9182 matches found
keepalived security update
1.3.5-8 - Fixed patch that was incorrectly removed 1652694 1.3.5-7 - Fix buffer overflow when parsing HTTP status codes 1652694...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.29.1 - Copy secureboot flag in boot params across kexec reboot Dave Young Orabug: 22066352 CVE-2015-7837 - ipv6: tcp: add rcu locking in tcpv6sendsynack Eric Dumazet Orabug: 25059183 CVE-2016-3841 - ipv6: add complete rcu protection around np-opt Eric Dumazet Orabug: 2505918...
Unbreakable Enterprise kernel security update
2.6.39-400.305.1 - ipv6: tcp: add rcu locking in tcpv6sendsynack Eric Dumazet Orabug: 25059185 CVE-2016-3841 - ipv6: add complete rcu protection around np-opt Eric Dumazet Orabug: 25059185 CVE-2016-3841 - scsi: qla2xxx: Fix an integer overflow in sysfs code Dan Carpenter Orabug: 28220492...
Unbreakable Enterprise kernel security update
4.1.12-124.24.1 - pinctrl: amd: Use devmpinctrlregister for pinctrl registration Laxman Dewangan Orabug: 27539246 CVE-2017-18174 - mlock: fix mlock count can not decrease in race condition Yisheng Xie Orabug: 27677611 CVE-2017-18221 - perf/core: Fix the perfcputimemaxpercent check Tan Xiaojun...
qemu security update
15:3.0.0-3.el7 - monitor: guard iothread access by mon-useiothread Wolfgang Bumiller Orabug: 29046045 - monitor: delay monitor iothread creation Wolfgang Bumiller Orabug: 29010480 - Revert 'qmp: isolate responses into io thread' Marc-Andre Lureau Orabug: 29010480 - usb-mtp: outlaw slashes in...
qemu security update
15:3.0.0-3.el7 - monitor: guard iothread access by mon-useiothread Wolfgang Bumiller Orabug: 29046045 - monitor: delay monitor iothread creation Wolfgang Bumiller Orabug: 29010480 - Revert 'qmp: isolate responses into io thread' Marc-Andre Lureau Orabug: 29010480 - usb-mtp: outlaw slashes in...
ntp security update
4.2.6p5-15.0.1 - add disable monitor to default ntp.conf CVE-2013-5211 4.2.6p5-15 - fix buffer overflow in parsing of address in ntpq and ntpdc CVE-2018-12327 4.2.6p5-14 - fix CVE-2016-7429 patch to work correctly on multicast client 1422973 4.2.6p5-13 - fix buffer overflow in datum refclock driv...
firefox security update
60.4.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.4.0-1 - Update to 60.4.0 ESR 60.3.0-2 - Added firefox-gnome-shell-extension 60.3.0-1 - Update to 60.3.0 ESR...
firefox security update
60.4.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.4.0-1 - Update to 60.4.0 ESR 60.3.0-2 - Added firefox-gnome-shell-extension...
ghostscript security and bug fix update
9.07-31.el76.6 - Resolves: 1657822 - ghostscript: Regression: Warning: Dropping incorrect smooth shading object Error: /rangecheck in --run-- 9.07-31.el76.5 - Resolves: 1654621 - CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement 699664 - Resolves: 1650210 - CVE-2018-17183...
kubernetes security update
1.9.11-2.1.1 - Fix kubeadm-registry.sh - Use golang 1.9.3 - CVE-2018-1002105 Handle error responses from backends - Bump to v1.9.11...
Unbreakable Enterprise kernel security update
4.14.35-1818.5.4 - RDS: null pointer dereference in rdsatomicfreeop Mohamed Ghannam Orabug: 28020694 CVE-2018-5333 - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation Alejandro Jimenez Orabug: 28474853 - x86/speculation: Enable enhanced IBRS usage Alejandro Jimenez Orabug:...
Unbreakable Enterprise kernel security update
4.1.12-124.23.2 - ntty: fix EXTPROC vs ICANON interaction with TIOCINQ aka FIONREAD Linus Torvalds Orabug: 28855335 CVE-2018-18386 - nfs: Don't take a reference on fl-flfile for LOCK operation Benjamin Coddington Orabug: 28887442 - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo...
Unbreakable Enterprise kernel security update
2.6.39-400.304.1 - mnt: Prevent pivotroot from creating a loop in the mount tree Eric W. Biederman Orabug: 26575709 CVE-2014-7970 CVE-2014-7970 - vfs: more mntparent cleanups Al Viro Orabug: 26575709 CVE-2014-7970 - vfs: new internal helper: mnthasparentmnt Al Viro Orabug: 26575709 CVE-2014-7970 ...
Unbreakable Enterprise kernel security update
4.1.12-124.23.1 - xfs: don't call xfsdashrinkinode with NULL bp Eric Sandeen Orabug: 28898616 CVE-2018-13094 - ALSA: rawmidi: Change resized buffers atomically Takashi Iwai Orabug: 28898636 CVE-2018-10902 - md/raid5: fix a race condition in stripe batch Shaohua Li Orabug: 28917012 - xfs: don't fa...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.28.1 - udf: Check component length before reading it Jan Kara Orabug: 21193696 CVE-2014-9728 - udf: Verify isize when loading inode Shan Hai Orabug: 21193696 CVE-2014-9728 - intelpstate: Fix overflow in busyscaled due to long delay mridula shastry Orabug: 28005134 - scsi:...
ghostscript security and bug fix update
9.07-31.el76.3 - Resolves: 1654290 ghostscript update breaks xdvi gs: Error: /undefined in flushpage 9.07-31.el76.2 - Resolves: 1652901 - CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509...
ghostscript security update
8.70-24.el610.2 - It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch 8.70-24.el610.1 - Resolves: 1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore 8.70-24 - Added security fix for CVE-2017-82...
ruby security update
2.0.0.648-34 - CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work. Resolves: CVE-2018-16395...
Unbreakable Enterprise kernel security update
4.1.12-124.22.4 - Revert commit 8bd274934987 'block: fix bdi vs gendisk lifetime mismatch' Ashish Samant Orabug: 28968102 - KVM/x86: Add IBPB support Ashok Raj Orabug: 28703712 - x86/intel/spectrev2: Remove unnecessary retpcompiler test Boris Ostrovsky Orabug: 28814570 - x86/intel/spectrev4:...
sos-collector security update
1.5-3.0.1 - To recognize OL systemOraBug 28807430 - import os module to detect /etc/redhat-release OraBug 28740046 1.5-3 - Resolve race condition in cluster profile loading - Quote all options globally - RHBZ1633515 - RHBZ1647955 1.5-2 - Fix cluster option reporting 1.5-1 - Update to version 1.5 ...
qemu security update
15:3.0.0-1.el7 - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28763782 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug: 28763774 CVE-2018-17962 - rtl8139: fix possible out of bound access Jason Wang Orabug: 28763765 CVE-2018-17958 - ne2000: fix possible ou...
NetworkManager security update
1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin CVE-2018-15688...
kernel security, bug fix, and enhancement update
3.10.0-957.1.3.el7.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel olkmodsigning [email protected] - Update x509.genkey bug 24817676 3.10.0-957.1.3.el7 - x86 Mark Intel Cascade Lake supported Steve Best 1650213 16399...
ghostscript security update
9.07-31.el76.1 - Remove as many non-standard operators as possible to make the codebase closer to upstream for later CVEs - Resolves: 1621383 - CVE-2018-16511 ghostscript: missing type check in type checker 699659 - Resolves: 1621159 - CVE-2018-15908 ghostscript: .tempfile file permission issues...
thunderbird security update
60.3.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.3.0-1 - Update to 60.3.0 60.2.1-6 - Fixed missing calendar langpacks...
qemu security update
15:3.0.0-1.el7 - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28763782 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug: 28763774 CVE-2018-17962 - rtl8139: fix possible out of bound access Jason Wang Orabug: 28763765 CVE-2018-17958 - ne2000: fix possible ou...
thunderbird security update
60.2.1-5.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.2.1-5 - Fixing minor issues 60.2.1-3 - Reverting deleting of key3db 60.2.1-2 - Update to 60.2.1 - Added fix for rhbz1546988 60.0-1 - Rebase to version 60...
thunderbird security update
60.3.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.3.0-1 - Update to 60.3.0 60.2.1-6 - Fixed missing calendar langpacks 60.2.1-5 - Fixing minor issues...
git security update
1.8.3.1-20 - Fix CVE-2018-17456: arbitrary code execution via .gitmodules Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1...
java-11-openjdk security update
1:11.0.1.13-3.0.1 - link atomic for ix86 build 1:11.0.1.13-3 - Bump release for rebuild. 1:11.0.1.13-2 - Use LTS designator in version output for RHEL. 1:11.0.1.13-1 - Update to October 2018 CPU release, 11.0.1+13. 1:11.0.0.28-2 - Use --with-vendor-version-string=18.9 so as to show original GA da...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.26.1 - netfilter: xtTCPMSS: add more sanity tests on tcph-doff Eric Dumazet Orabug: 27896807 CVE-2017-18017 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927692 CVE-2018-7757...
Unbreakable Enterprise kernel security update
2.6.39-400.303.1 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927686 CVE-2018-7757 - Revert 'Fix up non-directory creation in SGID directories' Brian Maly Orabug: 28781234...
spice-server security update
0.12.4-16.2 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 0.12.4-16.1 - Fix flexible array buffer overflow Resolves: rhbz1596008...
Unbreakable Enterprise kernel security update
4.14.35-1818.4.5 - x86/intel/spectrev2: Remove unnecessary retpcompiler test Boris Ostrovsky Orabug: 28814574 - x86/intel/spectrev4: Deprecate specstorebypassdisable=userspace Boris Ostrovsky Orabug: 28814574 - x86/speculation: x86specctrlset needs to be called unconditionally Boris Ostrovsky...
xorg-x11-server security update
1.20.1-5.1 - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges 1.20.1-5 - Call LeaveVT from xf86CrtcCloseScreen 1.20.1-4 - Hide the modesetting driver's atomic ioctl support behind Option 'Atomic'...
java-1.7.0-openjdk security update
1:1.7.0.201-2.6.16.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.201-2.6.16.1 - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 disable RC4 to apply after 8208350 disable DES - Resolves: rhbz1633817...
python-paramiko security update
2.1.1-9 - Fix a security flaw CVE-2018-1000805 in Paramiko's server mode does not effect client mode. Backported from 2.1.6 Resolves rhbz1637366...
thunderbird security update
60.2.1-4.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.2.1-4 - Fixing minor issues 60.2.1-3 - Reverting deleting of key3db 60.2.1-2 - Update to 60.2.1 - Added fix for rhbz1546988 60.0-1 - Rebase to version 60...
Unbreakable Enterprise kernel security update
4.1.12-124.21.1 - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! Mike Kravetz Orabug: 28839992 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927687 CVE-2018-7757 - KVM: vmx: shadow more fields that are read/written on every vmexits Paolo Bonzini Orabug: 2858104...
openssl security update
1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...
glibc security update
2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...
jasper security update
1.900.1-33 - remove implicit declaration of jaseprintf 1585830 1.900.1-32 - Fix CVE-2016-9396 1583721 - Fix CVE-2017-1000050 1585830...
setup security and bug fix update
2.8.71-10 - fix crudp name in /etc/protocols 1566469 - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells 1571104...
curl and nss-pem security and bug fix update
curl 7.29.0-51 - require a new enough version of nss-pem to avoid regression in yum 1610998 7.29.0-50 - remove dead code, detected by Coverity Analysis - remove unused variable, detected by GCC and Clang 7.29.0-49 - make curl --speed-limit work with TFTP 1584750 7.29.0-48 - fix RTSP bad headers...
zsh security and bug fix update
5.0.2-31 - fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083 5.0.2-30 - fix stack-based buffer overflow in utils.c:checkmailpath CVE-2018-1100 - fix stack-based buffer overflow in genmatchesfiles CVE-2018-1083 - fix stack-based buffer overflow in exec.c:hashcmd...
libmspack security update
0.5-0.6.alpha - Fixes for CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 - resolves: rhbz1611550 rhbz1611551 rhbz1611552 rhbz1611553...
zziplib security update
0.13.62-9 - Fix covscan warning - 'Variable 'file' going out of scope leaks the storage it points to.' has been introduced by the original version of 0001-fix-CVE-2018-7725.patch - Related: 1558596 0.13.62-8 - Fix CVE-2018-7727 - Resolves: 1558891 0.13.62-7 - Fix CVE-2018-7726 - Resolves: 1558623...
gnutls security, bug fix, and enhancement update
3.3.29-8.0.1 - Include ECDSA KAT into selftests for FIPS140-2 compliance Orabug 27484156 3.3.29-8 - Backported --sni-hostname option which allows overriding the hostname advertised to the peer 1444792 - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704...
samba security, bug fix, and enhancement update
4.8.3-4 - resolves: 1614132 - Fix delete-on-close after smb2find - resolves: 1614265 - Fix CVE-2018-1139 - resolves: 1614269 - Fix CVE-2018-10858 4.8.3-3 - resolves: 1581016 - Add smbclient quiet argument 4.8.3-2 - related: 1538743 - Fix local user account lookup with winbind 4.8.3-1 - related:...