8997 matches found
redis:7 security update
7.2.7-1 - rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741...
Unbreakable Enterprise kernel security update
4.1.12-124.92.3 - memcgwriteeventcontrol: fix a user-triggerable oops Al Viro Orabug: 37070674 CVE-2024-45021 - ocfs2: fix races between hole punching and AIO+DIO Su Yue Orabug: 36835819 CVE-2024-40943 4.1.12-124.92.2 - fbdev: savage: Handle err return when savagefbcheckvar failed Cai Xinchen...
edk2 security update
Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL9 which includes the following fixed CVEs: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 - Update to OpenSSL 3.0.10 which include...
nodejs:20 security update
nodejs 1:20.12.2-2 - Backport nghttp2 patch for CVE-2024-28182 1:20.12.2-1 - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 node Fixes: CVE-2024-25629 c-ares nodejs-nodemon nodejs-packaging...
java-1.8.0-openjdk security update
1:1.8.0.412.b08-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155...
kernel security update
4.18.0-513.18.1.0.19.OL8 - netfilter: nftables: reject QUEUE/DROP verdict parameters Orabug: 36461932 CVE-2024-1086 4.18.0-513.18.19.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.329.3.2.el7 - netfilter: nftables: reject QUEUE/DROP verdict parameters Florian Westphal Orabug: 36465920 CVE-2024-1086...
squid:4 security update
libecap squid 7:4.15-7.10 - Resolves: RHEL-19551 - squid:4/squid: denial of service in HTTP request parsing CVE-2023-50269 7:4.15-7.9 - Resolves: RHEL-28611 - squid:4/squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 7:4.15-7.6 - Resolves: RHEL-26087 - squid:4/squid: denial of...
tigervnc security update
1.13.1-2.7 - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20388 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20382 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching ...
libpq security update
13.11-1 - Rebase to 13.11 Resolves: 2171369...
curl security update
7.76.1-26.el93.2 - fix cookie injection with none file CVE-2023-38546 7.76.1-26.el93.1 - socks: return error if hostname too long for remote resolve CVE-2023-38545...
go-toolset and golang security and bug fix update
golang 1.19.13-1 - Update to go 1.19.13 CVE-2023-44487 CVE-2023-39325 CVE-2023-29409 go-toolset 1.19.13-1 - Update to Go version 1.19.13...
dotnet6.0 security update
6.0.123-1.0.1 - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696...
postgresql:10 security update
10.23-2.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35103668 10.23-2 - Backport fixes for CVE-2023-2454 and CVE-2023-2455 - Update postgresql-setup to 8.7 https://github.com/devexp-db/postgresql-setup/pull/35 - Resolves: 2207931 10.23-1 - Resolves: CVE-2022-2625 - Rebase to...
bind9.16 security update
32:9.16.23-14.1 - Improve RBT overmem cache cleaning CVE-2023-2828...
kernel security and bug fix update
4.18.0-477.13.18.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
grafana security and enhancement update
9.0.9-2 - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from...
freeradius security and bug fix update
3.0.21-37 - Fix defect found by covscan Resolves: 2151705 3.0.21-36 - Fix multiple CVEs Resolves: 2151705 Resolves: 2151703 Resolves: 2151707 3.0.21-35 - Rebuild to add subpackages to CRB report Resolves: 2126380...
freerdp security update
2:2.4.1-5 - Fix 'implicit declaration of function' errors 2136155, 2145140 - 2:2.4.1-4 - CVE-2022-39282: Fix length checks in parallel driver 2136152 - CVE-2022-39283: Add missing length check in video channel 2136154 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145140 -...
python3 security update
3.6.8-48.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-48.1 - Security fixes for CVE-2020-10735, CVE-2021-28861 and CVE-2022-45061 Resolves: rhbz1834423, rhbz2120642, rhbz2144072...
Unbreakable Enterprise kernel security update
4.14.35-2047.522.3 - ALSA: pcm: oss: Fix race at SNDCTLDSPSYNC Sasha Levin Orabug: 34653896 CVE-2022-3303 - net/rds: Fill in rdsexthdrsize gaps Gerd Rausch Orabug: 34979172 - net/rds: Trigger rdssendhsping more than once Gerd Rausch Orabug: 34607787 - Revert 'RDS: TCP: Track peer's connection...
libxml2 security update
2.9.13-3 - Fix CVE-2022-40303 2136564 - Fix CVE-2022-40304 2136569...
sudo security update
1.8.29.8.1 RHEL 8.7.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz2161220...
Unbreakable Enterprise kernel security update
5.4.17-2136.314.6.2 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883034 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34883034 CVE-2022-4378 5.4.17-2136.314.6.1 - RDMA/uverbs: Move IBEVENTDEVICEFATAL to...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.12.1-2 - Update version of bundled histogram 1:18.12.1-1 - Rebase to version 18.12.1 Resolves: rhbz2125580 CVE-2022-43548 CVE-2022-3517 1:18.9.1-1 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517...
Unbreakable Enterprise kernel security update
4.1.12-124.69.5 - x86/smpboot: check cpuinitializedmask first after returning from schedule Dongli Zhang Orabug: 34798594 4.1.12-124.69.4 - btrfs: Remove BUGON as it is causing kernel to panic Rhythm Mahajan Orabug: 34840579 4.1.12-124.69.3 - btrfs: fix missing return for a non-void function...
grafana security, bug fix, and enhancement update
7.5.15-3 - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ...
bind security update
32:9.16.23-5 - Fix possible serve-stale related crash CVE-2022-3080 - Fix memory leak in ECDSA verify processing CVE-2022-38177 - Fix memory leak in EdDSA verify processing CVE-2022-38178 32:9.16.23-4 - Export bind-doc package 2104863 32:9.16.23-3 - Tighten cache protection against record from...
Unbreakable Enterprise kernel security update
5.4.17-2136.313.6 - Uninitialized variable imageext in fixupvdsoexception of extable.c Alok Tiwari Orabug: 33000550 - NFSD: fix use-after-free on source server when doing inter-server copy Dai Ngo Orabug: 34475857 - EDAC/mceamd: Do not load edacmceamd module on guests Smita Koralahalli Orabug:...
pcs security update
0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery in web-ui - Resolves: rhbz2099578 rhbz2093232 0.9.169-3.el73.1 - Explicitly close libcurl connections to prevent stalled TCP connections in...
mysql:8.0 security, bug fix, and enhancement update
mecab 0.996-2 - Rebuild to fix the issue described in 2000986 - Resolves: 2000986 mysql 8.0.30-1 - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, s390 and robin hood - Add a new plugin 'conflictingvariables.so' 8.0.29-1 - Update to MySQL 8.0.29 8.0.28-1 - Update to MySQL 8.0.2...
Unbreakable Enterprise kernel security update
5.15.0-2.52.3 - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Thadeu Lima de Souza Cascardo Orabug: 34495548 CVE-2022-2585 - fix race between exititimers and /proc/pid/timers Oleg Nesterov Orabug: 34495548 - rds: ib: Add preemption control when using per-cpu variables Hakon...
istio security update
istio 1.13.7-1 - Added Oracle specific files for 1.13.7-1 olcne 1.5.5-1 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 1.5.4-3 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over 1.5.4-2 - Istio CVE-2022-31045, CVE-2022-29225,...
Unbreakable Enterprise kernel security update
4.1.12-124.65.1.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460939 CVE-2022-2588...
Unbreakable Enterprise kernel security update
5.4.17-2136.309.5.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460937 CVE-2022-2588...
subversion:1.14 security update
subversion 1.14.1-2 - add fix for CVE-2022-24070...
cpio security update
2.12-11 - Fixed CVE-2021-38185 1992511...
maven:3.6 security and enhancement update
httpcomponents-client 4.5.10-4 - Fix incorrect handling of malformed authority component in request URIs - Resolves: CVE-2020-13956 maven 1:3.6.2-7 - Add maven-openjdk17 - Resolves: rhbz1991521...
aide security update
0.16.14.1 - backported fix for CVE-2021-45417 resolves: rhbz2041956...
postgresql:13 security update
postgresql 13.5-1 - Update to 13.5 - Resolves: 2024608...
Unbreakable Enterprise kernel security update
5.4.17-2136.302.6.1 - rds/ib: Use both iova and key in freemr socket call aru kolappan Orabug:33667276 5.4.17-2136.302.6 - Revert fs: align IOCB flags with RWF flags Prasad Singamsetty Orabug: 33627551 5.4.17-2136.302.5 - Revert drm: Initialize struct drmcrtcstate.novblank from device settings...
python-pip security update
9.0.3-20 - Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references Resolves: rhbz1962856...
libwebp security update
1.0.0-5 - Added fixes for rhbz1956853, rhbz1956856, rhbz1956868, rhbz1956917...
glib2 security update
2.28.8-10.0.1 - Backport fixes for CVE-2021-27219 Orabug: 33017896...
userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
egl-wayland 1.1.5-3 - Add upstream patch to address rhbz1842473 1.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora33MassRebuild 1.1.5-1 - Update to 1.1.5 libdrm 2.4.103-1 - Update to 2.4.103 libglvnd 1.3.2-1 - Update to 1.3.2 release libinput 1.16.3-1 - libinput 1.16.3 1886648 libwacom...
NetworkManager and libnma security, bug fix, and enhancement update
libnma 1.8.30-2 - Rebuild with new gtk-doc to fix multilib issues rh 1853152 NetworkManager 1.30.0-7.0.1 - add connectivity check via Oracle servers Orabug: 32051972 - Disable the build of NetworkManager-config-connectivity- subpackage for 8.3 1:1.30.0-7 - initrd: set multi-connect=single for...
screen security update
4.1.0-0.27.2012314git3c2946 - fix CVE-2021-26937 1927063...
xterm security update
253-1.0.1 - fix xutf8.h to work with up-to-date Xlib - fix crash in combining character support CVE-2021-27135 orabug 32496959...
spice and spice-gtk security update
spice 0.14.2-1.1 - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 spice-gtk 0.37-1.2 - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355...
dovecot security update
1:2.3.8-2.2 - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts 1866755 - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation 1866760 - fix CVE-2020-12674 crash due to assert in RPA implementation 1866767...