From oraclevm-errata at oss.oracle.com Tue Sep 1 12:10:18 2015 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Tue, 01 Sep 2015 12:10:18 -0700 Subject: [Oraclevm-errata] OVMSA-2015-0118 Moderate: Oracle VM 3.3 nss-softokn security update Message-ID: <55E5F81A.3070705@oracle.com> Oracle VM Security Advisory OVMSA-2015-0118 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: nss-softokn-3.14.3-23.el6_7.x86_64.rpm nss-softokn-freebl-3.14.3-23.el6_7.i686.rpm nss-softokn-freebl-3.14.3-23.el6_7.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/nss-softokn-3.14.3-23.el6_7.src.rpm Description of changes: [3.14.3-23] - Pick up upstream freebl patch for CVE-2015-2730 - Check for P == Q or P ==-Q before adding P and Q From oraclevm-errata at oss.oracle.com Thu Sep 3 14:08:42 2015 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Thu, 03 Sep 2015 14:08:42 -0700 Subject: [Oraclevm-errata] OVMSA-2015-0119 Important: Oracle VM 3.3 bind security update Message-ID: <55E8B6DA.9060309@oracle.com> Oracle VM Security Advisory OVMSA-2015-0119 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: bind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/bind-9.8.2-0.37.rc1.el6_7.4.src.rpm Description of changes: [32:9.8.2-0.37.rc1.4] - Apply previously not applied patch for CVE-2015-5722 [32:9.8.2-0.37.rc1.3] - Fix CVE-2015-5722 From oraclevm-errata at oss.oracle.com Thu Sep 3 14:08:53 2015 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Thu, 03 Sep 2015 14:08:53 -0700 Subject: [Oraclevm-errata] OVMSA-2015-0120 Important: Oracle VM 3.3 libXfont security update Message-ID: <55E8B6E5.3090705@oracle.com> Oracle VM Security Advisory OVMSA-2015-0120 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: libXfont-1.4.5-5.el6_7.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/libXfont-1.4.5-5.el6_7.src.rpm Description of changes: [1.4.5-5] - CVE-2015-1802: missing range check in bdfReadProperties (bug 1258892) - CVE-2015-1803: crash on invalid read in bdfReadCharacters (bug 1258892) - CVE-2015-1804: out-of-bounds memory access in bdfReadCharacters (bug 1258892) From oraclevm-errata at oss.oracle.com Mon Sep 7 08:45:11 2015 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Mon, 07 Sep 2015 08:45:11 -0700 Subject: [Oraclevm-errata] OVMBA-2015-0121 Oracle VM 3.3 xen bug fix update Message-ID: <55EDB107.4090600@oracle.com> Oracle VM Bug Fix Advisory OVMBA-2015-0121 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: xen-4.3.0-55.el6.47.55.x86_64.rpm xen-tools-4.3.0-55.el6.47.55.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/xen-4.3.0-55.el6.47.55.src.rpm Description of changes: [4.3.0-55.el6.47.55 ] - x86/kexec: fix kexec on systems which boot in x2apic mode Moving straight from fully disabled to x2apic mode is an illegal state transition, and causes an unconditional #GP fault. Bounce through xapic mode to avoid the fault. In addition, avoid bouncing through the various apic modes if the mode is already correct. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Upstream commit 77ffa26374370c1c9805f9596f37a44d412a7fdb Signed-off-by: Zhenzhong Duan [bug 21550791] From oraclevm-errata at oss.oracle.com Wed Sep 16 15:18:59 2015 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Wed, 16 Sep 2015 15:18:59 -0700 Subject: [Oraclevm-errata] OVMSA-2015-0122 Important: Oracle VM 3.3 kernel-uek security update Message-ID: <55F9EAD3.2000507@oracle.com> Oracle VM Security Advisory OVMSA-2015-0122 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-3.8.13-98.2.2.el6uek.x86_64.rpm kernel-uek-firmware-3.8.13-98.2.2.el6uek.noarch.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/kernel-uek-3.8.13-98.2.2.el6uek.src.rpm Description of changes: [3.8.13-98.2.2.el6uek] - sctp: fix ASCONF list handling (Marcelo Ricardo Leitner) [Orabug: 21842668] {CVE-2015-3212} - KEYS: ensure we free the assoc array edit if edit is valid (Colin Ian King) [Orabug: 21842655] {CVE-2015-1333} [3.8.13-98.2.1.el6uek] - Introduce [compat_]save_altstack_ex() to unbreak x86 SMAP (Al Viro) [Orabug: 21549587] - x86, smap: Handle csum_partial_copy_*_user() (H. Peter Anvin) [Orabug: 21549587] - ext4: fix warning in ext4_da_update_reserve_space() (Jan Kara) [Orabug: 21621442] - ext4: remove unused variable in ext4_free_blocks() (Lukas Czerner) [Orabug: 21621442] - quota: provide interface for readding allocated space into reserved space (Jan Kara) [Orabug: 21621442] From oraclevm-errata at oss.oracle.com Wed Sep 30 09:00:24 2015 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Wed, 30 Sep 2015 09:00:24 -0700 Subject: [Oraclevm-errata] OVMSA-2015-0123 Important: Oracle VM 3.3 openldap security update Message-ID: <560C0718.2050509@oracle.com> Oracle VM Security Advisory OVMSA-2015-0123 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: openldap-2.4.40-6.el6_7.x86_64.rpm openldap-clients-2.4.40-6.el6_7.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/openldap-2.4.40-6.el6_7.src.rpm Description of changes: [2.4.40-6] - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171) [2.4.40-5] - fix: nslcd segfaults due to incorrect mutex initialization (#1144294) [2.4.40-4] - fix: Updating openldap deletes database if slapd.conf is used (#1193519) [2.4.40-3] - fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696) [2.4.40-2] - fix: bring back accidentaly removed patch (#1147983) [2.4.40-1] - rebase to 2.4.40 (#1147983) [2.4.39-11] - fix: make /etc/openldap/check_password.conf readable by ldap (#1155390) [2.4.39-10] - revert previous patch (#1172296) - fix: crash in ldap_domain2hostlist when processing SRV record (#1164369) - support TLS 1.1 and later (#1160467) - enhancement: add ppolicy-check-password (#1155390) [2.4.39-9] - fix: prevent freed memory reuse (#1172296) [2.4.39-8] - fix: provide a shim libldif.so (#1110382) [2.4.39-7] - fix: remove correct tmp file when generating server cert (#1102083) [2.4.39-6] - remove unapplied patches [2.4.39-5] - fix: TLS_REQCERT documentation in client manpage (#1027796) [2.4.39-4] - review %configure and remove nonexistent options [2.4.39-3] - add another missing patch forgotten during the rebase - fix: enable dynamic linking - unresolved symbols in the smbk5pwd module [2.4.39-2] - add missing patches that were removed by mistake during the rebase [2.4.39-1] - rebase to 2.4.39 (#923680) + drop a lot of upstreamed patches, backport the rest + compile in mdb + remove automatic slapd.conf -> slapd-config conversion [2.4.23-35] - fix: segfault on certain queries with rwm overlay (#1003038) [2.4.23-34] - fix: deadlock during SSL_ForceHandshake (#996373) + revert nss-handshake-threadsafe.patch