9177 matches found
python security update
2.2.3-6.11 - Fix all of the low priority security bugs: - Resolves: rhbz486114 - Multiple integer overflows in python core CVE-2008-2315 - Resolves: 455008 - PyStringFromStringAndSize does not check for negative size values CVE-2008-1887 - Resolves: 443810 - Multiple integer overflows discovered ...
seamonkey security update
1.0.9-41.0.1.el4 - Added mozilla-oracle-default-prefs.js, and mozilla-oracle-default-bookmarks.html and removed corresponding Redhat ones 1.0.9-41.el4 - Added fixes from 1.9.0.9...
squirrelmail security update
1.4.8-5.0.1.el52.3 - Remove Redhat splash screen images 1.4.8-5.3 - Update patch for CVE-2008-3663 to fix a session handling regression 480224...
cups security update
1.2.4-11.18:.2 - Applied patch to fix CVE-2008-3639 STR 2918, bug 464721. - Applied patch to fix CVE-2008-3640 STR 2919, bug 464721. - Applied patch to fix CVE-2008-3641 STR 2911, bug 464721...
xen security and bug fix update
3.0.3-64.el52.3 - Fix overflow in qemu-img rhbz 454651 3.0.3-64.el52.2 - Correctly limit PVFB size CVE-2008-1952 rhbz 447760 - Disable QEMU USB disk image format auto-detection CVE-2008-1945 rhbz 445845...
bzip2 security update
1.0.3-4 - Resolves: 461587 fix cash on malformed archive file - CVE-2008-1372 apply upstream patch...
bind security, bug fix, and enhancement update
30:9.3.4-6.P1 - final 5.2 version - minor changes in initscript - improved patches for 250744 and 250901 30:9.3.4-5.P1 - improved patch to handle D-BUS races 240876 - updated named.root zone to affect root IPv6 migration 30:9.3.4-4.P1 - improved fix for 253537, posttrans script is now used - do n...
Moderate: gd security update
2.0.28-5.E4.1 - security fixes - Resolves: 432784...
Important: openldap security and enhancement update
2.3.27-8.1 - fix security issue CVE-2007-5707 360001 - fix manual bind timeout 368231 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/279499e3/attachment-0001.html...
Moderate: thunderbird security update
1.5.0.12-0.5.el4.0.1 - Add thunderbird-oracle-default-prefs.js for errata rebuild 1.5.0.12-0.5.el3 - Update to latest snapshot of Mozilla 1.8.0 branch 1.5.0.12-0.4.el3 - added pathes for Mozilla bugs 199088,267833,309322,345305,361745,...
Moderate: evolution-data-server security update
1.8.0-15.0.3.el5 - Add patch for RH bug 235289 APOP authentication vulnerability. 1.8.0-15.0.2.el5 - Remove Makefile.in changes that accidentally slipped into the patch. 1.8.0-15.0.1.el5 - Add patch for RH bug 229707 timezone updates...
kernel security update
5.14.0-427.37.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
httpd security update
2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug: 36904263CVE-2024-38474CVE-2024-38475 - modproxy: validate hostname Orabug: 36904263CVE-2024-38477...
Unbreakable Enterprise kernel security update
4.1.12-124.88.3 - crypto: pcrypt - Fix hungtask for PADATARESET Lu Jialin Orabug: 36806710 CVE-2023-52813 - usbnet: sanity check for maxpacket Oliver Neukum Orabug: 36806658 CVE-2021-47495 - phonet: fix rtmphonetnotify skb allocation Eric Dumazet Orabug: 36683487 CVE-2024-36946 - wifi: nl80211:...
glibc security update
2.34-100.0.1.2 - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi Oracle history: April-30-2024 Cupertino Miranda - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4 Reviewed by: Indu Bhagat March-28-2024 Cupertino Miranda - 2.34-100.0.1 - Forward-port Oracle patches for...
go-toolset:ol8 security update
delve golang 1.21.9-1 - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset 1.21.9-1 - Fix CVE-2023-45288 - Resolves: RHEL-31915...
firefox security update
115.11.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.11.0-1 - Update to 115.11.0 build1...
Unbreakable Enterprise kernel security update
5.4.17-2136.331.7 - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' Siddh Raman Pant - Revert 'selftests: mm: fix maphugetlb failure on 64K page size systems' Harshit Mogalapalli Orabug: 36584568 - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port' Arumugam...
nodejs:20 security update
nodejs 1:20.12.2-2 - Backport nghttp2 patch for CVE-2024-28182 1:20.12.2-1 - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 node Fixes: CVE-2024-25629 c-ares nodejs-nodemon nodejs-packaging...
gnutls security update
3.8.3-4 - Bump release to ensure el9 package is greater than el9 packages 3.8.3-3 - Bump release to ensure el9 package is greater than el9 packages 3.8.3-2 - Fix timing side-channel in deterministic ECDSA RHEL-28959 - Fix potential crash during chain building/verification RHEL-28954...
mod_http2 security update
2.0.26-2 - Resolves: RHEL-31855 - modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 2.0.26-1 - Resolves: RHEL-14691 - modhttp2 rebase to 2.0.26...
edk2 security update
20231122-6.0.1 - Replace upstream references Orabug:36569119 20231122-6 - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853 - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch RHEL-21841...
java-11-openjdk security update
1:11.0.23.0.9-2.0.1 - link atomic for ix86 build 1:11.0.23.0.9-2 - Fix 11.0.22 release date in NEWS - Restore ppc64le --with-jobs=1 workaround to avoid flaky ppc builds 1:11.0.23.0.9-1 - Update to jdk-11.0.23+9 GA - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdat...
shim bug fix update
15.8-1.0.3 - Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft Orabug: 36072879 - Update shim fb and mm binaries to match unsigned releases Orabug: 36072879 15.8-1.0.2 - Use binaries with correct shim.ol generation Orabug: 36072879 - Set SBATAUTOMATICDATE=2021030218 Orabug: 36072879...
gnutls security update
3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA RHEL-28958 - Fix potential crash during chain building/verification RHEL-28953...
nodejs:18 security update
nodejs 1:18.19.1-1 - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 high - Fixes: CVE-2023-46809 medium nodejs-nodemon nodejs-packaging...
ruby:3.1 security, bug fix, and enhancement update
ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in URI. Resolves: RHEL-28567 Resolves: RHEL-28576 - Fix ReDos vulnerability in Time. Resolves: RHEL-28566 - Make RDoc soft dependency in IRB. Resolves:...
conmon security update
conmon 2.1.3-8 - address CVE-2023-39326 cri-o 1.26.4-1 - Added Oracle Specific Files for cri-o - Cherry-picked upstream commits for OCPBUGS-17150: oci: simplify stopping code https://github.com/cri-o/cri-o/pull/7185 - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools 1.26.1-4 -...
postgresql:10 security update
10.23-4.0.1 - Resolves: CVE-2024-0985...
runc security update
1.1.12-1 - Update runc to 1.1.12 JIRA: OLDIS-30530 1.1.10-1 - Update runc to 1.1.10 JIRA: OLDIS-30530...
runc security update
4:1.1.12-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.12 - Related: RHEL-2112 4:1.1.11-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.11 - Related: RHEL-2112 4:1.1.10-3 - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Related:...
java-1.8.0-openjdk security and bug fix update
1:1.8.0.402.b06-0.2.0.1 - Update to shenandoah-jdk8u402-b06 GA - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL Orabug: 34340155...
fence-agents security update
4.2.1-121.2 - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 - bundled certifi: fix CVE-2023-37920 Resolves: RHEL-6972...
tigervnc security update
1.13.1-2.4 - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367 - xorg-x11-server: Use-after-free bug in DestroyWindow CVE-2023-5380 - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions CVE-2023-6377 - xorg-x11-server:...
Unbreakable Enterprise kernel security update
4.14.35-2047.532.3 - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' Dominique Martinet - media: dvb-usb-v2: af9035: fix missing unlock Hans Verkuil - perf/core: Fix potential NULL deref Peter Zijlstra 4.14.35-2047.532.2 - x86: change default to specstorebypassdisable=prctl...
edk2 security update
20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
thunderbird security update
115.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 115.5.0-1 - Update to 115.5.0 build1...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.325.5.el8 - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext Krister Johansen Orabug: 35905508 - char: misc: Increase the maximum number of dynamic misc devices to 1048448 D Scott Phillips Orabug: 35905508 - perf/arm-cmn: Fix invalid pointer when access...
java-21-openjdk security and bug fix update
1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 1:21.0.1.0.12-1 - Update to jdk-21.0.1.0+12 GA - Update release notes to 21.0.1.0+12 - Sync th...
runc security update
4:1.1.9-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.9 - Related: 2176063 4:1.1.8-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.8 - Related: 2176063 4:1.1.7-2 - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - Resolves:...
Unbreakable Enterprise kernel security update
4.1.12-124.80.1 - Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb Sungwoo Kim Orabug: 35814478 CVE-2023-40283 - net/sched: clsu32: No longer copy tcfresult on update to avoid use-after-free valis Orabug: 35814297 CVE-2023-4208 - RDMA/core: net: fix kernel NULL error Zhu Yanjun Orabug:...
kernel security update
2.6.32-754.49.1.OL6 - x86/speculation: Use generic retpoline by default on AMD CVE-2021-26401 Orabug: 34986011...
dotnet7.0 security update
7.0.112-1.0.1 - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.324.5.3.el7 - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' Sherry Yang Orabug: 35896102 5.4.17-2136.324.5.2.el7 - fix breakage in dormdir Al Viro Orabug: 35885837 5.4.17-2136.324.5.1.el7 - x86: KVM: SVM: always update the x2avic msr interception...
firefox security update
102.15.1-1.0.1 - Update to 102.15.1 build2...
gcc security update
gcc el8 8.5.0-18.0.5 - CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment...
libxml2 security update
2.9.13-3.1 - Fix CVE-2023-28484 2186694 - Fix CVE-2023-29469 2186694...
go-toolset and golang security update
golang 1.19.10-1.0.1 - New Go version 1.19.10 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 go-toolset 1.19.10-1.0.1 - New Go version 1.19.10 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405...
kernel security update
2.6.32-754.35.1.0.8.el6.OL6 - Fix epoll: Keep a reference on files added to the check list Julian Pidancet CVE-2020-0466 Orabug: 34625224...
Unbreakable Enterprise kernel security update
4.1.12-124.75.3 - net: sched: schqfq: prevent slab-out-of-bounds in qfqactivateagg Gwangun Jung Orabug: 35354791 CVE-2023-2248 4.1.12-124.75.2 - prlimit: doprlimit needs to have a speculation check Greg Kroah-Hartman Orabug: 35354303 CVE-2023-0458 - kernel/sys.c: fix potential Spectre v1 issue...