9185 matches found
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-61.1.10 - netfilter: xtables: make sure e-nextoffset covers remaining blob size Florian Westphal Orabug: 24682076 CVE-2016-4997 CVE-2016-4998 - netfilter: xtables: validate e-targetoffset early Florian Westphal Orabug: 24682076 CVE-2016-4997 CVE-2016-4998 4.1.12-61.1.9 -...
kernel security, bug fix, and enhancement update
3.10.0-327.36.1.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.36.1 - x86 Use ptenone to test for empty PTE Larry Woodman 1363860 1347159 - x86 Disallow running with 32-bit PTEs to work around erratum Larry Woodman 1363860 1347159 - x86 Ignore A/D bits in pte/pmd/pudnone Alexander...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.10.2 - tcp: make challenge acks less predictable Eric Dumazet Orabug: 24010012 Orabug: 2401010 CVE-2016-5696 3.8.13-118.10.1 - ocfs2: call ocfs2journalaccessdi before ocfs2journaldirty in ocfs2writeendnolock yangwenfang Orabug: 19601200 - ocfs2: improve recovery performance...
Unbreakable Enterprise kernel security update
2.6.39-400.283.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393863 CVE-2016-4470...
openssl security update
0.9.8e-39.0.1 - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 John Haxby orabug 21673934 - Backport openssl 08-Jan-2015 security fixes John Haxby orabug 20409893 - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix...
jakarta-commons-collections security update
0:3.2.1-3.5 - Fix Java object de-serialization vulnerability - Resolves: CVE-2015-7501...
Unbreakable Enterprise kernel security update
kernel-uek 2.6.32-400.37.9uek - x86, tls: Interpret an all-zero struct userdesc as 'no segment' Andy Lutomirski Orabug: 21518750 - x86, tls, ldt: Stop checking lm in LDTempty Andy Lutomirski Orabug: 21518750 2.6.32-400.37.8uek - KVM: x86: SYSENTER emulation is broken Nadav Amit Orabug: 21502741...
java-1.7.0-openjdk security update
1:1.7.0.85-2.6.1.3.0.1 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Oracle Linux' 1:1.7.0.85-2.6.1.3 - Check return value of gioinit in gsettingsinit and return false if necessary. - Re-enable the use of system GConf. - Only ifdef gtypeinit&gfree if USESYSTEMGIO and USESYSTEMGCONF are...
kernel security and bug fix update
2.6.32-504.16.2 - infiniband core: Prevent integer overflow in ibumemget address arithmetic Doug Ledford 1181173 1179327 CVE-2014-8159 2.6.32-504.16.1 - fs gfs2: Move gfs2filesplicewrite outside of ifdef Robert S Peterson 1198329 1193559 - security keys: close race between key lookup and freeing...
openssl security update
0.9.8e-33 - fix CVE-2014-8275 without introduction of CVE-2015-0286 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-55 - freezer: set PFSUSPENDTASK flag on tasks that call freezeprocesses Colin Cross Orabug: 20082843 3.8.13-54 - netfilter: nfnat: fix oops on netns removal Florian Westphal Orabug: 19988779 - tcp: tsq: restore minimal amount of queueing Eric Dumazet Orabug: 19909542 - qedf: Fix...
file security and bug fix update
5.04-21 - fix typographical error in changelog 5.04-20 - fix 1037279 - better patch for the bug from previous release 5.04-19 - fix 1037279 - display 'from' field on 32bit ppc core 5.04-18 - fix 664513 - trim white-spaces during ISO9660 detection 5.04-17 - fix CVE-2014-3479 cdfcheckstreamoffset...
php security update
5.4.16-23.1 - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix extensive backtracking in regular expression incomplete fix for CVE-2013-7345. CVE-2014-3538 - fileinfo: fix mconvert incorrect handling ...
qemu-kvm security and bug fix update
1.5.3-60.el70.2 - kvm-pc-add-hotaddcpu-callback-to-all-machine-types.patch bz1094820 - Resolves: bz1094820 Hot plug CPU not working with RHEL6 machine types running on RHEL7 host. 1.5.3-60.el70.1 - kvm-iscsi-fix-indentation.patch bz1090978 - kvm-iscsi-correctly-propagate-errors-in-iscsiopen.patch...
kernel security and bug fix update
2.6.32-358.6.1 - virt kvm: accept unaligned MSRKVMSYSTEMTIME writes Petr Matousek 917020 917021 CVE-2013-1796 - char tty: hold lock across tty buffer finding and buffer filling Prarit Bhargava 928686 901780 - net tcp: fix for zero packetsinflight was too broad Thomas Graf 927309 920794 - net tcp:...
java-1.7.0-openjdk security update
1.7.0.19-2.3.9.1.0.1.el59 - Add oracle-enterprise.patch - Fix DISTRONAME to "Enterprise Linux" 1.7.0.19-2.3.9.1.el5 - updated to updated IcedTea 2.3.9 with fix to one of security fixes - fixed font glyph offset - Resolves: rhbz950376 1.7.0.19-2.3.9.0.el5 - updated to IcedTea 2.3.9 with latest...
java-1.6.0-openjdk security update
1:1.6.0.0-1.28.1.10.10.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.28.1.10.10 - Updated to IcedTea6 1.10.10 - Resolves rhbzs 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568...
php security update
5.3.3-14 - add security fix for CVE-2010-2950 5.3.3-13 - fix tests for CVE-2012-2143, CVE-2012-0789 5.3.3-12 - add fix for CVE-2012-2336 5.3.3-11 - add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386 5.3.3-9 - correct...
kernel security, bug fix, and enhancement update
2.6.32-220.13.1.el6 - Revert: fs NFSv4: include bitmap in nfsv4 get acl data Sachin Prabhu 753231 753232 CVE-2011-4131 2.6.32-220.12.1.el6 - net netsched: qdiscallochandle can be too slow Jiri Pirko 805458 785891 - fs procfs: add hidepid= and gid= mount options Jerome Marchand 770651 770652 - fs...
tomcat5 security update
0:5.5.23-0jpp.31 - Resolves: CVE-2012 regression. Changed patch file. 0:5.5.23-0jpp.30 - Resolves: CVE-2012-0022, CVE-2011-4858 0:5.5.23-0jpp.27 - Resolves CVE-2011-0013 rhbz 675933 - Resolves CVE-2011-3718 rhbz 675933 0:5.5.23-0jpp.23 - Resolves CVE-2011-1184 rhbz 744984 - Resolves CVE-2011-2204...
Oracle Linux 6 Unbreakable Enterprise kernel security fix update
2.6.32-100.28.9.el6 - sync up the version 2.6.32-100.28.8.el6 - block check for proper length of iov entries earlier in blkrqmapuseriov Xiaotian Feng CVE-2010-4668 - scm: lower SCMMAXFD Eric Dumazet CVE-2010-4249 - perfevents: Fix perfcountermmap hook in mprotect Pekka Enberg CVE-2010-4169 - tcp:...
mailman security update
3:2.1.12-14.2 - fix 677848 - fixed build problem without brew 3:2.1.12-14.1 - fix 677848 - fixed CVE-2010-3089 and CVE-2011-0707...
glibc security and bug fix update
2.12-1.7.el60.3 - Require suid bit on audit objects in privileged programs 645679, CVE-2010-3856 2.12-1.7.el60.2 - Never expand in privileged programs 643821 2.12-1.7.el60.1 - Fix bug in generic strstr/memmem implementation handling certain repeated patterns 643341 - Correctly align TCB for AVX...
kernel security and bug fix update
2.6.18-128.1.14.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki,Guru Anbalagane orabug 6045759 - MM shrink zone patch John Sobecki,Chris Mason orabug 6086839 - NET Add xen pv/bonding netconsole support Tina yang orabug 6993043 bz 7258 - nfs convert ENETUNREACH to ENOTCONN Guru...
edk2 security update
1.7.1 - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux kernel...
libtiff security update
4.0.9-27 - Fix various CVEs - Resolves: CVE-2022-3627 CVE-2022-3970...
bind9.16 security and bug fix update
32:9.16.23-0.14 - Handle subtle difference between upstream and rhel CVE-2022-3094 32:9.16.23-0.13 - Prevent flooding with UPDATE requests CVE-2022-3094 - Handle RRSIG queries when server-stale is active CVE-2022-3736 - Fix crash when soft-quota is reached and serve-stale is active CVE-2022-3924...
unbound security and bug fix update
1.16.2-5 - Stop creating wrong devel manual pages 2135322 1.16.2-4 - Apply correctly previous change CVE-2022-3204 1.16.2-3 - Fix NRDelegation attack leading to uncontrolled resource consumption CVE-2022-3204...
krb5 security update
1.10.3-65.0.1 - Fix integer overflows in PAC parsing CVE-2022-42898 Orabug: 34843511...
sssd security and bug fix update
1.16.5-10.0.3 - Revert Redhat's change of disallowing duplicated incomplete gid when 'idprovider=ldap' is used, which caused regression in AD environment. Orabug: 29286774 Doc ID 2605732.1 1.16.5-10.15 - Resolves: rhbz2149703 - smartcards: special characters must be escaped when building search...
Unbreakable Enterprise kernel-container security update
5.15.0-2.52.3.el8 - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Thadeu Lima de Souza Cascardo Orabug: 34495548 CVE-2022-2585 - fix race between exititimers and /proc/pid/timers Oleg Nesterov Orabug: 34495548 - rds: ib: Add preemption control when using per-cpu variables...
Unbreakable Enterprise kernel security update
5.4.17-2136.310.7 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - x86/specctrl: limit IBRSFW to retpoline only Ankur Arora Orabug: 34450896 - x86/bugs: display dynamic retbleed state Ankur Arora Orabug: 34450896 - x86/bugs:...
galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
galera 26.4.11-1.0.1 - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Patches from previous release have been deleted - Drop nmap-ncat requirement. Orabug: 34116228 - Added galera-skip-lp1184034-testcase.patch - Added...
Unbreakable Enterprise kernel security update
5.4.17-2136.308.9 - x86/speculation/mmio: Fix late microcode loading Patrick Colp Orabug: 34276099 5.4.17-2136.308.8 - Add debugfs for controlling MMIO state data Kanth Ghatraju Orabug: 34202259 CVE-2022-21123 CVE-2022-21127 CVE-2022-21125 CVE-2022-21166 - KVM: x86/speculation: Disable Fill buffe...
nodejs:14 security, bug fix, and enhancement update
nodejs 1:14.18.2-2 - Add missing fixes - Resolves: RHBZ2027642, RHBZ2027635 1:14.18.2-1 - Resolves: RHBZ2027609 - Resolves: RHBZ2027649, RHBZ2027646, RHBZ2027642, RHBZ2027635 - Rebase to new version to fix CVEs...
parfait:0.5 security update
parfait 0.5.4-4 - Obsolete remove vulnerable versions of log4j12 NVR 1.2.17-23 when upgrading to parfait 0.5.4-4 CVE-2021-4104 0.5.4-3 - Drop all code explicitly using Log4J BZ 2032158...
polkit security update
0.115-13.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.115-13.el85.1 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034...
java-17-openjdk security update
1:17.0.2.0.8-4 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz2039366 1:17.0.2.0.8-3 - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes heap-heaps and @JAVASPECVER@ - Update icedteasync.sh with a VCS mode that retrieves...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.507.7.6.el7 - fuse: fix live lock in fuseiget Amir Goldstein Orabug: 33406810 CVE-2021-28950 - block: workaround to avoid self-deadlock in delgendisk Junxiao Bi Orabug: 33406819 - net: bonding: add new option arpallslaves for arpiptarget Venkat Venkatsubra Orabug: 33406814 - net/mlx5...
bind security update
32:9.11.26-4 - Possible assertion failure on DNAME processing CVE-2021-25215...
nodejs:14 security and bug fix update
nodejs 1:14.16.0-2 - Resolves: RHBZ1932427 - remove --debug-nghttp2 option 1:14.16.0-1 - Resolves: RHBZ1932317, RHBZ1932425 - Rebase, remove ini patch 1:14.15.4-2 - Add patch for yarn crash - Resolves: RHBZ1916465 1:14.15.4-1 - Security rebase to 14.15.4 -...
grub2 security update
2.02-0.87.0.7 - Fix CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 Orabug: 32530657 - Fix various coverity issues Orabug: 32530657 - Add SBAT metadata to grubx64.efi Orabug: 32530657 2.02-0.87.0.5 - Use similar format for menu entry in gru...
bind security update
32:9.11.20-5.1 - Fix off-by-one bug in ISC SPNEGO implementation CVE-2020-8625...
kernel security and bug fix update
3.10.0-1160.11.1.OL7 - Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 slotsret under spinlockirq protection Rafael...
python38:3.8 security, bug fix, and enhancement update
...
microcode_ctl security, bug fix and enhancement update
3:1.17-33.26.0.1 - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe except BDW-79 - set earlymicrocode='no' in virtualized guests to avoid early load...
Unbreakable Enterprise kernel security update
5.4.17-2011.3.2.1uek - x86/speculation: Add Ivy Bridge to affected list Josh Poimboeuf Orabug: 31352779 CVE-2020-0543 - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31352779 CVE-2020-0543 - x86/speculation: Add Special Register Buffer Data Sampling SRBD...
firefox security update
68.9.0-1.0.1.el82 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references Orabug: 30530527 Fri May 29 2020 Jan Horak - Update to 68.9.0 build1 - Added patch for pipewire 0.3 Mon May ...
Unbreakable Enterprise kernel security update
2.6.39-400.315.1.1 - x86/tsx: Add config options to set tsx=on|off|auto Michal Hocko Orabug: 30419231 CVE-2019-11135 - x86/speculation/taa: Add documentation for TSX Async Abort Pawan Gupta Orabug: 30419231 CVE-2019-11135 - x86/tsx: Add 'auto' option to TSX cmdline parameter Pawan Gupta Orabug:...
samba security, bug fix, and enhancement update
4.9.1-6 - related: 1703204 - Fix printing with smbspool as CUPS backend 4.9.1-5 - resolves: 1703204 - Fix smbspool krb5 authentication 4.9.1-4 - resolves: 1690222 - Fix --max-protocol documentation of smbclient - resolves: 1518353 - Fix 'net ads join -Uadmin@forestdomain' - resolves: 1696524 - Fi...