• Home
  • Et Cetera

Infosecurity.US

Oracle Releases Multiple Enterprise Linux Security Advisories

By Marc Handelman on March 20th, 2009

Ora_TUX

Late yesterday, Oracle Corporation (NasdaqGS: ORCL)  announced the release of multiple security updates for it’s Enterprise Linux [OEL] distribution [a variant of the Red Hat Inc. (NYSE: RHT) Enterprise Linux distribution]. The full text of each update, including links, MITRE CVE data, et cetera, appears after the jump.

Enterprise Linux Security Advisory ELSA-2009-0341
https://rhn.redhat.com/errata/RHSA-2009-0341.html
The following updated rpms for Enterprise Linux 3 have been uploaded to the Unbreakable Linux Network:
i386:
curl-7.10.6-9.rhel3.i386.rpm
curl-devel-7.10.6-9.rhel3.

i386.rpm

x86_64:
curl-7.10.6-9.rhel3.i386.rpm
curl-7.10.6-9.rhel3.x86_64.rpm
curl-devel-7.10.6-9.rhel3.x86_64.rpm

SRPMS:
http://oss.oracle.com/el3/SRPMS-updates/curl-7.10.6-9.rhel3.src.rpm

Description of changes:
[7.10.6-9.rhel3]
- fix CVE-2009-0037
Resolves: #485286

—
Enterprise Linux Security Advisory ELSA-2009-0345

https://rhn.redhat.com/errata/RHSA-2009-0345.html

The following updated rpms for Enterprise Linux 3 have been uploaded to the Unbreakable Linux Network:

i386:
ghostscript-7.05-32.1.17.i386.

rpm
ghostscript-devel-7.05-32.1.17.i386.rpm
hpijs-1.3-32.1.17.i386.rpm

x86_64:
ghostscript-7.05-32.1.17.i386.rpm
ghostscript-7.05-32.1.17.x86_64.rpm
ghostscript-devel-7.05-32.1.17.x86_64.rpm
hpijs-1.3-32.1.17.x86_64.rpm

SRPMS:
http://oss.oracle.com/el3/SRPMS-updates/ghostscript-7.05-32.1.17.src.rpm

Description of changes:

[7.05-32.1.17]
- Avoid dividing by zero while checking for integer overflows.

[7.05-32.1.14]
- Applied patch to fix CVE-2009-0583 (bug #487742) and
CVE-2009-0584 (bug #487744).

—
Enterprise Linux Security Advisory ELSA-2009-0341

https://rhn.redhat.com/errata/RHSA-2009-0341.html

The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network:

i386:
curl-7.12.1-11.1.el4_7.1.i386.

rpm
curl-devel-7.12.1-11.1.el4_7.1.i386.rpm

x86_64:
curl-7.12.1-11.1.el4_7.1.i386.rpm
curl-7.12.1-11.1.el4_7.1.x86_64.rpm
curl-devel-7.12.1-11.1.el4_7.1.x86_64.rpm

ia64:
curl-7.12.1-11.1.el4_7.1.i386.rpm
curl-7.12.1-11.1.el4_7.1.ia64.rpm
curl-devel-7.12.1-11.1.el4_7.1.ia64.rpm

SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/curl-7.12.1-11.1.el4_7.1.src.rpm

Description of changes:

[7.12.1-11.1.el4_7.1]
- fix CVE-2009-0037
Resolves: #485287

—
Enterprise Linux Security Advisory ELSA-2009-0345

https://rhn.redhat.com/errata/RHSA-2009-0345.html

The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network:

i386:
ghostscript-7.07-33.2.el4_7.5.

i386.rpm
ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm
ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm

x86_64:
ghostscript-7.07-33.2.el4_7.5.i386.rpm
ghostscript-7.07-33.2.el4_7.5.x86_64.rpm
ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm
ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm

ia64:
ghostscript-7.07-33.2.el4_7.5.i386.rpm
ghostscript-7.07-33.2.el4_7.5.ia64.rpm
ghostscript-devel-7.07-33.2.el4_7.5.ia64.rpm
ghostscript-gtk-7.07-33.2.el4_7.5.ia64.rpm

SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/ghostscript-7.07-33.2.el4_7.5.src.rpm

Description of changes:

[7.07-33.2:.5]
- Avoid dividing by zero while checking for integer overflows.

[7.07_33.2:.2]
- Applied patch to fix CVE-2009-0583 (bug #487742) and
CVE-2009-0584 (bug #487744).

—
Enterprise Linux Security Advisory ELSA-2009-0339

https://rhn.redhat.com/errata/RHSA-2009-0339.html

The following updated rpms for Enterprise Linux 5 have been uploaded to the Unbreakable Linux Network:

i386:
lcms-1.18-0.1.beta1.el5_3.2.

i386.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm
python-lcms-1.18-0.1.beta1.el5_3.2.i386.rpm

x86_64:
lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.x86_64.rpm
python-lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/lcms-1.18-0.1.beta1.el5_3.2.src.rpm

Description of changes:

[1.18-beta1.1.el5_3.2]
- Add patch theoretically preventing division by zero

[1.18-beta1.1.el5_3.1]
- Rebase to upstream 1.18beta1
- CVE-2009-0581 LittleCms memory leak
- CVE-2009-0723 LittleCms integer overflow
- CVE-2009-0733 LittleCms lack of upper-bounds check on sizes
- Resolves: #487513

—
Enterprise Linux Security Advisory ELSA-2009-0341

https://rhn.redhat.com/errata/RHSA-2009-0341.html

The following updated rpms for Enterprise Linux 5 have been uploaded to the Unbreakable Linux Network:

i386:
curl-7.15.5-2.1.el5_3.4.i386.

rpm
curl-devel-7.15.5-2.1.el5_3.4.i386.rpm

x86_64:
curl-7.15.5-2.1.el5_3.4.i386.rpm
curl-7.15.5-2.1.el5_3.4.x86_64.rpm
curl-devel-7.15.5-2.1.el5_3.4.i386.rpm
curl-devel-7.15.5-2.1.el5_3.4.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/curl-7.15.5-2.1.el5_3.4.src.rpm

Description of changes:

[7.15.5-2.1.el5_3.4]
- another correction of the patch for CVE-2009-0037

[7.15.5-2.1.el5_3.3]
- forwardport one hunk from upstream curl-7.15.1
Related: #485290

[7.15.5-2.1.el5_3.2]
- fix hunk applied to wrong place due to nonzero patch fuzz
Related: #485289

[7.15.5-2.1.el5_3.1]
- fix CVE-2009-0037

—
Enterprise Linux Security Advisory ELSA-2009-0345

https://rhn.redhat.com/errata/RHSA-2009-0345.html

The following updated rpms for Enterprise Linux 5 have been uploaded to the Unbreakable Linux Network:

i386:
ghostscript-8.15.2-9.4.el5_3.

4.i386.rpm
ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-gtk-8.15.2-9.4.el5_3.4.i386.rpm

x86_64:
ghostscript-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-8.15.2-9.4.el5_3.4.x86_64.rpm
ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-devel-8.15.2-9.4.el5_3.4.x86_64.rpm
ghostscript-gtk-8.15.2-9.4.el5_3.4.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/ghostscript-8.15.2-9.4.el5_3.4.src.rpm

Description of changes:

[8.15.2-9.4:.4]
- Avoid dividing by zero while checking for integer overflows.

[8.15.2-9.4:.1]
- Applied patch to fix CVE-2009-0583 (bug #487742) and
CVE-2009-0584 (bug #487744).

—
Enterprise Linux Security Advisory ELSA-2009-0382

https://rhn.redhat.com/errata/RHSA-2009-0382.html

The following updated rpms for Enterprise Linux 5 have been uploaded to the Unbreakable Linux Network:

i386:
libvirt-0.3.3-14.0.1.el5_3.1.

i386.rpm
libvirt-devel-0.3.3-14.0.1.el5_3.1.i386.rpm
libvirt-python-0.3.3-14.0.1.el5_3.1.i386.rpm

x86_64:
libvirt-0.3.3-14.0.1.el5_3.1.i386.rpm
libvirt-0.3.3-14.0.1.el5_3.1.x86_64.rpm
libvirt-devel-0.3.3-14.0.1.el5_3.1.i386.rpm
libvirt-devel-0.3.3-14.0.1.el5_3.1.x86_64.rpm
libvirt-python-0.3.3-14.0.1.el5_3.1.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/libvirt-0.3.3-14.0.1.el5_3.1.src.rpm

Description of changes:

[0.3.3-14.0.1.el5_3.1]
- Replaced docs/redhat.gif in tarball

[0.3.3-14.el5_3.1]
- Add missing readonly checks for APIs (CVE-2008-5086)
- Add missing buf check in proxy daemon (CVE-2009-0036)

—

Enterprise Linux Bug Fix Advisory ELBA-2009-0381

https://rhn.redhat.com/errata/RHBA-2009-0381.html

The following updated rpms for Enterprise Linux 5 have been uploaded to the Unbreakable Linux Network:

i386:
luci-0.12.1-7.3.0.1.el5_3.

i386.rpm
ricci-0.12.1-7.3.0.1.el5_3.i386.rpm

x86_64:
luci-0.12.1-7.3.0.1.el5_3.x86_64.rpm
ricci-0.12.1-7.3.0.1.el5_3.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/conga-0.12.1-7.3.0.1.el5_3.src.rpm

Description of changes:

[0.12.1-7.3.0.1.el5_3]
- Added conga-enterprise-Carthage.patch to support OEL5
- Added conga-enterprise.patch
- Recreated Data.fs  in tarball
- Replaced redhat logo image in tarbll

[0.12.1-7.3]
- Fix bz483591 (RHEL 5.3 adding resource in conga doesn’t work in IE)

—
  • Oracle fancying an ‘Unbreakable Salesforce.com’? (news.cnet.com)
  • Five Best Linux Distributions (lifehacker.com)
  • Oracle’s Unbreakable Linux not denting Red Hat (news.cnet.com)
  • Choosing the right distribution will ease your migration (ghacks.net)
  • Red Hat to help liberate Oracle ‘hostages’ (theregister.co.uk)
  • Ubuntu will target cloud computing with October release (infoworld.com)
  • Red Hat releases Enterprise Linux 5.3 (vnunet.com)
  • Red Hat and Microsoft ink virt interoperability deal (theregister.co.uk)
  • Red Hat invests in open-source BI vendor JasperSoft (infoworld.com)
Reblog this post [with Zemanta]

Categories: LINUX, Linux Security, Operating System Security, Oracle Enterprise Linux, Oracle Linux
Tags: Features, Oracle Enterprise Linux, Oracle Linux Security

Related Headlines

    Related posts:

    1. Oracle Issues Enterprise Linux Security Advisories
    2. Oracle: Multiple Linux Security Updates Released
    3. Oracle Unleashes Late-In-Week Enterprise Linux Updates
    4. Oracle Announces Multiple Enterprise Linux Updates, Bug Fix
    5. Oracle Issues Multiple Linux Security Advisories, Patches

Comments are closed.

« Microsoft Releases Internet Explorer 8 Dinosaur Comics: Plans »
  • Latest
  • Random
  • Bookmarks
  • Archives
  • Steve Benson: Persian Lights…
  • New, Pernicious BotNet Emerges
  • VMWare Announces ESX Console Security Update
  • Nick Anderson: Egg
  • Doppelgänger Infinitus
  • Robert Ariall: Iran For Cover
  • Data Leakage Wednesdays: Old Printer Vector
  • XKCD: Exoplanets
  • Apple Releases Magic Footpad, Raises Ante On Bipedal Computer Controls
  • Science Tuesday: Asteroidal Discoveries Mapped, 01980 – 02010
  • Luckovich: Cash For Clunkers
  • Nick Anderson: Oiled Tuna
  • Adobe Announces Potential Vulnerabilities in PageMaker
  • OWASP Announces September USA Conference
  • Google’s Picasa Abused By Spammers
  • Black Hat Interviews Dan Kaminsky
  • Microsoft: Rise in SQL Injection Attacks
  • QA? We Don’t Need No Stinkin’ QA: Third Major AVG Flaw Revealed
  • XKCD Archive: Security Holes
  • XKCD: The Search
  • Apple
  • BSD
  • Closson
  • Darknet
  • Debian
  • Finnigan
  • ha.ckers
  • Hoff
  • Insecure
  • Krebs
  • Layer8
  • MSRC
  • Network Security Blog
  • NSA SEL
  • openSUSE
  • RedHat
  • SANS
  • Schneier
  • Security Eunoia
  • Securosis
  • Shimel
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
Subscribe

Featured Blog - Blogs.com SANS Security Reading Room KnotOriginal: fine art to hang on your body and walls Member - Security Bloggers Network

Dilbert

KnotOriginal

Featured Video

QOTD

RSS Security Bloggers Network

  • Two Wheel EV Recumbant: Zerotracer 2010/09/02 Davi Ottenheimer
  • Ben Franklin’s Endpoint Security Advice 2010/09/02 Jeff Hughes
  • Configuring Conditional SSH Connections 2010/09/02 Xavier
  • Truecrypt and USB drives 2010/09/02 always peace
  • LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs 2010/09/02 Andrew Hay
  • Safe Web Surfing Rule # 1: READ the URL 2010/09/02 Tom Kelchner
  • Heartland Set To Pay Discover $5M For 2008 Data Breach 2010/09/02 spinman
  • User’s Opinions on Malware Infections 2010/09/02 spinman
  • Acunetix Web Vulnerability Scanner 7 Released 2010/09/02 spinman
  • LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs 2010/09/02 Anton Chuvakin

RSS Cryptography

  • Monitor: Schrodinger's cat and mouse 2010/09/02
  • How to configure a Junos security device 2010/09/02
  • Net Effect: Hay-what? 2010/09/02
  • The Art of Proof 2010/09/02
  • Quantum crypto cracked, researchers say 2010/09/01

RSS SANS ISC

  • Microsoft EMETv2 released, (Thu, Sep 2nd) 2010/09/02
  • SDF, please!, (Thu, Sep 2nd) 2010/09/02
  • Month of Undisclosed 0-day Bugs, (Wed, Sep 1st) 2010/09/01
  • Microsoft issues updates to sysinternals ProcDump and Process Monitor: http://blogs.technet.com/b/sysinternals/archive/2010/08/30/updates-procdump-process-monitor-and-a-new-mark-s-blog-post.aspx, (Wed, Sep 1st) 2010/09/01
  • VMWARE releases 2 security advisories for ESX Service Console: http://lists.vmware.com/pipermail/security-announce/2010/000103.html and http://lists.vmware.com/pipermail/security-announce/2010/000104.html, (Wed, Sep 1st) 2010/09/01

RSS Oracle

  • Going to Oracle OpenWorld 2010? 2010/09/02
  • Automatic Time Zone support in Application Express 4.0 2010/09/02
  • EBS, Collaborate, Security, BPEL, OWB, Blog of Note, Hyperion, EPM, Burnout, WiFi 2010/09/02
  • Details of Tuxedo sessions at OOW 2010/09/02
  • JavaOne Preview on TechCast Live! (Tues., Sept. 7, 10am PT) 2010/09/02
  • links for 2010-09-02 2010/09/02
  • Join us for a Bersin & Associates Webcast - "Evolution of ERPs: Driving Business Value through Integrated Talent Management" 2010/09/02

RSS MySQL

  • Join MySQL at OSCON 2010/07/02
  • TechCast Live: Jono Bacon and Luke Kowalski on MySQL Community 2010/05/21
  • What's New in the MySQL Enterprise Spring 2010 Release? - Interview with Mark Matthews and Andy Bang 2010/05/17
  • Introduction to MySQL 5.5 2010/04/13
  • Why Should I Check Out a MySQL-Based Column Database ? 2010/02/12
  • A deep look at MySQL 5.5 partitioning enhancements 2009/12/24
  • Sun "Tech Days" Conference World Tour Kicks Off in Brazil 2009/12/07

RSS Linux

  • A Guide to Today's Top 10 Linux Distributions - NetworkWorld.com 2010/09/02
  • Embedded Linux Conference videos available - LWN.net 2010/09/02
  • Net Applications' iOS vs Linux Report Confuses Me - Muktware (blog) 2010/09/02
  • Cloudlinux Named Editor's Choice By Web Host Magazine & Buyer's Guide - PR Urgent 2010/09/02
  • Samsung's 3D TV remote let's you take the screen with you - Geek.com 2010/09/02

RSS MAC OSX

  • Samsung Reveals Half-Pint iPad, The Galaxy Tab 2010/09/02 Eli Milchman
  • Daily Deals: New nano, touch and Apple TV 2010/09/02 Ed Sutherland
  • iPhone 4 Coffee Table Gets You Better Reception Than iPod Table? 2010/09/02 Nicole Martinelli
  • Walkman Outsells iPods in Japan, Can Wristwatch Nano Change That? 2010/09/02 Nicole Martinelli
  • Amazon: Buy – Don’t Rent – 99-Cent Fox, ABC TV Episodes 2010/09/02 Ed Sutherland
  • Analyst: New Apple TV Rival for Cable’s Video-on-Demand 2010/09/02 Ed Sutherland
  • iTunes Ping And Facebook: What’s Going On? 2010/09/02 Giles Turnbull

RSS Microsoft

  • Update on Security Advisory 2269637 2010/08/31 MSRCTEAM
  • Microsoft Security Advisory 2269637 Released 2010/08/22 MSRCTEAM
  • August 2010 Webcast and QA 2010/08/12 MSRCTEAM
  • Update on the publicly disclosed Win32k.sys EoP Vulnerability 2010/08/10 MSRCTEAM
  • August 2010 Security Bulletin Release 2010/08/10 MSRCTEAM
  • August 2010 Bulletin Release Advance Notification 2010/08/05 MSRCTEAM
  • August 2010 Out-of-Band Security Release Webcast Q&A 2010/08/03 MSRCTEAM

RSS Network

  • How to get started with a blade system 2010/09/02
  • Opsview Community Edition review 2010/09/02
  • Cacti review 2010/09/02
  • Brocade adds 100G Ethernet to switch and router line 2010/09/02
  • Is Cisco making a play for Skype? 2010/08/31
  • Skype launches Skype Connect enterprise voice calling 2010/08/31
  • Sonos ZonePlayer S5 review 2010/08/25

Daily Posts

September 2010
S M T W T F S
« Aug    
 1234
567891011
12131415161718
19202122232425
2627282930  
Creative Commons License
The Infosecurity.US Blog is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Find the best blogs at Blogs.com.

Creative Commons Attribution-Share Alike 3.0 U.S. License ©2010 Infosecurity.US

Subscribe