[Oraclevm-errata] OVMSA-2019-0040 Important: Oracle VM 3.4 openssl security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Aug 15 09:07:05 PDT 2019
Oracle VM Security Advisory OVMSA-2019-0040
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
openssl-1.0.1e-58.0.1.el6_10.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/openssl-1.0.1e-58.0.1.el6_10.src.rpm
Description of changes:
[1.0.1e-58.0.1]
- Oracle bug 28730228: backport CVE-2018-0732
- Oracle bug 28758493: backport CVE-2018-0737
- Merge upstream patch to fix CVE-2018-0739
- Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz
- sha256 is used for the RSA pairwise consistency test instead of sha1
[1.0.1e-58]
- fix CVE-2019-1559 - 0-byte record padding oracle
More information about the Oraclevm-errata
mailing list