Wednesday, February 24, 2016

Oracle managed file transfer

Whenever someone asks a Linux administrator that a file will be generated on a regular basis and this needs to be transferred to another location, another server or even to another company the solution is commonly that a small bash script will be created. Over time one small bash script will become two scripts, will become a ten scripts and then become an unknown and undocumented number of scripts. Created one by one in an organic growth model. In essence we have to realize that even though this is a quick and dirty solution which is often being practiced this is not the correct solution.

When you are seriously looking for a managed way of securely transferring files you cannot rely on a number of bash scripts being started by cron. You will need to have a more solid solution. Oracle provides a solution from this in the form of MFT or Oracle Managed File Transfer. I recently wrote a paper on this which can be found on this site. Also a short slidedeck can be found on my slideshare page.

And, if you want a quick a dirty intro with a video, you can find one below.

And, even though I love to create a bash script under Linux and use this for my own systems at home, I have to admit that using a solution like that is not something you really want in a production environment. In case you really need to securely move files in an enterprise environment the MFT solution is something you should look at. 

ELBA-2016-0177 Oracle Linux 7 coreutils bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0177


The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:




Description of changes:

  • [8.22-15.0.1.1]- clean up empty file if cp is failed [Orabug 15973168]
  • [8.22-15.1] - cp: prevent potential sparse file corruption (#1285365)


ELBA-2016-0198 Oracle Linux 7golang-github-cpuguy83-go-md2man

Oracle Linux Bug Fix Advisory ELBA-2016-0198

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:




Description of changes:

  • [1.0.4-2]- Build it for z-stream  related: #1300321
  • [1.0.4-1]- Rebase to 1.0.4   Deps import separatelly, not in one tarball resolves: #1300321
  • [1-5]- Update the spec file for RHEL, Remove devel subpackage, Bundle github.com/russross/blackfriday and github.com/shurcooL/sanitized_anchor_name into tarball, Use bundled dependencies to build md2man  resolves: #1211312
  • [1-4]-  Bump to upstream 2831f11f66ff4008f10e2cd7ed9a85e3d3fc2bed related: #1156492
  • [1-3]- Add commit and shortcommit global variable related: #1156492
  • [1-2]- Resolves: rhbz#1156492 - initial fedora upload, - quiet setup, - no test files, disable check
  • [1-1]- Initial package

ELBA-2016-0220 Oracle Linux 7 libvirt bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0220

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: libvirt-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-client-1.2.17-13.0.1.el7_2.3.i686.rpm
  • x86_64: libvirt-client-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-config-network-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-config-nwfilter-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-interface-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-lxc-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-network-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-nodedev-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-nwfilter-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-qemu-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-secret-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-driver-storage-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-kvm-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-daemon-lxc-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-devel-1.2.17-13.0.1.el7_2.3.i686.rpm
  • x86_64: libvirt-devel-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-docs-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-lock-sanlock-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • x86_64: libvirt-login-shell-1.2.17-13.0.1.el7_2.3.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/libvirt-1.2.17-13.0.1.el7_2.3.src.rpm


Description of changes:

  • [1.2.17-13.0.1.el7_2.3] - Oracle files:docs/et.png Replace docs/et.png in tarball with blank image
  • [1.2.17-13.el7_2.3]- vmx: Adapt to emptyBackingString for cdrom-image (rhbz#1301892)

ELSA-2016-3519 Important Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2016-3519

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:







Description of changes:

  • [3.8.13-118.3.2.el6uek]
    • - x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Reorder nested NMI checks (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Improve nested NMI comments (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Switch stacks on userspace NMI entry (Andy Lutomirski) [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/paravirt: Replace the paravirt nop with a bona fide empty function (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}

ELSA-2016-3519 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2016-3519

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



x86_64: kernel-uek-firmware-3.8.13-118.3.2.el7uek.noarch.rpm
x86_64: kernel-uek-doc-3.8.13-118.3.2.el7uek.noarch.rpm
x86_64: kernel-uek-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: kernel-uek-devel-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: kernel-uek-debug-devel-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: kernel-uek-debug-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: dtrace-modules-3.8.13-118.3.2.el7uek-0.4.5-3.el7.x86_64.rpm
SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.3.2.el7uek.src.rpm
SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.3.2.el7uek-0.4.5-3.el7.src.rpm


Description of changes:

  • [3.8.13-118.3.2.el7uek] 
    • - x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMIdetection (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Reorder nested NMI checks (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Improve nested NMI comments (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Switch stacks on userspace NMI entry (Andy Lutomirski) [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/paravirt: Replace the paravirt nop with a bona fide empty function (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}

ELBA-2016-3517 Oracle Linux 6 net-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-3517

The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network:


i386: net-tools-1.60-110.0.1.el6_2.i686.rpm
x86_64: net-tools-1.60-110.0.1.el6_2.x86_64.rpm
SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/net-tools-1.60-110.0.1.el6_2.src.rpm

Description of changes:

  • [1.60-110.0.1] make 'hostname' work with IPv6 addresses (John Haxby) [orabug 21749871]
In case you want to view the source code online you can check the github archive 

Friday, February 19, 2016

Networking security zones

One of the security best practices is to ensure you have segregation in your network design. Ensuring you place certain servers in certain network sections to ensure network segregation. Most people do understand the DMZ principle and apply this when creating an architecture for deploying new servers and services into a network. Having a DMZ is indeed good practice, however you can build upon this principle.

Having a enterprise wide definition of network zoning is a good practice. Even though people will have different opinions about the setup and one a case by case basis you can create different "blueprints". The below zoning model for network segragation is an example of how this can be done. As stated, not "the" model, rather a possible model which an give you some guidance in creating your own zoning model which is applicable to your enterprise situation.


The following zones are defined:

Un-trusted zone:
Un-trusted zone can hold systems that connect to “unknown” parties in a uncontrolled area. As an example, the un-trusted zone can hold systems that are connected to the public internet. The Un-trusted zone cannot hold data and can only hold stateless systems. Systems in the un-trusted zone can connect (in a controlled manner) to systems in the semi-trusted zone directly.

Semi-trusted zone:
Semi-trusted zone can hold systems that connect to “unknown” parties in a controlled area. As an example, the semi-trusted zone can hold systems that connect to a customer network or a third party network. The semi-trusted zone cannot hold data and can only hold stateless systems. Systems in the semi-trusted zone can connect (in a controlled manner) to systems in the trusted zone directly.

Trusted zone:
Trusted zone can hold systems that connect to the semi-trusted zone and is generally used for hosting databases and data-storage applications. As an example, the trusted zone can hold a database which provides support to applications in the semi-trusted zone. Systems in the trusted zone can connect (in a controlled manner) to systems in the fully trusted zone directly.

Fully trusted zone:
Fully trusted zone holds generic systems that are used for management, support and control. As an example Oracle Enterprise Manager will be hosted in the trusted zone.

Oracle Enterprise Manager purge options

When working with Oracle Enterprise manager 13C and working with the software library you do have the need from time to time to clean up things. When removing things from the software library it is however good to realize one thing, you only remove the link in the software library to the file located on the disk.

This means that you do NOT delete the file physically from the disk and this means you will not free space on your storage when you delete files in the Oracle Enterprise Manager software Library. When working with small scripts this might not be an issue, however for cases where you work with templates for virtuals machines this can be significant.

Deleting implies you will free space on storage. As you might notice this is not happening. To ensure you delete it also from storage you will have to first delete the file from the software library and then do a purge action to free the storage and physically delete them from the Oracle Management Repository.

The screenshot above shows the actual purge action you will need to undertake to free storage and delete the files physically from the Oracle Management Repository.

Thursday, February 18, 2016

ELBA-2016-0205 Oracle Linux 7 python-pyudev bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0205

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



  • x86_64: python-pyudev-0.15-7.el7_2.1.noarch.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/python-pyudev-0.15-7.el7_2.1.src.rpm

Description of changes:

  • [0.15-7.1] Added systemd-libs requirement for libudev, Resolves: rhbz#1291562

ELBA-2016-0203 Oracle Linux 7 libunwind bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0203

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:




Description of changes:

  • [1.2-5.el7_2.2] Fix update from EPEL version [bz#1289950] Resolves: bz#1289950 (libunwind in RHEL 7.2 has a smaller release than the last libunwind package in EPEL-7)
  • [1.2-5] Version bumped [bz#1238864] Resolves: bz#1238864 libunwind: bump version to win against existing branches
  • [1.1-2] lu-Fix-rpmdiff-failure.patch [bz#1229359],  lu-Fix-buffer-overflow-reported-by-Coverity.patch [bz#1233114], Resolves: bz#1229359 (Fix multilib support), Resolves: bz#1233114, (fix off-by-one in dwarf_to_unw_regnum (CVE-2015-3239))
  • [1.1-1] Import to RHEL

ELBA-2016-0190 Oracle Linux 7 screen bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0190

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:




Description of changes:

  • [4.1.0-0.23.20120314git3c2946] screen does not log successful authentication messages with STIG GEN003660  Resolves: #1299394
  • [4.1.0-0.22.20120314git3c2946] cannot reattach to screen sessions (regression 'LoginName to long') Resolves: #1253697

ELBA-2016-0186 Oracle Linux 7 numactl bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0186

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:





Description of changes:

  • [2.0.9-6] confusing warning supressed (bz1270734)

ELBA-2016-0183 Oracle Linux 7 avahi bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0183

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



  • x86_64: avahi-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-autoipd-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-compat-howl-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-compat-howl-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-compat-howl-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-compat-howl-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-compat-libdns_sd-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-compat-libdns_sd-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-compat-libdns_sd-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-compat-libdns_sd-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-dnsconfd-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-glib-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-glib-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-glib-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-glib-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-gobject-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-gobject-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-gobject-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-gobject-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-libs-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-libs-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-qt3-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-qt3-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-qt3-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-qt3-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-qt4-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-qt4-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-qt4-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-qt4-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-tools-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-ui-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-ui-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-ui-devel-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-ui-devel-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-ui-gtk3-0.6.31-15.el7_2.1.i686.rpm
  • x86_64: avahi-ui-gtk3-0.6.31-15.el7_2.1.x86_64.rpm
  • x86_64: avahi-ui-tools-0.6.31-15.el7_2.1.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/avahi-0.6.31-15.el7_2.1.src.rpm


Description of changes:

  • [0.6.31-15.1]  silently ignore non-valid DNS response packets (#1292727)

Wednesday, February 17, 2016

ssh key forwarding with putty

Some time ago I wrote a blogpost on how you can create a dual node SSH tunnel when using putty to connect to a Oracle Linux server via a jump server. In essence the article explains how you can "map" ports to your local machine even though you only have access to one server via SSH. By implementing a tunnel you are able to do so and use the server you have access to as a gateway to the rest of the network.

The idea is shown in the below diagram and for the full details you can refer to the original post on this blog.


As an additional question some people asked how to handle keys in this scenario. The question resolved around the fact that people could only login with a key based authentication on the jumpserver (and on the other servers). The main question was, how could I use the key which is on my workstation to connect to the database server (in the example) without the need to implement a key on the jumpserver. So, actually keeping all the secrets on your own workstation. 

The answer is relative easy, when you use key based authentication to make a connection to the jumpserver you have to ensure that you enable "allow agenet forwarding" on putty when you create your session with the jumpserver.


If you now execute the commands to make the second tunnel (as explained in the other blogpost) you will have a key based authentication to the second machine. To check if the "allow agent forwarding" is set correct you can execute the below command (on the jumpserver). if you do not get a result it is not set correct. 

echo $SSH_AUTH_SOCK

ELBA-2016-0202 Oracle Linux 7 libtool bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0202


The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:




Description of changes:

  • [2.4.2-21] rebuild for new gcc (rhbz#1287191)


ELBA-2016-0201 Oracle Linux 7 createrepo bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0201

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: createrepo-0.9.9-25.el7_2.noarch.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/createrepo-0.9.9-25.el7_2.src.rpm


Description of changes:

  • [0.9.9-25] mergerepo: fix getattr() crash. Related: bug#1178763
  • [0.9.9-24] mergerepo: merge package versions from multiple repos.Related: bug#1178763
  • [0.9.9-24] Close lock file before unlink(). Related: bug#1256216


ELBA-2016-0180 Oracle Linux 7 procps-ng bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0180


The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



Description of changes:

  • [3.3.10-5] #1287038 - free - error while parsing arguments Resolves: #1287038
  • [3.3.10-4] #1262864 - Correctly skip vmflags (and other keys starting with A-Z) Resolves: #1262864

ELBA-2016-0179 Oracle Linux 7 lvm2 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0179

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: device-mapper-1.02.107-5.el7_2.1.x86_64.rpm
  • x86_64: device-mapper-devel-1.02.107-5.el7_2.1.i686.rpm
  • x86_64: device-mapper-devel-1.02.107-5.el7_2.1.x86_64.rpm
  • x86_64: device-mapper-event-1.02.107-5.el7_2.1.x86_64.rpm
  • x86_64: device-mapper-event-devel-1.02.107-5.el7_2.1.i686.rpm
  • x86_64: device-mapper-event-devel-1.02.107-5.el7_2.1.x86_64.rpm
  • x86_64: device-mapper-event-libs-1.02.107-5.el7_2.1.i686.rpm
  • x86_64: device-mapper-event-libs-1.02.107-5.el7_2.1.x86_64.rpm
  • x86_64: device-mapper-libs-1.02.107-5.el7_2.1.i686.rpm
  • x86_64: device-mapper-libs-1.02.107-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-devel-2.02.130-5.el7_2.1.i686.rpm
  • x86_64: lvm2-devel-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-libs-2.02.130-5.el7_2.1.i686.rpm
  • x86_64: lvm2-libs-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-lockd-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-python-libs-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-sysvinit-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: cmirror-2.02.130-5.el7_2.1.x86_64.rpm
  • x86_64: lvm2-cluster-2.02.130-5.el7_2.1.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/lvm2-2.02.130-5.el7_2.1.src.rpm


Description of changes:

  • [7:2.02.130-5.el7_2.1] Fix possible data loss caused by lost buffered writes during thin pool resize after reaching its capacity.


ELBA-2016-0178 Oracle Linux 7 cyrus-sasl bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0178

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: cyrus-sasl-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-devel-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-devel-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-gs2-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-gs2-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-gssapi-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-gssapi-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-ldap-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-ldap-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-lib-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-lib-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-md5-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-md5-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-ntlm-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-ntlm-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-plain-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-plain-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-scram-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-scram-2.1.26-20.el7_2.x86_64.rpm
  • x86_64: cyrus-sasl-sql-2.1.26-20.el7_2.i686.rpm
  • x86_64: cyrus-sasl-sql-2.1.26-20.el7_2.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/cyrus-sasl-2.1.26-20.el7_2.src.rpm

Description of changes:

  • [2.1.26-20] GSSAPI: Use per-connection mutex where possible (#1263017)



ELBA-2016-0208 Oracle Linux 7 tuna bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0208

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



Description of changes:

  • [0.11.1-12] rebuilt for rhel-7.2.z Resolves: rhbz#1293353
  • [0.11.1-11] tuna-fix-the-check-of-PF_NO_SETAFFINITY-flag-for-thr.patch Resolves: rhbz#1286221


ELBA-2016-0199 Oracle Linux 7 systemd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2016-0199 http://linux.oracle.com/errata/ELBA-2016-0199.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:


  • x86_64: libgudev1-219-19.0.2.el7_2.4.i686.rpm
  • x86_64: libgudev1-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: libgudev1-devel-219-19.0.2.el7_2.4.i686.rpm
  • x86_64: libgudev1-devel-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-devel-219-19.0.2.el7_2.4.i686.rpm
  • x86_64: systemd-devel-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-journal-gateway-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-libs-219-19.0.2.el7_2.4.i686.rpm
  • x86_64: systemd-libs-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-networkd-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-python-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-resolved-219-19.0.2.el7_2.4.i686.rpm
  • x86_64: systemd-resolved-219-19.0.2.el7_2.4.x86_64.rpm
  • x86_64: systemd-sysv-219-19.0.2.el7_2.4.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/systemd-219-19.0.2.el7_2.4.src.rpm


Description of changes:

  • [219-19.0.2.4] set "RemoveIPC=no" in logind.conf as default for OL7.2 [22224874]
  • [219-19.0.2.4] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
  • [219-19.0.2.4] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
  • [219-19.0.2.4] rules: load sg module (#1223340)
  • [219-19.0.2.4] run: drop mistakenly committed test code (#1220272)
  • [219-19.0.2.4] cgroup: downgrade log messages when we cannot write to cgroup trees that are mounted read-only (#1220298)
  • [219-19.0.2.4] Revert "conditionalize hardening away on s390(x)"
  • [219-19.0.2.4] Revert "units: fix BindsTo= logic when applied relative to services with Type=oneshot" (#1203803)
  • [219-19.0.2.4] shared/install: avoid prematurely rejecting "missing" units (#1199981)
  • [219-19.0.2.4] core: fix enabling units via their absolute paths (#1199981)
  • [219-19.4] Avoid /tmp being mounted as tmpfs without the user's will (#1298109)
  • [219-19.3] sysv-generator: follow symlinks in /etc/rc.d/init.d (#1288005)
  • [219-19.3] man: RemoveIPC is set to no on rhel (#1284588)
  • [219-19.2] device: rework how we enter tentative state (#1283579)
  • [219-19.2] core: Do not bind a mount unit to a device, if it was from mountinfo (#1283579)
  • [219-19.2] logind: set RemoveIPC=no by default (#1284588)
  • [219-19.1] run: synchronously wait until the scope unit we create is started (#1283192)


ELSA-2016-0185 Important: Oracle Linux 7 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2016-0185 http://linux.oracle.com/errata/ELSA-2016-0185.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: kernel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-abi-whitelists-3.10.0-327.10.1.el7.noarch.rpm
  • x86_64: kernel-debug-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-debug-devel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-devel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-doc-3.10.0-327.10.1.el7.noarch.rpm
  • x86_64: kernel-headers-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-tools-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-tools-libs-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-tools-libs-devel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: perf-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: python-perf-3.10.0-327.10.1.el7.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-327.10.1.el7.src.rpm


Description of changes:

  • [3.10.0-327.10.1.el7.OL7] Oracle Linux certificates (Alexey Petrenko)
  • [3.10.0-327.10.1.el7] [of] return NUMA_NO_NODE from fallback of_node_to_nid() (Thadeu Lima de Souza Cascardo) [1300614 1294398]
  • [3.10.0-327.10.1.el7] [net] openvswitch: do not allocate memory from offline numa node (Thadeu Lima de Souza Cascardo) [1300614 1294398]
  • [3.10.0-327.9.1.el7] [security] keys: Fix keyring ref leak in join_session_keyring() (David
  • Howells) [1298931 1298036] {CVE-2016-0728}
  • [3.10.0-327.8.1.el7] [md] dm: fix AB-BA deadlock in __dm_destroy() (Mike Snitzer) [1296566 1292481]
  • [3.10.0-327.8.1.el7] [md] revert "dm-mpath: fix stalls when handling invalid ioctls" (Mike
  • Snitzer) [1287552 1277194]
  • [3.10.0-327.8.1.el7] [cpufreq] intel_pstate: Fix limits->max_perf rounding error (Prarit
  • Bhargava) [1296276 1279617]
  • [3.10.0-327.8.1.el7] [cpufreq] intel_pstate: Fix limits->max_policy_pct rounding error (Prarit Bhargava) [1296276 1279617]
  • [3.10.0-327.8.1.el7] [cpufreq] revert "intel_pstate: fix rounding error in max_freq_pct" 
  • (Prarit Bhargava) [1296276 1279617]
  • [3.10.0-327.8.1.el7] [crypto] nx: 842 - Add CRC and validation support (Gustavo Duarte)
  • [1289451 1264905]
  • [3.10.0-327.8.1.el7] [powerpc] eeh: More relaxed condition for enabled IO path (Steve Best)
  • [1289101 1274731]
  • [3.10.0-327.8.1.el7] [security] keys: Don't permit request_key() to construct a new keyring (David Howells) [1275929 1273465] {CVE-2015-7872}
  • [3.10.0-327.8.1.el7] [security] keys: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [1275929 1273465] {CVE-2015-7872}
  • [3.10.0-327.8.1.el7] [security] keys: Fix race between key destruction and finding a keyring by name (David Howells) [1275929 1273465] {CVE-2015-7872}
  • [3.10.0-327.8.1.el7] [x86] paravirt: Replace the paravirt nop with a bona fide empty function (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Fix a paravirt stack-clobbering bug in the NMI code (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Use DF to avoid userspace RSP confusing nested NMI detection (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Reorder nested NMI checks (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Improve nested NMI comments (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Switch stacks on userspace NMI entry (Mateusz Guzik)
  • [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.7.1.el7] [scsi] scsi_sysfs: protect against double execution of
  • __scsi_remove_device() (Vitaly Kuznetsov) [1292075 1273723]
  • [3.10.0-327.7.1.el7] [powerpc] mm: Recompute hash value after a failed update (Gustavo
  • Duarte) [1289452 1264920]
  • [3.10.0-327.7.1.el7] [misc] genwqe: get rid of atomic allocations (Hendrik Brueckner)
  • [1289450 1270244]
  • [3.10.0-327.7.1.el7] [mm] use only per-device readahead limit (Eric Sandeen) [1287550 1280355]
  • [3.10.0-327.7.1.el7] [net] ipv6: update ip6_rt_last_gc every time GC is run (Hannes Frederic Sowa) [1285370 1270092]
  • [3.10.0-327.7.1.el7] [kernel] tick: broadcast: Prevent livelock from event handler (Prarit
  • Bhargava) [1284043 1265283]
  • [3.10.0-327.7.1.el7] [kernel] clockevents: Serialize calls to clockevents_update_freq() in the core (Prarit Bhargava) [1284043 1265283]
  • [3.10.0-327.6.1.el7] [netdrv] bonding: propagate LRO disable to slave devices (Jarod
  • Wilson) [1292072 1266578]
  • [3.10.0-327.5.1.el7] [net] vsock: Fix lockdep issue (Dave Anderson) [1292372 1253971]
  • [3.10.0-327.5.1.el7] [net] vsock: sock_put wasn't safe to call in interrupt context (Dave
  • Anderson) [1292372 1253971]

ELSA-2016-0189 Moderate: Oracle Linux 7 polkit security update

Oracle Linux Security Advisory ELSA-2016-0189 http://linux.oracle.com/errata/ELSA-2016-0189.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



Description of changes:

  • [0.112-6] Fix CVE-2015-3256 Resolves: #1271790


ELSA-2016-0188 Moderate: Oracle Linux 7 sos security and bug fix update

Oracle Linux Security Advisory ELSA-2016-0188 http://linux.oracle.com/errata/ELSA-2016-0188.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

  • x86_64: sos-3.2-35.0.1.el7_2.3.noarch.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/sos-3.2-35.0.1.el7_2.3.src.rpm

Description of changes:

  • [3.2-35.0.1.3] Recreated patch for [orabug 18913115]
  • [3.2-35.0.1.3] Make the selinux plugin fixfiles option useful (John Haxby) [orabug 18913115]
  • [3.2-35.0.1.3] Added remove_gpgstring.patch  [Bug 18313898]
  • [3.2-35.0.1.3] Added sos-oracle-enterprise.patch
  • [3.2-35.0.1.3] Added sos-oraclelinux-vendor-vendorurl.patch
  • [= 3.2-37] [sosreport] prepare report in a private subdirectory (updated) Resolves: bz1290954
  • [= 3.2-35.2] [sosreport] prepare report in a private subdirectory (updated) Resolves: bz1290954
  • [= 3.2-35.1] [ceph] collect /var/lib/ceph and /var/run/ceph Resolves: bz1291347
  • [= 3.2-35.1] [sosreport] prepare report in a private subdirectory Resolves: bz1290954

ELSA-2016-0204 Important: Oracle Linux 7 389-ds-base security and bug fix update

Oracle Linux Security Advisory ELSA-2016-0204 http://linux.oracle.com/errata/ELSA-2016-0204.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64: 389-ds-base-1.3.4.0-26.el7_2.x86_64.rpm
x86_64: 389-ds-base-devel-1.3.4.0-26.el7_2.x86_64.rpm
x86_64: 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64.rpm
SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/389-ds-base-1.3.4.0-26.el7_2.src.rpm

Description of changes:

  • [1.3.4.0-26] release 1.3.4.0-26
  • [1.3.4.0-26] Resolves: bug 1299346 - deadlock on connection mutex (DS 48341)
  • [1.3.4.0-25] release 1.3.4.0-25
  • [1.3.4.0-25] Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS
  • [1.3.4.0-24] release 1.3.4.0-24
  • [1.3.4.0-24] Resolves: bug 1298105 - 389-ds hanging after a few minutes of operation (DS 48406)
  • [1.3.4.0-23] release 1.3.4.0-23
  • [1.3.4.0-23] Resolves: bug 1295684 - many attrlist_replace errors in connection with cleanallruv (DS 48283)
  • [1.3.4.0-22] release 1.3.4.0-22
  • [1.3.4.0-22] Resolves: bug 1290725 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375)
  • [1.3.4.0-22] Resolves: bug 1290726 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same modify operation (DS 48370)

ELSA-2016-0197 Critical: Oracle Linux 7 firefox security update

Oracle Linux Security Advisory ELSA-2016-0197 http://linux.oracle.com/errata/ELSA-2016-0197.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:



Description of changes:

  • [38.6.1-1.0.1] Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file
  • [38.6.1-1] Update to 38.6.1 ESR


ELSA-2016-0176 Critical: Oracle Linux 7 glibc security and bug fix update

Oracle Linux Security Advisory ELSA-2016-0176 http://linux.oracle.com/errata/ELSA-2016-0176.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: glibc-2.17-106.0.1.el7_2.4.i686.rpm
  • x86_64: glibc-2.17-106.0.1.el7_2.4.x86_64.rpm
  • x86_64: glibc-common-2.17-106.0.1.el7_2.4.x86_64.rpm
  • x86_64: glibc-devel-2.17-106.0.1.el7_2.4.i686.rpm
  • x86_64: glibc-devel-2.17-106.0.1.el7_2.4.x86_64.rpm
  • x86_64: glibc-headers-2.17-106.0.1.el7_2.4.x86_64.rpm
  • x86_64: glibc-static-2.17-106.0.1.el7_2.4.i686.rpm
  • x86_64: glibc-static-2.17-106.0.1.el7_2.4.x86_64.rpm
  • x86_64: glibc-utils-2.17-106.0.1.el7_2.4.x86_64.rpm
  • x86_64: nscd-2.17-106.0.1.el7_2.4.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/glibc-2.17-106.0.1.el7_2.4.src.rpm

Description of changes:

  • [2.17-106.0.1.4] Remove strstr and strcasestr implementations using sse4.2 instructions.
  • [2.17-106.0.1.4] Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and
  •    1818483b15d22016b0eae41d37ee91cc87b37510 backported.
  • [2.17-106.4] Revert problematic libresolv change, not needed for the CVE-2015-7547 fix (#1296030).
  • [2.17-106.3] Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296030).
  • [2.17-106.3] Fix madvise performance issues (#1298930).
  • [2.17-106.3] Avoid "monstartup: out of memory" error on powerpc64le (#1298956).
  • [2.17-106.2] Fix CVE-2015-5229: calloc() may return non-zero memory (#1296453).


ELSA-2016-0197 Critical: Oracle Linux 5 firefox security update

Oracle Linux Security Advisory ELSA-2016-0197 http://linux.oracle.com/errata/ELSA-2016-0197.html

The following updated rpms for Oracle Linux 5 have been uploaded to the Unbreakable Linux Network:




Description of changes:

  • [38.6.1-1.0.1] Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files
  • [38.6.1-1] Update to 38.6.1 ESR


ELSA-2016-0175 Critical: Oracle Linux 6 glibc security and bug fix update

Oracle Linux Security Advisory ELSA-2016-0175 http://linux.oracle.com/errata/ELSA-2016-0175.html

The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network:


  • i386: glibc-2.12-1.166.el6_7.7.i686.rpm
  • i386: glibc-common-2.12-1.166.el6_7.7.i686.rpm
  • i386: glibc-devel-2.12-1.166.el6_7.7.i686.rpm
  • i386: glibc-headers-2.12-1.166.el6_7.7.i686.rpm
  • i386: glibc-static-2.12-1.166.el6_7.7.i686.rpm
  • i386: glibc-utils-2.12-1.166.el6_7.7.i686.rpm
  • i386: nscd-2.12-1.166.el6_7.7.i686.rpm
  • x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm
  • x86_64: glibc-2.12-1.166.el6_7.7.x86_64.rpm
  • x86_64: glibc-common-2.12-1.166.el6_7.7.x86_64.rpm
  • x86_64: glibc-devel-2.12-1.166.el6_7.7.i686.rpm
  • x86_64: glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
  • x86_64: glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
  • x86_64: glibc-static-2.12-1.166.el6_7.7.i686.rpm
  • x86_64: glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
  • x86_64: glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
  • x86_64: nscd-2.12-1.166.el6_7.7.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/glibc-2.12-1.166.el6_7.7.src.rpm




Description of changes:

  • [2.12-1.166.7] Update fix for CVE-2015-7547 (#1296028).
  • [2.12-1.166.6]Create helper threads with enough stack for POSIX AIO and timers (#1301625).
  • [2.12-1.166.5]Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028).
  • [2.12-1.166.4]Support loading more libraries with static TLS (#1291270).

ELSA-2016-0197 Critical: Oracle Linux 6 firefox security update

Oracle Linux Security Advisory ELSA-2016-0197, http://linux.oracle.com/errata/ELSA-2016-0197.html

The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network:




Description of changes:
  • [38.6.1-1.0.1] Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one
  • [38.6.1-1.0.1] Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]
  • [38.6.1-1] Update to 38.6.1 ESR