42 matches found
CLSA-2023-1673906443 rpm: Fix of CVE-2021-35938
CVE-2021-35938: drop the patch and following descriptor leak fix because these patches breaks non-root source package installation and can't be relied on without backporting a lot of the surrounding upstream code...
CLSA-2022-1669309108 Fix CVE(s): CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619
Backport upstream releases 8u352 to 16.04 LTS Security fixes in 8u352: - JDK-8282252: Improve BigInteger/Decimal validation - JDK-8285662: Better permission resolution - JDK-8286511: Improve macro allocation - JDK-8286519: Better memory handling - JDK-8286526, CVE-2022-21619: Improve NTLM support...
CLSA-2022-1659643989 Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-21540, CVE-2022-34169
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...
CLSA-2022-1654174568 Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21496, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21434
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09. That fixes following CVEs: - CVE-2022-21476: Defective secure validation in Apache Santuario - CVE-2022-21496: URI parsing inconsistencies - CVE-2022-21434: Improper object-to-string conversion in AnnotationInvocationHandler -...
CLSA-2022-1653507078 Fixed of 5 CVEs in java-1.8.0-openjdk
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09. That fixes following CVEs: - CVE-2022-21476: Defective secure validation in Apache Santuario - CVE-2022-21496: URI parsing inconsistencies - CVE-2022-21434: Improper object-to-string conversion in AnnotationInvocationHandler -...
GHSA-GF8Q-JRPM-JVXQ URL parsing in node-forge could lead to undesired behavior.
Impact The regex used for the forge.util.parseUrl API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior. Patches forge.util.parseUrl and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the...
java-1.8.0-openjdk security update
1:1.8.0.292.b10-0 - Update to aarch64-shenandoah-jdk8u292-b10 GA - Update release notes for 8u292-b10. - Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes - Remove RH1868759 patch as this is now resolved upstream by JDK-8258833. - Re-organise S/390...
go-toolset:ol8 security update
delve 1.4.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.4.1-1 - Rebase to 1.4.1 - Resolves: rhbz1821281 - Related: rhbz1820596 1.4.0-2 - Change i686 to a better macro - Related: rhbz1820596 1.4.0-1 - Rebase to 1.4.0 - Remove Patch1781 - Related: rhbz1820596 1.3.2-3 -...
.NET Core 3.1 on Red Hat Enterprise Linux 8 security update
3.1.105-2.0.1.el82 - Update patch to support 8.2 [email protected] - support OL release scheme [email protected] 3.1.105-2 - Remove incorrectly installed files - Resolves: RHBZ1844515 3.1.105-1 - Update to .NET Core Runtime 3.1.5 and SDK 3.1.105 - Resolves: RHBZ1844515...
SUSE-SU-2017:1815-1 Recommended update for ncurses
This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmtentry function. bsc1046858 - CVE-2017-10685: Possible RCE with format string vulnerability in the fmtentry function. bsc1046853 Bugfixes: - Drop patc...
openSUSE Security Update : docker (openSUSE-2016-643)
This update for docker fixes the following issues : Security issues fixed : - CVE-2016-3697: Potential privilege escalation via confusion of usernames and UIDs boo976777 Bugs fixed : - devicemapper: fix zero-sized field access - remove docker-netns-aarch64.patch: This patch was adding We'll fix...
java-1.6.0-openjdk security update
1:1.6.0.1-6.1.13.3 - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15apr2014 - renmoved upstreamed patch7, 1.13fixes.patch - renmoved upstreamed patch9, 1051245.patch - Resolves: rhbz1099563...
java-1.7.0-openjdk security update
1.7.0.45-2.4.3.1.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.45-2.4.3.1.el5 - Updated to icedtea 2.4.3 - Resolves: rhbz1017623 1.7.0.45-2.4.3.0.el5 - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12:...
sos security update
1.7-9.62.0.1.el59.1 - add patch to remove all sysrq echo commands from sysreport.legacy John Sobecki orabug 11061754 - comment out rh-upload-core and README.rh-upload-core in specfile 1.7-9.62.el59.1 - Remove anaconda-ks.cfg collection from general plug-in Resolves: bz965807 1.7-9.62.el59 - Elide...
java-1.6.0-openjdk security update
1:1.6.0.0-1.35.1.11.8.0.1.el59 - Add oracle-enterprise.patch 1:1.6.0.0-1.35.1.11.8 - Rebuild with updated source tarball - Resolves: rhbz911522 1:1.6.0.0-1.34.1.11.8 - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.pat...
java-1.6.0-openjdk security update
1:1.6.0.0-1.54.1.11.6 - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz906707 1:1.6.0.0-1.53.1.11.6 - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to...
Fedora 16 : java-1.6.0-openjdk-1.6.0.0-67.1.11.3.fc16 (2012-9545)
Security fixes S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel...
java-1.6.0-openjdk security update
1:1.6.0.0-1.43.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception...
Fedora 14 : evince-2.32.0-3.fc14 (2011-0208)
Thu Jan 6 2011 Marek Kasik - 2.32.0-3 - Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 - Resolves: 667573 - Mon Nov 22 2010 Marek Kasik - 2.32.0-2 - Fix crash in clearjobselection - Remove unused patch - Resolves: 647689 Note that Tenable Network Security has extracted the...
Fedora 9 : ruby-1.8.6.230-1.fc9 (2008-5664)
Tue Jun 24 2008 Akira TAGOH - 1.8.6.230-1 - New upstream release. - Security fixes. 452294. - CVE-2008-1891: WEBrick CGI source disclosure. - CVE-2008-2662: Integer overflow in rbstrbufappend. - CVE-2008-2663: Integer overflow in rbarystore. - CVE-2008-2664: Unsafe use of alloca in rbstrformat. -...