[Oraclevm-errata] OVMSA-2014-0083 Important: Oracle VM 3.3 rpm security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Dec 10 18:15:59 PST 2014
Oracle VM Security Advisory OVMSA-2014-0083
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
rpm-4.8.0-38.el6_6.x86_64.rpm
rpm-libs-4.8.0-38.el6_6.x86_64.rpm
rpm-python-4.8.0-38.el6_6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/rpm-4.8.0-38.el6_6.src.rpm
Description of changes:
[4.8.0-38]
- Fix race condidition where unchecked data is exposed in the file system
(CVE-2013-6435)(#1163059)
[4.8.0-37]
- Fix thinko in the non-root python byte-compilation fix
[4.8.0-36]
- Byte-compile versioned python libdirs in non-root prefix too (#868332)
[4.8.0-35]
- Fix segfault on rpmdb addition when header unload fails (#706935)
[4.8.0-34]
- Add a compat mode for enabling legacy rpm scriptlet error behavior
(#963724)
[4.8.0-33]
- Fix build-time double-free on file capability processing (#904818)
- Fix include-directive getting processed on false branch (#920190)
[4.8.0-32]
- Bring back --fileid in the man page with description of the id
(#804049)
[4.8.1-31]
- Fix missing error on --import on bogus key file (#869667)
[4.8.0-30]
- Add DWARF 4 support to debugedit (#858731)
- Add better error handling to patch for bug
[4.8.0-29]
- Fix memory corruption on multikey PGP packets/armors (#829621)
[4.8.0-28]
- Handle identical binaries for debug-info (#727872)
- Fix typos in Japanese rpm man page (#845065)
- Document -D and -E options in man page (#845063)
- Add --setperms and --setuids to the man page (#839126)
- Update man page that SHA256 is also used for file digest (#804049)
- Remove --fileid from man page to get rid of md5
- Remove -s from patch calls (#773503)
- Force _host_vendor to redhat to better match toolchain (#743229)
- Backport reloadConfig for Python API (#825147)
- Support for dpkg-style sorting of tilde in version/release (#825087)
- Fix explicit directory %attr() when %defattr() is active (#730473)
- Don't load keyring if signature checking is disabled (#664696)
- Retry read() to fix rpm2cpio with pipe as stdin (#802839)
More information about the Oraclevm-errata
mailing list