[Oraclevm-errata] OVMSA-2016-0078 Oracle VM 3.2 sos security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:10:57 PDT 2016

Oracle VM Security Advisory OVMSA-2016-0078

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- add patch to remove all sysrq echo commands from sysreport.legacy
   (John Sobecki) [orabug 11061754]
- comment out rh-upload-core and README.rh-upload-core in specfile

- Strip passwords from grub.conf and /etc/fstab
   Resolves: bz1107751
- Limit the default set of logs collected for directory server
   Resolves: bz1086736

- Set global{locking_type=0} when calling lvm2 commands
   Resolves: bz916937

- Force LC_ALL=C for external commands
   Resolves: bz1099520

- Do not verify cluster.conf for each mounted gfs2 file system
   Resolves: bz1098793
- Fix insecure temporary files usage in gfs2 plugin
   Resolves: bz1099151
- Suppress libxml2 debug output in gfs2 plugin
   Resolves: bz1098793

- Use PATH when calling the klist command
   Resolves: bz1029017

- Add SSSD plugin to collect configuration and logs
   Resolves: bz1018407
- Update sos UI text to match later releases
   Resolves: bz1065468

- Free libxml2 bindings in cluster plugin
   Resolves: bz773350
- Suppress libxml2 debug output in cluster plugin
   Resolves: bz782588
- Update URLs in README and RPM metadata
   Resolves: bz783423
- Collect mcelog in hardware plugin
   Resolves: bz810701
- Add brctl show and brctl showstp output to networking
   Resolves: bz833406
- Fix installed-rpms formatting for long package names
   Resolves: bz978444
- Make ethernet interface detection more robust
   Resolves: bz980177
- Do not collect kerberos keytab files
   Resolves: bz1029017

- Restrict wbinfo to local domain in samba plug-in
   Resolves: bz986975

- Collect /etc/yaboot.conf in bootloader module
   Resolves: bz977187
- Sanitize hostname when constructing tar archive names
   Resolves: bz976242

- Remove anaconda-ks.cfg collection from general plug-in
   Resolves: bz857304

- Check that the up2date hardware script exists before running it
   Resolves: bz782218
- Ignore empty globs passed to addCopySpecLimit
   Resolves: bz782247
- Collect /proc/iomem in the hardware module
   Resolves: bz840981
- Elide passwords in anaconda-ks.cfg and yum.repos.d
   Resolves: bz857304
- Fix collection of SELinux data when disabled
   Resolves: bz868008
- Handle ENOSPC more gracefully
   Resolves: bz891155
- Limit size of default sar log file collection
   Resolves: bz891155
- Do not collect archived process accounting files by default
   Resolves: bz906071
- Collect /etc/modprobe.d in kernel plug-in
   Resolves: bz958346
- Collect /etc/idmapd.conf for NFS clients and servers
   Resolves: bz907876

- Always log plugin exceptions that are not raised to the interpreter
   Resolves: bz717480
- Ensure relative symlink targets are correctly handled when copying
   Resolves: bz717962
- Correctly handle libxml2 parser exceptions when reading cluster.conf
   Resolves: bz750573
- Update Red Hat Certificate System plugin for current versions
   Resolves: bz627416

- Make single threaded operation default and add --multithread to override
   Resolves: bz708346
- Support multiple possible locations of VRTSexplorer script
   Resolves: bz565996
- Collect wallaby dump and inventory information in mrggrid plugin
   Resolves: bz641020

- Add ethtool pause, coalesce and ring (-a, -c, -g) options to network 
   Resolves: bz726421
- Update MRG grid plugin to collect additional logs and configuration
   Resolves: bz641020

- Fix collection of symlink destinations when copying directory trees
   Resolves: bz717962
- Allow plugins to specify non-root symlinks for collected command output
   Resolves: bz716987
- Ensure custom rsyslog destinations are captured and log size limits 
   Resolves: bz717167

- Add basic plugin for Veritas products
   Resolves: bz565996
- Do not collect subscription manager keys in general plugin
   Resolves: bz750606
- Fix gfs2 plugin use of callExtProg API
   Resolves: bz667783

- Fix exceptions and file naming in gfs2 plugin
   Resolves: bz667783

- Fix translation for fr locale
   Resolves: bz641020

- Add basic Infiniband plugin
   Resolves: bz673246
- Add plugin for scsi-target-utils iSCSI target
   Resolves: bz677123
- Fix handling of TMP environment variable
   Resolves: bz733133
- Correctly determine kernel version in cluster plugin
   Resolves: bz742567
- Add libvirt plugin
   Resolves: bz568635
- Add gfs2 plugin to supplement cluster data collection
   Resolves: bz667783

- Add support for collecting Red Hat Subscrition Manager configuration
   Resolves: bz714296

- Fix rhelVersion() and convert all in-tree users to use it
   Resolves: bz710567

- Add support for --tmp-dir command line option
   Resolves: bz562283

- Add support for collecting entitlement certificates
   Resolves: bz678666
- Collect non-standard syslog and rsyslog log files
   Resolves: bz596970
- Fix up2dateclient path in hardware plugin
   Resolves: bz572353
- Add plugin to collect rsyslog configuration
   Resolves: bz548616
- Collect /etc/sysconfig/selinux in SELinux plugin
   Resolves: bz674717
- Fix parted and dumpe2fs output on s390
   Resolves: bz645507
- Truncate files that exceed specified size limit
   Resolves: bz636472

- Update cluster plugin for group_tool and lockdump changes
   Resolves: bz584060
- Fix satellite and proxy package detection in rhn plugin
   Resolves: bz590389
- Add plugin to collect certificate system and pki data
   Resolves: bz635966

More information about the Oraclevm-errata mailing list