: fix the infinite loop in exfat_readdir() (Yuezhang Mo) - dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai) - dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai) - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) - jbd2: flush filesystem device before updating tail sequence (Zhang Yi) - ceph: give up on paths longer than PATH_MAX (Max Kellermann) [5.15.0-306.176.1.el8uek] - mm/page_alloc: fix min_free_kbytes calculation regarding ZONE_MOVABLE (liuq) [Orabug: 37503579] - mm: Limit warning message in vmemmap_verify() to once (Ma Wupeng) [Orabug: 37503579] - assoc_array: fix the return value in assoc_array_insert_mid_shortcut() (Roman Smirnov) [Orabug: 37503579] - assoc_array: Avoid open coded arithmetic in allocator arguments (Len Baker) [Orabug: 37503579] - mm/page_alloc: use accumulated load when building node fallback list (Krupa Ramakrishnan) [Orabug: 37503525] - mm/page_alloc: print node fallback order (Bharata B Rao) [Orabug: 37503525] - PCI: Support BAR sizes up to 8TB (Dongdong Liu) [Orabug: 37503525] - uek-rpm: Enable USB_XHCI_PCI_RENESAS as a module for aarch64 platforms (Harshit Mogalapalli) [Orabug: 37552080] - cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [Orabug: 37535421] - cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [Orabug: 37535421] From el-errata at oss.oracle.com Tue Mar 11 19:52:44 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:52:44 -0700 Subject: [El-errata] ELBA-2025-20154 Oracle Linux 9 iscsi-initiator-utils bug fix update Message-ID: <mailman.65.1741722774.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20154 http://linux.oracle.com/errata/ELBA-2025-20154.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.2.el9.i686.rpm iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.2.el9.x86_64.rpm iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.0.2.el9.x86_64.rpm python3-iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.2.el9.x86_64.rpm aarch64: iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.2.el9.aarch64.rpm iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.0.2.el9.aarch64.rpm python3-iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.2.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.2.el9.src.rpm Description of changes: [6.2.1.9-18.gita65a472.0.2] - Remove incorrect keyword from install section in iscsi-init [Orabug: 37544462] [6.2.1.9-18.gita65a472.0.1] - Add python3-rpm-macros to BuildRequires - Allow systemd-remount-fs complete before iscsi-init.service [Orabug: 34325406] - Allow iscsi-init.service to start after local-fs.target [Orabug: 33930979] - Rename 0008-use-red-hat-name.patch to 0008-use-oracle-for-name.patch and use com.oracle in prefix - Complete the following tasks to address [Orabug: 29311709] The following patches address [Orabug: 29128380] (Jianchao Wang) Add 0032-Add-Requires-iscsid.service-in-iscsi.service.patch The following patch addresses [Orabug: 29306329] Add 0033-Update-systemd-to-always-restart-iscsid-service.patch - Print vital iscsid messages on console using rsyslog facility. This is particularly useful when using iscsi boot and there is a connection or session issue. [Orabug: 29503805] - Modify iscsi-mark-root-nodes script to only update node.startup to onboot for iscsi sessions that are active during boot. [Orabug: 29653342] - Modify iscsi-mark-root nodes script to not mark nodes when iscsi.service is restarted. [Orabug: 29851447] - Modify patches 0007 and 0032-0035 to apply cleanly - Tune TimeoutSec of iscsid service to 10 minutes [Orabug: 29869817] [6.2.1.9-18.gita65a472] - rebase to upstream 2.1.9+ with iscsiuio 0.7.8.8 - new meson build system, sync with fedora packaging From el-errata at oss.oracle.com Tue Mar 11 19:52:45 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:52:45 -0700 Subject: [El-errata] ELBA-2025-20157 Oracle Linux 9 mdadm bug fix update Message-ID: <mailman.66.1741722774.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20157 http://linux.oracle.com/errata/ELBA-2025-20157.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mdadm-4.3-3.0.2.el9.x86_64.rpm aarch64: mdadm-4.3-3.0.2.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//mdadm-4.3-3.0.2.el9.src.rpm Description of changes: [4.3-3.0.2] - mdmon: imsm: fix metadata corruption when managing new array. [Orabug: 37635990] From el-errata at oss.oracle.com Tue Mar 11 19:52:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:52:47 -0700 Subject: [El-errata] ELBA-2025-2472 Oracle Linux 9 glibc bug fix update Message-ID: <mailman.67.1741722775.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2472 http://linux.oracle.com/errata/ELBA-2025-2472.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: glibc-2.34-125.0.1.el9_5.3.i686.rpm glibc-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-all-langpacks-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-common-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-devel-2.34-125.0.1.el9_5.3.i686.rpm glibc-devel-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-doc-2.34-125.0.1.el9_5.3.noarch.rpm glibc-gconv-extra-2.34-125.0.1.el9_5.3.i686.rpm glibc-gconv-extra-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-headers-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-aa-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-af-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-agr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ak-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-am-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-an-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-anp-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ar-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-as-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ast-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ayc-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-az-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-be-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bem-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ber-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bg-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bhb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bho-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bo-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-br-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-brx-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-bs-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-byn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ca-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ce-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-chr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ckb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-cmn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-crh-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-cs-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-csb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-cv-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-cy-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-da-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-de-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-doi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-dsb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-dv-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-dz-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-el-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-en-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-eo-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-es-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-et-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-eu-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fa-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ff-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fil-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fo-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fur-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-fy-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ga-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-gd-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-gez-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-gl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-gu-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-gv-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ha-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hak-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-he-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hif-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hne-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hsb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ht-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hu-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-hy-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ia-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-id-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ig-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ik-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-is-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-it-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-iu-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ja-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ka-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-kab-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-kk-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-kl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-km-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-kn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ko-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-kok-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ks-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ku-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-kw-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ky-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lg-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-li-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lij-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ln-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lo-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lt-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lv-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-lzh-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mag-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mai-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mfe-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mg-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mhr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-miq-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mjw-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mk-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ml-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mni-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mnw-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ms-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-mt-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-my-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nan-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nb-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nds-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ne-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nhn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-niu-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-nso-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-oc-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-om-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-or-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-os-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-pa-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-pap-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-pl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ps-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-pt-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-quz-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-raj-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ro-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ru-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-rw-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sa-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sah-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sat-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sc-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sd-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-se-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sgs-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-shn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-shs-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-si-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sid-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sk-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sm-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-so-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sq-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ss-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-st-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sv-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-sw-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-szl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ta-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tcy-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-te-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tg-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-th-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-the-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ti-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tig-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tk-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tl-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tn-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-to-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tpi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tr-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ts-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-tt-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ug-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-uk-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-unm-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ur-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-uz-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-ve-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-vi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-wa-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-wae-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-wal-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-wo-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-xh-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-yi-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-yo-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-yue-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-yuw-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-zh-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-langpack-zu-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-locale-source-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-minimal-langpack-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-utils-2.34-125.0.1.el9_5.3.x86_64.rpm libnsl-2.34-125.0.1.el9_5.3.i686.rpm libnsl-2.34-125.0.1.el9_5.3.x86_64.rpm nscd-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-benchtests-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-nss-devel-2.34-125.0.1.el9_5.3.i686.rpm glibc-nss-devel-2.34-125.0.1.el9_5.3.x86_64.rpm glibc-static-2.34-125.0.1.el9_5.3.i686.rpm glibc-static-2.34-125.0.1.el9_5.3.x86_64.rpm nss_db-2.34-125.0.1.el9_5.3.i686.rpm nss_db-2.34-125.0.1.el9_5.3.x86_64.rpm nss_hesiod-2.34-125.0.1.el9_5.3.i686.rpm nss_hesiod-2.34-125.0.1.el9_5.3.x86_64.rpm aarch64: glibc-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-all-langpacks-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-common-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-devel-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-doc-2.34-125.0.1.el9_5.3.noarch.rpm glibc-gconv-extra-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-aa-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-af-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-agr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ak-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-am-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-an-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-anp-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ar-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-as-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ast-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ayc-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-az-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-be-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bem-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ber-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bg-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bhb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bho-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bo-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-br-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-brx-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-bs-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-byn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ca-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ce-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-chr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ckb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-cmn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-crh-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-cs-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-csb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-cv-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-cy-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-da-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-de-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-doi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-dsb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-dv-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-dz-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-el-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-en-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-eo-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-es-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-et-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-eu-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fa-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ff-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fil-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fo-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fur-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-fy-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ga-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-gd-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-gez-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-gl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-gu-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-gv-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ha-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hak-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-he-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hif-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hne-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hsb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ht-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hu-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-hy-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ia-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-id-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ig-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ik-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-is-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-it-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-iu-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ja-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ka-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-kab-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-kk-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-kl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-km-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-kn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ko-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-kok-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ks-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ku-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-kw-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ky-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lg-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-li-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lij-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ln-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lo-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lt-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lv-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-lzh-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mag-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mai-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mfe-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mg-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mhr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-miq-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mjw-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mk-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ml-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mni-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mnw-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ms-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-mt-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-my-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nan-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nb-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nds-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ne-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nhn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-niu-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-nso-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-oc-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-om-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-or-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-os-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-pa-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-pap-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-pl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ps-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-pt-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-quz-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-raj-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ro-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ru-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-rw-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sa-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sah-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sat-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sc-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sd-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-se-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sgs-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-shn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-shs-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-si-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sid-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sk-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sm-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-so-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sq-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ss-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-st-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sv-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-sw-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-szl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ta-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tcy-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-te-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tg-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-th-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-the-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ti-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tig-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tk-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tl-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tn-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-to-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tpi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tr-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ts-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-tt-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ug-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-uk-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-unm-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ur-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-uz-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-ve-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-vi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-wa-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-wae-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-wal-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-wo-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-xh-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-yi-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-yo-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-yue-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-yuw-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-zh-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-langpack-zu-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-locale-source-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-minimal-langpack-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-utils-2.34-125.0.1.el9_5.3.aarch64.rpm libnsl-2.34-125.0.1.el9_5.3.aarch64.rpm nscd-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-benchtests-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-nss-devel-2.34-125.0.1.el9_5.3.aarch64.rpm glibc-static-2.34-125.0.1.el9_5.3.aarch64.rpm nss_db-2.34-125.0.1.el9_5.3.aarch64.rpm nss_hesiod-2.34-125.0.1.el9_5.3.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//glibc-2.34-125.0.1.el9_5.3.src.rpm Description of changes: [2.34-125.0.1.3] - Forward-port Oracle patches for ol9-u5 (glibc-2.34-125.0.1.3) Reviewed by: Jose E. Marchesi <jose.marchesi at oracle.com> Oracle history: From el-errata at oss.oracle.com Tue Mar 11 19:52:48 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:52:48 -0700 Subject: [El-errata] ELSA-2025-2500 Important: Oracle Linux 9 tigervnc security update Message-ID: <mailman.70.1741722776.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2500 http://linux.oracle.com/errata/ELSA-2025-2500.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.14.1-1.el9_5.1.x86_64.rpm tigervnc-icons-1.14.1-1.el9_5.1.noarch.rpm tigervnc-license-1.14.1-1.el9_5.1.noarch.rpm tigervnc-selinux-1.14.1-1.el9_5.1.noarch.rpm tigervnc-server-1.14.1-1.el9_5.1.x86_64.rpm tigervnc-server-minimal-1.14.1-1.el9_5.1.x86_64.rpm tigervnc-server-module-1.14.1-1.el9_5.1.x86_64.rpm aarch64: tigervnc-1.14.1-1.el9_5.1.aarch64.rpm tigervnc-icons-1.14.1-1.el9_5.1.noarch.rpm tigervnc-license-1.14.1-1.el9_5.1.noarch.rpm tigervnc-selinux-1.14.1-1.el9_5.1.noarch.rpm tigervnc-server-1.14.1-1.el9_5.1.aarch64.rpm tigervnc-server-minimal-1.14.1-1.el9_5.1.aarch64.rpm tigervnc-server-module-1.14.1-1.el9_5.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//tigervnc-1.14.1-1.el9_5.1.src.rpm Related CVEs: CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601 Description of changes: [1.14.1-1.1] - Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor Resolves: RHEL-79406 - Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText() Resolves: RHEL-80018 - Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms() Resolves: RHEL-79391 - Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey() Resolves: RHEL-80029 - Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient() Resolves: RHEL-79374 - Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow() Resolves: RHEL-80043 - Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents() Resolves: RHEL-80037 - Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger() Resolves: RHEL-79353 From el-errata at oss.oracle.com Tue Mar 11 19:53:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:06 -0700 Subject: [El-errata] ELSA-2025-20153 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: <mailman.71.1741722803.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-20153 http://linux.oracle.com/errata/ELSA-2025-20153.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.341.3.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.341.3.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.341.3.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.341.3.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.341.3.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.1.el8uek.src.rpm Related CVEs: CVE-2024-44986 CVE-2024-53164 CVE-2024-56767 CVE-2024-56769 Description of changes: [5.4.17-2136.341.3.1.el8uek] - Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37667080] [5.4.17-2136.341.3.el8uek] - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 37565787] - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37565787] - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] - vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393] - RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584] - NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187] [5.4.17-2136.341.2.el8uek] - LTS tag: v5.4.289 (Sherry Yang) - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) - drm: adv7511: Drop dsi single lane support (Biju Das) - net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov) - sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg) - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin) - RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter) - modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada) - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada) - ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky) - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak) - net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas) - bpf: fix potential error return (Anton Protopopov) - sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu) - wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach) - ila: serialize calls to nf_register_net_hooks() (Eric Dumazet) - ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal) - net: llc: reset skb->transport_header (Antonio Pastor) - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso) - netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) - netrom: check buffer length before accessing it (Ilya Shchipletsov) - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg) - drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean) - RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP) - RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel) - RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad) - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit) - IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit) - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley) - selinux: ignore unknown extended permissions (Thi?baud Weksteen) - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) - skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin) - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - tracing: Constify string literal data member in struct trace_event_call (Christian G?ttsche) - bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen) - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986} - ipv6: use skb_expand_head in ip6_xmit (Vasily Averin) - ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin) - skbuff: introduce skb_expand_head() (Vasily Averin) - MIPS: Probe toolchain support of -msym32 (Jiaxun Yang) - epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan) - virtio-blk: don't keep queue frozen during system suspend (Ming Lei) - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar) - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf) - regmap: Use correct format specifier for logging range errors (Mark Brown) - scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm) - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google)) - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767} - dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco) - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu) - phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu) - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu) - phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu) - mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie) - bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang) - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu) - of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina) - udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn) - nilfs2: prevent use of deleted inode (Edward Adam Davis) - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust) - btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo) - zram: refuse to use zero sized block device as backing device (Kairui Song) - sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven) - USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas) - USB: serial: option: add MediaTek T7XX compositions (Jack Wu) - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang) - USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky) - USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar) - efivarfs: Fix error on non-existent file (James Bottomley) - i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven) - chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter) - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete) - netfilter: ipset: Fix for recursive locking warning (Phil Sutter) - net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori) - net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter) - ionic: use ee->offset when returning sprom data (Shannon Nelson) - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang) - erofs: fix incorrect symlink detection in fast symlink (Gao Xiang) - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang) - drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang) - PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde) - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai) - PCI/AER: Disable AER service on suspend (Kai-Heng Feng) - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi) - net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164} [5.4.17-2136.341.1.el8uek] - kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220] From el-errata at oss.oracle.com Tue Mar 11 19:53:14 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:14 -0700 Subject: [El-errata] ELSA-2025-2473 Important: Oracle Linux 8 kernel security update Message-ID: <mailman.72.1741722803.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2473 http://linux.oracle.com/errata/ELSA-2025-2473.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.44.1.el8_10.noarch.rpm kernel-core-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.44.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.44.1.el8_10.x86_64.rpm perf-4.18.0-553.44.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.44.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.44.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.44.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.44.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.44.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.44.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.44.1.el8_10.aarch64.rpm perf-4.18.0-553.44.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.44.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.44.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.44.1.el8_10.src.rpm Related CVEs: CVE-2024-50302 CVE-2024-53197 CVE-2024-57807 CVE-2024-57979 Description of changes: [4.18.0-553.44.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-553.44.1.el8_10] - HID: core: zero-initialize the report buffer (CKI Backport Bot) [RHEL-81825] {CVE-2024-50302} - ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81786] - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81786] - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81786] {CVE-2024-53197} - ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81786] [4.18.0-553.43.1.el8_10] - s390/module: fix loading modules with a lot of relocations (Mete Durlu) [RHEL-78999] - s390/module: Use s390_kernel_write() for late relocations (Mete Durlu) [RHEL-78999] - locking/atomic: Make test_and_*_bit() ordered on failure (Herton R. Krzesinski) [RHEL-69894] - pps: Fix a use-after-free (Michal Schmidt) [RHEL-77971] - KVM: s390: Change virtual to physical address access in diag 0x258 handler (Thomas Huth) [RHEL-68323 RHEL-65229] - KVM: s390: gaccess: Check if guest address is in memslot (Thomas Huth) [RHEL-68323 RHEL-65229] - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (Thomas Huth) [RHEL-68323 RHEL-65229] - s390/uv: Panic for set and remove shared access UVC errors (Thomas Huth) [RHEL-68323 RHEL-65229] - KVM: s390: vsie: Use virt_to_phys for crypto control block (Thomas Huth) [RHEL-68323 RHEL-65229] - KVM: s390: vsie: Use virt_to_phys for facility control block (Thomas Huth) [RHEL-68323 RHEL-65229] - scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) [RHEL-21984] {CVE-2024-57807} - net/mlx5: Reload auxiliary devices in pci error handlers (Benjamin Poirier) [RHEL-78756] - net/mlx5: Suspend auxiliary devices only in case of PCI device suspend (Benjamin Poirier) [RHEL-78756] From el-errata at oss.oracle.com Tue Mar 11 19:53:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:08 -0700 Subject: [El-errata] ELBA-2025-2603 Oracle Linux 8 fence-agents bug fix update Message-ID: <mailman.73.1741722807.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2603 http://linux.oracle.com/errata/ELBA-2025-2603.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: fence-agents-all-4.2.1-129.el8_10.7.x86_64.rpm fence-agents-amt-ws-4.2.1-129.el8_10.7.noarch.rpm fence-agents-apc-4.2.1-129.el8_10.7.noarch.rpm fence-agents-apc-snmp-4.2.1-129.el8_10.7.noarch.rpm fence-agents-bladecenter-4.2.1-129.el8_10.7.noarch.rpm fence-agents-brocade-4.2.1-129.el8_10.7.noarch.rpm fence-agents-cisco-mds-4.2.1-129.el8_10.7.noarch.rpm fence-agents-cisco-ucs-4.2.1-129.el8_10.7.noarch.rpm fence-agents-common-4.2.1-129.el8_10.7.noarch.rpm fence-agents-compute-4.2.1-129.el8_10.7.noarch.rpm fence-agents-drac5-4.2.1-129.el8_10.7.noarch.rpm fence-agents-eaton-snmp-4.2.1-129.el8_10.7.noarch.rpm fence-agents-emerson-4.2.1-129.el8_10.7.noarch.rpm fence-agents-eps-4.2.1-129.el8_10.7.noarch.rpm fence-agents-heuristics-ping-4.2.1-129.el8_10.7.noarch.rpm fence-agents-hpblade-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ibm-powervs-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ibm-vpc-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ibmblade-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ifmib-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo-moonshot-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo-mp-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo-ssh-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo2-4.2.1-129.el8_10.7.noarch.rpm fence-agents-intelmodular-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ipdu-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ipmilan-4.2.1-129.el8_10.7.noarch.rpm fence-agents-kdump-4.2.1-129.el8_10.7.x86_64.rpm fence-agents-kubevirt-4.2.1-129.el8_10.7.x86_64.rpm fence-agents-lpar-4.2.1-129.el8_10.7.noarch.rpm fence-agents-mpath-4.2.1-129.el8_10.7.noarch.rpm fence-agents-redfish-4.2.1-129.el8_10.7.x86_64.rpm fence-agents-rhevm-4.2.1-129.el8_10.7.noarch.rpm fence-agents-rsa-4.2.1-129.el8_10.7.noarch.rpm fence-agents-rsb-4.2.1-129.el8_10.7.noarch.rpm fence-agents-sbd-4.2.1-129.el8_10.7.noarch.rpm fence-agents-scsi-4.2.1-129.el8_10.7.noarch.rpm fence-agents-virsh-4.2.1-129.el8_10.7.noarch.rpm fence-agents-vmware-rest-4.2.1-129.el8_10.7.noarch.rpm fence-agents-vmware-soap-4.2.1-129.el8_10.7.noarch.rpm fence-agents-wti-4.2.1-129.el8_10.7.noarch.rpm aarch64: fence-agents-all-4.2.1-129.el8_10.7.aarch64.rpm fence-agents-amt-ws-4.2.1-129.el8_10.7.noarch.rpm fence-agents-apc-4.2.1-129.el8_10.7.noarch.rpm fence-agents-apc-snmp-4.2.1-129.el8_10.7.noarch.rpm fence-agents-bladecenter-4.2.1-129.el8_10.7.noarch.rpm fence-agents-brocade-4.2.1-129.el8_10.7.noarch.rpm fence-agents-cisco-mds-4.2.1-129.el8_10.7.noarch.rpm fence-agents-cisco-ucs-4.2.1-129.el8_10.7.noarch.rpm fence-agents-common-4.2.1-129.el8_10.7.noarch.rpm fence-agents-compute-4.2.1-129.el8_10.7.noarch.rpm fence-agents-drac5-4.2.1-129.el8_10.7.noarch.rpm fence-agents-eaton-snmp-4.2.1-129.el8_10.7.noarch.rpm fence-agents-emerson-4.2.1-129.el8_10.7.noarch.rpm fence-agents-eps-4.2.1-129.el8_10.7.noarch.rpm fence-agents-heuristics-ping-4.2.1-129.el8_10.7.noarch.rpm fence-agents-hpblade-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ibm-powervs-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ibm-vpc-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ibmblade-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ifmib-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo-moonshot-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo-mp-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo-ssh-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ilo2-4.2.1-129.el8_10.7.noarch.rpm fence-agents-intelmodular-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ipdu-4.2.1-129.el8_10.7.noarch.rpm fence-agents-ipmilan-4.2.1-129.el8_10.7.noarch.rpm fence-agents-kdump-4.2.1-129.el8_10.7.aarch64.rpm fence-agents-kubevirt-4.2.1-129.el8_10.7.aarch64.rpm fence-agents-mpath-4.2.1-129.el8_10.7.noarch.rpm fence-agents-redfish-4.2.1-129.el8_10.7.aarch64.rpm fence-agents-rhevm-4.2.1-129.el8_10.7.noarch.rpm fence-agents-rsa-4.2.1-129.el8_10.7.noarch.rpm fence-agents-rsb-4.2.1-129.el8_10.7.noarch.rpm fence-agents-sbd-4.2.1-129.el8_10.7.noarch.rpm fence-agents-scsi-4.2.1-129.el8_10.7.noarch.rpm fence-agents-virsh-4.2.1-129.el8_10.7.noarch.rpm fence-agents-vmware-rest-4.2.1-129.el8_10.7.noarch.rpm fence-agents-vmware-soap-4.2.1-129.el8_10.7.noarch.rpm fence-agents-wti-4.2.1-129.el8_10.7.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//fence-agents-4.2.1-129.el8_10.7.src.rpm Description of changes: [4.2.1-129.7] - fence_azure_arm: use azure-identity instead of msrestazure, which has been deprecated Resolves: RHEL-76492 [4.2.1-129.5] - fence_scsi: preempt clears all devices on the mpath device, so only run it for the first device Resolves: RHEL-56840 [4.2.1-129.4] - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50223 [4.2.1-129.3] - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43568 [4.2.1-129.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-7734 - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-35655 From el-errata at oss.oracle.com Tue Mar 11 19:52:56 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:52:56 -0700 Subject: [El-errata] ELSA-2025-20153 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: <mailman.74.1741722808.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-20153 http://linux.oracle.com/errata/ELSA-2025-20153.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.341.3.1.el8uek.x86_64.rpm kernel-uek-container-5.4.17-2136.341.3.1.el8uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.341.3.1.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.341.3.1.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.341.3.1.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.341.3.1.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.341.3.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.1.el8uek.src.rpm Related CVEs: CVE-2024-44986 CVE-2024-53164 CVE-2024-56767 CVE-2024-56769 Description of changes: [5.4.17-2136.341.3.1.el8uek] - Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37667080] [5.4.17-2136.341.3.el8uek] - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 37565787] - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37565787] - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] - vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393] - RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584] - NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187] [5.4.17-2136.341.2.el8uek] - LTS tag: v5.4.289 (Sherry Yang) - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) - drm: adv7511: Drop dsi single lane support (Biju Das) - net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov) - sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg) - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin) - RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter) - modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada) - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada) - ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky) - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak) - net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas) - bpf: fix potential error return (Anton Protopopov) - sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu) - wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach) - ila: serialize calls to nf_register_net_hooks() (Eric Dumazet) - ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal) - net: llc: reset skb->transport_header (Antonio Pastor) - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso) - netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) - netrom: check buffer length before accessing it (Ilya Shchipletsov) - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg) - drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean) - RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP) - RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel) - RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad) - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit) - IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit) - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley) - selinux: ignore unknown extended permissions (Thi?baud Weksteen) - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) - skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin) - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - tracing: Constify string literal data member in struct trace_event_call (Christian G?ttsche) - bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen) - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986} - ipv6: use skb_expand_head in ip6_xmit (Vasily Averin) - ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin) - skbuff: introduce skb_expand_head() (Vasily Averin) - MIPS: Probe toolchain support of -msym32 (Jiaxun Yang) - epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan) - virtio-blk: don't keep queue frozen during system suspend (Ming Lei) - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar) - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf) - regmap: Use correct format specifier for logging range errors (Mark Brown) - scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm) - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google)) - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767} - dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco) - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu) - phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu) - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu) - phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu) - mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie) - bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang) - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu) - of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina) - udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn) - nilfs2: prevent use of deleted inode (Edward Adam Davis) - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust) - btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo) - zram: refuse to use zero sized block device as backing device (Kairui Song) - sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven) - USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas) - USB: serial: option: add MediaTek T7XX compositions (Jack Wu) - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang) - USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky) - USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar) - efivarfs: Fix error on non-existent file (James Bottomley) - i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven) - chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter) - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete) - netfilter: ipset: Fix for recursive locking warning (Phil Sutter) - net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori) - net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter) - ionic: use ee->offset when returning sprom data (Shannon Nelson) - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang) - erofs: fix incorrect symlink detection in fast symlink (Gao Xiang) - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang) - drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang) - PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde) - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai) - PCI/AER: Disable AER service on suspend (Kai-Heng Feng) - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi) - net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164} [5.4.17-2136.341.1.el8uek] - kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220] From el-errata at oss.oracle.com Tue Mar 11 19:53:15 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:15 -0700 Subject: [El-errata] ELSA-2025-2502 Important: Oracle Linux 8 tigervnc security update Message-ID: <mailman.77.1741722808.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2502 http://linux.oracle.com/errata/ELSA-2025-2502.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.13.1-15.el8_10.x86_64.rpm tigervnc-icons-1.13.1-15.el8_10.noarch.rpm tigervnc-license-1.13.1-15.el8_10.noarch.rpm tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm tigervnc-server-1.13.1-15.el8_10.x86_64.rpm tigervnc-server-minimal-1.13.1-15.el8_10.x86_64.rpm tigervnc-server-module-1.13.1-15.el8_10.x86_64.rpm aarch64: tigervnc-1.13.1-15.el8_10.aarch64.rpm tigervnc-icons-1.13.1-15.el8_10.noarch.rpm tigervnc-license-1.13.1-15.el8_10.noarch.rpm tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm tigervnc-server-1.13.1-15.el8_10.aarch64.rpm tigervnc-server-minimal-1.13.1-15.el8_10.aarch64.rpm tigervnc-server-module-1.13.1-15.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.13.1-15.el8_10.src.rpm Related CVEs: CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601 Description of changes: [1.13.1-15] - Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor Resolves: RHEL-79397 - Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText() Resolves: RHEL-79401 - Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms() Resolves: RHEL-79386 - Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey() Resolves: RHEL-79380 - Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient() Resolves: RHEL-79369 - Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow() Resolves: RHEL-79364 - Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents() Resolves: RHEL-79360 - Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger() Resolves: RHEL-79348 From el-errata at oss.oracle.com Tue Mar 11 19:53:09 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:09 -0700 Subject: [El-errata] ELBA-2025-2605 Oracle Linux 8 geocode-glib bug fix update Message-ID: <mailman.78.1741722809.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2605 http://linux.oracle.com/errata/ELBA-2025-2605.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: geocode-glib-3.26.0-4.el8_10.i686.rpm geocode-glib-3.26.0-4.el8_10.x86_64.rpm geocode-glib-devel-3.26.0-4.el8_10.i686.rpm geocode-glib-devel-3.26.0-4.el8_10.x86_64.rpm aarch64: geocode-glib-3.26.0-4.el8_10.aarch64.rpm geocode-glib-devel-3.26.0-4.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//geocode-glib-3.26.0-4.el8_10.src.rpm Description of changes: [3.26.0-4] - Resolves: RHEL-4090 (Fix Nominatim crasher) From el-errata at oss.oracle.com Tue Mar 11 19:53:12 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:12 -0700 Subject: [El-errata] ELBA-2025-2617 Oracle Linux 8 libselinux bug fix update Message-ID: <mailman.79.1741722809.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2617 http://linux.oracle.com/errata/ELBA-2025-2617.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libselinux-2.9-10.el8_10.i686.rpm libselinux-2.9-10.el8_10.x86_64.rpm libselinux-devel-2.9-10.el8_10.i686.rpm libselinux-devel-2.9-10.el8_10.x86_64.rpm libselinux-ruby-2.9-10.el8_10.x86_64.rpm libselinux-utils-2.9-10.el8_10.x86_64.rpm python3-libselinux-2.9-10.el8_10.x86_64.rpm libselinux-static-2.9-10.el8_10.i686.rpm libselinux-static-2.9-10.el8_10.x86_64.rpm aarch64: libselinux-2.9-10.el8_10.aarch64.rpm libselinux-devel-2.9-10.el8_10.aarch64.rpm libselinux-ruby-2.9-10.el8_10.aarch64.rpm libselinux-utils-2.9-10.el8_10.aarch64.rpm python3-libselinux-2.9-10.el8_10.aarch64.rpm libselinux-static-2.9-10.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libselinux-2.9-10.el8_10.src.rpm Description of changes: [2.9-10] - Close old selabel handle when setting a new one (RHEL-73348) - Fix NULL pointer use in selinux_restorecon_set_sehandle (RHEL-74252) From el-errata at oss.oracle.com Tue Mar 11 19:53:22 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:22 -0700 Subject: [El-errata] ELSA-2025-1718 Important: Oracle Linux 7 bind security update Message-ID: <mailman.80.1741722812.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1718 http://linux.oracle.com/errata/ELSA-2025-1718.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bind-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-chroot-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-export-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-export-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-export-libs-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-export-libs-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-libs-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-libs-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-libs-lite-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-libs-lite-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-license-9.11.4-26.0.3.P2.el7_9.16.noarch.rpm bind-lite-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-lite-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-pkcs11-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-pkcs11-devel-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-pkcs11-devel-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-pkcs11-libs-9.11.4-26.0.3.P2.el7_9.16.i686.rpm bind-pkcs11-libs-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-pkcs11-utils-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-sdb-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-sdb-chroot-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm bind-utils-9.11.4-26.0.3.P2.el7_9.16.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//bind-9.11.4-26.0.3.P2.el7_9.16.src.rpm Related CVEs: CVE-2024-11187 Description of changes: [32:9.11.4-26.0.3.P2.16] - Resolve CVE-2024-11187 [Orabug: 37616907] From el-errata at oss.oracle.com Tue Mar 11 19:53:02 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:02 -0700 Subject: [El-errata] ELSA-2025-20153 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: <mailman.81.1741722812.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-20153 http://linux.oracle.com/errata/ELSA-2025-20153.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.341.3.1.el7uek.x86_64.rpm kernel-uek-container-5.4.17-2136.341.3.1.el7uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.341.3.1.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.341.3.1.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.341.3.1.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.341.3.1.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.341.3.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.341.3.1.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.1.el7uek.src.rpm Related CVEs: CVE-2024-44986 CVE-2024-53164 CVE-2024-56767 CVE-2024-56769 Description of changes: [5.4.17-2136.341.3.1.el7uek] - Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37667080] [5.4.17-2136.341.3.el7uek] - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 37565787] - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37565787] - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] - vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393] - RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584] - NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187] [5.4.17-2136.341.2.el7uek] - LTS tag: v5.4.289 (Sherry Yang) - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) - drm: adv7511: Drop dsi single lane support (Biju Das) - net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov) - sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg) - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin) - RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter) - modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada) - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada) - ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky) - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak) - net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas) - bpf: fix potential error return (Anton Protopopov) - sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu) - wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach) - ila: serialize calls to nf_register_net_hooks() (Eric Dumazet) - ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal) - net: llc: reset skb->transport_header (Antonio Pastor) - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso) - netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) - netrom: check buffer length before accessing it (Ilya Shchipletsov) - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg) - drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean) - RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP) - RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel) - RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad) - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit) - IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit) - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley) - selinux: ignore unknown extended permissions (Thi?baud Weksteen) - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) - skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin) - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - tracing: Constify string literal data member in struct trace_event_call (Christian G?ttsche) - bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen) - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986} - ipv6: use skb_expand_head in ip6_xmit (Vasily Averin) - ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin) - skbuff: introduce skb_expand_head() (Vasily Averin) - MIPS: Probe toolchain support of -msym32 (Jiaxun Yang) - epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan) - virtio-blk: don't keep queue frozen during system suspend (Ming Lei) - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar) - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf) - regmap: Use correct format specifier for logging range errors (Mark Brown) - scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm) - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google)) - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767} - dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco) - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu) - phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu) - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu) - phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu) - mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie) - bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang) - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu) - of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina) - udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn) - nilfs2: prevent use of deleted inode (Edward Adam Davis) - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust) - btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo) - zram: refuse to use zero sized block device as backing device (Kairui Song) - sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven) - USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas) - USB: serial: option: add MediaTek T7XX compositions (Jack Wu) - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang) - USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky) - USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar) - efivarfs: Fix error on non-existent file (James Bottomley) - i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven) - chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter) - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete) - netfilter: ipset: Fix for recursive locking warning (Phil Sutter) - net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori) - net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter) - ionic: use ee->offset when returning sprom data (Shannon Nelson) - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang) - erofs: fix incorrect symlink detection in fast symlink (Gao Xiang) - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang) - drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang) - PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde) - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai) - PCI/AER: Disable AER service on suspend (Kai-Heng Feng) - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi) - net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164} [5.4.17-2136.341.1.el7uek] - kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220] From el-errata at oss.oracle.com Tue Mar 11 19:53:17 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:17 -0700 Subject: [El-errata] ELSA-2025-2600 Moderate: Oracle Linux 8 rsync security update Message-ID: <mailman.82.1741722813.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2600 http://linux.oracle.com/errata/ELSA-2025-2600.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: rsync-3.1.3-21.el8_10.x86_64.rpm rsync-daemon-3.1.3-21.el8_10.noarch.rpm aarch64: rsync-3.1.3-21.el8_10.aarch64.rpm rsync-daemon-3.1.3-21.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//rsync-3.1.3-21.el8_10.src.rpm Related CVEs: CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 Description of changes: [3.1.3-21] - Resolves: RHEL-70207 - Path traversal vulnerability in rsync From el-errata at oss.oracle.com Tue Mar 11 19:53:11 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 11 Mar 2025 12:53:11 -0700 Subject: [El-errata] ELBA-2025-2606 Oracle Linux 8 grafana bug fix update Message-ID: <mailman.83.1741722813.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2606 http://linux.oracle.com/errata/ELBA-2025-2606.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-9.2.10-22.el8_10.x86_64.rpm grafana-selinux-9.2.10-22.el8_10.x86_64.rpm aarch64: grafana-9.2.10-22.el8_10.aarch64.rpm grafana-selinux-9.2.10-22.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//grafana-9.2.10-22.el8_10.src.rpm Description of changes: [9.2.10-22] - Resolves RHEL-75921: grafana selinux issue with autofs_t From el-errata at oss.oracle.com Thu Mar 13 05:39:34 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 05:39:34 +0000 Subject: [El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20153) References: <26491b3feaab193268e8d9f6426cb513.apache@ksplice.com> Message-ID: <mailman.104.1741844385.33.el-errata@oss.oracle.com> Synopsis: ELSA-2025-20153 can now be patched using Ksplice CVEs: CVE-2024-53164 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20153. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20153.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-53164: Privilege escalation in CAKE network scheduler. A logic error when using the Common Applications Kept Enhanced (CAKE) network scheduler could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * Remote denial-of-service in NFSv4.1 client driver. A missing check when using the NFSv4.1 client driver could lead to a livelock. A remote attacker could use this flaw to cause a denial-of-service. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2024-53690, CVE-2024-56767, CVE-2024-57802, CVE-2024-57889, CVE-2024-57900 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20250313/d355bff3/attachment.sig> From el-errata at oss.oracle.com Fri Mar 14 00:05:45 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:45 -0700 Subject: [El-errata] ELSA-2025-2627 Important: Oracle Linux 9 kernel security update Message-ID: <mailman.105.1741910756.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2627 http://linux.oracle.com/errata/ELSA-2025-2627.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-7.4.0-503.31.1.el9_5.x86_64.rpm kernel-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-abi-stablelists-5.14.0-503.31.1.el9_5.noarch.rpm kernel-core-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-core-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-devel-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-modules-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-debug-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-devel-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-doc-5.14.0-503.31.1.el9_5.noarch.rpm kernel-headers-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-modules-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-tools-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-tools-libs-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-uki-virt-addons-5.14.0-503.31.1.el9_5.x86_64.rpm perf-5.14.0-503.31.1.el9_5.x86_64.rpm python3-perf-5.14.0-503.31.1.el9_5.x86_64.rpm rtla-5.14.0-503.31.1.el9_5.x86_64.rpm rv-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-cross-headers-5.14.0-503.31.1.el9_5.x86_64.rpm kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.x86_64.rpm libperf-5.14.0-503.31.1.el9_5.x86_64.rpm aarch64: bpftool-7.4.0-503.31.1.el9_5.aarch64.rpm kernel-headers-5.14.0-503.31.1.el9_5.aarch64.rpm kernel-tools-5.14.0-503.31.1.el9_5.aarch64.rpm kernel-tools-libs-5.14.0-503.31.1.el9_5.aarch64.rpm perf-5.14.0-503.31.1.el9_5.aarch64.rpm python3-perf-5.14.0-503.31.1.el9_5.aarch64.rpm rtla-5.14.0-503.31.1.el9_5.aarch64.rpm rv-5.14.0-503.31.1.el9_5.aarch64.rpm kernel-cross-headers-5.14.0-503.31.1.el9_5.aarch64.rpm kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.31.1.el9_5.src.rpm Related CVEs: CVE-2023-52605 CVE-2023-52922 CVE-2024-50264 CVE-2024-50302 CVE-2024-53113 CVE-2024-53197 Description of changes: [5.14.0-503.31.1.el9_5.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-503.31.1.el9_5] - HID: core: zero-initialize the report buffer (Benjamin Tissoires) [RHEL-81838] {CVE-2024-50302} - x86/kaslr: Expose and use the end of the physical memory address space (Waiman Long) [RHEL-70002] - ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81799] - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799] - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81799] {CVE-2024-53197} - ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799] - x86/kexec: Add EFI config table identity mapping for kexec kernel (Jay Shin) [RHEL-74170] - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (Jay Shin) [RHEL-73210] {CVE-2024-53113} - can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922} - smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526] - hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488] - dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338] - net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343] - arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343] - net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343] - net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343] - arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343] - arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343] - arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343] - arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343] - arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343] - ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605} - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264} - x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065] - cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291] [5.14.0-503.30.1.el9_5] - can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922} - smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526] - hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488] - dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338] - net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343] - arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343] - net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343] - net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343] - arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343] - arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343] - arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343] - arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343] - arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343] - ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605} - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264} - x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065] - cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291] From el-errata at oss.oracle.com Fri Mar 14 00:05:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:47 -0700 Subject: [El-errata] ELSA-2025-2668 Important: Oracle Linux 9 .NET 9.0 security, bug fix, and enhancement update Message-ID: <mailman.108.1741910757.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2668 http://linux.oracle.com/errata/ELSA-2025-2668.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-apphost-pack-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-host-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-hostfxr-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-runtime-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-sdk-9.0-9.0.104-1.0.1.el9_5.x86_64.rpm dotnet-sdk-aot-9.0-9.0.104-1.0.1.el9_5.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.104-1.0.1.el9_5.x86_64.rpm dotnet-targeting-pack-9.0-9.0.3-1.0.1.el9_5.x86_64.rpm dotnet-templates-9.0-9.0.104-1.0.1.el9_5.x86_64.rpm netstandard-targeting-pack-2.1-9.0.104-1.0.1.el9_5.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.104-1.0.1.el9_5.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-apphost-pack-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-host-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-hostfxr-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-runtime-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-sdk-9.0-9.0.104-1.0.1.el9_5.aarch64.rpm dotnet-sdk-aot-9.0-9.0.104-1.0.1.el9_5.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.104-1.0.1.el9_5.aarch64.rpm dotnet-targeting-pack-9.0-9.0.3-1.0.1.el9_5.aarch64.rpm dotnet-templates-9.0-9.0.104-1.0.1.el9_5.aarch64.rpm netstandard-targeting-pack-2.1-9.0.104-1.0.1.el9_5.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.104-1.0.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//dotnet9.0-9.0.104-1.0.1.el9_5.src.rpm Related CVEs: CVE-2025-24070 Description of changes: [9.0.104-1.0.1] - Add support for Oracle Linux [9.0.104-1] - Update to .NET SDK 9.0.104 and Runtime 9.0.3 - Resolves: RHEL-81649 From el-errata at oss.oracle.com Fri Mar 14 00:05:48 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:48 -0700 Subject: [El-errata] ELSA-2025-2669 Important: Oracle Linux 9 .NET 8.0 security, bug fix, and enhancement update Message-ID: <mailman.109.1741910757.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2669 http://linux.oracle.com/errata/ELSA-2025-2669.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm dotnet-apphost-pack-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm dotnet-hostfxr-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm dotnet-runtime-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm dotnet-sdk-8.0-8.0.114-1.0.1.el9_5.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.114-1.0.1.el9_5.x86_64.rpm dotnet-targeting-pack-8.0-8.0.14-1.0.1.el9_5.x86_64.rpm dotnet-templates-8.0-8.0.114-1.0.1.el9_5.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.114-1.0.1.el9_5.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm dotnet-apphost-pack-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm dotnet-hostfxr-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm dotnet-runtime-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm dotnet-sdk-8.0-8.0.114-1.0.1.el9_5.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.114-1.0.1.el9_5.aarch64.rpm dotnet-targeting-pack-8.0-8.0.14-1.0.1.el9_5.aarch64.rpm dotnet-templates-8.0-8.0.114-1.0.1.el9_5.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.114-1.0.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//dotnet8.0-8.0.114-1.0.1.el9_5.src.rpm Related CVEs: CVE-2025-24070 Description of changes: [8.0.114-1.0.1] - Add support for Oracle Linux [8.0.114-1] - Update to .NET SDK 8.0.114 and Runtime 8.0.14 - Resolves: RHEL-81640 From el-errata at oss.oracle.com Fri Mar 14 00:05:49 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:49 -0700 Subject: [El-errata] ELSA-2025-2679 Important: Oracle Linux 9 libxml2 security update Message-ID: <mailman.110.1741910757.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2679 http://linux.oracle.com/errata/ELSA-2025-2679.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libxml2-2.9.13-6.el9_5.2.i686.rpm libxml2-2.9.13-6.el9_5.2.x86_64.rpm libxml2-devel-2.9.13-6.el9_5.2.i686.rpm libxml2-devel-2.9.13-6.el9_5.2.x86_64.rpm python3-libxml2-2.9.13-6.el9_5.2.x86_64.rpm aarch64: libxml2-2.9.13-6.el9_5.2.aarch64.rpm libxml2-devel-2.9.13-6.el9_5.2.aarch64.rpm python3-libxml2-2.9.13-6.el9_5.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//libxml2-2.9.13-6.el9_5.2.src.rpm Related CVEs: CVE-2024-56171 CVE-2025-24928 Description of changes: [2.9.13-6.2] - Fix CVE-2024-56171 (RHEL-80128) - Fix CVE-2025-24928 (RHEL-80143) From el-errata at oss.oracle.com Fri Mar 14 00:05:55 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:55 -0700 Subject: [El-errata] ELBA-2025-20156 Oracle Linux 8 mdadm bug fix update Message-ID: <mailman.111.1741910763.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20156 http://linux.oracle.com/errata/ELBA-2025-20156.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mdadm-4.2-16.0.2.el8_10.x86_64.rpm aarch64: mdadm-4.2-16.0.2.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mdadm-4.2-16.0.2.el8_10.src.rpm Description of changes: [4.2-16.0.2] - mdmon: imsm: fix metadata corruption when managing new array [Orabug: 37419014] From el-errata at oss.oracle.com Fri Mar 14 00:05:56 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:56 -0700 Subject: [El-errata] ELBA-2025-20159 Oracle Linux 8 pcp bug fix update Message-ID: <mailman.112.1741910765.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20159 http://linux.oracle.com/errata/ELBA-2025-20159.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-conf-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-devel-5.3.7-22.0.3.el8_10.i686.rpm pcp-devel-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-doc-5.3.7-22.0.3.el8_10.noarch.rpm pcp-export-pcp2graphite-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-pcp2influxdb-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-pcp2json-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-pcp2xml-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-pcp2zabbix-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-zabbix-agent-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-gui-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-import-collectl2pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-import-ganglia2pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-import-iostat2pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-import-mrtg2pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-import-sar2pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-libs-5.3.7-22.0.3.el8_10.i686.rpm pcp-libs-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-libs-devel-5.3.7-22.0.3.el8_10.i686.rpm pcp-libs-devel-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-activemq-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-apache-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-bash-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-bcc-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-bind2-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-bonding-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-cifs-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-cisco-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-dbping-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-dm-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-docker-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-ds389-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-ds389log-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-elasticsearch-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-gfs2-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-gluster-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-gpfs-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-gpsd-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-haproxy-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-infiniband-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-json-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-libvirt-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-lio-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-lmsensors-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-logger-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-lustre-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-lustrecomm-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-mailq-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-memcache-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-mic-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-mounts-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-mysql-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-named-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-netfilter-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-news-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-nfsclient-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-nginx-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-nvidia-gpu-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-oracle-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-pdns-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-perfevent-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-podman-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-postfix-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-postgresql-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-redis-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-roomtemp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-rsyslog-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-samba-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-sendmail-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-shping-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-slurm-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-smart-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-snmp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-summary-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-systemd-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-trace-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-unbound-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-weblog-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-zimbra-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-zswap-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-selinux-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-system-tools-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-testsuite-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-zeroconf-5.3.7-22.0.3.el8_10.x86_64.rpm perl-PCP-LogImport-5.3.7-22.0.3.el8_10.x86_64.rpm perl-PCP-LogSummary-5.3.7-22.0.3.el8_10.x86_64.rpm perl-PCP-MMV-5.3.7-22.0.3.el8_10.x86_64.rpm perl-PCP-PMDA-5.3.7-22.0.3.el8_10.x86_64.rpm python3-pcp-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-pcp2elasticsearch-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-export-pcp2spark-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-bpftrace-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-mssql-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-netcheck-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-openmetrics-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-openvswitch-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-rabbitmq-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-statsd-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-hacluster-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-sockets-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-denki-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-pmda-mongodb-5.3.7-22.0.3.el8_10.x86_64.rpm pcp-testsuite-5.3.7-22.0.3.el8_10.i686.rpm aarch64: pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-conf-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-devel-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-doc-5.3.7-22.0.3.el8_10.noarch.rpm pcp-export-pcp2graphite-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-pcp2influxdb-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-pcp2json-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-pcp2xml-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-pcp2zabbix-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-zabbix-agent-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-gui-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-import-collectl2pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-import-ganglia2pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-import-iostat2pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-import-mrtg2pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-import-sar2pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-libs-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-libs-devel-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-activemq-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-apache-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-bash-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-bind2-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-bonding-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-cifs-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-cisco-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-dbping-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-dm-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-docker-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-ds389-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-ds389log-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-elasticsearch-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-gfs2-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-gluster-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-gpfs-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-gpsd-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-haproxy-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-infiniband-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-json-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-libvirt-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-lio-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-lmsensors-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-logger-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-lustre-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-lustrecomm-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-mailq-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-memcache-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-mic-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-mounts-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-mysql-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-named-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-netfilter-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-news-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-nfsclient-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-nginx-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-nvidia-gpu-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-oracle-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-pdns-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-perfevent-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-podman-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-postfix-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-postgresql-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-redis-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-roomtemp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-rsyslog-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-samba-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-sendmail-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-shping-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-slurm-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-smart-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-snmp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-summary-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-systemd-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-trace-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-unbound-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-weblog-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-zimbra-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-zswap-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-selinux-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-system-tools-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-testsuite-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-zeroconf-5.3.7-22.0.3.el8_10.aarch64.rpm perl-PCP-LogImport-5.3.7-22.0.3.el8_10.aarch64.rpm perl-PCP-LogSummary-5.3.7-22.0.3.el8_10.aarch64.rpm perl-PCP-MMV-5.3.7-22.0.3.el8_10.aarch64.rpm perl-PCP-PMDA-5.3.7-22.0.3.el8_10.aarch64.rpm python3-pcp-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-pcp2elasticsearch-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-export-pcp2spark-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-bcc-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-bpftrace-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-netcheck-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-openmetrics-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-openvswitch-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-rabbitmq-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-statsd-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-hacluster-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-sockets-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-denki-5.3.7-22.0.3.el8_10.aarch64.rpm pcp-pmda-mongodb-5.3.7-22.0.3.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//pcp-5.3.7-22.0.3.el8_10.src.rpm Description of changes: [5.3.7-22.0.3] - Fixed pmstat infinte loop issue in archive replay [Orabug: 37638447] From el-errata at oss.oracle.com Fri Mar 14 00:05:59 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:05:59 -0700 Subject: [El-errata] ELBA-2025-2590 Oracle Linux 8 tuned bug fix update Message-ID: <mailman.113.1741910768.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2590 http://linux.oracle.com/errata/ELBA-2025-2590.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tuned-2.22.1-6.0.1.el8_10.noarch.rpm tuned-gtk-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-atomic-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-compat-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-cpu-partitioning-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-mssql-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-oracle-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-postgresql-2.22.1-6.0.1.el8_10.noarch.rpm tuned-utils-2.22.1-6.0.1.el8_10.noarch.rpm tuned-utils-systemtap-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-oci-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-oci-recommend-2.22.1-6.0.1.el8_10.noarch.rpm aarch64: tuned-profiles-oci-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-oci-recommend-2.22.1-6.0.1.el8_10.noarch.rpm tuned-2.22.1-6.0.1.el8_10.noarch.rpm tuned-gtk-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-atomic-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-compat-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-cpu-partitioning-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-mssql-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-oracle-2.22.1-6.0.1.el8_10.noarch.rpm tuned-profiles-postgresql-2.22.1-6.0.1.el8_10.noarch.rpm tuned-utils-2.22.1-6.0.1.el8_10.noarch.rpm tuned-utils-systemtap-2.22.1-6.0.1.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//tuned-2.22.1-6.0.1.el8_10.src.rpm Description of changes: [2.22.1-6.0.1] - Fix RPS/XPS and busy polling optimization not getting applied [Orabug: 32153315] - Fix error in uninstalling tuned [Orabug: 351528377] - Updated patch with the more recent version [Orabug: 30730976] - Set AMD CPU freq governor to ondemand when unapplying cpu tunings [Orabug: 30033199] - Restored the system rules in recommend.conf [Orabug: 29962987] - Added oci-nic profile and updated profiles-oci-recommend [Orabug: 29869969] for increasing combined channels to 16 on NICs with bnxt_en driver on BM - Do not access xps_cpus on single queue devices [Orabug: 29894296] - OL8 does not support System Purpose [Orabug: 29443881] Remove syspurpose_role option in recommend.conf. - Added profiles-oci-recommend package [Orabug: 29632202] - Modified the patch for ol8 [Orabug: 29560068] (james.cheng at oracle.com) - Added iscsi plugin, and - added oci-rps-xps profile [Orabug: 28397039] - added oci-busy-polling profile [Orabug: 28748149] - added oci-cpu-power profile [2.22.1-6] - Make hdparm device checks lazy Resolves: RHEL-71457 - Disable the amd.scheduler plug-in instance in the postgresql profile Resolves: RHEL-70470 From el-errata at oss.oracle.com Fri Mar 14 00:06:00 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:00 -0700 Subject: [El-errata] ELBA-2025-2591 Oracle Linux 8 autofs bug fix update Message-ID: <mailman.114.1741910769.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2591 http://linux.oracle.com/errata/ELBA-2025-2591.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: autofs-5.1.4-114.0.1.el8_10.2.x86_64.rpm aarch64: autofs-5.1.4-114.0.1.el8_10.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//autofs-5.1.4-114.0.1.el8_10.2.src.rpm Description of changes: [5.1.4-114.0.1.2] - Add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280] [5.1.4-114.el8_10.2] - RHEL-72524 - autofs: deadlock between mnts_lookup_mount and mnts_remove_mount - fix deadlock in master_notify_submount(). -Resolves: RHEL-72524 From el-errata at oss.oracle.com Fri Mar 14 00:06:02 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:02 -0700 Subject: [El-errata] ELBA-2025-2592 Oracle Linux 8 NetworkManager bug fix and enhancement update Message-ID: <mailman.115.1741910769.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2592 http://linux.oracle.com/errata/ELBA-2025-2592.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: NetworkManager-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-adsl-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-bluetooth-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-cloud-setup-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-config-connectivity-oracle-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-config-server-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-dispatcher-routing-rules-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-initscripts-updown-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-libnm-1.40.16-19.0.1.el8_10.i686.rpm NetworkManager-libnm-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-ovs-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-ppp-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-team-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-tui-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-wifi-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-wwan-1.40.16-19.0.1.el8_10.x86_64.rpm NetworkManager-libnm-devel-1.40.16-19.0.1.el8_10.i686.rpm NetworkManager-libnm-devel-1.40.16-19.0.1.el8_10.x86_64.rpm aarch64: NetworkManager-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-adsl-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-bluetooth-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-cloud-setup-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-config-connectivity-oracle-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-config-server-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-dispatcher-routing-rules-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-initscripts-updown-1.40.16-19.0.1.el8_10.noarch.rpm NetworkManager-libnm-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-ovs-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-ppp-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-team-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-tui-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-wifi-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-wwan-1.40.16-19.0.1.el8_10.aarch64.rpm NetworkManager-libnm-devel-1.40.16-19.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//NetworkManager-1.40.16-19.0.1.el8_10.src.rpm Description of changes: [1:1.40.16-19.0.1] - Drop 777 permissions from Networkmanager-dispatcher drop-in directory [Orabug: 37581862] - Add a dropin file to make Networkmanager-dispatcher persistent [Orabug: 36989910] - disable MPTCP handling by default [Orabug: 35081472] - Fix ignore-carrier logic [Orabug: 34956744] - Disable regeneration of the documentation [Orabug: 34712048] - add connectivity check via Oracle servers [Orabug: 32051972] - Disable the build of NetworkManager-config-connectivity-* subpackage for 8.3 - Revert "infiniband: avoid normalizing the p-key when reading from ifcfg" [1:1.40.16-19] - cloud-setup: azure: ensure that primary address is placed first (RHEL-69462) From el-errata at oss.oracle.com Fri Mar 14 00:06:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:03 -0700 Subject: [El-errata] ELBA-2025-2593 Oracle Linux 8 openldap bug fix update Message-ID: <mailman.116.1741910772.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2593 http://linux.oracle.com/errata/ELBA-2025-2593.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: openldap-2.4.46-21.el8_10.i686.rpm openldap-2.4.46-21.el8_10.x86_64.rpm openldap-clients-2.4.46-21.el8_10.x86_64.rpm openldap-devel-2.4.46-21.el8_10.i686.rpm openldap-devel-2.4.46-21.el8_10.x86_64.rpm openldap-servers-2.4.46-21.el8_10.x86_64.rpm aarch64: openldap-2.4.46-21.el8_10.aarch64.rpm openldap-clients-2.4.46-21.el8_10.aarch64.rpm openldap-devel-2.4.46-21.el8_10.aarch64.rpm openldap-servers-2.4.46-21.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//openldap-2.4.46-21.el8_10.src.rpm Description of changes: [2.4.46-21] - Bump version to 2.4.46-21 - Resolves: RHEL-75823 - Fix double file close when first TLS connection fails From el-errata at oss.oracle.com Fri Mar 14 00:06:05 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:05 -0700 Subject: [El-errata] ELBA-2025-2594 Oracle Linux 8 systemd bug fix update Message-ID: <mailman.119.1741910772.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2594 http://linux.oracle.com/errata/ELBA-2025-2594.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: systemd-239-82.0.3.el8_10.4.i686.rpm systemd-239-82.0.3.el8_10.4.x86_64.rpm systemd-container-239-82.0.3.el8_10.4.i686.rpm systemd-container-239-82.0.3.el8_10.4.x86_64.rpm systemd-devel-239-82.0.3.el8_10.4.i686.rpm systemd-devel-239-82.0.3.el8_10.4.x86_64.rpm systemd-journal-remote-239-82.0.3.el8_10.4.x86_64.rpm systemd-libs-239-82.0.3.el8_10.4.i686.rpm systemd-libs-239-82.0.3.el8_10.4.x86_64.rpm systemd-pam-239-82.0.3.el8_10.4.x86_64.rpm systemd-tests-239-82.0.3.el8_10.4.x86_64.rpm systemd-udev-239-82.0.3.el8_10.4.x86_64.rpm aarch64: systemd-239-82.0.3.el8_10.4.aarch64.rpm systemd-container-239-82.0.3.el8_10.4.aarch64.rpm systemd-devel-239-82.0.3.el8_10.4.aarch64.rpm systemd-journal-remote-239-82.0.3.el8_10.4.aarch64.rpm systemd-libs-239-82.0.3.el8_10.4.aarch64.rpm systemd-pam-239-82.0.3.el8_10.4.aarch64.rpm systemd-tests-239-82.0.3.el8_10.4.aarch64.rpm systemd-udev-239-82.0.3.el8_10.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//systemd-239-82.0.3.el8_10.4.src.rpm Description of changes: [239-82.0.3.4] - Fixes podman quadlet doesn't work in rootless mode [Orabug: 36076771] - Drastically simplify caching of cgroups members mask - drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432] - Udevd: add an extra configurable timeout before udevd kills workers [Orabug: 36424686] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376] - 1A) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 35871376] - 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376] - 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376] - Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487] - Backport upstream pstore dmesg fix [Orabug: 34850699] - mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661] - core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661] - Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273] - Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629 - Detect podman as separate container type [Orabug: 31922204] - improve container detection logic [Orabug: 31922204] - mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661] - core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661] - Prevent duplicate label to replace existing one in udev [Orabug: 34898273] - Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] - Removed unneeded patches (Already provided upstream or not required) - 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486] - 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167) - 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167) - 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769) - systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769) - Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761) - systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761) From el-errata at oss.oracle.com Fri Mar 14 00:06:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:07 -0700 Subject: [El-errata] ELBA-2025-2595 Oracle Linux 8 dnf bug fix update Message-ID: <mailman.120.1741910775.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2595 http://linux.oracle.com/errata/ELBA-2025-2595.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dnf-4.7.0-21.0.1.el8_10.noarch.rpm dnf-automatic-4.7.0-21.0.1.el8_10.noarch.rpm dnf-data-4.7.0-21.0.1.el8_10.noarch.rpm python3-dnf-4.7.0-21.0.1.el8_10.noarch.rpm yum-4.7.0-21.0.1.el8_10.noarch.rpm aarch64: dnf-4.7.0-21.0.1.el8_10.noarch.rpm dnf-automatic-4.7.0-21.0.1.el8_10.noarch.rpm dnf-data-4.7.0-21.0.1.el8_10.noarch.rpm python3-dnf-4.7.0-21.0.1.el8_10.noarch.rpm yum-4.7.0-21.0.1.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dnf-4.7.0-21.0.1.el8_10.src.rpm Description of changes: [4.7.0-21.0.1] - Replaced bugzilla.oracle.com references [Orabug: 35475856] - Fixed python stack trace with updateinfo list cves command [Orabug: 32749660] - Replaced upstream bugzilla reporting reference. [Orabug: 32829849] [4.7.0] - Add OpenELA bugtracker [4.7.0-21] - automatic: catch OSError, not SMTPException on smtp errors (RHEL-71545) - automatic: Check availability of config file (RHEL-71545) From el-errata at oss.oracle.com Fri Mar 14 00:06:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:08 -0700 Subject: [El-errata] ELBA-2025-2596 Oracle Linux 8 lvm2 bug fix update Message-ID: <mailman.121.1741910777.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2596 http://linux.oracle.com/errata/ELBA-2025-2596.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: device-mapper-1.02.181-15.0.1.el8_10.x86_64.rpm device-mapper-event-1.02.181-15.0.1.el8_10.x86_64.rpm device-mapper-event-libs-1.02.181-15.0.1.el8_10.i686.rpm device-mapper-event-libs-1.02.181-15.0.1.el8_10.x86_64.rpm device-mapper-libs-1.02.181-15.0.1.el8_10.i686.rpm device-mapper-libs-1.02.181-15.0.1.el8_10.x86_64.rpm lvm2-2.03.14-15.0.1.el8_10.x86_64.rpm lvm2-dbusd-2.03.14-15.0.1.el8_10.noarch.rpm lvm2-libs-2.03.14-15.0.1.el8_10.i686.rpm lvm2-libs-2.03.14-15.0.1.el8_10.x86_64.rpm lvm2-lockd-2.03.14-15.0.1.el8_10.x86_64.rpm device-mapper-devel-1.02.181-15.0.1.el8_10.i686.rpm device-mapper-devel-1.02.181-15.0.1.el8_10.x86_64.rpm device-mapper-event-devel-1.02.181-15.0.1.el8_10.i686.rpm device-mapper-event-devel-1.02.181-15.0.1.el8_10.x86_64.rpm lvm2-devel-2.03.14-15.0.1.el8_10.i686.rpm lvm2-devel-2.03.14-15.0.1.el8_10.x86_64.rpm aarch64: device-mapper-1.02.181-15.0.1.el8_10.aarch64.rpm device-mapper-event-1.02.181-15.0.1.el8_10.aarch64.rpm device-mapper-event-libs-1.02.181-15.0.1.el8_10.aarch64.rpm device-mapper-libs-1.02.181-15.0.1.el8_10.aarch64.rpm lvm2-2.03.14-15.0.1.el8_10.aarch64.rpm lvm2-dbusd-2.03.14-15.0.1.el8_10.noarch.rpm lvm2-libs-2.03.14-15.0.1.el8_10.aarch64.rpm lvm2-lockd-2.03.14-15.0.1.el8_10.aarch64.rpm device-mapper-devel-1.02.181-15.0.1.el8_10.aarch64.rpm device-mapper-event-devel-1.02.181-15.0.1.el8_10.aarch64.rpm lvm2-devel-2.03.14-15.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//lvm2-2.03.14-15.0.1.el8_10.src.rpm Description of changes: [2.03.14-15.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487] - Prevent duplicate label to replace existing one in udev [Orabug: 34898273] [2.03.14-15] - Fix dmeventd blocking on shutdown. - Force exit dmeventd when /run/nologin is present. From el-errata at oss.oracle.com Fri Mar 14 00:06:10 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:10 -0700 Subject: [El-errata] ELBA-2025-2597 Oracle Linux 8 traceroute bug fix update Message-ID: <mailman.122.1741910779.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2597 http://linux.oracle.com/errata/ELBA-2025-2597.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: traceroute-2.1.0-9.el8_10.x86_64.rpm aarch64: traceroute-2.1.0-9.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//traceroute-2.1.0-9.el8_10.src.rpm Description of changes: [3:2.1.0-9] - avoid consuming 100% CPU when running traceroute in loop (RHEL-71510) From el-errata at oss.oracle.com Fri Mar 14 00:06:11 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:11 -0700 Subject: [El-errata] ELBA-2025-2598 Oracle Linux 8 firewalld bug fix update Message-ID: <mailman.123.1741910780.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2598 http://linux.oracle.com/errata/ELBA-2025-2598.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: firewall-applet-0.9.11-10.0.1.el8_10.noarch.rpm firewall-config-0.9.11-10.0.1.el8_10.noarch.rpm firewalld-0.9.11-10.0.1.el8_10.noarch.rpm firewalld-filesystem-0.9.11-10.0.1.el8_10.noarch.rpm python3-firewall-0.9.11-10.0.1.el8_10.noarch.rpm aarch64: firewall-applet-0.9.11-10.0.1.el8_10.noarch.rpm firewall-config-0.9.11-10.0.1.el8_10.noarch.rpm firewalld-0.9.11-10.0.1.el8_10.noarch.rpm firewalld-filesystem-0.9.11-10.0.1.el8_10.noarch.rpm python3-firewall-0.9.11-10.0.1.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//firewalld-0.9.11-10.0.1.el8_10.src.rpm Description of changes: [0.9.11-10.0.1] - Remove capsule file as well, since it references removed config [Orabug: 33513329] - discard empty RH-Satellite-6.xml [Orabug: 30328734] - Red Hat Satellite and Red Hat high availaibility reference found in cockpit UI [Orabug: 30257573] [0.9.11-10] - fix(service): update highest port number for ceph From el-errata at oss.oracle.com Fri Mar 14 00:06:13 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:13 -0700 Subject: [El-errata] ELBA-2025-2601 Oracle Linux 8 portreserve bug fix and enhancement update Message-ID: <mailman.124.1741910781.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2601 http://linux.oracle.com/errata/ELBA-2025-2601.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: portreserve-0.0.5-20.el8_10.x86_64.rpm aarch64: portreserve-0.0.5-20.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//portreserve-0.0.5-20.el8_10.src.rpm Description of changes: [0.0.5-20] - RHEL-2863 - Creating tmp files for systemd on behalf of portreserve references legacy directory /var/run/ instead of /run From el-errata at oss.oracle.com Fri Mar 14 00:06:15 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:15 -0700 Subject: [El-errata] ELBA-2025-2602 Oracle Linux 8 gcc bug fix update Message-ID: <mailman.125.1741910783.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2602 http://linux.oracle.com/errata/ELBA-2025-2602.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: cpp-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-c++-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-gdb-plugin-8.5.0-24.0.1.el8_10.i686.rpm gcc-gdb-plugin-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-gfortran-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-offload-nvptx-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-plugin-annobin-8.5.0-24.0.1.el8_10.x86_64.rpm libasan-8.5.0-24.0.1.el8_10.i686.rpm libasan-8.5.0-24.0.1.el8_10.x86_64.rpm libatomic-8.5.0-24.0.1.el8_10.i686.rpm libatomic-8.5.0-24.0.1.el8_10.x86_64.rpm libatomic-static-8.5.0-24.0.1.el8_10.i686.rpm libatomic-static-8.5.0-24.0.1.el8_10.x86_64.rpm libgcc-8.5.0-24.0.1.el8_10.i686.rpm libgcc-8.5.0-24.0.1.el8_10.x86_64.rpm libgfortran-8.5.0-24.0.1.el8_10.i686.rpm libgfortran-8.5.0-24.0.1.el8_10.x86_64.rpm libgomp-8.5.0-24.0.1.el8_10.i686.rpm libgomp-8.5.0-24.0.1.el8_10.x86_64.rpm libgomp-offload-nvptx-8.5.0-24.0.1.el8_10.x86_64.rpm libitm-8.5.0-24.0.1.el8_10.i686.rpm libitm-8.5.0-24.0.1.el8_10.x86_64.rpm libitm-devel-8.5.0-24.0.1.el8_10.i686.rpm libitm-devel-8.5.0-24.0.1.el8_10.x86_64.rpm liblsan-8.5.0-24.0.1.el8_10.x86_64.rpm libquadmath-8.5.0-24.0.1.el8_10.i686.rpm libquadmath-8.5.0-24.0.1.el8_10.x86_64.rpm libquadmath-devel-8.5.0-24.0.1.el8_10.i686.rpm libquadmath-devel-8.5.0-24.0.1.el8_10.x86_64.rpm libstdc++-8.5.0-24.0.1.el8_10.i686.rpm libstdc++-8.5.0-24.0.1.el8_10.x86_64.rpm libstdc++-devel-8.5.0-24.0.1.el8_10.i686.rpm libstdc++-devel-8.5.0-24.0.1.el8_10.x86_64.rpm libstdc++-docs-8.5.0-24.0.1.el8_10.x86_64.rpm libtsan-8.5.0-24.0.1.el8_10.x86_64.rpm libubsan-8.5.0-24.0.1.el8_10.i686.rpm libubsan-8.5.0-24.0.1.el8_10.x86_64.rpm gcc-plugin-devel-8.5.0-24.0.1.el8_10.i686.rpm gcc-plugin-devel-8.5.0-24.0.1.el8_10.x86_64.rpm libgfortran-static-8.5.0-24.0.1.el8_10.i686.rpm libgfortran-static-8.5.0-24.0.1.el8_10.x86_64.rpm libquadmath-static-8.5.0-24.0.1.el8_10.i686.rpm libquadmath-static-8.5.0-24.0.1.el8_10.x86_64.rpm libstdc++-static-8.5.0-24.0.1.el8_10.i686.rpm libstdc++-static-8.5.0-24.0.1.el8_10.x86_64.rpm aarch64: cpp-8.5.0-24.0.1.el8_10.aarch64.rpm gcc-8.5.0-24.0.1.el8_10.aarch64.rpm gcc-c++-8.5.0-24.0.1.el8_10.aarch64.rpm gcc-gdb-plugin-8.5.0-24.0.1.el8_10.aarch64.rpm gcc-gfortran-8.5.0-24.0.1.el8_10.aarch64.rpm gcc-plugin-annobin-8.5.0-24.0.1.el8_10.aarch64.rpm libasan-8.5.0-24.0.1.el8_10.aarch64.rpm libatomic-8.5.0-24.0.1.el8_10.aarch64.rpm libatomic-static-8.5.0-24.0.1.el8_10.aarch64.rpm libgcc-8.5.0-24.0.1.el8_10.aarch64.rpm libgfortran-8.5.0-24.0.1.el8_10.aarch64.rpm libgomp-8.5.0-24.0.1.el8_10.aarch64.rpm libitm-8.5.0-24.0.1.el8_10.aarch64.rpm libitm-devel-8.5.0-24.0.1.el8_10.aarch64.rpm liblsan-8.5.0-24.0.1.el8_10.aarch64.rpm libstdc++-8.5.0-24.0.1.el8_10.aarch64.rpm libstdc++-devel-8.5.0-24.0.1.el8_10.aarch64.rpm libstdc++-docs-8.5.0-24.0.1.el8_10.aarch64.rpm libtsan-8.5.0-24.0.1.el8_10.aarch64.rpm libubsan-8.5.0-24.0.1.el8_10.aarch64.rpm gcc-plugin-devel-8.5.0-24.0.1.el8_10.aarch64.rpm libgfortran-static-8.5.0-24.0.1.el8_10.aarch64.rpm libstdc++-static-8.5.0-24.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gcc-8.5.0-24.0.1.el8_10.src.rpm Description of changes: [8.5.0-24.0.1] - Merge Oracle patches to 8.5.0-24. Oracle history: February-11 2025 Qing Zhao <qing.zhao at oracle.com> 8.5.0-23.0.1 - Merge Oracle patches to 8.5.0-23. May-22-2024 Qing Zhao <qing.zhao at oracle.com> 8.5.0-22.0.1 - Merge Oracle patches to 8.5.0-22. Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> March-27-2024 Qing Zhao <qing.zhao at oracle.com> 8.5.0-21.0.1 - Merge Oracle patches to 8.5.0-21. January-19-2024 Qing Zhao <qing.zhao at oracle.com> 8.5.0-20.0.3 - Fix Orabug 35283123, i.e, the same bug as GCC PR111407. gcc14-pr111407.patch Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> January-5-2024 Jose E. Marchesi <jose.marchesi at oracle.com> 8.5.0-20.0.2 - Restore support for -mpreserve-args in aarch64 targets, adapted to new AArch64 stack frame layout. Reviewed-by: Cupertino Miranda <cupertino.miranda at oracle.com> October-4-2023 David Faust <david.faust at oracle.com> 8.5.0-20.0.1 - Forward-port Oracle patches Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> September-28-2023 David Faust <david.faust at oracle.com> 8.5.0-18.0.6 - Backport additional patches from gcc-9 to fix CVE-2023-4039 patches interaction with backported aarch64 -fstack-clash-protection support. [Orabug 35843962] Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> August-31-2023 Qing Zhao <qing.zhao at oracle.com> 8.5.0-18.0.5 - CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. - CVE-2022-40982 "Intel Downfall" mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> May-11-2023 Jose E. Marchesi <jose.marchesi at oracle.com> 8.5.0-18.0.2 - Support for -mpreserve-args in aarch64. Orabug 35065765. Reviewed-by: Qing Zhao <qing.zhao at oracle.com>. March-28-2023 Qing Zhao <qing.zhao at oracle.com> 8.5.0-18.0.1 - Merge Oracle patches with gcc-8.5.0-18. Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> January-12-2023 Qing Zhao <qing.zhao at oracle.com> 8.5.0-16.0.1 - Merge oracle patches with gcc-8.5.0-16. November-30-2022 Qing Zhao <qing.zhao at oracle.com> 8.5.0-15.0.2 - Fix Orabug 34679540 - PROFILE COLLECT BUILD AND WORK LOAD TEST ISSUES IN LINUX ARM64. Removing the buggy patch that has been removed from upstream gcc too: gcc10-pr91971.patch September-28-2022 Qing Zhao <qing.zhao at oracle.com> 8.5.0-15.0.1 - Merge oracle patches with gcc-8.5.0-15. June-29-2022 Qing Zhao <qing.zhao at oracle.com> 8.5.0-10.1.0.1 - Merge oracle patches with gcc-8.5.0-10.1.el8_6. Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> May-4-2022 Qing Zhao <qing.zhao at oracle.com> 8.5.0-10.0.2 - Fix Orabug 34066706 only in OL GCC. report error when there is no PROGRAM_SUMMARY section in .gcda file. Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> April-27-2022 Marek Polacek <polacek at redhat.com> 8.5.0-10.1 - backport Default widths with -fdec-format-defaults patch (#2079578) March-22-2022 Qing Zhao <qing.zhao at oracle.com> 8.5.0-10.0.1 - Merge with oracle patches. January-5-2022 Qing Zhao <qing.zhao at oracle.com> 8.5.0-4.0.2 - Add patches to support marvell on Arm: gcc9-add-support-for-profile-extension.patch gcc10-add-initial-octeontx2-support.patch Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> November-16-2021 Qing Zhao <qing.zhao at oracle.com> 8.5.0-4.0.1 - Merge oracle patches to security errata 8.5.0-4. Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> October-14-2021 Indu Bhagat <indu.bhagat at oracle.com> 8.5.0-3.0.2 - Fix Orabug 33451471 and backport CTF/BTF enhancements ctfc: Free CTF container elements in ctfc_delete_container () ctf: Do not warn for CTF not supported for GNU GIMPLE ICE in btf_finalize when compiling with -gbtf (PR debug/102507, Orabug 33451471) Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> October-5-2021 Qing Zhao <qing.zhao at oracle.com> 8.5.0-3.0.1 - Merge the following oracle patches to OL8.5 beta: - Fix an aarch64 compilation error triggered by the oracle patch gcc9-multiple-changes-align.patch on OL8U5 source base. gcc-fix-aarch64-tune-params.patch - Fix Orabug 33281392 Update CTF and BTF support in OL8 GCC This commit brings the support for CTF/BTF debug formats at par with upstream. GCC now generates the CTF/BTF debug information by using the internal DWARF representation. For backward compatibility reasons, OL8 GCC continues to support -gt command line option. (Indu Bhagat <indu.bhagat at oracle.com> 8.4.1-1.0.3) - Add complex divide improvement backport of upstream commit 54f0224d55a1b56dde092460ddf76913670e6efc (Patrick.McGehearty <patrick.mcgehearty at oracle.com> 8.4.1-1.0.2) - Fix Orabug 32301371 - bug using gcov with preserve paths option This is the same bug as GCC bug PR gcov-profile/88994 gcc9-pr88994.patch (Qing Zhao <qing.zhao at oracle.com> 8.3.1-5.1.0.2) - Fix generation of CTF type records for completed structs referred thru pointers. Orabug 31095790. (Jose E. Marchesi <jose.marchesi at oracle.com> 8.3.1-5.0.4) - Fix Orabug 29838827 - provide an option to adjust the maximum depth of nested #include This is the same bug as gcc upstream PR90581 from Gcc9: gcc9-pr90581.patch - Fix Orabug 29541051 - confusing error message when there is a problem with ASAN_OPTIONS "ERROR: expected '='" This is the same bug as gcc upstream PR89832 from Gcc9: gcc9-pr89832.patch (Qing Zhao <qing.zhao at oracle.com> 8.3.1-5.0.3) - Update support for CTF Fix Orabug 30833294 GCC generates incorrect CTF for single element arrays Fix Orabug 30808764 CTF generation fails when __attribute__ ((mode (XX))) is used (Indu Bhagat <indu.bhagat at oracle.com> 8.3.1-5.0.2) - Apply ares/neoverse support patches only ifarch aarch64. (Qing Zhao <qing.zhao at oracle.com> 8.3.1-4.5.0.6) - Add 4 patches from gcc9 to support Arm Ares and Neoverse-N1 for Aarch64 gcc9-add-vec-reverse.patch gcc9-multiple-changes-align.patch gcc9-initial-mcpu-ares-tuning.patch gcc9-add-support-for-neoverse-n1.patch (Indu Bhagat <indu.bhagat at oracle.com> 8.3.1-4.5.0.5) - Update support for CTF Fix Orabug 30778534 gcc should generate CTF for functions at file-scope only Fix Orabug 30779193 CTF generation fails for some flavors of vla Fix Orabug 30784275 Fix issues wtih CTF generation for typedef constructs ctf-3-generation-and-emission-for-a-single-compilation.patch ctf-4-update-ctf-testsuite.patch (Indu Bhagat <indu.bhagat at oracle.com> 8.3.1-4.5.0.4) - Add support for CTF in GCC Fix Orabug 30102948 gcc: Add CTF generation to compiler Fix Orabug 30102949 gcc: Add CTF generation to compiler (aarch64) ctf-1-new-function-lang_GNU_GIMPLE.patch ctf-2-command-line-options-gtLEVEL.patch ctf-3-generation-and-emission-for-a-single-compilation.patch ctf-4-update-ctf-testsuite.patch ctf-5-handle-ctf-sections-when-lto-enabled.patch (Qing Zhao <qing.zhao at oracle.com> 8.3.1-4.5.0.3) - CVE-2018-12207 / Intel SKX102 OL8 gcc: Intel Mitigation for CVE: CVE-2018-12207 - Allow -flto -Wa,-mbranches-within-32B-boundaries to pass -mbranches-within-32B-boundaries to GNU assembler. Without -lfto, -Wa,-mbranches-within-32B-boundaries to pass -mbranches-within-32B-boundaries to GNU assembler using existing GCC binaries. - Mitigation patch: gcc8-Fix-Wa-with-flto.patch (Qing Zhao <qing.zhao at oracle.com> 8.3.1-4.5.0.2) - Fix Orabug 29968294 - Heap corruption with fprofile-dir=%p prevents profiling parallel processes, needed for RDBMS: Add patch to fix PR86057 from Gcc9: gcc9-pr86057.patch - Fix Orabug 30044244 - Profile directory concatenated with object file path This is the same bug as gcc upstream PR91971: gcc9-pr85759.patch gcc10-pr91971.patch (Indu Bhagat <indu.bhagat at oracle.com> 8.3.1-4.5.0.1) - Fix Orabug 29599147 - Need -fprofile-dir=%q{VAR} backported to gcc8 This is the similar GCC PR47618, add the fix from GCC9: gcc9-pr47618.patch - Fix Orabug 29272977 - DB SUPPORT: Need way to dump inlining report from GCC Add -fopt-info-inline support from GCC9: gcc9-opt-info-inline.patch - Fix Orabug 29273006 - DB SUPPORT: need way to turn off inlining of global functions Add -flive-patching support from GCC9: gcc9-fipa-reference-addressable.patch gcc9-fipa-stack-alignment.patch gcc9-add-fomit-frame-pointer-to-test.patch gcc9-extend-live-patching-option-handling.patch gcc9-ipa-stack-alignment-386-test.patch - Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. - Backport 17 ampere patches from https://git.theobroma-systems.com/ampere-computing/gcc.git/log/?h=gcc-8_2_0-amp3-branch e18301133ea622f6d6796ded1d15466e70475cf8: Retpoline (Spectre-V2 mitigation) for aarch64. d735f3ae4712f66362326d179b4d7e9332c79677: Revert 2017-10-24 Richard Biener 271e2811e59c0c77fc022fa86a7030f20b4cac8e: Correct the maximum shift amount for shifted 0512749950d927de3dd695f2f2aacdfd30cf32fd: Add CPU support for Ampere Computing's eMAG. c8b87078f9e0714cb9cab602e12a18ceb12df05a: eMAG/Xgene: Procedural cost-model for X-Gene 74610471b3577c5d465c3fd095a65b796b1e074c: Updating cost table for xgene1. ddba1553ac412be5596e6e2962c148032c4cf231: [AArch64] Add Xgene1 prefetch tunings. b7ebb0a10a8900324074070188a0936ed81b28a4: [AArch64] Fix in xgene1_addrcost_table 393dc5c50d55d069f91627bf0be5bab812978850: X-Gene: Adapt tuning struct for GCC 8. b9136d58824af2118c4969c3edb42cad3318b08f: tree-ssa-list-find-pipeline: Add pipelining loads for list finds. 095496dd8a9491a17a9caec173281ad02e559df5: uncse: Added pass to undo common subexpression elimination. a7c8dc238e3656e9d2f9256ee76f933c8d7956fb: loop-prefetcher: Adapt defaults for X-Gene cores. 256307f293f1750851576e14c8a42b696eced2da: tree-ssa-cpp: Don't crash on SSA names without definition stmts. 6e32f53be4f6733f6bfe267ad2337aecaf4047f6: Introduce new option -funroll-more. 1ac2485a2fced091a5cce6343fe6a6337f850e73: New option to bypass aliasing-checks. 66d7d833bece61e58998ad53a609cd32e3ee4fad: cfgloopmanip: Allow forced creation of loop preheaders. c4f89d50e200538b1ac8889801705300e0b27ef2: Add new pass to optimise loops. [8.5.0-24] - don't reuse DEBUG_EXPRs with vector type (PR middle-end/100508, RHEL-79501) From el-errata at oss.oracle.com Fri Mar 14 00:06:16 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:16 -0700 Subject: [El-errata] ELBA-2025-2604 Oracle Linux 8 valgrind bug fix update Message-ID: <mailman.128.1741910785.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2604 http://linux.oracle.com/errata/ELBA-2025-2604.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: valgrind-3.22.0-3.el8_10.i686.rpm valgrind-3.22.0-3.el8_10.x86_64.rpm valgrind-devel-3.22.0-3.el8_10.i686.rpm valgrind-devel-3.22.0-3.el8_10.x86_64.rpm valgrind-docs-3.22.0-3.el8_10.i686.rpm valgrind-docs-3.22.0-3.el8_10.x86_64.rpm valgrind-gdb-3.22.0-3.el8_10.i686.rpm valgrind-gdb-3.22.0-3.el8_10.x86_64.rpm valgrind-scripts-3.22.0-3.el8_10.i686.rpm valgrind-scripts-3.22.0-3.el8_10.x86_64.rpm aarch64: valgrind-3.22.0-3.el8_10.aarch64.rpm valgrind-devel-3.22.0-3.el8_10.aarch64.rpm valgrind-docs-3.22.0-3.el8_10.aarch64.rpm valgrind-gdb-3.22.0-3.el8_10.aarch64.rpm valgrind-scripts-3.22.0-3.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//valgrind-3.22.0-3.el8_10.src.rpm Description of changes: [3.22.0-3] - Split main valgrind package into several subpackages: - valgrind now contains just the core tools. - valgrind-scripts contains the post-processing scripts for callgrind, cachegrind, massif and dhat which depend on perl and python. - valgrind-gdb contains the debuginfo client/server and (v)gdb support. - valgrind-docs contains the man pages, html and pdf manual. - Adjust Requires/Recommends to subpackages can be installed independently. - valgrind-devel now Recommends, instead of Requires, valgrind. - valgrind-gdb Requires valgrind - valgrind-scripts Recommends valgrind-gdb - valgrind-gdb Recommends gdb From el-errata at oss.oracle.com Fri Mar 14 00:06:18 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:18 -0700 Subject: [El-errata] ELBA-2025-2607 Oracle Linux 8 virt-manager bug fix update Message-ID: <mailman.129.1741910786.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2607 http://linux.oracle.com/errata/ELBA-2025-2607.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: virt-install-3.2.0-4.1.0.1.el8_10.noarch.rpm virt-manager-3.2.0-4.1.0.1.el8_10.noarch.rpm virt-manager-common-3.2.0-4.1.0.1.el8_10.noarch.rpm aarch64: virt-install-3.2.0-4.1.0.1.el8_10.noarch.rpm virt-manager-3.2.0-4.1.0.1.el8_10.noarch.rpm virt-manager-common-3.2.0-4.1.0.1.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//virt-manager-3.2.0-4.1.0.1.el8_10.src.rpm Description of changes: [3.2.0-4.1.0.1] - Add OL release support to virt-install for OL KVM guest creation [Orabug: 26135782] [3.2.0-4.1.el8_10] - cli: Add basic --audio type=XXX,id=Y support (RHEL-17435) - virtinst: unify detection of duplicate console when removing device (RHEL-17435) - virtinst: fix compare for audio devices (RHEL-17435) - testsuite: add test-spice vm definition (RHEL-17435) - virtinst: remove spice devices when removing last spice graphics (RHEL-17435) - guest: add convert_to_vnc() (RHEL-17435) - guest: remove spiceport devices when spice is removed (RHEL-17435) - guest: convert_to_vnc: convert video device (RHEL-17435) - virt-xml: Add --edit --convert-to-vnc (RHEL-17435) From el-errata at oss.oracle.com Fri Mar 14 00:06:20 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:20 -0700 Subject: [El-errata] ELBA-2025-2608 Oracle Linux 8 tracker-miners bug fix and enhancement update Message-ID: <mailman.130.1741910787.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2608 http://linux.oracle.com/errata/ELBA-2025-2608.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tracker-miners-2.1.5-3.el8_10.i686.rpm tracker-miners-2.1.5-3.el8_10.x86_64.rpm aarch64: tracker-miners-2.1.5-3.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//tracker-miners-2.1.5-3.el8_10.src.rpm Description of changes: [2.1.5-3] - Backport seccomp rules Resolves: RHEL-33587 From el-errata at oss.oracle.com Fri Mar 14 00:06:21 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:21 -0700 Subject: [El-errata] ELBA-2025-2609 Oracle Linux 8 gcc-toolset-13-annobin bug fix and enhancement update Message-ID: <mailman.131.1741910790.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2609 http://linux.oracle.com/errata/ELBA-2025-2609.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gcc-toolset-13-annobin-annocheck-12.92-1.el8_10.x86_64.rpm gcc-toolset-13-annobin-docs-12.92-1.el8_10.noarch.rpm gcc-toolset-13-annobin-plugin-gcc-12.92-1.el8_10.x86_64.rpm aarch64: gcc-toolset-13-annobin-annocheck-12.92-1.el8_10.aarch64.rpm gcc-toolset-13-annobin-docs-12.92-1.el8_10.noarch.rpm gcc-toolset-13-annobin-plugin-gcc-12.92-1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gcc-toolset-13-annobin-12.92-1.el8_10.src.rpm Description of changes: [12.92-1] - Rebase to bring in improvements for locating string notes. (RHEL-79974) - Annocheck: Do not rely upon libelf's ability to detect links to separate debuginfo files. (RHEL-79264) - Annocheck: Fix resource leak. (RHEL-79253) - Annocheck: Fix double free. Add special handling for COMBOOT modules. - Annocheck: Improve diagnostics when a separate debug info file cannot be found. - Annocheck: Look for -fstack-clash-protection in DW_AT_producer string. (RHEL-77328) - Annocheck: Fix locating string notes (again). Add exception for glibc benchmark tests. (RHEL-76456) - Annocheck: Add crtoffloadtableS.o to list of known gcc binaries. (RHEL-760404) - Annocheck: Fix the --debug-dir option. - Annocheck: Fix corrupt warning message when unable to locate separate debug info files. - Annocheck: Remove spurious debugging messages. - Annocheck: Always look for annobin notes in separate debug info files. (RHEL-75778) - Annocheck: Support multiple --debug-rpm and --debug-file options. (RHEL-73349) - Annocheck: Add support for sys-root'ed glibc packages. (RHEL-71296) - GCC Plugin: Tidy up use of gcc's diagnoatic headers. (#32429) - Testsuite: Use configured compiler when running tests. - GCC Plugin: Fix building with gcc 15. (#32429) - Annocheck: Fix overly long debug messages. - Annocheck: Rename rwx-seg test to load-segments. Add more checks. Add check for gaps as a future fail. - Annocheck: Add --no-allow-excpetions to disable exceptions for known special binaries. - Annocheck: Add --enable-future to enable future fail components in normal tests. - Annocheck: Fix bug preventing the inclusion of the rpm name in reports. - Annocheck: Add more exceptions for gcc binaries. (RHEL-33365) - Annocheck: Add --skip-passes option. - Annocheck: Add exceptions for gcc binaries. (RHEL-33365) - Annocheck: Skip property note test for i386 binaries created by LLVM. (#2323797) - Annocheck: Skip FORTIFY and GLIBC_ASSERTIONS tests for LLVM produced binaries with unparseable DW_AT_producer attributes in their DWARF debug info. (RHEL-65411) - GCC Plugin: Change type of the .annobin.notes section from SHT_STRTAB to SHT_PROGBITS. [12.69-2] - NVR bump to allow rebuilding against LLVM version 18. (RHEL-50803) From el-errata at oss.oracle.com Fri Mar 14 00:06:23 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:23 -0700 Subject: [El-errata] ELBA-2025-2610 Oracle Linux 8 perl-CPAN bug fix update Message-ID: <mailman.132.1741910792.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2610 http://linux.oracle.com/errata/ELBA-2025-2610.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: perl-CPAN-2.18-401.el8_10.noarch.rpm aarch64: perl-CPAN-2.18-401.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//perl-CPAN-2.18-401.el8_10.src.rpm Description of changes: [2.18-401] - Resolves: RHEL-77186 - Update man page From el-errata at oss.oracle.com Fri Mar 14 00:06:24 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:24 -0700 Subject: [El-errata] ELBA-2025-2611 Oracle Linux 8 gvfs bug fix update Message-ID: <mailman.133.1741910793.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2611 http://linux.oracle.com/errata/ELBA-2025-2611.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gvfs-1.36.2-18.el8_10.x86_64.rpm gvfs-afc-1.36.2-18.el8_10.x86_64.rpm gvfs-afp-1.36.2-18.el8_10.x86_64.rpm gvfs-archive-1.36.2-18.el8_10.x86_64.rpm gvfs-client-1.36.2-18.el8_10.i686.rpm gvfs-client-1.36.2-18.el8_10.x86_64.rpm gvfs-devel-1.36.2-18.el8_10.i686.rpm gvfs-devel-1.36.2-18.el8_10.x86_64.rpm gvfs-fuse-1.36.2-18.el8_10.x86_64.rpm gvfs-goa-1.36.2-18.el8_10.x86_64.rpm gvfs-gphoto2-1.36.2-18.el8_10.x86_64.rpm gvfs-mtp-1.36.2-18.el8_10.x86_64.rpm gvfs-smb-1.36.2-18.el8_10.x86_64.rpm gvfs-1.36.2-18.el8_10.i686.rpm aarch64: gvfs-1.36.2-18.el8_10.aarch64.rpm gvfs-afc-1.36.2-18.el8_10.aarch64.rpm gvfs-afp-1.36.2-18.el8_10.aarch64.rpm gvfs-archive-1.36.2-18.el8_10.aarch64.rpm gvfs-client-1.36.2-18.el8_10.aarch64.rpm gvfs-devel-1.36.2-18.el8_10.aarch64.rpm gvfs-fuse-1.36.2-18.el8_10.aarch64.rpm gvfs-goa-1.36.2-18.el8_10.aarch64.rpm gvfs-gphoto2-1.36.2-18.el8_10.aarch64.rpm gvfs-mtp-1.36.2-18.el8_10.aarch64.rpm gvfs-smb-1.36.2-18.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gvfs-1.36.2-18.el8_10.src.rpm Description of changes: [1.36.2-18] - Add edit mode support for smb backend (RHEL-45163) From el-errata at oss.oracle.com Fri Mar 14 00:06:26 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:26 -0700 Subject: [El-errata] ELBA-2025-2618 Oracle Linux 8 libsemanage bug fix and enhancement update Message-ID: <mailman.134.1741910796.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-2618 http://linux.oracle.com/errata/ELBA-2025-2618.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libsemanage-2.9-11.el8_10.i686.rpm libsemanage-2.9-11.el8_10.x86_64.rpm python3-libsemanage-2.9-11.el8_10.x86_64.rpm libsemanage-devel-2.9-11.el8_10.i686.rpm libsemanage-devel-2.9-11.el8_10.x86_64.rpm aarch64: libsemanage-2.9-11.el8_10.aarch64.rpm python3-libsemanage-2.9-11.el8_10.aarch64.rpm libsemanage-devel-2.9-11.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libsemanage-2.9-11.el8_10.src.rpm Description of changes: [2.9-11] - Set new restorecon handle before doing restorecon (RHEL-73348) - Mute error messages from selinux_restorecon From el-errata at oss.oracle.com Fri Mar 14 00:06:29 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:29 -0700 Subject: [El-errata] ELSA-2025-2670 Important: Oracle Linux 8 .NET 8.0 security, bug fix, and enhancement update Message-ID: <mailman.135.1741910798.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2670 http://linux.oracle.com/errata/ELSA-2025-2670.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm dotnet-runtime-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-8.0.114-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.114-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-8.0-8.0.14-1.0.1.el8_10.x86_64.rpm dotnet-templates-8.0-8.0.114-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.114-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm dotnet-runtime-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-8.0.114-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.114-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-8.0-8.0.14-1.0.1.el8_10.aarch64.rpm dotnet-templates-8.0-8.0.114-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.114-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dotnet8.0-8.0.114-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-24070 Description of changes: [8.0.114-1.0.1] - Add support for Oracle Linux [8.0.114-1] - Update to .NET SDK 8.0.114 and Runtime 8.0.14 - Resolves: RHEL-81639 From el-errata at oss.oracle.com Fri Mar 14 00:06:30 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:30 -0700 Subject: [El-errata] ELSA-2025-2686 Important: Oracle Linux 8 libxml2 security update Message-ID: <mailman.136.1741910798.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2686 http://linux.oracle.com/errata/ELSA-2025-2686.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libxml2-2.9.7-19.el8_10.i686.rpm libxml2-2.9.7-19.el8_10.x86_64.rpm libxml2-devel-2.9.7-19.el8_10.i686.rpm libxml2-devel-2.9.7-19.el8_10.x86_64.rpm python3-libxml2-2.9.7-19.el8_10.x86_64.rpm aarch64: libxml2-2.9.7-19.el8_10.aarch64.rpm libxml2-devel-2.9.7-19.el8_10.aarch64.rpm python3-libxml2-2.9.7-19.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libxml2-2.9.7-19.el8_10.src.rpm Related CVEs: CVE-2024-56171 CVE-2025-24928 Description of changes: [2.9.7-19] - Fix CVE-2024-56171 (RHEL-80122) - Fix CVE-2025-24928 (RHEL-80137) [2.9.7.18.2] - Fix CVE-2022-49043 (RHEL-76289) [2.9.7-18.1] - Fix CVE-2024-25062 (RHEL-31056) From el-errata at oss.oracle.com Fri Mar 14 00:06:27 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:06:27 -0700 Subject: [El-errata] ELSA-2025-2667 Important: Oracle Linux 8 .NET 9.0 security, bug fix, and enhancement update Message-ID: <mailman.137.1741910801.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2667 http://linux.oracle.com/errata/ELSA-2025-2667.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-host-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-runtime-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-sdk-aot-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-9.0-9.0.3-1.0.1.el8_10.x86_64.rpm dotnet-templates-9.0-9.0.104-1.0.1.el8_10.x86_64.rpm netstandard-targeting-pack-2.1-9.0.104-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.104-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-host-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-runtime-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-sdk-aot-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-9.0-9.0.3-1.0.1.el8_10.aarch64.rpm dotnet-templates-9.0-9.0.104-1.0.1.el8_10.aarch64.rpm netstandard-targeting-pack-2.1-9.0.104-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.104-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dotnet9.0-9.0.104-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-24070 Description of changes: [9.0.104-1.0.1] - Add support for Oracle Linux [9.0.104-1] - Update to .NET SDK 9.0.104 and Runtime 9.0.3 - Resolves: RHEL-81645 From el-errata at oss.oracle.com Fri Mar 14 00:07:18 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:07:18 -0700 Subject: [El-errata] ELSA-2025-1601 Moderate: Oracle Linux 7 gcc security update Message-ID: <mailman.138.1741910846.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1601 http://linux.oracle.com/errata/ELSA-2025-1601.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: cpp-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-c++-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-gfortran-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-gnat-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-go-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-objc++-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-objc-4.8.5-45.0.1.el7_9.x86_64.rpm gcc-plugin-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libasan-4.8.5-45.0.1.el7_9.i686.rpm libasan-4.8.5-45.0.1.el7_9.x86_64.rpm libasan-static-4.8.5-45.0.1.el7_9.i686.rpm libasan-static-4.8.5-45.0.1.el7_9.x86_64.rpm libatomic-4.8.5-45.0.1.el7_9.i686.rpm libatomic-4.8.5-45.0.1.el7_9.x86_64.rpm libatomic-static-4.8.5-45.0.1.el7_9.i686.rpm libatomic-static-4.8.5-45.0.1.el7_9.x86_64.rpm libgcc-4.8.5-45.0.1.el7_9.i686.rpm libgcc-4.8.5-45.0.1.el7_9.x86_64.rpm libgfortran-4.8.5-45.0.1.el7_9.i686.rpm libgfortran-4.8.5-45.0.1.el7_9.x86_64.rpm libgfortran-static-4.8.5-45.0.1.el7_9.i686.rpm libgfortran-static-4.8.5-45.0.1.el7_9.x86_64.rpm libgnat-4.8.5-45.0.1.el7_9.i686.rpm libgnat-4.8.5-45.0.1.el7_9.x86_64.rpm libgnat-devel-4.8.5-45.0.1.el7_9.i686.rpm libgnat-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libgnat-static-4.8.5-45.0.1.el7_9.i686.rpm libgnat-static-4.8.5-45.0.1.el7_9.x86_64.rpm libgo-4.8.5-45.0.1.el7_9.i686.rpm libgo-4.8.5-45.0.1.el7_9.x86_64.rpm libgo-devel-4.8.5-45.0.1.el7_9.i686.rpm libgo-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libgo-static-4.8.5-45.0.1.el7_9.i686.rpm libgo-static-4.8.5-45.0.1.el7_9.x86_64.rpm libgomp-4.8.5-45.0.1.el7_9.i686.rpm libgomp-4.8.5-45.0.1.el7_9.x86_64.rpm libitm-4.8.5-45.0.1.el7_9.i686.rpm libitm-4.8.5-45.0.1.el7_9.x86_64.rpm libitm-devel-4.8.5-45.0.1.el7_9.i686.rpm libitm-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libitm-static-4.8.5-45.0.1.el7_9.i686.rpm libitm-static-4.8.5-45.0.1.el7_9.x86_64.rpm libmudflap-4.8.5-45.0.1.el7_9.i686.rpm libmudflap-4.8.5-45.0.1.el7_9.x86_64.rpm libmudflap-devel-4.8.5-45.0.1.el7_9.i686.rpm libmudflap-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libmudflap-static-4.8.5-45.0.1.el7_9.i686.rpm libmudflap-static-4.8.5-45.0.1.el7_9.x86_64.rpm libobjc-4.8.5-45.0.1.el7_9.i686.rpm libobjc-4.8.5-45.0.1.el7_9.x86_64.rpm libquadmath-4.8.5-45.0.1.el7_9.i686.rpm libquadmath-4.8.5-45.0.1.el7_9.x86_64.rpm libquadmath-devel-4.8.5-45.0.1.el7_9.i686.rpm libquadmath-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libquadmath-static-4.8.5-45.0.1.el7_9.i686.rpm libquadmath-static-4.8.5-45.0.1.el7_9.x86_64.rpm libstdc++-4.8.5-45.0.1.el7_9.i686.rpm libstdc++-4.8.5-45.0.1.el7_9.x86_64.rpm libstdc++-devel-4.8.5-45.0.1.el7_9.i686.rpm libstdc++-devel-4.8.5-45.0.1.el7_9.x86_64.rpm libstdc++-docs-4.8.5-45.0.1.el7_9.x86_64.rpm libstdc++-static-4.8.5-45.0.1.el7_9.i686.rpm libstdc++-static-4.8.5-45.0.1.el7_9.x86_64.rpm libtsan-4.8.5-45.0.1.el7_9.x86_64.rpm libtsan-static-4.8.5-45.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//gcc-4.8.5-45.0.1.el7_9.src.rpm Related CVEs: CVE-2020-11023 Description of changes: [4.8.5-45.0.1] - [Orabug: 37603707] ELSA-2025-1601 Moderate: gcc security update CVE-2020-11023 rebuild for CVE-2020-11023 - Reviewed-by: Jose E. Marchesi <jose.marchesi at oracle.com> From el-errata at oss.oracle.com Fri Mar 14 00:07:24 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 13 Mar 2025 17:07:24 -0700 Subject: [El-errata] ELBA-2025-20158 Oracle Linux 8 oVirt 4.5 ovirt-engine bug fix update Message-ID: <mailman.139.1741910852.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20158 http://linux.oracle.com/errata/ELBA-2025-20158.html The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network: x86_64: ovirt-engine-4.5.5-1.37.el8.noarch.rpm ovirt-engine-backend-4.5.5-1.37.el8.noarch.rpm ovirt-engine-dbscripts-4.5.5-1.37.el8.noarch.rpm ovirt-engine-health-check-bundler-4.5.5-1.37.el8.noarch.rpm ovirt-engine-restapi-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-base-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.5-1.37.el8.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.5-1.37.el8.noarch.rpm ovirt-engine-tools-4.5.5-1.37.el8.noarch.rpm ovirt-engine-tools-backup-4.5.5-1.37.el8.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.5-1.37.el8.noarch.rpm ovirt-engine-webadmin-portal-4.5.5-1.37.el8.noarch.rpm ovirt-engine-websocket-proxy-4.5.5-1.37.el8.noarch.rpm python3-ovirt-engine-lib-4.5.5-1.37.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-4.5.5-1.37.el8.src.rpm Description of changes: [4.5.5-1.37] - Revert patch to install PCP(Perf Co-piolt) during host deployment [4.5.5-1.36] - Fix CPU and memory setting in Create Template [4.5.5-1.35] - Add task to install PCP(Perf Co-piolt) during host deployment From el-errata at oss.oracle.com Fri Mar 14 10:48:19 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 14 Mar 2025 11:48:19 +0100 Subject: [El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20152) Message-ID: <mailman.140.1741949312.33.el-errata@oss.oracle.com> Synopsis: ELSA-2025-20152 can now be patched using Ksplice CVEs: CVE-2024-23307 CVE-2024-47687 CVE-2024-47707 CVE-2024-53124 CVE-2024-53685 CVE-2024-56631 CVE-2024-56672 CVE-2024-57892 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21669 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20152. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20152.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on OL8 and OL9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-23307: Denial-of-service in RAID and LVM driver. Incorrect checks on parameters passed from userspace when using RAID or LVM filesystems could lead to an integer overflow. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47687: Denial-of-service in Mellanox VDPA driver. A missing check when adding a device in the Mellanox VDPA driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 37296163 * CVE-2024-47707: Denial-of-service in Linux INET6 driver. A missing check when closing network interface in the Linux INET6 driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53124: Denial-of-service in IPv6 Networking driver. A missing check when destroying a socket in the IPv6 Networking driver could lead to a memory leak. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53685: Denial-of-service in Ceph distributed file system driver. A logic error when building a dentry path in the Ceph distributed file system driver could lead to an infinite loop. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56631: Privilege escalation in SCSI generic driver. A locking error when releasing data in the SCSI generic driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56672: Privilege escalation in Common Block IO controller. A logic error when using the Common Block IO controller could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-57892: Privilege escalation in OCFS2 file system driver. A logic error when using quota_getnextquota() syscall in the OCFS2 file system driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2025-21631: Privilege escalation in Budget Fair Queueing (BFQ) I/O scheduler. A missing check when using the Budget Fair Queueing (BFQ) I/O scheduler could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2025-21636, CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640: Denial-of-service in The SCTP Protocol driver. A logic error when using the The SCTP Protocol driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21669: Denial-of-service in Virtual Socket protocol driver. A logic error when using the Virtual Socket protocol driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * Denial-of-service in SMB3 and CIFS driver. A locking error when using the SMB3 and CIFS driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 37535421 * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2024-57904, CVE-2024-57906, CVE-2024-57908, CVE-2024-57910, CVE-2024-57911, CVE-2024-57912, CVE-2024-57913, CVE-2024-57925, CVE-2024-57939, CVE-2025-21646, CVE-2025-21697 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Fri Mar 14 17:26:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 14 Mar 2025 10:26:57 -0700 Subject: [El-errata] ELSA-2025-1281 Important: Oracle Linux 7 kernel security update Message-ID: <mailman.145.1741973226.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-1281 http://linux.oracle.com/errata/ELSA-2025-1281.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1160.119.1.0.6.el7.noarch.rpm kernel-debug-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-devel-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-doc-3.10.0-1160.119.1.0.6.el7.noarch.rpm kernel-headers-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-tools-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.119.1.0.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.119.1.0.6.el7.x86_64.rpm perf-3.10.0-1160.119.1.0.6.el7.x86_64.rpm python-perf-3.10.0-1160.119.1.0.6.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//kernel-3.10.0-1160.119.1.0.6.el7.src.rpm Related CVEs: CVE-2024-53104 Description of changes: [3.10.0-1160.119.1.0.6.el7.OL7] - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoit Sevens) {CVE-2024-53104} [Orabug: 37584712] From el-errata at oss.oracle.com Fri Mar 14 17:27:02 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 14 Mar 2025 10:27:02 -0700 Subject: [El-errata] ELBA-2025-20169 Oracle Linux 8 annobin bug fix update Message-ID: <mailman.146.1741973230.33.el-errata@oss.oracle.com> Oracle Linux Bug Fix Advisory ELBA-2025-20169 http://linux.oracle.com/errata/ELBA-2025-20169.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: annobin-11.13-2.0.5.el8.x86_64.rpm annobin-annocheck-11.13-2.0.5.el8.x86_64.rpm annobin-annocheck-11.13-2.0.5.el8.i686.rpm aarch64: annobin-11.13-2.0.5.el8.aarch64.rpm annobin-annocheck-11.13-2.0.5.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//annobin-11.13-2.0.5.el8.src.rpm Description of changes: [11.13-2.0.5] - Rebuild to match latest GCC. Oracle history: From el-errata at oss.oracle.com Fri Mar 14 17:27:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 14 Mar 2025 10:27:04 -0700 Subject: [El-errata] ELSA-2025-2722 Moderate: Oracle Linux 8 krb5 security update Message-ID: <mailman.147.1741973232.33.el-errata@oss.oracle.com> Oracle Linux Security Advisory ELSA-2025-2722 http://linux.oracle.com/errata/ELSA-2025-2722.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: krb5-devel-1.18.2-31.0.1.el8_10.i686.rpm krb5-devel-1.18.2-31.0.1.el8_10.x86_64.rpm krb5-libs-1.18.2-31.0.1.el8_10.i686.rpm krb5-libs-1.18.2-31.0.1.el8_10.x86_64.rpm krb5-pkinit-1.18.2-31.0.1.el8_10.i686.rpm krb5-pkinit-1.18.2-31.0.1.el8_10.x86_64.rpm krb5-server-1.18.2-31.0.1.el8_10.i686.rpm krb5-server-1.18.2-31.0.1.el8_10.x86_64.rpm krb5-server-ldap-1.18.2-31.0.1.el8_10.i686.rpm krb5-server-ldap-1.18.2-31.0.1.el8_10.x86_64.rpm krb5-workstation-1.18.2-31.0.1.el8_10.x86_64.rpm libkadm5-1.18.2-31.0.1.el8_10.i686.rpm libkadm5-1.18.2-31.0.1.el8_10.x86_64.rpm aarch64: krb5-devel-1.18.2-31.0.1.el8_10.aarch64.rpm krb5-libs-1.18.2-31.0.1.el8_10.aarch64.rpm krb5-pkinit-1.18.2-31.0.1.el8_10.aarch64.rpm krb5-server-1.18.2-31.0.1.el8_10.aarch64.rpm krb5-server-ldap-1.18.2-31.0.1.el8_10.aarch64.rpm krb5-workstation-1.18.2-31.0.1.el8_10.aarch64.rpm libkadm5-1.18.2-31.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//krb5-1.18.2-31.0.1.el8_10.src.rpm Related CVEs: CVE-2025-24528 Description of changes: [1.18.2-31.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.18.2-31] - Prevent overflow when calculating ulog block size (CVE-2025-24528) Resolves: RHEL-78248 - kdb5_util: fix DB entry flags on modification Resolves: RHEL-56060