8967 matches found
thunderbird security update
68.10.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.10.0-1 - Update to 68.10.0 build1...
unbound security update
1.6.6-5 - Fix incomplete amplifying-an-incoming-query patch - Resolves: rhbz1846424...
squid:4 security update
squid 7:4.4-8.1 - Resolves: 1828368 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: 1828367 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution...
container-tools:2.0 security update
buildah 1.11.6-7.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: 1819393 conmon 2:2.0.6-1.0.1 - Remove upstream references Orabug: 30871880...
curl security update
7.61.1-12 - double free due to subsequent call of realloc CVE-2019-5481 - fix heap buffer overflow in function tftpreceivepacket CVE-2019-5482 - fix TFTP receive buffer overflow CVE-2019-5436...
binutils security and bug fix update
2.27-41.base.0.1 - Complete the backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598 Add a test for R386GOT32/R386GOT32X IFUNC reloc error Orabug 27930573 - Reviewed-by: Jose E. Marchesi 2.27-41.base - Fix up some linker tests that fail because of the Rx8664GOTPCRELX patch. 169974...
zziplib security update
0.13.62-11 - Fix CVE-2018-6541 - Part of the original patch has already been applied in the past CVE-2018-7726, so the bug should not be reproducible in a way described in the github issue, even without this commit. Applying the rest of the original patch anyway. -...
ovmf security and enhancement update
20180508-6.gitee3198e672e2.el7 - ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch bz1691479 - ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch bz1691479 - ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch bz1691647 -...
spice-server security update
0.12.4-16.3 - Fix off-by-one error during guest-to-host memory address conversion Resolves: CVE-2019-3813 0.12.4-16.2 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 0.12.4-16.1 - Fix flexible array buffer...
ghostscript security and bug fix update
9.07-31.el76.3 - Resolves: 1654290 ghostscript update breaks xdvi gs: Error: /undefined in flushpage 9.07-31.el76.2 - Resolves: 1652901 - CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509...
X.org X11 security, bug fix, and enhancement update
freeglut 3.0.0-8 - HTTPS URLs - Pin soname to libglut.so.3 in the %files glob 3.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 3.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora27BinutilsMassRebuild 3.0.0-5 - Rebuilt for...
firefox security update
60.2.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.2.0-1 - Update to 60.2.0 ESR 60.1.0-9 - Do not set user agent rhbz1608065 - GTK dialogs are localized now rhbz1619373 - JNLP association works again rhbz1607457 60.1.0-8 - Fixed homepage and bookmarks...
Unbreakable Enterprise kernel security update
4.1.12-124.14.3 - perf/hwbp: Simplify the perf-hwbp code, fix documentation Linus Torvalds Orabug: 27947602 CVE-2018-100199...
firefox security update
52.7.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 52.7.0-1 - Update to 52.7.0 ESR...
kernel security and bug fix update
2.6.32-696.23.1.OL6 - Update genkey bug 25599697 2.6.32-696.23.1 - scsi avoid a permanent stop of the scsi device's request queue Ewan Milne 1519857 1513455 - x86 retpoline/hyperv: Convert assembler indirect jumps Waiman Long 1543022 1535645 - x86 specctrl: Upgrade GCC retpoline warning to an err...
sssd security and bug fix update
1.15.2-50.8 - Resolves: rhbz1508972 - Accessing IdM kerberos ticket fails while id mapping is applied rhel-7.4.z - Resolves: rhbz1509177 - Race condition between refreshing the crdomain list and a request that is using the list can cause a segfault is sssdnss rhel-7.4.z 1.15.2-50.7 - Resolves:...
apr security update
1.3.9-5.1 - Resolves: 1507346 - CVE-2017-12613 apr: Out-of-bounds array deref in aprtimeexp functions...
firefox security update
52.5.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update Todd Vierling orabug 19847484 52.5.0-1 - Update to 52.5.0 ESR...
wget security update
1.14-15.1 - Fixed various security flaws CVE-2017-13089, CVE-2017-13090...
samba4 security update
4.2.10-11 - resolves: 1491212 - CVE-2017-12150 CVE-2017-12163...
thunderbird security update
52.3.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 52.3.0-1 - Update to 52.3.0 52.2.1-1 - Update to 52.2.1...
libtirpc security update
0.2.1-139 - Fix for CVE-2017-8779 bz 1449458...
curl security update
7.19.7-53 - treat Negotiate authentication as connection-oriented CVE-2017-2628...
thunderbird security update
45.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 45.8.0-1 - Update to 45.8.0...
thunderbird security update
45.7.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 45.7.0-1 - Update to 45.7.0...
systemd security and bug fix update
219-30.0.1.3 - set 'RemoveIPC=no' in logind.conf as default for OL7.2 22224874 - allow dm remove ioctl to co-operate with UEK3 Vaughan Cao Orabug: 18467469 - add hv dynamic memory support Jerry Snitselaar Orabug: 18621475 - rules: load sg module 1223340 - run: drop mistakenly committed test code...
gimp security, bug fix, and enhancement update
gimp 2:2.8.16-3 - fix multiple use-after-free bugs when parsing XCF channel and layer properties 1348617 2:2.8.16-2 - add back obsoletes necessary for RHEL 2:2.8.16-1 - version 2.8.16 2:2.8.14-3 - export-dialog-destroyed-crash patch: avoid subsequent warnings 2:2.8.14-2 - fix linking problem - us...
libtiff security update
4.0.3-25 - Add patches for CVEs: CVE-2015-7554, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784 - Related: 1299920 4.0.3-24 - Update patches for CVEs: CVE-2014-8127, CVE-2014-8130 - Related: 1299920 4.0.3-23 - Update patches: CVE-2014-9330, CVE-2014-8127,...
libtiff security update
3.9.4-18 - Update patch for CVE-2014-8127 - Related: 1335099 3.9.4-17 - Fix patches for CVE-2016-3990 and CVE-2016-5320 - Related: 1335099 3.9.4-16 - Add patches for CVEs: - CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 - CVE-2016-3991 CVE-2016-5320 - Related: 1335099 3.9.4-15 - Update patch for...
nss and nspr security, bug fix, and enhancement update
nspr 4.11.0-0.1 - Rebase to NSPR 4.11 - Resolves: Bug 1297943 - Rebase RHEL 5.11.z to NSPR 4.11 in preparation for Firefox 45 nss 3.21.0-6 - Fix SSLDHMINPBITS in more places. 3.21.0-5 - Keep SSLDHMINPBITS at 768 as in the previously released build. 3.21.0-4 - Run SSL tests 3.21.0-3 - Add...
krb5 security update
1.10.3-42z1 - Fix CVE-2015-8629 and CVE-2015-8631 - Also fix a spec trigger issue that prevents building - Resolves: 1306973...
bind security update
30:9.3.6-25.P1.8 - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite 30:9.3.6-25.P1.7 - Fix CVE-2016-1285 and CVE-2016-1286...
nss-util security update
3.19.1-5 - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... 3.19.1-4 - Rebuild to ensure use of correct NSPR. 3.19.1-3 - Include the fix for CVE-2016-1950 from NSS 3.19.2.3...
sos security and bug fix update
3.2-28.0.1.2 - Add vendor, vendor URL info for Oracle Linux orabug 17656507 [email protected] - Direct traceroute to linux.oracle.com John Haxby orabug 11713272 [email protected] - Check oraclelinux-release instead of redhat-release to get OS version John Haxby bug 11681869 [email protected] -...
samba security update
0:3.6.23-24.0.1 - Remove use-after-free talloctos inlined function problem John Haxby orabug 18253258 3.6.23-24 - related: 1290706 - Update patch for CVE-2015-5330 3.6.23-22 - resolves: 1290706 - CVE-2015-5299 - related: 1290706 - CVE-2015-5296 - related: 1290706 - CVE-2015-5252 - related: 129070...
openssl security update
1.0.1e-42.2 - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2...
bind97 security update
32:9.7.0-21.P2.4 - Fix CVE-2015-8000 32:9.7.0-21.P2.3 - Fix CVE-2015-5722 32:9.7.0-21.P2.2 - Fix CVE-2015-5477 32:9.7.0-21.P2.1 - Fix CVE-2014-8500 1171972...
git security update
1.8.3.1-6 - fix arbitrary code execution via crafted URLs Resolves: 1274737...
wireshark security, bug fix, and enhancement update
1.10.14-7.0.1 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.10.14-7 - Rebase some tvbuff API from upstream to 1.10.14 - Fixes crash when tvblengthremaining is used - Related: CVE-2015-6244 1.10.14-6 - Security patch - Resolves: CVE-2015-3182 1.10.14-5 - Fix crash...
spice-server security update
0.12.4-12.3 - CVE-2015-5260 CVE-2015-5261 fixed various security flaws Resolves: rhbz1262769 0.12.4-12.2 - Validate surfaceid Resolves: rhbz1262769...
mysql55-mysql security update
5.5.45-1 - Rebase to 5.5.45 Includes fixes for: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0501 CVE-2015-2568 CVE-2015-0499 CVE-2015-2571 CVE-2015-0433 CVE-2015-0441 CVE-2015-0505 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-26...
mariadb security update
1:5.5.41-2 - Include new certificate for tests Resolves: 1186109 1:5.5.41-1 - Rebase to 5.5.41 Also fix: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 Resolves: 1186109 1:5.5.40-2 - Fix header to let dependencies to build fine Resolves: 1177836...
mailx security update
12.4-8 - CVE-2004-2771 mailx: command execution flaw resolves: 1171175...
wpa_supplicant security update
1:2.0-13 - Use osexec for action script execution CVE-2014-3686...
cups-filters security update
1.0.35-15:.1 - Applied upstream patch to fix BrowseAllow parsing issue CVE-2014-4338, bug 1091568. - Applied upstream patch for cups-browsed DoS via processbrowsedata out-of-bounds read CVE-2014-4337, bug 1111510...
libxml2 security update
2.9.1-5.0.1.el70.1 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2.9.1-5.1 - CVE-2014-3660 denial of service via recursive entity expansion rhbz1149087...
libvirt security and bug fix update
1.1.1-29.0.1.el70.3 - Replace docs/et.png in tarball with blank image 1.1.1-29.el70.3 - domainconf: fix domain deadlock CVE-2014-3657 1.1.1-29.el70.2 - qemu: split out cpuset.mems setting rhbz1135871 - qemu: leave restricting cpuset.mems after initialization rhbz1135871 - qemu: blkiotune: Use...
thunderbird security update
24.8.0-1.0.1.el65 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 24.8.0-1 - Update to 24.8.0...
tomcat security update
0:7.0.42-8 - Resolves: CVE-2013-4590 - Resolves: CVE-2014-0119 0:7.0.42-7 - Related: CVE-2014-0099 incrementing release so rpmdiff doesn't complain about - no new entries in the changelog 0:7.0.42-6 - Resolves: CVE-2014-0099 Fix possible overflow when parsing - long values from byte array -...
squid security update
7:3.1.10-20.3 - Resolves: 1098134 - CVE-2014-0128 squid: denial of service when using SSL-Bump 7:3.1.10-20.2 - revert: Resolves: 1039088 - issues with timeout on HTTPS connections 7:3.1.10-20.1 - Resolves: 1093072 - issues with timeout on HTTPS connections...