9160 matches found
grafana-pcp security update
5.1.1-12 - Resolves RHEL-146864: CVE-2025-61726 - Resolves RHEL-147082: CVE-2025-61729 - Resolves RHEL-149622: CVE-2025-68121...
grafana-pcp security update
5.3.0-2 - Resolves RHEL-146722: CVE-2025-61726 - Resolves RHEL-146927: CVE-2025-61729 - Resolves RHEL-149228: CVE-2025-68121...
freerdp security update
2:3.10.3-5.2 - Backport several CVE fixes Resolves: RHEL-147912, RHEL-148815, RHEL-148859, RHEL-148892, RHEL-148973...
munge security update
0.5.13-14.0.1 - Updated path for removal of unneeded init file 0.5.13-14 - Fix CVE-2026-25506 - Resolved: RHEL-148533...
munge security update
0.5.15-11 - Fix CVE-2026-25506...
libpng15 security update
1.5.30-14.1 - fix CVE-2026-25646: heap buffer overflow in pngsetquantize RHEL-148404...
munge security update
0.5.13-3 - Fix CVE-2026-25506 - Resolves: RHEL-148521...
openssl security update
1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing ticketlifetimehint exceed 1 week in TLSv1.3 and breaks compliant clients Resolves: RHEL-149165 Resolves: RHEL-142715 1:1.1.1k-14.1 - Backport fix for openssl: Out-of-bounds read & write in R...
protobuf security update
3.14.0-17 - Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits...
golang-github-openprinting-ipp-usb security update
0.9.27-5 - rebuilt to fix CVE-2025-68121, CVE-2025-61726...
freerdp security update
2:2.11.7-1.2 - Backport several CVE fixes Resolves: RHEL-148847, RHEL-148887, RHEL-149020...
protobuf security update
3.19.6-15 - Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits 3.19.6-14 - Disable tests during build that are flaky 3.19.6-13 - Rebuilt for tests directory 3.19.6-12 - Copy patch from c9s to make emacs dependency optional Resolves: RHEL-93236...
Unbreakable Enterprise kernel security update
6.12.0-108.64.6.3 - net/rds: Fix issue with a revert in rdssendqueuerm Sharath Srinivasan Orabug: 38937451 6.12.0-108.64.6.2 - Revert 'net/rds: fix crash by expanding kref coverage to rdsincoming.iconn' Sharath Srinivasan Orabug: 38937451 - Revert 'net/rds: expand kref coverage to...
glibc security update
2.34-231.0.1.10 - Forward-port Oracle patches for ol9-u7 Reviewed-by: TBD Oracle history: November-14-2025 Cupertino Miranda - 2.34-231.0.1.2 - Forward-port Oracle patches for ol9-u7 Reviewed-by: Jose E. Marchesi September-24-2025 Cupertino Miranda - 2.34-231.0.1 - Forward-port Oracle patches for...
gnupg2 security update
2.0.22-5.0.1 - Fix CVE-2025-68973 gpg.fail/memcpy Orabug: 38914175...
java-11-openjdk security update
1:11.0.31.0.1-1.0.1 - Update to jdk-11.0.31+1 Orabug: 38950473 - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 - CVE-2026-21933 CVE-2026-21945...
nodejs:20 security update
nodejs 1:20.20.0-1 - Update to version 20.20.0 Resolves: RHEL-141917 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 2.0.20-2 - Patch bundled glob-parent - Resolves: CVE-2021-35065 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517 2.0.15-1 - Resolves: RHBZ2005419 - Resolves...
nodejs:22 security update
nodejs 1:22.22.0-1 - Update to 22.22.0 Resolves: RHEL-141879 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 2.0.20-2 - Patch bundled glob-parent - Resolves: CVE-2021-35065 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517 2.0.15-1 - Resolves: RHBZ2005419 - Resolves...
grafana security update
10.2.6-17 - Resolves RHEL-144959: CVE-2026-21721 - Resolves RHEL-146863: CVE-2025-61726 - Resolves RHEL-147081: CVE-2025-61729 - Resolves RHEL-147370: CVE-2025-61728 - Resolves RHEL-149621: CVE-2025-68121 10.2.6-17 - Resolves RHEL-125692: CVE-2025-58183 - Resolves RHEL-120426: Grafana-selinux...
grafana security update
10.2.6-22 - Resolves RHEL-144948: CVE-2026-21721 - Resolves RHEL-146721: CVE-2025-61726 - Resolves RHEL-146926: CVE-2025-61729 - Resolves RHEL-147351: CVE-2025-61728 - Resolves RHEL-149227: CVE-2025-68121...
firefox security update
140.7.0-1.0.1 - Update to 140.7.0 ESR Orabug: 38940976CVE-2025-14327CVE-2026-0877 CVE-2026-0878CVE-2026-0879CVE-2026-0880CVE-2026-0882CVE-2026-0883 CVE-2026-0884CVE-2026-0885CVE-2026-0886CVE-2026-0887CVE-2026-0890 CVE-2026-0891 140.6.0-1.0.1 - Update to 140.6.0 ESR Orabug:...
php security update
8.0.30-5 - Fix Null byte termination in dnsgetrecord GHSA-www2-q4fc-65wf - Fix Heap buffer overflow in arraymerge CVE-2025-14178 - Fix Information Leak of Memory in getimagesize CVE-2025-14177...
glibc security update
2.34-231.0.1.10 - Forward-port Oracle patches for ol9-u7 Reviewed-by: TBD Oracle history: November-14-2025 Cupertino Miranda - 2.34-231.0.1.2 - Forward-port Oracle patches for ol9-u7 Reviewed-by: Jose E. Marchesi September-24-2025 Cupertino Miranda - 2.34-231.0.1 - Forward-port Oracle patches for...
edk2 security update
20241117-4.0.1.el97.3 - Replace upstream references Orabug:36569119 20241117-4.el97.3 - edk2-OvmfPkg-MemEncryptSevLib-Evict-cache-lines-during-SN.patch RHEL-125104 - edk2-MdePkg-Add-the-COHERENCYSFWNO-CPUID-bit-field.patch RHEL-125104 -...
kernel security update
3.10.0-1160.119.1.0.17 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 Orabug: 38860426 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 Orabug: 38860426 - netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 Orabug: 38860426 - libceph: fix...
nodejs:24 security update
nodejs 1:24.13.0-1 - Update to version 24.13.0 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fix BR for nodejs-npm nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121581 2021.06-5 - nodejs.req to properly detect bundled deps...
gnupg2 security update
2.4.5-4 - Fix CVE-2026-24882 tpm2daemon buffer overflow...
virt:ol and virt-devel:ol security update
libvirt 6.0.0-28.1.0.1 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma qemu-kvm 4.2.0-34.el83.5 - kvm-Drop-bogus-IPv6-messages.patch bz1939493 - Resolves: bz1939493 CVE-2020-10756 virt:rhel/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability...
virt:ol and virt-devel:ol security update
qemu-kvm 4.2.0-59.el85 - kvm-hw-scsi-scsi-disk-MODEPAGEALLS-not-allowed-in-MODE.patch bz2025605 - kvm-e1000-fix-tx-re-entrancy-problem.patch bz2025011 - Resolves: bz2025605 CVE-2021-3930 virt:rhel/qemu-kvm: QEMU: off-by-one error in modesensepage in hw/scsi/scsi-disk.c rhel-8.5.0.z - Resolves:...
go-toolset:ol8 security and bug fix update
go-toolset 1.11.13-1 - Bump version to 1.11.13 - Related: rhbz1743204 - Related: rhbz1743206 golang 1.11.13-2 - Improve error message when using non-FIPS API in FIPS mode. - Fixes CVE-2019-9512. - Fixes CVE-2019-9514. - Resolves: rhbz1745711 - Resolves: rhbz1745705 1.11.6-3 - Updates to be less...
virt:ol and virt-devel:ol security and bug fix update
libvirt 8.0.0-10.1.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-10.1.el8 - qemuprocess: Don't require a hugetlbfs mount for memfd rhbz2132176 - qemunamespace: Tolerate missing ACLs when creating a path in namespace...
gimp security update
2:3.0.4-1.3 - fix CVE-2025-15059...
virt:ol and virt-devel:ol security and bug fix update
hivex libguestfs libguestfs-winsupport 8.8-2 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236373 libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm 6.2.0-33 - CVE-2023-3354 QEMU: VNC: improper I/O watch removal in TLS handshak...
kernel security update
4.18.0-553.105.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
kernel security update
5.14.0-611.34.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
kernel security update
6.12.0-124.38.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...
openssl security update
1.0.2k-26.0.1fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059...
virt:ol and virt-devel:ol security update
qemu-kvm 4.2.0-59.el85.2 - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch bz2048627 - Resolves: bz2048627 CVE-2022-0358 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 rhel-8.5.0.z...
go-toolset:ol8 security update
delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.7-1 - Update to Go 1.25.7 fips-1 - Resolves: RHEL-146469...
golang security update
1.25.7-1 - Update to Go 1.25.7 fips-1 - Resolves: RHEL-146476...
golang security update
1.25.7-1 - Rebase to latest rhel-10-main 170a5b7e084...
virt:ol and virt-devel:ol security and bug fix update
hivex libguestfs 1.44.0-9.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.44.0-9 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 1:1.44.0-8 -...
virt:ol and virt-devel:ol security and bug fix update
hivex 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 libvirt 6.0.0-35.1.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma - Disable parallel builds Karl Heubaum 6.0.0-35.1.el8 -...
nodejs:22 security update
nodejs 1:22.22.0-1 - Update to 22.22.0 Resolves: RHEL-118152 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991 nodejs-packaging 2021.06-4 - Exclude ix86 arches from building. Related: RHEL-35991...
gcc-toolset-14-binutils security update
2.41-3.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130636 Thu Feb 20 2025 Nick Clifton - Backport fixes for PR 32082 and PR 32153 in order to fix the PR 20267 linker tests. 2.41-3 - NVR Bump to allow rebuilding with GTS-14 gcc. RHEL-53519 2.41-2 - Fix s390x...
openssl security update
1:1.0.2k-26.0.1 - Fixes CVE-2025-9230 Fix incorrect check of unwrapped key size Orabug: 38916245...
nodejs:20 security update
nodejs 1:20.20.0-1 - Update to version 20.20.0 Resolves: RHEL-130972 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883...
libsoup security update
2.62.2-2.0.9 - Fix CVE-2025-14523 Orabug: 38873507 2.62.2-2.0.7 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 2.62.2-2.0.5 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 Orabug: 38085184 - CVE-2025-32906 CVE-2025-32911 CVE-2025-32913 CVE-2025-32914 2.62.2-2.0.3 - Fixe...
glib2 security update
2.56.1-9.0.3 - Fixes CVE-2025-13601 gescapeuristring overflow Orabug: 38909821 2.56.1-9.0.1 - Fix overflow of GDBusConnection serial Orabug: 38666376...
php:7.4 security update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.33-3 - Fix Heap-Use-After-Free in sapireadpostdata Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 - Fix Single byte overread wit...