8987 matches found
Unbreakable Enterprise kernel security update
4.1.12-124.39.5 - Input: ff-memless - kill timer in destroy Oliver Neukum Orabug: 31213691 CVE-2019-19524 - libertas: Fix two buffer overflows at parsing bss descriptor Wen Huang Orabug: 31351307 CVE-2019-14896 CVE-2019-14897 CVE-2019-14897 - binfmtelf: use ELFETDYNBASE only for PIE Kees Cook...
Unbreakable Enterprise kernel security update
4.1.12-61.63.1 - Revert 'kernel.spec: Require the new microcodectl.' Brian Maly - x86: Clean up IBRS functionality resident in common code Kanth Ghatraju Orabug: 27439198 - x86: Display correct settings for the SPECTREV2 bug Kanth Ghatraju Orabug: 27439198 - Set CONFIGGENERICCPUVULNERABILITIES fl...
java-21-openjdk security update
1:21.0.7.0.6-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.7.0.6-1 - Update to jdk-21.0.7+6 GA - Update release notes to 21.0.7+6 - Rebase FIPS support against 21.0.7+5 - Require tzdata 2025a due to upstream inclusion of JDK-8347965 - Sync the copy of the portable specfile with the...
java-17-openjdk security and bug fix update
1:17.0.8.0.7-2.0.1 - OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 - OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 - OpenJDK: improper handling of slash characters in URI-to-path conversion 8305312 CVE-2023-22049 - harfbuzz: OpenJDK: On^2 growth via consecutive...
vim security update
8.2.2637-16.0.1 - - Remove upstream references Orabug: 31197557 2:8.2.2637-16.2 - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read 2:8.2.2637-16.1 - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior - CVE-2022-0943 vim: Heap-based Buffer Overflow occu...
kernel security, bug fix, and enhancement update
3.10.0-1160.62.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...
qemu-kvm security update
1.5.3-175.el79.4 - kvm-ide-atapi-check-logical-block-address-and-read-size-.patch bz1917449 - Resolves: bz1917449 CVE-2020-29443 qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands rhel-7.9.z...
dotnet3.1 security and bugfix update
3.1.115-1.0.1 - Update patch to support 8.3 [email protected] - support OL release scheme [email protected] 3.1.115-1 - Update to .NET SDK 3.1.115 and Runtime 3.1.15 - Resolves: RHBZ1954333 3.1.114-2 - Rebuild to tag into the correct location - Resolves: RHBZ1947455...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.42.1 - scsi: libsas: delete sas port if expander discover failed Jason Yan Orabug: 30580688 CVE-2019-15807...
firefox security update
60.7.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.7.0-1 - Updated to 60.7.0 ESR 60.6.3-1 - Updated to 60.6.3 ESR 60.6.2-1 - Updated to 60.6.2 ESR 60.6.1-2 - Added fix for mozbz526293 - show remote locations on file chooser dialog...
Unbreakable Enterprise kernel security update
4.14.35-1844.4.5.2 - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721848 CVE-2019-11091 - x86/speculation/mds: Make mdsmitigation mutable after init Konrad Rzeszutek Wilk Orabug: 29721835 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 4.14.35-1844.4.5.1 -...
firefox security update
60.6.0-3.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.6.0-3 - Added Google API keys mozbz1531176 60.6.0-2 - Update to 60.6.0 ESR Build 2 60.6.0-1 - Update to 60.6.0 ESR Build 1...
kernel security, bug fix, and enhancement update
2.6.32-696.OL6 - Update genkey bug 25599697 2.6.32-696 - net dccp: fix freeing skb too early for IPV6RECVPKTINFO Hannes Frederic Sowa 1424628 CVE-2017-6074 2.6.32-695 - block nvme: Dont poll device being removed David Milburn 1422521 2.6.32-694 - fs posixacl: Clear SGID bit when setting file...
go-toolset:ol8 security and bug fix update
delve 1.7.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.7.2-1 - Rebase to 1.7.2 - Related: rhbz2014088 golang 1.17.7-1 - Rebase to Go 1.17.7 - Remove fips memory leak patch fixed in tree - Resolves: rhbz2015930 go-toolset 1.17.7-1 - Rebase to Go 1.17.7 - Remove fips memory...
httpd:2.4 security and bug fix update
modhttp2 1.15.7-5 - Resolves: 2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations 1.15.7-4 - Resolves: 1966728 - CVE-2021-33193 httpd:2.4/modhttp2: httpd: Request splitting via HTTP/2 method injection and modproxy modmd...
python38:3.8 and python38-devel:3.8 security update
PyYAML 5.4.1-1 - Rebase to version 5.4.1 to fix CVE-2020-14343 - Resolves: rhbz1860466...
qemu security update
15:4.2.1-9.el7 - Revert 'oslib-posix: refactor memory prealloc threads' Mark Kanda Orabug: 32903662 - Revert 'oslib-posix: initialize backend memory objects in parallel' Mark Kanda Orabug: 32903662 15:4.2.1-8.el7 - i386/pc: let iterator handle regions below 4G Joao Martins 15:4.2.1-7.el7 -...
Unbreakable Enterprise kernel security update
5.4.17-2036.102.0.2uek - xen-blkback: set ring-xenblkd to NULL after kthreadstop Pawel Wieczorkiewicz Orabug: 32260252 CVE-2020-29569 - xenbus/xenbusbackend: Disallow pending watch messages SeongJae Park Orabug: 32253409 CVE-2020-29568 - xen/xenbus: Count pending messages for each watch SeongJae...
bind security and bug fix update
32:9.11.4-26.P2.2 - Fix unsupported algorithms validation rh1769876 32:9.11.4-26.P2.1 - Fix tsig-request verify CVE-2020-8622 - Prevent PKCS11 daemon crash on crafted packet CVE-2020-8623 - Correct update-policy type subdomain to match documentation CVE-2020-8624...
python security update
2.7.5-86.0.3 - Prefix dot in domain for proper subdomain validation CVE-2018-20852Orabug: 30114725...
procps-ng security and bug fix update
3.3.10-26 - free: unreclaimable slabs counted into free memory, used mem incorrect - Resolves: rhbz1699264 3.3.10-25 - ps: recognize SCHEDDEADLINE in CLS field, upstream backport - Resolves: rhbz1692843 3.3.10-24 - top: Do not default to the cwd in configsread - Resolves: rhbz1577023...
Unbreakable Enterprise kernel security update
4.1.12-124.24.5 - rds: congestion updates can be missed when kernel low on memory Mukesh Kacker Orabug: 28425811 - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures Venkat Venkatsubra Orabug: 28127993 - net: rds: fix excess initialization of the recv SGEs Zhu Yanjun Orabug...
Unbreakable Enterprise kernel security update
4.1.12-112.14.13 - Revert 'kernel.spec: Require the new microcodectl.' Brian Maly 4.1.12-112.14.12 - xen-blkback: add pendingreq allocation stats Ankur Arora Orabug: 27386890 - xen-blkback: move indirect req allocation out-of-line Ankur Arora Orabug: 27386890 - xen-blkback: pull nseg validation o...
samba security, bug fix, and enhancement update
4.6.2-8 - resolves: 1459936 - Fix regression with 'follow symlinks = no' 4.6.2-7 - resolves: 1461336 - Fix smbclient username parsing - resolves: 1460937 - Fix username normalization with winbind 4.6.2-6 - resolves: 1459179 - Fix smbclient session setup printing 4.6.2-5 - related: 1277999 - Add...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.17.4 - Revert 'fix minor infoleak in getuserex' Brian Maly Orabug: 25790392 CVE-2016-9644 3.8.13-118.17.3 - net: ping: check minimum size on ICMP header length Kees Cook Orabug: 25766911 CVE-2016-8399 3.8.13-118.17.2 - ipv6: stop sending PTB packets for MTU 1280 Hagen Paul...
openssl098e security update
0.9.8e-20.0.1.1 - Updated the description 0.9.8e-20.1 - fix CVE-2015-0293 - triggerable assert in SSLv2 server - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method 0.9.8e-20 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.3.2 - x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection Andy Lutomirski Orabug: 22742507 CVE-2015-5157 - x86/nmi/64: Reorder nested NMI checks Andy Lutomirski Orabug: 22742507 CVE-2015-5157 - x86/nmi/64: Improve nested NMI comments Andy Lutomirski...
freetype security update
2.10.4-10 - Fix for CVE-2025-27363 out-of-bound write vulnerability - Patch initially by Marc Deslauriers of Canonical - https://www.openwall.com/lists/oss-security/2025/03/14/3 - Adjusted for EL9 by Jonathan Wright of AlmaLinux - and a member of the Meta security team - Resolves: RHEL-83105...
less security update
590-4 - Fix CVE-2024-32487 - Resolves: RHEL-33773...
libtasn1 security update
4.16.0-9 - Resolves: rhbz2140602...
dnsmasq security and bug fix update
2.85-5 - Prevent endless loop in forwardquery 2120711 2.85-4 - Prevent use after free in dhcp6norelay CVE-2022-0934...
gnutls and nettle security, bug fix, and enhancement update
gnutls 3.7.6-12 - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutlskeygenerate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS...
Unbreakable Enterprise kernel security update
4.14.35-2047.511.5.2 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33876756 CVE-2022-0492 - scsi: libiscsi: Hold backlock when calling iscsicompletetask Gulam Mohamed Orabug: 33876755 4.14.35-2047.511.5.1 - arm64, mm, efi: Account for GICv3 LPI tables in static...
container-tools:3.0 security and bug fix update
buildah 1.19.9-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 https://github.com/containers/buildah/commit/c1d6200 - fixes CVE-2021-3602 - Related: 1977943...
nss and nspr security, bug fix, and enhancement update
nspr 4.32.0-1 - Update to NSPR 4.32 4.31.0-1 - Update to NSPR 4.31 4.30.0-1 - Update to NSPR 4.30 nss 3.67.0-6 - Fix ssl alert issue 3.67.0-5 - Fix issue with reading databases that were updated using unpatched versions of nss 3.67.0-4 - Better fix for the sdb timeout. The issue wasn't a race, it...
olcne conmon coredns cri-o cri-tools etcd flannel grafana helm istio kata kata-agent kata-image kata-ksm-throttler kata-proxy kata-runtime kata-shim kubernetes kubernetes-cni kubernetes-cni-plugins kubernetes-dashboard prometheus yq security update
olcne 1.1.5-2 - kubernetes pod subnet flag not honored in flannel configuration 1.1.5-1 - Address CVE-2020-16845 conmon 2.0.10-3 - Address CVE-2020-16845 coredns 1.6.5-1.0.3 - Address CVE-2020-16845 cri-o 1.17.0-1.0.5 - Address CVE-2020-16845 cri-tools 1.17.0-1.0.2 - Address CVE-2020-16845...
git security update
1.8.3.1-23 - Prevent crafted URL containing new lines, empty host or lacks a scheme to cause credential leak. Resolves: CVE-2020-11008...
python-pip security update
...
kernel security, bug fix, and enhancement update
4.18.0-80.7.10.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 4.18.0-80.7.10 - x86 Update stepping values for Whiskey Lake U/Y David Arcari...
Unbreakable Enterprise kernel security update
4.14.35-1818.0.14 - tcp: add tcpoootrycoalesce helper Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: call tcpdrop from tcpdataqueueofo Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: detect malicious patterns in tcpcollapseofoqueue Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: avoid...
kernel security and bug fix update
2.6.32-754.OL6 - Update genkey bug 25599697 2.6.32-754 - powerpc 64s: Add support for a store forwarding barrier at kernel entry/exit Mauricio Oliveira 1581053 CVE-2018-3639 - x86 amd: Disable AMD SSBD mitigation in a VM Waiman Long 1580360 - x86 specctrl: Fix late microcode problem with AMD Waim...
Unbreakable Enterprise kernel security update
4.1.12-124.15.1 - netfilter: nfnetlinkcthelper: Add missing permission checks Kevin Cernekee Orabug: 27260771 CVE-2017-17448 - netlink: Add netns check on taps Kevin Cernekee Orabug: 27260799 CVE-2017-17449 - KVM: Fix stack-out-of-bounds read in writemmio Wanpeng Li Orabug: 27290606 CVE-2017-1774...
Oracle linux 5 kernel update
kernel 2.6.18-371 - net be2net: enable polling prior enabling interrupts globally Ivan Vecera 987539 2.6.18-370 - net be2net: Fix to avoid hardware workaround when not needed Ivan Vecera 995961 - kernel signals: stop info leak via tkill and tgkill syscalls Oleg Nesterov 970875 CVE-2013-2141...
kernel security and bug fix update
2.6.32-71.24.1.el6 - fs Revert 'fs inotify: stop kernel memory leak on file creation failure' Eric Paris 656831 656832 CVE-2010-4250 2.6.32-71.23.1.el6 - x86 Revert 'x86 mtrr: Assume SYSCFGTom2ForceMemTypeWB exists on all future AMD CPUs' Frank Arnold 683813 652208 2.6.32-71.22.1.el6 - rebuild...
Unbreakable Enterprise kernel security update
5.15.0-305.176.4 - x86/asm: Make serialize alwaysinline Juergen Gross - hwmon: tmp513 Fix division of negative numbers David Lechner - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' Pratyush Yadav - Revert 'regmap: detach regmap from dev on regmapexit' Greg Kroah-Hartman -...
java-17-openjdk security and bug fix update
1:17.0.8.0.7-2.0.1 - OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 - OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 - OpenJDK: improper handling of slash characters in URI-to-path conversion 8305312 CVE-2023-22049 - harfbuzz: OpenJDK: On^2 growth via consecutive...
Unbreakable Enterprise kernel-container security update
5.15.0-3.60.5.1.el8 - fs: remove nollseek Jason A. Donenfeld Orabug: 34721465 - vfio: do not set FMODELSEEK flag Jason A. Donenfeld Orabug: 34721465 - dma-buf: remove useless FMODELSEEK flag Jason A. Donenfeld Orabug: 34721465 - fs: do not compare against -llseek Jason A. Donenfeld Orabug: 347214...
gnutls and nettle security, bug fix, and enhancement update
gnutls 3.6.16-4 - p11tool: Document ID reuse behavior when importing certs 1776250 3.6.16-3 - Treat SHA-1 signed CA in the trusted set differently 1965445 3.6.16-2 - Filter certificatetypes in TLS 1.2 CR based on signature algorithms 1942216 3.6.16-1 - Update to upstream 3.6.16 release 1956783 -...
fribidi security update
1.0.2-1.1 - Security fix for CVE-2019-18397 Resolves: rhbz1781224...
sudo security update
1.8.25-4.0.1.el8.1 - Treat an ID of -1 as invalid since that means 'no change' Orabug: 30421281 CVE-2019-14287 - Add sudostrtoid tests for -1 and range errors. Orabug: 30421281...