[Oraclevm-errata] OVMSA-2016-0011 Moderate: Oracle VM 3.3 sos security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Feb 10 08:34:44 PST 2016 

Oracle VM Security Advisory OVMSA-2016-0011

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
sos-3.2-28.0.1.el6_7.2.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/sos-3.2-28.0.1.el6_7.2.src.rpm



Description of changes:

[3.2-28.0.1.2]
- Add vendor, vendor URL info for Oracle Linux [orabug 17656507] 
(joe.jin at oracle.com)
- Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272] 
(joe.jin at oracle.com)
- Check oraclelinux-release instead of redhat-release to get OS version 
(John Haxby) [bug 11681869] (joe.jin at oracle.com)
- Remove RH ftp URL and support email (joe.jin at oracle.com)
- add sos-oracle-enterprise.patch (joe.jin at oracle.com)
- Add smartmon plugin (John Haxby) [orabug 17995005] (joe.jin at oracle.com)

[3.2-28.el6_7.2]
- [sosreport] Report correct final path with --build
   Related: bz1290953

[3.2-28.el6_7.1]
- [hpasm] Add timeout.
   Resolves: bz1291828

[3.2-28.el6_7]
- [sosreport] Prepare report in a private subdirectory
   Resolves: bz1290953

[3.2-28]
- [ovirt] Collect engine tuneables and domain information.
   Resolves: bz1234226

[3.2-27]
- [networking] nmcli status is obtained from the output
   Resolves: bz1206661

[3.2-26]
- [cluster] Scrub password from crm_report data.
   Resolves: bz1206581
- [networking] Use the correct options for nmcli.
   Resolves: bz1206661

[3.2-25]
- [mysql] Collect log file by default.
   Resolves: bz1209442

[3.2-24]
- [openshift] Scrub passwords from plugin config files.
   Resolves: bz1203330

[3.2-23]
- [tuned] Collect additional configurations files and profiles.
   Resolves: bz1174186

[3.2-22]
- [networking] Fix "ip addr" collection.
   Resolves: bz1209455

[3.2-21]
- [networking] test nmcli status before using output
   Resolves: bz1206661

[3.2-20]
- [openshift] Scrub passwords from config files.
   Resolves: bz1203330

[3.2-19]
- [cluster] Ensure cluster sets 'make' to False when calling 
get_cmd_output_path().
   Resolves: bz1190723

[3.2-18]
- [openshift] Collect additional config files.
   Resolves: bz1166874
- [activemq] Honour all_logs and get config on RHEL.
   Resolves: bz1165878

[3.2-17]
- [policy/redhat] use /tmp as default temporary directory
- [global] remove dependency on python-six
   Resolves: bz1144525

[3.2-16]
- [cluster] Added package luci and fix lockdumps capturing.
   Resolves: bz1171186
- [puppet] Adding new plugin for puppet
   Resolves: bz1172880
- [block] parted will use sector units instead of human units.
   Resolves: bz1086537
- [foreman] Added option to prevent generic resource collection with 
foreman plugin. Remove the plugin katello since data collection done by 
foreman-debug.
   Resolves: bz1135290

[3.2-15]
- [global] update el6 to upstream 3.2 release
   Resolves: bz1144525
- [global] sync 3.2-15.el6 with RHEL-7.1
   Resolves: bz1144525

[3.2-14]
- [mysql] test for boolean values in dbuser and dbpass
- [mysql] improve handling of dbuser, dbpass and MYSQL_PWD

[3.2-12]
- [plugin] limit path names to PC_NAME_MAX
- [squid] collect files from /var/log/squid
- [sosreport] log plugin exceptions to a file
- [ctdb] fix collection of /etc/sysconfig/ctdb
- [sosreport] fix silent exception handling

[3.2-11]
- [sosreport] do not make logging calls after OSError
- [sosreport] catch OSError exceptions in SoSReport.execute()
- [anaconda] make useradd password regex tolerant of whitespace

[3.2-10]
- [mysql] fix handling of mysql.dbpass option

[3.2-9]
- [navicli] catch exceptions if stdin is unreadable
- [docs] update man page for new options
- [sosreport] make all utf-8 handling user errors=ignore

[3.2-8]
- [kpatch] do not attempt to collect data if kpatch is not installed
- [archive] drop support for Zip archives

[3.2-7]
- [sosreport] fix archive permissions regression

[3.2-6]
- [tomcat] add support for tomcat7 and default log size limits
- [mysql] obtain database password from the environment

[3.2-5]
- [corosync] add postprocessing for corosync-objctl output
- [ovirt_hosted_engine] fix exception when force-enabled

[3.2-4]
- [yum] call rhsm-debug with --no-subscriptions
- [powerpc] allow PowerPC plugin to run on ppc64le
- [package] add Obsoletes for sos-plugins-openstack

[3.2-3]
- [pam] add pam_tally2 and faillock support
- [postgresql] obtain db password from the environment
- [pcp] add Performance Co-Pilot plugin
- [nfsserver] collect /etc/exports.d
- [sosreport] handle --compression-type correctly
- [anaconda] redact passwords in kickstart configurations
- [haproxy] add new plugin
- [keepalived] add new plugin
- [lvm2] set locking_type=0 when calling lvm commands
- [tuned] add new plugin
- [cgroups] collect /etc/sysconfig/cgred
- [plugins] ensure doc text is always displayed for plugins
- [sosreport] fix the distribution version API call
- [docker] add new plugin
- [openstack_*] include broken-out openstack plugins
- [mysql] support MariaDB
- [openstack] do not collect /var/lib/nova
- [grub2] collect grub.cfg on UEFI systems
- [sosreport] handle out-of-space errors gracefully
- [firewalld] new plugin
- [networking] collect NetworkManager status
- [kpatch] new plugin
- [global] update to upstream 3.2 release

[2.2-68.el6]
- [ds] add collection of ds admin server configuration
   Resolves: bz994628
- [ldap] ensure /etc/openldap/ content is collected
   Resolves: bz994628
- [plugintools] preserve permissions on directories
   Resolves: bz1069786

[2.2-67.el6]
- [plugintools] Fix size limiting in addCopySpecLimit
   Resolves: bz1001600

[2.2-66.el6]
- [general] do not collect /var/log/sa
   Resolves: bz1001600

[2.2-65.el6]
- [grub] Fix grub.conf path for grub-1.x versions
   Resolves: bz1076388
- [ds] Fix logging exception when plugin force-enabled
   Resolves: bz994628

[2.2-64.el6]
- [pgsql] backport PGPASSWORD changes from upstream
   Resolves: bz1125998

[2.2-63.el6]
- [plugin] backport command timeout support
   Resolves: bz1005703

[2.2-62.el6]
- Restrict ldap and ds plugin paths to avoid collecting secrets
   Resolves: bz994628
- Add certutil output to ldap and ds plugins to summarize certs
   Resolves: bz994628

[2.2-61.el6]
- [powerpc] backport plugin from upstream
   Resolves: bz977190
- [devicemapper] set locking_type=0 when calling lvm2 commands
   Resolves: bz1102282
- [nfsserver] collect 'exportfs -v'
   Resolves: bz985512
- [openshift] improve password redaction
   Resolves: bz1039755
- [openshift] don't collect all of /etc/openshift
   Resolves: bz1039755

[2.2-60.el6]
- [mongodb] backport new plugin from upstream
- [activemq] backport new plugin from upstream
- [openshift] sync plugin with upstream
- [plugin] backport collectExtOutputs and addCopySpecs
- Make OpenShift module collect domain information
- Add 'gear' option to OpenShift module
- Add OpenShift module
   Resolves: bz1039755
- [plugin] backport addCopySpecLimit tailit parameter
   Resolves: bz1001600

[2.2-58.el6]
- [plugintools] preserve permissions on all path components
   Resolves: bz1069786

[2.2-57.el6]
- [tomcat] update for tomcat6 and add password filtering
   Resolves: bz1088070
- [filesys] collect dumpe2fs -h output by default
   Resolves: bz1105629
- [rpm] reduce number of calls to rpm
   Resolves: bz1019872
- Verify fewer packages in rpm plug-in
   Resolves: bz1019872
- [bootloader] elide bootloader password
   Resolves: bz1101311
- [plugin] backport do_path_regex_sub()
   Resolves: bz1101311
- [networking] do not attempt to read use-gss-proxy
   Resolves: bz1079954
- [mysql] limit log collection by default
   Resolves: bz1015783
- [mysql] add optional database dump support
   Resolves: bz1032262
- [docs] update man pages
   Resolves: bz1022226
- [sosreport] log exceptions during Plugin.postproc()
   Resolves: bz1020445
- [distupgrade] elide passwords in kickstart user directives
   Resolves: bz1052344

[2.2-56.el6]
- [ipa] add ipa-replica-manage output
   Resolves: bz1012410
- [bootloader] Include /etc/yaboot.conf
   Resolves: bz1001941
- [cluster] collect /sys/fs/gfs2/*/withdraw
   Resolves: bz997174
- [general] do not collect /var/log/sa
   Resolves: bz1001600
- [networking] avoid Cisco cdp paths in /proc and /sys
   Resolves: bz1004936
- [sar] Handle compressed binary data files better
   Resolves: bz1001600
- [sar] Add file size limits
   Resolves: bz1001600
- [sar] Enable XML data collection
   Resolves: bz1001600

[2.2-55.el6]
- [selinux] pass --input-logs when calling ausearch
   Resolves: bz1032706
- [printing] fix cups log file size limiting
   Resolves: bz1061529
- [auditd] fix log size limiting
   Resolves: bz1061529
- [hardware] call hardware.py directly instead of invoking python
   Resolves: bz1041770

[2.2-54.el6]
- [hpasm] new plugin to collect HP ASM information
   Resolves: bz915115
- [sos] improve handling of fatal IO errors
   Resolves: bz1085042
- [bootloader] collect grub.conf for UEFI based systems
   Resolves: bz1076388
- [ctdb] add plugin to collect Samba CTDB information
   Resolves: bz961041
- [keepalived] new plugin
   Resolves: bz1107862
- [sssd] scrub ldap_default_authtok in sssd plugin
   Resolves: bz1013366
- [haproxy] new plugin
   Resolves: bz1107866
- [gluster] add 'logsize' and 'all_logs' plugin options
   Resolves: bz1002619

[2.2-52.el6]
- Fix doRegexSub() usage in distupgrade plugin
   Resolves: bz1052344

[2.2-51.el6]
- Redact user home directory paths in distupgrade plugin
   Resolves: bz1052344

[2.2-49.el6]
- Add distupgrade plugin
   Resolves: bz1052344

[2.2-48.el6]
- Pass a --from parameter when calling crm_report
   Resolves: bz1035774

More information about the Oraclevm-errata mailing list