9182 matches found
openssl097a and openssl098e security update
0.9.8e-18.0.1.el65.2 - Updated the description 0.9.8e-18.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability 0.9.8e-18 - fix for CVE-2012-2110 - memory corruption in asn1d2ireadbio 814185...
httpd security update
2.2.15-30.0.1.el65 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-30 - moddav: add security fix for CVE-2013-6438 1078174 - modlogconfig: add security fix for CVE-2014-0098 1078174...
Unbreakable Enterprise kernel security update
2.6.32-400.34.3 - inet: fix addrlen/msg-msgnamelen assignment in recverror and rxpmtu functions Hannes Frederic Sowa 18247290 CVE-2013-7263 CVE-2013-7265 2.6.32-400.34.2 - exec/ptrace: fix getdumpable incorrect tests Kees Cook 18239033 CVE-2013-2929 CVE-2013-2929 - inet: prevent leakage of...
nss, nspr, and nss-util security update
nspr 4.10.0-2 - Rebase to nspr-4.10.2 - Resolves: rhbz1032485 - CVE-2013-5607 MFSA 2013-103 Avoid unsigned integer wrapping in PLArenaAllocate MFSA 2013-103 nss 3.15.3-2.0.1 - Added nss-vendor.patch to change vendor 3.15.3-2 - Enable patch with fix for deadlock in trust domain lock and object loc...
samba security, bug fix, and enhancement update
3.6.9-164 - resolves: 1008574 - Fix offline logon cache not updating for cross child domain group membership. 3.6.9-163 - resolves: 1015359 - Fix CVE-2013-0213 and CVE-2013-0214 in SWAT. 3.6.9-162 - resolves: 978007 - Fix 'valid users' manpage documentation. 3.6.9-161 - resolves: 997338 - Fix...
unbreakable enterprise kernel security update
kernel-uek 2.6.32-400.29.3uek - block: do not pass disk names as format strings Jerry Snitselaar Orabug: 17230124 CVE-2013-2851 - afkey: initialize satype in keynotifypolicyflush Nicolas Dichtel Orabug: 17370765 CVE-2013-2237 - Bluetooth: L2CAP - Fix info leak via getsockname Mathias Krause Orabu...
tomcat6 security update
0:6.0.24-55 - Related: rhbz955976 CVE-2013-1976. Changed log location - so only root can use it. Touching TOMCATLOG is no longer - required 0:6.0.24-54 - Resolves: rhbz956771 Related: CVE-2012-3439 digest - authentication broken after errata for cve-2012-3439 - patch for 3439 corrected 0:6.0.24-5...
kernel security update
2.6.32-358.6.2 - kernel perf: fix perfsweventenabled array out-of-bound access Petr Matousek 962793 962794 CVE-2013-2094...
kernel security update
kernel 2.6.18-348.3.1 - utrace ensure archptrace can never race with SIGKILL Oleg Nesterov 912071 912072 CVE-2013-0871 - x86 msr: Add capabilities check Nikola Pajkovsky 908696 908697 CVE-2013-0268...
bind97 security update
32:9.7.0-10.P2.4 - fix CVE-2012-5166...
firefox security update
firefox 10.0.6-1.0.1.el63 - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js 10.0.6-1 - Update to 10.0.6 ESR 10.0.5-3 - Enabled WebM 10.0.5-2 - Added fix for mozbz703633, rhbz818341 xulrunner 10.0.6-1.0.1.el63 - Replace xulrunner-redhat-default-prefs.js with...
bind security update
32:9.7.3-8.P3.3 - fix CVE-2012-1667 and CVE-2012-1033...
firefox security update
3.6.26-3.0.1.el4 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones 3.6.26-3 - Added fix for mzbz727401...
nfs-utils security, bug fix, and enhancement update
1.2.3-15 - mout.nfs: Don't roll back to IPv4 whe IPv6 fails bz 744657 - rpcdebug: Added pNFS and FSCache debugging bz 747400 1.2.3-14 - mount.nfs: Backported how upstream handles the SIGXFSZ signal bz 697981 1.2.3-13 - mount.nfs: Reworked the code that deals with RLIMITFSIZE bz 697981 1.2.3-12 -...
bind97 security update
32:9.7.0-6.P2.4 - fix DOS against recursive servers 754398...
freetype security update
2.3.11-6.el61.7 - Add freetype-2.3.11-CVE-2011-3256.patch Handle some border cases. - Resolves: 747083...
thunderbird security update
1.5.0.12-44.0.1.el4 - Add thunderbird-oracle-default-prefs.js for errata rebuild and remove thunderbird-redhat-default-prefs.js - Replaced clean.gif in tarball 1.5.0.12-44 - Added fixes from 1.9.2.23...
kernel security and bug fix update
2.6.32-131.2.1.el6 - kernel lib/vsprintf.c: add %pU to print UUID/GUIDs Frantisek Hrbata 704280 700299 - scsi megaraidsas: Driver only report tape drive, JBOD and logic drives Tomas Henzl 704601 619422 2.6.32-131.1.1.el6 - net dccp: handle invalid feature options length Jiri Pirko 703012 703013...
vsftpd security update
2.2.2-6.el60.1 - Resolves: 681891 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern...
kernel security update
2.6.18-194.17.1.0.2.el5 - rds fix access issue with rds Chris Mason CVE-2010-3904 orabug 10226701...
poppler security update
0.5.4-4.4.el55.14 - Add poppler-0.5.4-CVE-2010-3702.patch Properly initialize parser - Add poppler-0.5.4-CVE-2010-3704.patch Fix crash in broken pdf code 0 - Resolves: 639839...
freetype security update
2.2.1-28 - Modify freetype-2.2.1-CVE-2010-3054.patch - Resolves: 638142 2.2.1-27 - Add freetype-2.2.1-CVE-2010-2806.patch Protect against negative stringsize. Fix comparison. - Add freetype-2.2.1-CVE-2010-3311.patch Don't seek behind end of stream. - Add freetype-2.2.1-CVE-2010-3054.patch Protect...
rpm security and bug fix update
4.4.2.3-20.el55.1 - make the sbits removal behavior consistent with all the RHELs - add proper suffix for Z branch 4.4.2.3-19 - fix CVE-2010-2059, fails to drop SUID/SGID bits on package upgrade 626707 - fix SELinux memory leak 627630, patch from Florian Festi...
bind security update
30:9.3.4-10.P1.3 - fix namedsdb as well CVE-2009-0696, 514292 30:9.3.4-10.P1.2 - security fix for remote DoS CVE-2009-0696, 514292...
xpdf security update
3.00-20.el4 - Resolves: 490712, CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 revised patch that adds a fix for some potential problems, latest upstream patch 3.00-19.el4 - Resolves: 490712, CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 revised patch that adds a fix for badpage10910.pdf 3.00-18.el4 -...
php security update
5.1.6-23.2.el5 - ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658 5.1.6-23.1.el5 - add security fixes for CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5814, and mbstring funcoverload issue 487369...
php security update
4.3.9-3.22.15 - fix merge of CVE-2008-3658 patch 4.3.9-3.22.14 - add security fixes for CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2009-0754 487360 - split out gd overflow2 and make global with sane symbol name...
openssh security update
4.3p2-26.el52.1 - CVE-2007-4752 - Prevent ssh1 from using a trusted X11 cookie if creation of an untrusted cookie fails 280361...
Important: cups security update
1.1.17-13.3.51 - Prevented invalid memory accesses when a class and its singleton printer are timed out in the same sweep CVE-2008-0597, bug 433827. 1.1.17-13.3.50 - Back-ported mimeDeleteType from 1.2.x CVE-2008-0596, bug 433827. 1.1.17-13.3.49 - Prevent double-free when a browsed class has the...
Moderate: python security update
2.2.3-6.8 - Fix possible integer overflow in image ops - Fix off by one strxfrm malloc - Fix pypcre bugs - Resolves: 392031...
Critical: samba security update
3.0.10-1.4E.12.2 - Security fixes for CVE-2007-2446 CVE-2007-2447...
Important openssl security update
0.9.7a-43.14 - fix CVE-2006-2937 - mishandled error on ASN.1 parsing 207276 - fix CVE-2006-2940 - parasitic public keys DoS 207274 - fix CVE-2006-3738 - buffer overflow in SSLgetsharedciphers 206940 - fix CVE-2006-4343 - sslv2 client DoS 206940 0.9.7a-43.11 - fix CVE-2006-4339 - prevent attack on...
redis:7 security update
7.2.7-1 - rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741...
nodejs:18 security update
nodejs 1:18.20.2-1 - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon nodejs-packaging...
nodejs:20 security update
nodejs 1:20.11.1-1 - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 high - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 medium nodejs-nodemon nodejs-packaging...
kernel security update
4.18.0-513.18.1.0.19.OL8 - netfilter: nftables: reject QUEUE/DROP verdict parameters Orabug: 36461932 CVE-2024-1086 4.18.0-513.18.19.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.329.3.2.el7 - netfilter: nftables: reject QUEUE/DROP verdict parameters Florian Westphal Orabug: 36465920 CVE-2024-1086...
thunderbird security update
115.9.0-1.0.1 - Add Oracle prefs 115.9.0-1 - Update to 115.9.0 build1 - Fix expat CVE-2023-52425...
postgresql-jdbc security update
42.2.14-3 - Fix CVE-2024-1597...
kernel security update
4.18.0-513.11.1.0.19.OL8 - scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress CVE-2023-2162 - afunix: Fix null-ptr-deref in unixstreamsendpage CVE-2023-4622 - netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet CVE-2023-42753...
nss security update
3.90.0-4 - Fix expired certs in tests - Fix CVE-2023-5388...
tigervnc security update
1.8.0-28.0.1 - Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch 1.8.0-28 - Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18415 1.8.0-27 - Fix CVE-2023-6377 tigervnc:...
skopeo security update
2:1.13.3-1 - update to https://github.com/containers/skopeo/releases/tag/v1.13.3 - Related: 2176063 2:1.13.2-1 - update to https://github.com/containers/skopeo/releases/tag/v1.13.2 - Related: 2176063 2:1.13.1-1 - update to https://github.com/containers/skopeo/releases/tag/v1.13.1 - Related: 21760...
go-toolset and golang security and bug fix update
golang 1.19.13-1 - Update to go 1.19.13 CVE-2023-44487 CVE-2023-39325 CVE-2023-29409 go-toolset 1.19.13-1 - Update to Go version 1.19.13...
kernel security, bug fix, and enhancement update
5.14.0-284.25.1.0.12 - Fix KVM: x86/mmu: Fix race condition in directpagefault Orabug: 35673032 CVE-2022-45869 5.14.0-284.25.12 - KVM: x86/mmu: Fix race condition in directpagefault - prlimit: doprlimit needs to have a speculation check CVE-2023-0458 - x86/speculation: Allow enabling STIBP with...
.NET 7.0 security, bug fix, and enhancement update
7.0.107-1.0.1 - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier Orabug: 34671152 7.0.107-1 - Update to .NET SDK 7.0.107 and Runtime 7.0.7 - Resolves: RHBZ2211876 7.0.106-2 - Update to .NET SDK 7.0.106 and Runtime 7.0.6 - Resolves: RHBZ2190267...
nodejs security update
1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...
dhcp security and bug fix update
12:4.3.6-49 - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 - send back dhcp6.vendor-opts again 2142024...
kernel security, bug fix, and enhancement update
...
device-mapper-multipath security and bug fix update
0.8.7-20 - Add 0083-multipath.rules-fix-smart-bug-with-failed-valid-path.patch - Add 0084-libmultipath-limit-paths-that-can-get-wwid-from-envi.patch - Change how the installation dir for kpartxid is specified - Resolves: bz 1926147 0.8.7-19 - Fix bugzilla linked to the changes was previously link...