9185 matches found
Unbreakable Enterprise kernel security and bugfix update
kernel-uek 3.8.13-55.1.5 - CIFS Possible null ptr deref in SMB2tcon Steve French Orabug: 20433140 CVE-2014-7145 3.8.13-55.1.4 - net: sctp: fix NULL pointer dereference in af-fromaddrparam on malformed packet Daniel Borkmann Orabug: 20425332 CVE-2014-7841 3.8.13-55.1.3 - ACPI: x2apic entry ignored...
glibc security update
2.3.4-2.57.0.1.el4.1 - CVE-2015-0235 Fix parsing of numeric hosts in gethostbynamer John Haxby orabug 20439586...
kernel security and bug fix update
3.10.0-123.20.1 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.20.1 - fs seqfile: don't include mm.h in genksyms calculation Ian Kent 1184152 1183280 3.10.0-123.19.1 - mm shmem: fix splicing from a hole while it's punched Denys Vlasenko 1118244 1118245 CVE-2014-4171 - mm shmem: fix faulti...
libyaml security update
0.1.3-4 - Add patch for CVE-2014-9130 RHBZ1169369...
kernel security and bug fix update
2.6.32-504.8.1 - crypto crc32c: Kill pointless CRYPTOCRC32CX8664 option Jarod Wilson 1175509 1036212 - crypto testmgr: add larger crc32c test vector to test FPU path in crc32cintel Jarod Wilson 1175509 1036212 - crypto tcrypt: Added speed test in tcrypt for crc32c Jarod Wilson 1175509 1036212 -...
glibc security update
2.5-123.0.1.el511.1 - Switch to use malloc when the input line is too long Orabug 19951108 - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin 2.5-123.1 - Fix parsing of numeric hosts in gethostbynamer CVE-2015-0235, 1183532...
glibc security update
Oracle Linux 7: 2.17-55.0.4.el70.5 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.5 - Rebuild and run regression testing...
java-1.6.0-openjdk security update
1:1.6.0.33-1.13.6.1.0.1.el511 - Add oracle-enterprise.patch 1:1.6.0.34-1.13.6.1 - Update to latest 1.13.6 release candidate tarball - Fixes a number of issues found with b34: - OJ51, PR2187: Sync patch for 4873188 with 7 version - OJ52, PR2185: Application of 6786276 introduces compatibility issu...
jasper security update
1.900.1-16.3 - CVE-2014-8157 - dec-numtiles off-by-one check in jpcdecprocesssot 1183671 - CVE-2014-8158 - unrestricted stack memory use in jpcqmfb.c 1183679...
java-1.7.0-openjdk security update
1:1.7.0.75-2.5.4.0.0.1.el66 - Update DISTRONAME in specfile 1:1.7.0.75-2.5.4.0 - Fix abrtfriendlyhslogjdk7.patch to apply again. 1:1.7.0.75-2.5.4.0 - Bump to 2.5.4 using OpenJDK 7u75 b13. - Remove earlier temporary patch for RH1146622 included upstream - Fix elliptic curve list as part of fsg.sh ...
java-1.8.0-openjdk security update
1:1.8.0.31-1.b13 - Update to January CPU patch update. - Resolves: RHBZ1180299 1:1.8.0.25-4.b17 - updated aarch64 sources - epoch synced to 1 - all ppcs excluded from classes dump1156151 - Resolves: rhbz1173706...
java-1.7.0-openjdk security update
1:1.7.0.75-2.5.4.0.0.1.el511 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Oracle Linux' 1:1.7.0.75-2.5.4.0 - Bump to 2.5.4 using OpenJDK 7u75 b13. - Fix elliptic curve list as part of fsg.sh - Resolves: rhbz1180294...
openssl security update
1.0.1e-34.7 - fix CVE-2014-3570 - incorrect computation in BNsqr - fix CVE-2014-3571 - possible crash in dtls1getrecord - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support f...
firefox security and bug fix update
31.4.0-1.0.1 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files 31.4.0-1 - Update to 31.4.0 ESR 31.3.0-9 - Fixed problems with dictionaries mozbz1097550 - Fixed rhbz1164855 - firefox.desktop is missing x-scheme-handler MimeTy...
thunderbird security update
31.4.0-1.0.1.el66 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 31.4.0-1 - Update to 31.4.0 31.3.0-3 - Fixed problems with dictionaries mozbz1097550...
glibc security and bug fix update
2.12-1.149.4 - Fix recursive dlopen 1173469. 2.12-1.149.3 - Fix typo in ressend and resquery rh1172023. 2.12-1.149.2 - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, 1139571. 2.12-1.149.1 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170121...
libvirt security and bug fix update
1.1.1-29.0.1.el70.4 - Replace docs/et.png in tarball with blank image 1.1.1-29.el70.4 - qemu: blockcopy: Don't remove existing disk mirror info rhbz1149078 - qemu: copy: Accept 'format' parameter when copying to a non-existing img rhbz1149078 - qemu: reject rather than hang on blockcommit of acti...
docker security update
1.3.3-1.0.1 - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support 1.3.3-1 - Update source to 1.3....
ntp security update
4.2.6p5-2 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - don't mobilize passive association when authentication fails CVE-2014-9296...
ntp security update
4.2.2p1-18.el5 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295...
Unbreakable Enterprise kernel security update
kernel-uek 2.6.32-400.36.13uek - net: guard tcpsetkeepalive to tcp sockets Eric Dumazet Orabug: 20224099 CVE-2012-6657 - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224061 CVE-2014-5471 CVE-2014-5472 - x8664, traps: Stop using IST for SS Andy Lutomirski...
Unbreakable Enterprise kernel security update
2.6.39-400.215.15 - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224060 CVE-2014-5471 CVE-2014-5472 - x8664, traps: Stop using IST for SS Andy Lutomirski Orabug: 20224028 CVE-2014-9090 CVE-2014-9322...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-55.1.2.el6uek - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224059 CVE-2014-5471 CVE-2014-5472 - x8664, traps: Stop using IST for SS Andy Lutomirski Orabug: 20224027 CVE-2014-9090 CVE-2014-9322...
glibc security and bug fix update
2.17-55.0.4.el70.3 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.3 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170118...
kernel security update
3.10.0-123.13.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.13.2 - x86 traps: stop using IST for SS Petr Matousek 1172812 1172813 CVE-2014-9322...
kernel security update
kernel 2.6.18-400.1.1 - x86 traps: stop using IST for SS Petr Matousek 1172809 CVE-2014-9322...
kernel security update
kernel 2.6.18-400.1.1.0.1 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function...
jasper security update
1.900.1-16.2 - CVE-2014-8137 - double-free in in jasiccattrvaldestroy 1173566 - CVE-2014-8138 - heap overflow in jp2decode 1173566 1.900.1-16.1 - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders 1171208 1.900.1-16 - CERT VU887409: heap buffer overflow...
mailx security update
12.4-8 - CVE-2004-2771 mailx: command execution flaw resolves: 1171175...
kernel security and bug fix update
2.6.32-504.3.3 - x86 traps: stop using IST for SS Petr Matousek 1172810 1172811 CVE-2014-9322 2.6.32-504.3.2 - md dm-thin: fix pooliohints to avoid looking at maxhwsectors Mike Snitzer 1161420 1161421 1142773 1145230 2.6.32-504.3.1 - s390 zcrypt: toleration of new crypto adapter hardware Hendrik...
bind97 security update
32:9.7.0-21.P2.1 - Fix CVE-2014-8500 1171972...
bind security update
32:9.9.4-14.0.1.el70.1 - Rebuild to fix libmysqlclient dependency 32:9.9.4-14.1 - Fix CVE-2014-8500 1171975...
Unbreakable Enterprise kernel security update
2.6.39-400.215.14 - HID: magicmouse: sanity check report size in rawevent callback Jiri Kosina Orabug: 19849355 CVE-2014-3181 - ALSA: control: Protect user controls against concurrent access Lars-Peter Clausen Orabug: 20192542 CVE-2014-4652 - target/rd: Refactor rdbuilddevicespace +...
xorg-x11-server security update
1.15.0-7.0.1.el70.3 - Invalid BUGRETURNVAL fix, upstream patch orabug 18896390 1.15.0-7.3 - CVE fixes for: CVE-2014-8099, CVE-2014-8098, CVE-2014-8097, CVE-2014-8096, CVE-2014-8095, CVE-2014-8094, CVE-2014-8093, CVE-2014-8092, CVE-2014-8091, CVE-2014-8101, CVE-2014-8100, CVE-2014-8103, CVE-2014-8...
Unbreakable Enterprise kernel security update
kernel-uek 2.6.32-400.36.12 - HID: fix a couple of off-by-ones Jiri Kosina Orabug: 19849320 CVE-2014-3184 - ALSA: control: Protect user controls against concurrent access Lars-Peter Clausen Orabug: 20192545 CVE-2014-4652 - udf: Avoid infinite loop when processing indirect ICBs Jan Kara Orabug:...
xorg-x11-server security update
1.1.1-48.107.0.1.el511 - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file 1.1.1-48.107 - CVE-2014-8091 denial of service due to unchecked malloc in client authentication 1168680 - CVE-2014-8092 integer overflow in X11 core protocol requests when calculating memory needs for...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-55.1.1 - ALSA: control: Protect user controls against concurrent access Lars-Peter Clausen Orabug: 20192540 CVE-2014-4652 - target/rd: Refactor rdbuilddevicespace + rdreleasedevicespace Nicholas Bellinger Orabug: 20192516 CVE-2014-4027 - HID: logitech: perform bounds checking on...
kernel security and bug fix update
3.10.0-123.13.1 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.13.1 - powerpc mm: Make sure a localirqdisable prevent a parallel THP split Don Zickus 1151057 1083296 - powerpc Implement getuserpagesfast Don Zickus 1151057 1083296 - scsi vmwpvscsi: Some improvements in pvscsi driver Ewan...
rpm security update
4.11.1-18 - Add check against malicious CPIO file name size 1163060 - Fixes CVE-2014-8118 4.11.1-17 - Fix race condidition where unchecked data is exposed in the file system 1163060 - Fixes CVE-2013-6435...
rpm security update
4.4.2.3-36.0.1 - Add missing files in /usr/share/doc/ 4.8.0-36 - Fix warning when applying the patch for 1163057 4.8.0-35 - Fix race condidition where unchecked data is exposed in the file system CVE-2013-64351163057...
kernel security and bug fix update
kernel 2.6.18-400 - net bridge: disable snooping if there is no querier Frantisek Hrbata 902454 - s390 kernel: sysinfo: convert /proc/sysinfo to seqfile Alexander Gordeev 1131283 - net netlink: verify permisions of socket creator Jiri Benc 1094266 CVE-2014-0181 - net netlink: store effective caps...
kernel security and bug fix update
kernel 2.6.18-400.0.0.0.1 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function...
docker security and bug fix update
1.3.2-1.0.1 - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support 1.3.2-1 - Update source to 1.3....
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-55 - freezer: set PFSUSPENDTASK flag on tasks that call freezeprocesses Colin Cross Orabug: 20082843 3.8.13-54 - netfilter: nfnat: fix oops on netns removal Florian Westphal Orabug: 19988779 - tcp: tsq: restore minimal amount of queueing Eric Dumazet Orabug: 19909542 - qedf: Fix...
firefox security update
31.3.0-4.0.1 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones 31.3.0-4 - Update to 31.3.0 ESR Build 2 - Fix for geolocation API rhbz1063739 31.2.0-5 - splice workaround rhbz1150082 31.2.0-4 - ppc build fix rhbz1151959...
wpa_supplicant security update
1:2.0-13 - Use osexec for action script execution CVE-2014-3686...
thunderbird security update
31.3.0-1.0.1.el66 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 31.3.0-1 - Update to 31.3.0...
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
nss 3.16.2.3-2.0.1.el70 - Added nss-vendor.patch to change vendor 3.16.2.3-2 - Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 3.16.2.3-1 - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3...
ruby security update
1.8.7.374-3 - Fix REXML billion laughs attack via parameter entity expansion CVE-2014-8080. Resolves: rhbz1163993 - REXML incomplete fix for CVE-2014-8080 CVE-2014-8090. Resolves: rhbz1163993...
ruby security update
2.0.0.353-22 - Fix REXML billion laughs attack via parameter entity expansion CVE-2014-8080. Resolves: rhbz1163998 - REXML incomplete fix for CVE-2014-8080 CVE-2014-8090. Resolves: rhbz1163998 2.0.0.353-21 - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975 Resolves...