Oracle VM Security Advisory OVMSA-2016-0013 The following updated rpms for Oracle VM 3.3 have been uploaded to the Unbreakable Linux Network:
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm SRPMS: http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/glibc-2.12-1.166.el6_7.7.src.rpm Description of changes: [2.12-1.166.7] - Update fix for CVE-2015-7547 (#1296028). [2.12-1.166.6] - Create helper threads with enough stack for POSIX AIO and timers (#1301625). [2.12-1.166.5] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028). [2.12-1.166.4] - Support loading more libraries with static TLS (#1291270). [2.12-1.166.3] - Check for NULL arena pointer in _int_pvalloc (#1256890). - Don't change no_dyn_threshold on mallopt failure (#1256891). [2.12-1.166.2] - Unlock main arena after allocation in calloc (#1256812). - Enable robust malloc change again (#1256812). - Fix perturbing in malloc on free and simply perturb_byte (#1256812). - Don't fall back to mmap prematurely (#1256812). [-2.12-1.166.1] - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002). [2.12-1.166] - Fix ruserok() check to reject, not skip, negative user checks (#1217186). [2.12-1.165] - Optimize ruserok() function for large ~/.rhosts (#1217186). [2.12-1.164] - Fix crash in valloc due to the backtrace deadlock fix (#1207236). [2.12-1.163] - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781). [2.12-1.162] - Avoid deadlock in malloc on backtrace (#1066724). [2.12-1.161] - Support running applications that use Intel AVX-512 (#1195453). [2.12-1.160] - Silence logging of record type mismatch for DNSSEC records (#1088301). [2.12-1.159] - Shrink heap on free when vm.overcommit_memory == 2 (#867679). [2.12-1.158] - Enhance nscd to detect any configuration file changes (#859965). - Fix __times() handling of EFAULT when buf is NULL (#1124204). - Fix memory leak with dlopen() and thread-local storage variables (#978098). - Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178). - Correctely size relocation cache used by profiler (#1144132). - Fix reuse of cached stack leading to bounds overrun of DTV (#1116050). [2.12-1.157] - Return failure in getnetgrent only when all netgroups have been searched (#1085312). - Fix valgrind warning in nscd_stats (#1091915). [2.12-1.156] - Initialize xports array (#1159167). - Fix tst-default-attr test to not fail on powerpc (#1023306). [2.12-1.155] - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534). [2.12-1.154] - Fix typo in nscd/selinux.c (#1125307). - Actually run test-iconv modules (#1176907). [2.12-1.153] - Fix recursive dlopen() (#1154563). [2.12-1.152] - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044). [2.12-1.151] - Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1171296). [2.12-1.150] - Fix typo in res_send and res_query (#rh1138769). _______________________________________________ Oraclevm-errata mailing list Oraclevm-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/oraclevm-errata