8984 matches found
nginx:1.18 security update
1.18.0-3.1.0.1 - Remove Red Hat references Orabug: 29498217 1:1.18.0-3.1 - Resolves: 1963178 - CVE-2021-23017 nginx:1.18/nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name...
kernel security, bug fix, and enhancement update
3.10.0-957 - mm mlock: avoid increase mm-lockedvm on mlock when already mlock2, MLOCKONFAULT Rafael Aquini 1633059 3.10.0-956 - block blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug Ming Lei 1619988 - nvme nvme-pci: unquiesce dead controller queues Ming Lei...
kernel security and bug fix update
4.18.0-193.14.32.OL8 - Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x6...
spice-server security update
0.12.4-16.2 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 0.12.4-16.1 - Fix flexible array buffer overflow Resolves: rhbz1596008...
java-11-openjdk security update
1:11.0.1.13-3.0.1 - link atomic for ix86 build 1:11.0.1.13-3 - Bump release for rebuild. 1:11.0.1.13-2 - Use LTS designator in version output for RHEL. 1:11.0.1.13-1 - Update to October 2018 CPU release, 11.0.1+13. 1:11.0.0.28-2 - Use --with-vendor-version-string=18.9 so as to show original GA da...
kernel security update
3.10.0-957.21.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-957.21.3 - net tcp: enforce tcpminsndmss in tcpmtuprobing Florian Westphal 17199...
php:7.3 security update
php 7.3.5-5 - fix underflow in envpathinfo in fpmmain.c CVE-2019-11043...
samba security, bug fix, and enhancement update
4.8.3-4 - resolves: 1614132 - Fix delete-on-close after smb2find - resolves: 1614265 - Fix CVE-2018-1139 - resolves: 1614269 - Fix CVE-2018-10858 4.8.3-3 - resolves: 1581016 - Add smbclient quiet argument 4.8.3-2 - related: 1538743 - Fix local user account lookup with winbind 4.8.3-1 - related:...
python security and bug fix update
2.7.5-76.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-76 - Remove an unversioned obsoletes tag Resolves: rhbz1627059 2.7.5-75 - Provide the /usr/libexec/platform-python symlink to the main binary Resolves: rhbz1599159 2.7.5-74 - Fix OSERROR 17 due to...
openssl security update
1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...
glibc security update
2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...
sssd security, bug fix, and enhancement update
1.16.2-13 - Resolves: rhbz1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing 1.16.2-12 - Resolves: rhbz1610667 - sssdssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz1583360 - The IPA...
Unbreakable Enterprise kernel security update
4.1.12-124.20.7 - Revert 'rds: RDS tcp hangs on sendto to unresponding address' Brian Maly Orabug: 28837953 4.1.12-124.20.6 - x86/speculation: Retpoline should always be available on Skylake Alexandre Chartre Orabug: 28801831 4.1.12-124.20.5 - x86/speculation: Add sysfs entry to enable/disable...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.26.1 - netfilter: xtTCPMSS: add more sanity tests on tcph-doff Eric Dumazet Orabug: 27896807 CVE-2017-18017 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927692 CVE-2018-7757...
openssh security update
7.4p1-23.0.1 - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation openssh bz3012 Orabug: 30448895 7.4p1-23 + 0.10.3-2 - Avoid remote code execution in ssh-agent PKCS11 support Resolves: CVE-2023-38408...
openssh security update
7.4p1-23.0.1fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.1 - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without...
samba4 security update
4.0.0-66.rc4 - related: 1191387 - Update patchset for CVE-2015-0240. 4.0.0-65.rc4 - resolves: 1191387 - CVE-2015-0240: RCE in netlogon...
curl and nss-pem security and bug fix update
curl 7.29.0-51 - require a new enough version of nss-pem to avoid regression in yum 1610998 7.29.0-50 - remove dead code, detected by Coverity Analysis - remove unused variable, detected by GCC and Clang 7.29.0-49 - make curl --speed-limit work with TFTP 1584750 7.29.0-48 - fix RTSP bad headers...
GNOME security, bug fix, and enhancement update
accountsservice 0.6.50-7 - version bump to prevent future update path introduced by RHBA-2019:45836 Resolves: 1721562 colord 1.3.4-2 - Downgrade a trivial warning to a debug statement - Resolves: 1421231 control-center 3.28.1-6 - Calculate better extents for the configured displays arrangement...
Unbreakable Enterprise kernel security update
4.1.12-124.21.1 - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! Mike Kravetz Orabug: 28839992 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927687 CVE-2018-7757 - KVM: vmx: shadow more fields that are read/written on every vmexits Paolo Bonzini Orabug: 2858104...
binutils security, bug fix, and enhancement update
2.27-34.base.0.1 - Backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598 Add a test for R386GOT32/R386GOT32X IFUNC reloc error Orabug 27930573 2.27-34.base - Fix seg-fault parsing corrupt AOUT format files. 1579799 - Fix seg-fault parsing corrupt DWARF2 debug information. 1579802 -...
glibc security, bug fix, and enhancement update
2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...
Unbreakable Enterprise kernel security update
4.14.35-1818.4.5 - x86/intel/spectrev2: Remove unnecessary retpcompiler test Boris Ostrovsky Orabug: 28814574 - x86/intel/spectrev4: Deprecate specstorebypassdisable=userspace Boris Ostrovsky Orabug: 28814574 - x86/speculation: x86specctrlset needs to be called unconditionally Boris Ostrovsky...
wget security and bug fix update
1.14-18 - Fix CVE-2018-0494 1576106 1.14-17 - Fix segfault when Digest Authentication header is missing 'qop' part 1545310 1.14-16 - Fixed various security flaws CVE-2017-13089, CVE-2017-13090...
openssh security update
8.0p1-24.0.1 - Update upstream references Orabug: 36587718 8.0p1-24 - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 8.0p1-23 - Fix Terrapin attack Resolves: RHEL-19308 8.0p1-22 - Fix Terrapin attack Resolves: RHEL-19308 - Forbid shell metasymbols in...
krb5 security, bug fix, and enhancement update
1.15.1-34 - In FIPS mode, add plaintext fallback for RC4 usages and taint - Resolves: 1570600 1.15.1-33 - Use SHA-256 instead of MD5 for audit ticket IDs - Resolves: 1570600 1.15.1-32 - Include preauth name in trace output if possible - Update cert generation scripts to work on modern openssl - F...
Unbreakable Enterprise kernel-container security update
5.4.17-2102.203.5 - rds/ib: move rdsibclearirqmiss to .h file Manjunath Patil Orabug: 33044344 5.4.17-2102.203.4 - rds/ib: recover rds connection from interrupt loss scenario Manjunath Patil Orabug: 32974199 - Revert 'Allow mce to reset instead of panic on UE' William Roche Orabug: 32820275 - bpf...
firefox security update
60.3.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.3.0-1 - Update to 60.3.0 ESR 60.2.2-2 - Added patch for rhbz1633932 60.2.2-1 - Update to 60.2.2 ESR 60.2.1-1 - Update to 60.2.1 ESR 60.2.0-1 - Update to 60.2.0 ESR 60.1.0-9 - Do not...
xorg-x11-server security update
1.20.1-5.1 - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges 1.20.1-5 - Call LeaveVT from xf86CrtcCloseScreen 1.20.1-4 - Hide the modesetting driver's atomic ioctl support behind Option 'Atomic'...
openssl security, bug fix, and enhancement update
1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...
zsh security and bug fix update
5.0.2-31 - fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083 5.0.2-30 - fix stack-based buffer overflow in utils.c:checkmailpath CVE-2018-1100 - fix stack-based buffer overflow in genmatchesfiles CVE-2018-1083 - fix stack-based buffer overflow in exec.c:hashcmd...
java-1.7.0-openjdk security update
1:1.7.0.201-2.6.16.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.201-2.6.16.1 - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 disable RC4 to apply after 8208350 disable DES - Resolves: rhbz1633817...
jasper security update
1.900.1-33 - remove implicit declaration of jaseprintf 1585830 1.900.1-32 - Fix CVE-2016-9396 1583721 - Fix CVE-2017-1000050 1585830...
thunderbird security update
60.2.1-4.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.2.1-4 - Fixing minor issues 60.2.1-3 - Reverting deleting of key3db 60.2.1-2 - Update to 60.2.1 - Added fix for rhbz1546988 60.0-1 - Rebase to version 60...
gnutls security, bug fix, and enhancement update
3.3.29-8.0.1 - Include ECDSA KAT into selftests for FIPS140-2 compliance Orabug 27484156 3.3.29-8 - Backported --sni-hostname option which allows overriding the hostname advertised to the peer 1444792 - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704...
java-1.7.0-openjdk security update
1:1.7.0.201-2.6.16.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.201-2.6.16.0 - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 disable RC4 to apply after 8208350 disable DES - Resolves: rhbz1633817...
Unbreakable Enterprise kernel security update
2.6.39-400.303.1 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927686 CVE-2018-7757 - Revert 'Fix up non-directory creation in SGID directories' Brian Maly Orabug: 28781234...
xerces-c security update
3.1.1-9 - Fix CVE-2016-4463 - Resolves: 1534481...
389-ds-base security, bug fix, and enhancement update
1.3.8.4-15 - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch 1.3.8.4-14 - Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack 1.3.8.4-13 - Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in deletepasswdPolicy when...
glusterfs security, bug fix, and enhancement update
3.12.2-18 - fixes bugs bz1524336 bz1622029 bz1622452 3.12.2-17 - fixes bugs bz1615578 bz1619416 bz1619538 bz1620469 bz1620765 3.12.2-16 - fixes bugs bz1569657 bz1608352 bz1609163 bz1609724 bz1610825 bz1611151 bz1612098 bz1615338 bz1615440 3.12.2-15 - fixes bugs bz1589279 bz1598384 bz1599362...
libkdcraw security update
4.10.5-5 - Resolves: 1557171, 1557189, 1558954 use the system LibRaw...
python-paramiko security update
2.1.1-9 - Fix a security flaw CVE-2018-1000805 in Paramiko's server mode does not effect client mode. Backported from 2.1.6 Resolves rhbz1637366...
wpa_supplicant security and bug fix update
1:2.6-12 - Ignore unauthenticated encrypted EAPOL-Key data CVE-2018-14526 1:2.6-11 - Better handling of /run/wpasupplicant rh 1507919 1:2.6-10 - Fix memory leak when macsec MKA/PSK is used rh 1500442 - Fix authentication failure when the MAC is updated externally rh 1490885 - Let the kernel disca...
libvirt security, bug fix, and enhancement update
4.5.0-10 - conf: correct false boot order error during domain parse rhbz1601318 4.5.0-9 - virDomainDefCompatibleDevice: Relax alias change check rhbz1621910 - virDomainDetachDeviceFlags: Clarify update semantics rhbz1621910 - virDomainNetDefCheckABIStability: Check for MTU change too rhbz1623157...
perl:5.32 security update
perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib 2.096-2 - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...
qemu security update
12:2.9.0-17.el7 - i386: Remove generic SMT thread check Babu Moger Orabug: 28676425 - pc: Fix typo on PCCOMPAT212 Eduardo Habkost Orabug: 28676425 - i386: Enable TOPOEXT feature on AMD EPYC CPU Babu Moger Orabug: 28676425 - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28762625...
libmspack security update
0.5-0.6.alpha - Fixes for CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 - resolves: rhbz1611550 rhbz1611551 rhbz1611552 rhbz1611553...
setup security and bug fix update
2.8.71-10 - fix crudp name in /etc/protocols 1566469 - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells 1571104...
libcdio security update
0.92-3 - fix CVE-2017-18198 and CVE-2017-18199 - Resolves: rhbz1553769 - Resolves: rhbz1553604 0.92-2 - fix CVE-2017-18201 - Resolves: rhbz1553621...
ovmf security, bug fix, and enhancement update
20180508-3.gitee3198e672e2.el7 - ovmf-redhat-provide-virtual-bundled-OpenSSL-in-OVMF.patch bz1607792 - Resolves: bz1607792 add 'Provides: bundledopenssl = 1.1.0h' to the spec file 20180508-2.gitee3198e672e2 - OvmfPkg/PlatformBootManagerLib: connect consoles unconditionally bz1577546 - build OVMF...