9182 matches found
subversion:1.10 security update
libserf 1.3.9-9 - Resolves: 1696354 - Ensure modular RPM upgrade path subversion 1.10.2-2 - rebuild to ensure NVR ordering 1696354 1.10.2-1.1 - Resolves: 1733442 - CVE-2019-0203 subversion:1.10/subversion: remote unauthenticated denial-of-service in subversion svnserve utf8proc 2.1.1-5 - Resolves...
glibc security update
2.17-292.0.1.7 - Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch - Make IOfunlockfile match funlockfile and IOflockfile match flockfile Both should test if stream-flags & IOUSERLOCK == 0 IOlocklock stream-lock; OraBug 28481550. Reviewed-by: Jose E. Marchesi - Modify...
docker-engine security update
18.03.1.ol-0.0.15 - cherry-picked fix for CVE-2018-15664 from upstream 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 18.03.1.ol-0.0.12 - correct the version string of containerd 18.03.1.ol-0.0.11 - update runc for CVE-2019-5736 18.03.1.ol-0.0.10 - update Go to version...
kernel security, bug fix, and enhancement update
4.18.0-80.7.10.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 4.18.0-80.7.10 - x86 Update stepping values for Whiskey Lake U/Y David Arcari...
ghostscript security update
9.25-2.1 - Resolves: 1737338 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 701394...
openssl security update
1.0.1e-58.0.1 - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.1e-58 - fi...
Unbreakable Enterprise kernel security update
4.14.35-1902.4.8 - x86/boot: Clear RSDP address in bootparams for broken loaders Juergen Gross Orabug: 30111373 4.14.35-1902.4.7 - rds: ib: Qualify CM REQ duplicate detection with connection being up Hakon Bugge Orabug: 30062149 - rds: Further prioritize local loop-back connections Hakon Bugge...
openssl security update
1.0.1e-58.0.1 - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.1e-58 - fi...
kernel security and bug fix update
2.6.32-754.18.2.OL6 - Update genkey bug 25599697 2.6.32-754.18.2 - x86 x86/speculation: Enable Spectre v1 swapgs mitigations Waiman Long 1724512 CVE-2019-1125 - x86 x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations Waiman Long 1724512 CVE-2019-1125 2.6.32-754.18.1 - virt xenbu...
qemu-kvm security, bug fix, and enhancement update
1.5.3-167.el7 - Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch bz1618503 - Resolves: bz1618503 qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads rhel-7 1.5.3-166.el7 - kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch bz1618503 - Resolves: bz1618503 qemu-kv...
procps-ng security and bug fix update
3.3.10-26 - free: unreclaimable slabs counted into free memory, used mem incorrect - Resolves: rhbz1699264 3.3.10-25 - ps: recognize SCHEDDEADLINE in CLS field, upstream backport - Resolves: rhbz1692843 3.3.10-24 - top: Do not default to the cwd in configsread - Resolves: rhbz1577023...
ovmf security and enhancement update
20180508-6.gitee3198e672e2.el7 - ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch bz1691479 - ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch bz1691479 - ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch bz1691647 -...
gvfs security and bug fix update
1.36.2-3 - Force NT1 protocol version for workgroup support 1619719 1.36.2-2 - Prevent spawning new daemons if outgoing operation exists 1632960 - CVE-2019-3827: Prevent access if any authentication agent isnt available 1673887...
ghostscript security update
9.25-2.2 - Resolves: 1737336 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 701394...
elfutils security, bug fix, and enhancement update
0.176-2 - Add elfutils-0.176-xlate-note.patch 1704754 0.176-1 - New upstream release 1676504 CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18521, CVE-2018-18520...
mercurial security update
2.6.2-10 - Add missing hunk for CVE-2018-13347 patch - Related: CVE-2018-13347 2.6.2-9 - Fix various CVEs - Resolves: CVE-2018-1000132 CVE-2018-13346 CVE-2018-13347...
compat-libtiff3 security update
3.9.4-12 - Fix CVE-2018-7456 - Resolves: 1561319...
ghostscript security, bug fix, and enhancement update
9.25-2 - obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel 9.25-1 - Rebase to latest upstream version bug 1636115 - Resolves: 1673399 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 - Resolves: 1678172 - CVE-2019-3835 ghostscript: superexec...
bind security, bug fix, and enhancement update
32:9.11.4-9.P2 - Fix CVE-2019-6471 32:9.11.4-8.P2 - Fix scriptlet errors when selinux-policy is not installed 1647659 32:9.11.4-7.P2 - Fix inefective limit of TCP clients CVE-2018-5743 32:9.11.4-6.P2 - Use /sbin/nologin again 1676661 32:9.11.4-5.P2 - Make sure selinux-policy is installed soon...
python-requests security update
2.6.0-5 - Fix CVE-2018-18074 Resolves: rhbz1647368...
poppler security, bug fix, and enhancement update
evince 3.28.2-8 - Do not free EvDocumentInfo in evwindowsaveprintsettings, - it is freed in EvDocuments destructor - Resolves: 1541358 3.28.2-7 - Do not store page-scaling for documents with enforced - page-scaling - Resolves: 1541358 3.28.2-6 - Use PrintScaling preference stored in PDFs -...
libtiff security update
4.0.3-32 - Fix one more Covscan defect - Related: 1647965 4.0.3-31 - Fix processing of RAS files without colormap - Related: 1647965 4.0.3-30 - Fix various Covscan defects - Related: 1647965 4.0.3-29 - Fix compiler warning introduced by patch for CVE-2018-18661 - Related: 1647965 4.0.3-28 - Fix...
python-urllib3 security update
1.10.2-7 - Provide python2-urllib3 - Add patch for CVE-2019-11236 Resolves: rhbz1703360 1.10.2-6 - Source URL switched to HTTPS protocol - Add patch for CVE-2018-20060 Resolves: rhbz1658471...
unixODBC security update
2.3.1-14.0.1 - backport unchecked malloc memory references fix Orabug: 29684195 2.3.1-14 - fixed insecure buffer copy 1571530 - fixed possible buffer overflow 1571528 2.3.1-13 - revert: ltdl bundling 2.3.1-12 - fix the libtool-ltdl compatibility Resolves: rhbz1267438...
libsolv security and bug fix update
0.6.34-4 - Polish the changelog 0.6.34-3 - Make sure that targeted updates dont do reinstalls - Resolves: bug1668256 - Fix NULL pointer dereference CVE-2018-20532, CVE-2018-20533 - Resolves: bug1669562 - Resolves: bug1669576 - Fix illegal address access in poolwhatprovides CVE-2018-20534 -...
sssd security, bug fix, and enhancement update
1.16.4-21 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly 1.16.4-20 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization 1.16.4-19 - Resolves: rhbz1707959 - sssd does not properly check GSS-SPNEGO 1.16.4-18 - Resolves: rhbz1710286 - The...
libcgroup security update
0.41-21 - fix CVE-2018-14348 resolves: 1612122...
http-parser security update
2.7.1-8 - Backport needed test fixes - Related: rhbz1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length header values rhel-7 2.7.1-7 - Resolves: rhbz1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length head...
polkit security and bug fix update
0.112-22.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.112-22 - pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled - Resolves: rhbz1325512 0.112-21 - Mitigation of regression caused by fix of CVE-2018-19788 - Resolves: rhbz1656377 0.112-20 - Fix of...
libmspack security update
0.5-0.7.alpha - Fixes for CVE-2018-18584 CVE-2018-18585. resolves: rhbz1648384 rhbz1648385...
zziplib security update
0.13.62-11 - Fix CVE-2018-6541 - Part of the original patch has already been applied in the past CVE-2018-7726, so the bug should not be reproducible in a way described in the github issue, even without this commit. Applying the rest of the original patch anyway. -...
rsyslog security and bug fix update
8.24.0-38.0.2 - Newer gcc complains about implicit declaration of prctl. Added header file to quiesce the compiler 8.24.0-38 RHEL 7.7 ERRATUM - added patch increasing max path size preventing buffer overflow with too long paths resolves: rhbz1656860 8.24.0-37 RHEL 7.7 ERRATUM - edited patch fixin...
uriparser security update
0.7.5-10 - Fix CVE-2018-19198, CVE-2018-19199 Fix unescaped % in a comment Resolves: 1652002, 1652001...
advancecomp security update
1.15-21 - Resolves: 1711051, CVE-2019-8383 denial of service - Resolves: 1710910, CVE-2019-8379 null pointer dereference...
zsh security and bug fix update
5.0.2-33 - fix regression in oh-my-zsh vcsinfo hooks introduced in -30 1677696 5.0.2-32 - fix improper handling of shebang line longer than 64 bytes CVE-2018-13259...
httpd security and bug fix update
2.4.6-90.0.1 - replace index.html with Oracles index page oracleindex.html Resolves: 1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest - Resolves: 1696141 - CVE-2019-0217 httpd: modauthdigest: access control bypass due to race condition - Resolves: 1696096 -...
curl security and bug fix update
7.29.0-54.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...
udisks2 security, bug fix, and enhancement update
2.7.3-9 - Build udisks2-lsm subpackage 1672664 - Fix sigint source removal on daemon exit 1643350 - CVE-2018-17336: Fix format string vulnerability in udiskslog 1637427 - Describe command options in the udisksctl man page 1568269...
kde-workspace security and bug fix update
kdelibs 6:4.14.8-10 - Do not fork konsole process when opening terminal from apps using dolphin-part Resolves: bz1710362 6:4.14.8-9 - Do not fork konsole process when opening terminal from apps using dolphin-part Resolves: bz1710362 6:4.14.8-8 - Disable JAR repack script to avoid multilib...
qt5 security, bug fix, and enhancement update
qt5-qt3d 5.9.7-1 - Update to 5.9.7 Resolves: bz1564024 qt5-qtbase 5.9.7-1 - Enable -doc subpkg on PPC Resolves: bz1564000 5.9.7-1 - Update to 5.9.7 Resolves: bz1564000 qt5-qtcanvas3d 5.9.7-1 - Update to 5.9.7 Resolves: bz1564001 qt5-qtconnectivity 5.9.7-1 - Update to 5.9.7 Resolves: bz1564002...
sox security update
14.4.1-7 - Fix CVE-2017-18189 Upstream patch: https://sourceforge.net/p/sox/code/ci/09d7388c8ad5701ed9c59d1d600ff6154b066397/ Resolves: 1553590...
dhcp security and bug fix update
12:4.2.5-77.0.1 - Direct users to Oracle Linux support site. 12:4.2.5-77 - Resolves: 1712414 - Reset signal handlers set by isclib 12:4.2.5-76 - Resolves: 1704675 - Fix crash of dhcpd6 triggered by bind rebase 12:4.2.5-75 - Resolves: 1672308 - Do not restart dhcp on NetworkManagers up events...
unzip security update
6.0-20 - Fix CVE-2018-18384 Resolves: CVE-2018-18384...
samba security, bug fix, and enhancement update
4.9.1-6 - related: 1703204 - Fix printing with smbspool as CUPS backend 4.9.1-5 - resolves: 1703204 - Fix smbspool krb5 authentication 4.9.1-4 - resolves: 1690222 - Fix --max-protocol documentation of smbclient - resolves: 1518353 - Fix 'net ads join -Uadmin@forestdomain' - resolves: 1696524 - Fi...
systemd security, bug fix, and enhancement update
219-67.0.1 - do not create utmp update symlinks for reboot and poweroff Orabug: 27854896 - OL7 udev rule for virtio net standby interface Orabug: 28826743 - fix netdev is missing for iscsi entry in /etc/fstab Orabug: 25897792 [email protected] - set 'RemoveIPC=no' in logind.conf as default fo...
libwpd security update
0.10.0-2 - Resolves: rhbz1650535 CVE-2018-19208...
mariadb security and bug fix update
1:5.5.64-1 - Rebase to 5.5.64 - Resolves: 1490398 - CVEs fixed: 1610986 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3081 - CVEs fixed: 1664043 CVE-2018-3282 CVE-2019-2503 - CVEs fixed: 1701686 CVE-2019-2529...
libguestfs-winsupport security update
7.2-3 - Fix for CVE-2019-9755 heap-based buffer overflow leads to local root privilege escalation resolves: rhbz1698502...
libreoffice security and bug fix update
1:5.3.6.1-21.0.1 - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' 1:5.3.6.1-21 - Resolves: rhbz1066844 drop libreofficekit requires 1:5.3.6.1-20 - Resolves: rhbz1672003 CVE-2018-16858...
ntp security, bug fix, and enhancement update
4.2.6p5-29.0.1 - Bump release to avoid ULN conflict with Oracle modified errata. 4.2.6p5-29 - fix CVE-2016-7429 patch to restore default ttl configuration 1550637 - fix buffer overflow in parsing of address in ntpq and ntpdc CVE-2018-12327 - fix crash in parsing of received address in ntpq 161625...