php: Fix of CVE-2025-1220

CVE-2025-1220: fix null byte termination in hostnames...

libxml2: Fix of 2 CVEs

CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file...

perl: Fix of CVE-2018-18311

CVE-2018-18311: fix buffer overflow...

git: Fix of CVE-2025-48384

CVE-2025-48384: config: quote values containing CR character...

Update of tzdata

Fix incorrect tzdb.dat by harding links...

rsync: Fix of CVE-2024-12087

CVE-2024-12087: fix path traversal vulnerability by adding a proper symlink verification and deduplication checks on a per-file-list basis...

java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u452-b09. That fixes following CVE: CVE-2025-21587, CVE-2025-30698...

rsync: Fix of CVE-2024-12088

CVE-2024-12088: fix improper verification of symbolic link destinations to prevent path traversal vulnerability...

Update of tzdata

Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...

kernel: Fix of 4 CVEs

media: pvrusb2: fix array-index-out-of-bounds in pvr2i2ccoreinit CVE-2022-49478 - x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 - cifs: fix potential double free during failed mount CVE-2022-49541 - drm/amd/pm: fix double free in siparsepowertable CVE-2022-49530...

sssd: Fix of CVE-2023-3758

CVE-2023-3758: fix race condition in adgpo...

kernel: Fix of 12 CVEs

ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 - media: uvcvideo: Fix double free in error path CVE-2024-57980 - jffs2: Prevent rtime decompress memory corruption CVE-2024-57850 - wifi: iwlegacy:...

Update of microcode_ctl

Update Intel CPU microcode to 20250211: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c0003e0; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b000620; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

libxml2: Fix of CVE-2025-32415

CVE-2025-32415: fix heap buffer overflow in xmlSchemaIDCFillNodeTables...

binutils: Fix of CVE-2025-0840

CVE-2025-0840: fix stack-buffer-overflow at objdump disassemblebytes...

libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...

bind: Fix of CVE-2024-11187

CVE-2024-11187: Limit the additional processing for large RDATA sets...

kernel: Fix of 3 CVEs

NFSv4.0: Fix a use-after-free problem in the asynchronous open CVE-2024-53173 - ALSA: usb-audio: Fix out of bounds reads when finding clock sources CVE-2024-53150 - misc/libmasm/module: Fix two use after free in ibmasminitone CVE-2021-47334...

kernel: Fix of 13 CVEs

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - btrfs: fix information leak in btrfsioctllogicaltoino CVE-2024-35849 - net: afcan: do not leave a dangling sk pointer in cancreate CVE-2024-56603 - netfilter: xtables: fix LED ID check in ledtgcheck...

squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

ntp: Fix of CVE-2020-13817

CVE-2020-13817: randomize transmit timestamp in client requests...

php: Fix of CVE-2024-11234

CVE-2024-11234: fix stream HTTP fulluri CRLF injection...

php: Fix of CVE-2024-11233

CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter...

kernel: Fix of 6 CVEs

hwmon: ibmpex Fix possible UAF when ibmpexregisterbmc fails CVE-2022-49029 - ppp: fix pppasyncencode illegal access CVE-2024-50035 - ext4: no need to continue when the number of entries is 1 CVE-2024-49967 - net/packet: fix slab-out-of-bounds access in packetrecvmsg CVE-2022-20368 - packet: in...

squid: Fix of CVE-2024-45802

CVE-2024-45802: disable ESI...

squid34: Fix of CVE-2024-45802

CVE-2024-45802: disable ESI...

ImageMagick: Fix of 3 CVEs

CVE-2020-27751: fix shift exponent that is too large for 64-bit type at magick/quantum-export.c - CVE-2020-27757: fix outside the range of representable values of type 'unsigned long long' bug at magick/quantum-private.h - CVE-2020-27768: fix outside the range of representable values of type...

Update of nss

update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "OISTE WISeKey Global Root GC CA" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of...

Update of ca-certificates

update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of Commerce Root" - Certificate "Chambers of...

php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

php: Fix of CVE-2024-8927

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

microcode_ctl: Fix of CVE-2023-31315

Update Intel CPU microcode to 20240813: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c000390; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b0005c0; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

kernel: Fix of 13 CVEs

btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...

python: Fix of 2 CVEs

CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value - CVE-2024-6232: fix regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing and was vulnerable to ReDoS via specifically-crafted tar...

kernel: Fix of 8 CVEs

blktrace: fix dereference after null check CVE-2019-19768 - blktrace: Protect q-blktrace with RCU CVE-2019-19768 - blktrace: fix unlocked access to init/start-stop/teardown - blktrace: Fix potential deadlock between delete & sysfs ops - net: fix out-of-bounds access in opsinit CVE-2024-36883 -...

java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

expat: Fix of 2 CVEs

CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

git: Fix of CVE-2024-32004

CVE-2024-32004: integrating ownership checking to detect dubious local repositories during cloning...

clamav: Fix of 2 CVEs

Update to 0.103.11 - CVE-2023-20032: fix missing buffer size check that may result in a heap buffer overflow write - Don't apply clamav-check.patch and CVE-2022-20698.patch as they have already been applied in new 0.103.11 version - Don't apply clamav-clamonacc-service.patch since el6 doesn't...

kernel: Fix of 11 CVEs

drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...

bind: Fix of CVE-2024-1975

CVE-2024-1975: Remove support for SIG0 message verification - Fix tsiggss test...

glibc: Fix of CVE-2024-33599

CVE-2024-33599: Fix buffer overflow in netgroup cache...

glibc: Fix of 2 CVEs

CVE-2018-11236: fix stack buffer overflow when realpath input length is close to SSIZEMAX. - CVE-2024-2961: fix out-of-bound writes in ISO-2022-CN-EXT escape sequences...

ansible: Fix of CVE-2023-5764

CVE-2023-5764: avoid evaluate unsafe conditions...

less: Fix of CVE-2024-32487

CVE-2024-32487: filename.c: quoting mishandling...

php: Fix of 2 CVEs

CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...

less: Fix of CVE-2022-48624

CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...

unixODBC: Fix of CVE-2024-1013

CVE-2024-1013: Fix out-of-bounds stack write issue by adjusting callee write size from 8 to 4 bytes...

Update of tzdata

Upgrade to tzdata-2024a - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - localtime no longer mishandles Ciudad Juárez in 2422. - zic no longer pretends to support indefinite-past DST. - Ittoqqortoormiit, Greenland changes time zones on...

squid: Fix of CVE-2024-25617

CVE-2024-25617: Fix denial of service in HTTP header parser...