From oraclevm-errata at oss.oracle.com Thu Jul 11 07:17:59 2019 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Thu, 11 Jul 2019 07:17:59 -0700 Subject: [Oraclevm-errata] OVMSA-2019-0034 Important: Oracle VM 3.4 dbus security update Message-ID: <3fce694c-47c7-0103-7106-05c82c9f2566@oracle.com> Oracle VM Security Advisory OVMSA-2019-0034 The following updated rpms for Oracle VM 3.4 have been uploaded to the Unbreakable Linux Network: x86_64: dbus-1.2.24-11.0.1.el6_10.x86_64.rpm dbus-libs-1.2.24-11.0.1.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/dbus-1.2.24-11.0.1.el6_10.src.rpm Description of changes: [1:1.2.24-11.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.2.24-11] - Apply patch for CVE-2019-12749 (#1725574) [1:1.2.24-10] - Fix CVE-2019-12749 (#1725574) [1:1.2.24-9] - Add dbus-run-session (#1268972) From oraclevm-errata at oss.oracle.com Thu Jul 11 07:18:16 2019 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Thu, 11 Jul 2019 07:18:16 -0700 Subject: [Oraclevm-errata] OVMSA-2019-0034 Important: Oracle VM 3.3 dbus security update Message-ID: Oracle VM Security Advisory OVMSA-2019-0034 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network: x86_64: dbus-1.2.24-11.0.1.el6_10.x86_64.rpm dbus-libs-1.2.24-11.0.1.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/dbus-1.2.24-11.0.1.el6_10.src.rpm Description of changes: [1:1.2.24-11.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.2.24-11] - Apply patch for CVE-2019-12749 (#1725574) [1:1.2.24-10] - Fix CVE-2019-12749 (#1725574) [1:1.2.24-9] - Add dbus-run-session (#1268972) [1:1.2.24-8] - Fix fd leak in _dbus_command_for_pid (#1118456) From oraclevm-errata at oss.oracle.com Thu Jul 11 08:31:14 2019 From: oraclevm-errata at oss.oracle.com (Errata Announcements for Oracle VM) Date: Thu, 11 Jul 2019 08:31:14 -0700 Subject: [Oraclevm-errata] OVMSA-2019-0035 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update Message-ID: <53d59935-db83-2cc2-ecc2-cd9175872eb2@oracle.com> Oracle VM Security Advisory OVMSA-2019-0035 The following updated rpms for Oracle VM 3.4 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-4.1.12-124.28.6.el6uek.x86_64.rpm kernel-uek-firmware-4.1.12-124.28.6.el6uek.noarch.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-124.28.6.el6uek.src.rpm Description of changes: [4.1.12-124.28.6.el6uek] - scsi: libfc: Fixup disc_mutex handling in fcoe module (Hannes Reinecke) [Orabug: 29511036] - scsi: libfc: sanitize E_D_TOV and R_A_TOV setting in fcp (Hannes Reinecke) [Orabug: 29511036] - sysctl: Fix kabi breakage (Shuning Zhang) [Orabug: 29689925] - proc: Fix proc_sys_prune_dcache to hold a sb reference (Eric W. Biederman) [Orabug: 29689925] - proc/sysctl: Don't grab i_lock under sysctl_lock. (Eric W. Biederman) [Orabug: 29689925] - proc/sysctl: prune stale dentries during unregistering (Konstantin Khlebnikov) [Orabug: 29689925] - scsi: smartpqi: correct lun reset issues (Kevin Barnett) [Orabug: 29848621] - fork: record start_time late (David Herrmann) [Orabug: 29850581] {CVE-2019-6133} - mm: avoid taking zone lock in pagetypeinfo_showmixed() (Vinayak Menon) [Orabug: 29905302] - x86/retpoline/ia32entry: Convert to non-speculative calls (Ankur Arora) [Orabug: 29909295] {CVE-2017-5715} - tun: call dev_get_valid_name() before register_netdevice() (Cong Wang) [Orabug: 29925555] {CVE-2018-7191} - mm/madvise.c: fix madvise() infinite loop under special circumstances (chenjie) [Orabug: 29925610] {CVE-2017-18208}