[Oraclevm-errata] OVMSA-2014-0083 Important: Oracle VM 3.3 rpm security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Dec 10 18:15:59 PST 2014

Oracle VM Security Advisory OVMSA-2014-0083

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Fix race condidition where unchecked data is exposed in the file system

- Fix thinko in the non-root python byte-compilation fix

- Byte-compile versioned python libdirs in non-root prefix too (#868332)

- Fix segfault on rpmdb addition when header unload fails (#706935)

- Add a compat mode for enabling legacy rpm scriptlet error behavior 

- Fix build-time double-free on file capability processing (#904818)
- Fix include-directive getting processed on false branch (#920190)

- Bring back --fileid in the man page with description of the id

- Fix missing error on --import on bogus key file (#869667)

- Add DWARF 4 support to debugedit (#858731)
- Add better error handling to patch for bug

- Fix memory corruption on multikey PGP packets/armors (#829621)

- Handle identical binaries for debug-info (#727872)
- Fix typos in Japanese rpm man page (#845065)
- Document -D and -E options in man page (#845063)
- Add --setperms and --setuids to the man page (#839126)
- Update man page that SHA256 is also used for file digest (#804049)
- Remove --fileid from man page to get rid of md5
- Remove -s from patch calls (#773503)
- Force _host_vendor to redhat to better match toolchain (#743229)
- Backport reloadConfig for Python API (#825147)
- Support for dpkg-style sorting of tilde in version/release (#825087)
- Fix explicit directory %attr() when %defattr() is active (#730473)
- Don't load keyring if signature checking is disabled (#664696)
- Retry read() to fix rpm2cpio with pipe as stdin (#802839)

More information about the Oraclevm-errata mailing list