[Oraclevm-errata] OVMSA-2016-0077 Oracle VM 3.2 rpm security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:10:20 PDT 2016


Oracle VM Security Advisory OVMSA-2016-0077

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
popt-1.10.2.3-36.0.1.el5_11.x86_64.rpm
rpm-4.4.2.3-36.0.1.el5_11.x86_64.rpm
rpm-libs-4.4.2.3-36.0.1.el5_11.x86_64.rpm
rpm-python-4.4.2.3-36.0.1.el5_11.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/rpm-4.4.2.3-36.0.1.el5_11.src.rpm



Description of changes:

[4.4.2.3-36.0.1]
- Add missing files in /usr/share/doc/

[4.8.0-36]
- Fix warning when applying the patch for #1163057

[4.8.0-35]
- Fix race condidition where unchecked data is exposed in the file system
   (CVE-2013-6435)(#1163057)

[4.4.2.3-34]
- Fix segfault on rpmdb addition when header unload fails (#706935)
- Fix segfault on invalid OpenPGP packet (#743203)

[4.4.2.3-33]
- Account for excludes and hardlinks wrt payload max size (#716853)
- Fix payload size tag generation on big-endian systems (#648516)

[4.4.2.3-32]
- Track all install failures within a transaction (#671194)

[4.4.2.3-31]
- fix changelog (bug #707677 is actually #808547)

[4.4.2.3-30]
- Document -D and -E options in man page (#814602)
- Require matching arch for freshen on colored transactions (#813282)

[4.4.2.3-29]
- Add DWARF 3 and 4 support to debugedit (#808547)
- No longer add \n to group tag in Python bindings (#783451)
- Fix typos in Japanese rpm man page (#760552)
- Bump Geode compatibility up to i686 (#620570)

[4.4.2.3-28]
- Proper region tag validation on package/header read (CVE-2012-0060)
- Double-check region size against header size (CVE-2012-0061)
- Validate negated offsets too in headerVerifyInfo() (CVE-2012-0815)

[4.4.2.3-27]
- Revert fix for #740291, too many packages rely on the broken behavior

[4.4.2.3-26]
- Add support for XZ-compressed sources and patches to rpmbuild (#620674)
- Avoid unnecessary assert-death when closing NULL fd (#573043)
- Add scriptlet error notification callbacks (#533831)

[4.4.2.3-25]
- Honor --noscripts for pre- and posttrans scriptlets too (#740345)
- Avoid bogus error on printing empty ds from python (#628883)
- File conflicts correctness & consistency fixes (#740291)
- Create the directory used for transaction lock if necessary (#510469)
- Only enforce default umask during transaction (#673821)

[4.4.2.3-24]
- fix thinko in the CVE backport

[4.4.2.3-23]
- fix CVE-2011-3378 (#742157)

[4.4.2.3-22]
- accept windows cr/lf line endings in gpg keys (#530212)

[4.4.2.3-21]
- Backport multilib ordering fixes from rpm 4.8.x (#641892)




More information about the Oraclevm-errata mailing list