502 matches found
Update of microcode_ctl
Update Intel CPU microcode to 20250211: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c0003e0; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b000620; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...
libxml2: Fix of CVE-2025-32415
CVE-2025-32415: fix heap buffer overflow in xmlSchemaIDCFillNodeTables...
binutils: Fix of CVE-2025-0840
CVE-2025-0840: fix stack-buffer-overflow at objdump disassemblebytes...
libxml2: Fix of CVE-2025-27113
CVE-2025-27113: fix compilation of explicit child axis...
bind: Fix of CVE-2024-11187
CVE-2024-11187: Limit the additional processing for large RDATA sets...
kernel: Fix of 3 CVEs
NFSv4.0: Fix a use-after-free problem in the asynchronous open CVE-2024-53173 - ALSA: usb-audio: Fix out of bounds reads when finding clock sources CVE-2024-53150 - misc/libmasm/module: Fix two use after free in ibmasminitone CVE-2021-47334...
kernel: Fix of 13 CVEs
media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - btrfs: fix information leak in btrfsioctllogicaltoino CVE-2024-35849 - net: afcan: do not leave a dangling sk pointer in cancreate CVE-2024-56603 - netfilter: xtables: fix LED ID check in ledtgcheck...
squid34: Fix of CVE-2024-25617
CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...
ntp: Fix of CVE-2020-13817
CVE-2020-13817: randomize transmit timestamp in client requests...
php: Fix of CVE-2024-11234
CVE-2024-11234: fix stream HTTP fulluri CRLF injection...
php: Fix of CVE-2024-11233
CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter...
kernel: Fix of 6 CVEs
hwmon: ibmpex Fix possible UAF when ibmpexregisterbmc fails CVE-2022-49029 - ppp: fix pppasyncencode illegal access CVE-2024-50035 - ext4: no need to continue when the number of entries is 1 CVE-2024-49967 - net/packet: fix slab-out-of-bounds access in packetrecvmsg CVE-2022-20368 - packet: in...
squid: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
squid34: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
ImageMagick: Fix of 3 CVEs
CVE-2020-27751: fix shift exponent that is too large for 64-bit type at magick/quantum-export.c - CVE-2020-27757: fix outside the range of representable values of type 'unsigned long long' bug at magick/quantum-private.h - CVE-2020-27768: fix outside the range of representable values of type...
Update of nss
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "OISTE WISeKey Global Root GC CA" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of...
Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of Commerce Root" - Certificate "Chambers of...
php: Fix of CVE-2024-8925
CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...
php: Fix of CVE-2024-8927
CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...
microcode_ctl: Fix of CVE-2023-31315
Update Intel CPU microcode to 20240813: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c000390; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b0005c0; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...
kernel: Fix of 13 CVEs
btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...
python: Fix of 2 CVEs
CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value - CVE-2024-6232: fix regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing and was vulnerable to ReDoS via specifically-crafted tar...
kernel: Fix of 8 CVEs
blktrace: fix dereference after null check CVE-2019-19768 - blktrace: Protect q-blktrace with RCU CVE-2019-19768 - blktrace: fix unlocked access to init/start-stop/teardown - blktrace: Fix potential deadlock between delete & sysfs ops - net: fix out-of-bounds access in opsinit CVE-2024-36883 -...
java-1.8.0-openjdk: Fix of 6 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...
expat: Fix of 2 CVEs
CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...
git: Fix of CVE-2024-32004
CVE-2024-32004: integrating ownership checking to detect dubious local repositories during cloning...
clamav: Fix of 2 CVEs
Update to 0.103.11 - CVE-2023-20032: fix missing buffer size check that may result in a heap buffer overflow write - Don't apply clamav-check.patch and CVE-2022-20698.patch as they have already been applied in new 0.103.11 version - Don't apply clamav-clamonacc-service.patch since el6 doesn't...
kernel: Fix of 11 CVEs
drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...
bind: Fix of CVE-2024-1975
CVE-2024-1975: Remove support for SIG0 message verification - Fix tsiggss test...
glibc: Fix of CVE-2024-33599
CVE-2024-33599: Fix buffer overflow in netgroup cache...
glibc: Fix of 2 CVEs
CVE-2018-11236: fix stack buffer overflow when realpath input length is close to SSIZEMAX. - CVE-2024-2961: fix out-of-bound writes in ISO-2022-CN-EXT escape sequences...
ansible: Fix of CVE-2023-5764
CVE-2023-5764: avoid evaluate unsafe conditions...
less: Fix of CVE-2024-32487
CVE-2024-32487: filename.c: quoting mishandling...
php: Fix of 2 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...
less: Fix of CVE-2022-48624
CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...
unixODBC: Fix of CVE-2024-1013
CVE-2024-1013: Fix out-of-bounds stack write issue by adjusting callee write size from 8 to 4 bytes...
Update of tzdata
Upgrade to tzdata-2024a - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - localtime no longer mishandles Ciudad Juárez in 2422. - zic no longer pretends to support indefinite-past DST. - Ittoqqortoormiit, Greenland changes time zones on...
squid: Fix of CVE-2024-25617
CVE-2024-25617: Fix denial of service in HTTP header parser...
bind: Fix of 2 CVEs
CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3 - Enable internal tests by default...
vim: Fix of CVE-2024-22667
CVE-2024-22667: addressing a potential stack-buffer-overflow in option processing functions...
kernel: Fix of 7 CVEs
KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...
kernel: Fix of 7 CVEs
KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...
sudo: Fix of CVE-2023-42465
Remove sudo-1.9.15-CVE-2023-42465.patch due to bug...
libxml2: Fix of CVE-2024-25062
CVE-2024-25062: Fix xmlValidatePopElement use-after-free in XML Reader interface with DTD validation and XInclude expansion enabled - test suite was partially activated...
sudo: Fix of CVE-2023-42465
CVE-2023-42465: make sudo less vulnerable to ROWHAMMER attacks...
Update of nss
Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -...
Update of microcode_ctl
Update AMD CPU microcode to 2023-10-19: - Addition AMD CPU microcode for processor family 19h: sig 0x00a10f12, sig 0x00aa0f02, sig 0x00aa0f01, sig 0x00a10f11; - Update AMD CPU microcode for processor family 17h: sig 0x00830f10...
java-1.8.0-openjdk: Fix of 8 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...
squid: Fix of CVE-2023-50269
CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...
squid34: Fix of CVE-2023-50269
CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...