8998 matches found
Unbreakable Enterprise kernel security update
4.1.12-124.70.2 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34882781 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34882781 CVE-2022-4378 - netfilter: nfconntrackirc: Fix forged IP logic David Leadbeater Orabu...
kernel security, bug fix, and enhancement update
5.14.0-162.6.11.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
qemu-kvm security, bug fix, and enhancement update
7.0.0-13 - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch bz2117546 - kvm-i386-do-kvmputmsrfeaturecontrol-first-thing-when.patch bz2117546 - Resolves: bz2117546 RHEL9.1 Guests in VMX root operation fail to reboot with QEMUs systemreset command 7.0.0-12 -...
kernel security, bug fix, and enhancement update
4.18.0-425.3.1.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
lua security update
5.4.2-4.3 - Fix up CVE-2022-33099 patch 5.4.2-4.2 - Enable gating 5.4.2-4.1 - apply upstream fix for CVE-2022-33099...
Unbreakable Enterprise kernel security update
4.14.35-2047.517.3 - KVM: x86: use raw clock values consistently Paolo Bonzini Orabug: 34575637 - KVM: x86: reorganize pvclockgtoddata members Paolo Bonzini Orabug: 34575637 - KVM: x86: switch KVMCLOCK base to monotonic raw clock Marcelo Tosatti Orabug: 34575637 4.14.35-2047.517.2 - kernfs: Repla...
curl security update
7.61.1-22.el86.4 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208...
python-virtualenv security update
15.1.0-7 - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz1868135...
microcode_ctl security update
2:2.1-73.13.0.5 - ensure UEK also rebuilds initramfs Orabug: 34280052 2:2.1-73.13.0.3 - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 2:2.1-73.13.0.2 - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset Orabug:...
Unbreakable Enterprise kernel security update
5.4.17-2136.307.3.2 - perf: Fix sysperfeventopen race against self Peter Zijlstra Orabug: 34172709 CVE-2022-1729...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.511.5.8.el7uek - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug: 34048826 CVE-2022-1016...
java-11-openjdk security update
1:11.0.14.0.9-2 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz2039366 1:11.0.14.0.9-1 - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT....
openssl security update
1:1.1.1k-5 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz2005400...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.302.6.1 - rds/ib: Use both iova and key in freemr socket call aru kolappan Orabug: 33667276 5.4.17-2136.302.6 - Revert fs: align IOCB flags with RWF flags Prasad Singamsetty Orabug: 33627551 5.4.17-2136.302.5 - Revert drm: Initialize struct drmcrtcstate.novblank from device settings...
nss security update
3.44.0-7.0.2 - Fix CVE-2021-43527 Orabug: 33627334...
Unbreakable Enterprise kernel security update
5.4.17-2136.301.1.2 - Revert 'net/rds: Allocate pages on HCA NUMA nodeid' Gerd Rausch Orabug: 33561324 - Revert 'net/rds: Allocate rdsibincoming,fragslab on HCA NUMA nodeid' Gerd Rausch Orabug: 33561324 - Revert 'net/rds: Use the same vector for send & receive' Gerd Rausch Orabug: 33561324 - Reve...
krb5 security update
1.18.2-8.3 - Fix KDC null deref on TGS inner body null server CVE-2021-37750 - Resolves: 1997600 1.18.2-8.2 - Rebuild for rpminspect; no code changes - Resolves: 1983728 1.18.2-8.1 - Fix KDC null deref on bad encrypted challenge CVE-2021-36222 - Resolves: 1983728...
linuxptp security update
2.0-5.el84.1 - validate length of forwarded messages CVE-2021-3570...
libwebp security update
0.3.0-10 - Added fixes for rhbz1956829, rhbz1956843, rhbz1956919...
sudo security and bug fix update
1.8.29-7 - RHEL 8.4 ERRATUM - CVE-2021-3156 Resolves: rhbz1917734 - CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhzb1916434 - CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit Resolves: rhbz1917038 - updated upstream url...
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
apache-commons-collections jss 4.8.1-2 - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error 4.8.1-1 - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla 1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla 1489256 - RFE jss should support RSA with OA...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.500.9.3.el7 - net/rds: Reject error code change Ka-Cheong Poon Orabug: 32577425 - PCI: hotplug: Add module parameter to allow user control of LEDs James Puthukattukaran Orabug: 32577399 - net/rds: increase 1MB MR pool size for RDS Manjunath Patil Orabug: 32577394...
thunderbird security update
78.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.8.0-1 - Update to 78.8.0 build1...
libvirt security and bug fix update
4.5.0-36.el79.3 - rpc: gendispatch: handle empty flags CVE-2020-25637 - rpc: add support for filtering @acls by uint params CVE-2020-25637 - rpc: require write acl for guest agent in virDomainInterfaceAddresses CVE-2020-25637 - qemu: agent: set ifname to NULL after freeing CVE-2020-25637 - conf:...
Unbreakable Enterprise kernel security update
4.1.12-124.44.4.1 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040806 CVE-2020-8694 CVE-2020-8695...
go-toolset:ol8 security update
golang 1.13.15-1 - Rebase to 1.13.15 - Related: rhbz1865875 - Related: rhbz1865873 go-toolset 1.13.15-1 - Rebase to 1.13.15 - Related: rhbz1865875 - Related: rhbz1865873...
coredns cri-o cri-tools etcd flannel kata kata-agent kata-image kata-ksm-throttler kata-proxy kata-runtime kata-shim kubernetes kubernetes-cni kubernetes-cni-plugins kubernetes-dashboard olcne yq security update
coredns 1.3.1-1.0.6 - Address CVE-2020-16845 1.3.1-1.0.5 - Fix image location cri-o 1.14.7-1.0.8 - Address CVE-2020-16845 cri-tools 1.14.0-1.0.6 - Address CVE-2020-16845 etcd 3.3.10-1.0.5 - Address CVE-2020-16845 3.3.10-1.0.4 - Fix image location flannel 0.10.0-2.1.12 - Address CVE-2020-16845...
kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update
kubernetes 1.12.10-1.0.12 - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubeadm-ha-setup 0.0.2-1.0.70 - Enhance image tag read to depend on kubeadm-registry.sh for CVE release...
Unbreakable Enterprise kernel security update
4.1.12-124.39.5.1 - x86/speculation: Add Ivy Bridge to affected list Josh Poimboeuf Orabug: 31352782 CVE-2020-0543 - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31352782 CVE-2020-054 3 - x86/speculation: Add Special Register Buffer Data Sampling SRBDS...
php:7.2 security, bug fix, and enhancement update
...
python3 security update
3.6.8-13.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-13 - Security fix for CVE-2019-16056 Resolves: rhbz1750774 3.6.8-12 - Add support for OpenSSL FIPS mode - Fix faulthandler stack size Resolves: rhbz1732908 3.6.8-11 - Security fix for CVE-2018-20852 Resolves:...
Unbreakable Enterprise kernel security update
4.1.12-124.36.1.1 - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Dont emulate instructions in guest mode Paolo Bonzini Orabug:...
SDL security update
1.2.15-36 - Fix CVE-2019-13616 a heap buffer over-read in BlitNtoN bug 1747237 - Resolves: rhbz1756279...
nss and nspr security, bug fix, and enhancement update
nspr 4.21.0-2 - Rebuild 4.21.0-1 - Update to NSPR 4.21 nss 3.44.0-7 - Backport fixes from 3.44.1 3.44.0-6 - Add continuous RNG test required by FIPS - fipstest: use CKMTLS12MASTERKEYDERIVE instead of vendor specific mechanism 3.44.0-5 - Rebuild with the correct build target 3.44.0-4.1 - rebuild t...
thunderbird security update
60.6.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.6.1-1 - Update to 60.6.1 60.6.0-1 - Update to 60.6.0...
thunderbird security update
60.6.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.6.1-1 - Update to 60.6.1 60.6.0-1 - Update to 60.6.0...
libvirt security update
0.10.2-62.0.1.el69.2 - Replace docs/et.png in tarball with blank image 0.10.2-62.el69.2 - cpu: define the 'ssbd' CPUID feature bit CVE-2018-3639...
Unbreakable Enterprise kernel security update
4.1.12-124.14.2 - scsi: iscsitcp: set BDICAPSTABLEWRITES when data digest enabled Jianchao Wang Orabug: 27726302 - block: fix biowillgap for first bvec with offset Ming Lei Orabug: 27775588 - block: relax check on sg gap Ming Lei Orabug: 27775588 - block: don't optimize for non-cloned bio in...
bluez security update
4.66-2 - sdpd heap fixes Resolves: 1490008...
git security and bug fix update
1.8.3.1-11 - dissalow repo names beginning with dash Resolves: CVE-2017-8386 -1.8.3.1-10 - do not put unsanitized branch names in Resolves: CVE-2014-9938 -1.8.3.1-9 - add control of GSSAPI credential delegation to enable HTTPS-SSO authentication Resolves: 1369173 1.8.3.1-8 - remove needles check ...
gnutls security, bug fix, and enhancement update
3.3.26-9 - Address crash in OCSP status request extension, by eliminating the unneeded parsing CVE-2017-7507, 1455828 3.3.26-7 - Address interoperability issue with 3.5.x 1388932 - Reject CAs which are both trusted and blacklisted in trust module 1375303 - Added new functions to set issuer and...
bash security and bug fix update
4.1.2-48 - Fix signal handling in read builtin Resolves: 1421926 4.1.2-47 - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: 1396383 4.1.2-46 - CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4 variables Resolves: 1379630 4.1.2-45 - CVE-2016-0634 - Fi...
squid security, bug fix, and enhancement update
7:3.5.20-2 - Resolves: 1378025 - hostverifystrict only accepts lowercase arguments 7:3.5.20-1 - Resolves: 1273942 - Rebase squid to latest mature 3.5 version 3.5.20 7:3.5.10-9 - Related: 1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package 7:3.5.10-8 -...
qemu-kvm security, bug fix, and enhancement update
1.5.3-126.el7 - kvm-virtio-recalculate-vq-inuse-after-migration.patch bz1376542 - Resolves: bz1376542 RHSA-2016-1756 breaks migration of instances 1.5.3-125.el7 - kvm-nbd-server-Set-ONONBLOCK-on-client-fd.patch bz1285453 - Resolves: bz1285453 An NBD client can cause QEMU main loop to block when...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.9.1 - mlx4: Increase SYNCTPT command timeout Mukesh Kacker Orabug: 22895790 - neigh: do not modify unlinked entries Julian Anastasov Orabug: 23072705 - mm/slab: Improve performance of slabinfo stats gathering Aruna Ramakrishna Orabug: 23720437 - atl2: Disable unimplemented...
kernel security and bug fix update
2.6.32-642.3.1 - infiniband security: Restrict use of the write interface Don Dutile 1332547 1332548 CVE-2016-4565 2.6.32-642.2.1 - sched Revert 'kernel: sched: Cure load average vs NOHZ woes' Rafael Aquini 1343015 1326373 - sched Revert 'kernel: sched: Cure more NOHZ load average woes' Rafael...
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-37.2.2 - sctp: Prevent soft lockup when sctpaccept is called during a timeout event Karl Heiss Orabug: 23222731 CVE-2015-8767...
samba security update
3.6.23-30.0.1 - Remove use-after-free talloctos inlined function problem John Haxby orabug 18253258 3.6.23-30 - related: 1322686 - Update manpages 3.6.23-29 - related: 1322686 - Update CVE patchset 3.6.23-28 - related: 1322686 - Update manpages 3.6.23-27 - related: 1322686 - Update CVE patchset...
bind97 security update
32:9.7.0-21.P2.6 - Fix CVE-2016-1285 and CVE-2016-1286...
ntp security update
4.2.6p5-5.el67.4 - don't accept server/peer packets with zero origin timestamp CVE-2015-8138...