8998 matches found
tomcat security update
0:7.0.42-5 - Related: CVE-2013-4286 - Related: CVE-2013-4322 - Related: CVE-2014-0050 - revisit patches for above...
java-1.6.0-openjdk security update
1:1.6.0.1-6.1.13.3 - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15apr2014 - renmoved upstreamed patch7, 1.13fixes.patch - renmoved upstreamed patch9, 1051245.patch - Resolves: rhbz1099563...
kernel security update
3.10.0-123.1.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.1.2 - tty ntty: Fix nttywrite crash when echoing in raw mode Aristeu Rozanski 1094241 1094242 CVE-2014-0196...
unbreakable enterprise kernel security update
kernel-uek 3.8.13-35.1.3.el6uek - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path after a ptracestop Tejun Heo Orabug: 19230689 CVE-2014-4699 - net: flowdissector: fail on evil iph-ihl Jason Wang...
unbreakable enterprise kernel security update
kernel-uek 2.6.32-400.36.4uek - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229529 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path after a ptracestop Tejun Heo Orabug: 19230692 CVE-2014-4699...
unbreakable enterprise kernel security update
2.6.39-400.215.4 - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229505 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path after a ptracestop Tejun Heo Orabug: 19230690 CVE-2014-4699...
java-1.7.0-openjdk security update
1.7.0.65-2.5.1.2.0.1.el65 - Update DISTRONAME in specfile 1.7.0.65-2.5.1.2 - added and applied fix for samrtcard io patch405, pr1864smartcardIO.patch - Resolves: rhbz1115874 1.7.0.65-2.5.1.1.el6 - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz1115874 1.7.0.60-2.5.0.1.el6 -...
java-1.7.0-openjdk security update
1.7.0.65-2.5.1.2.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.65-2.5.1.2 - added and applied fix for samrtcard io patch405, pr1864smartcardIO.patch - Resolves: rhbz1115872 1.7.0.65-2.5.1.1.el5 - updated to security patched icedtea7-forest 2.5.1 - Resolves:...
tomcat6 security and bug fix update
0:6.0.24-72 - Related: CVE-2014-0075 - rebuild to generate javadoc - correctly. previous build generated 0-length javadoc 0:6.0.24-69 - Related: CVE-2014-0075 incomplete 0:6.0.24-68 - Related: CVE-2013-4322. arches needs to be specified - as in arches noarch, so docs/webapps will produce - full...
samba and samba3x security update
3.6.9-169 - resolves: 1105499 - CVE-2014-0244: DoS in nmbd. - resolves: 1108840 - CVE-2014-3493: DoS in smbd with unicode path names...
lzo security update
2.03-3.1.1 - Fixed integer overflow in decompressor Resolves: CVE-2014-4607...
dovecot security update
1:2.0.9-7.1 - fix CVE-2014-3430: denial of service through maxxing out SSL connections 1108001...
mod_wsgi security update
3.2-6 - fix for CVE-2014-0242 1104685 3.2-4 - fix for CVE-2014-0240 1104687...
unbreakable enterprise kernel security update
kernel-uek 2.6.32-400.36.3uek - fix autofs/afs/etc. magic mountpoint breakage Al Viro Orabug: 19028505 CVE-2014-0203 - SELinux: Fix kernel BUG on empty security contexts. Stephen Smalley Orabug: 19028381 CVE-2014-1874 - floppy: don't write kernel-only members to FDRAWCMD ioctl output Matthew Dale...
unbreakable enterprise kernel security update
kernel-uek 3.8.13-35.1.2.el6uek - floppy: don't write kernel-only members to FDRAWCMD ioctl output Matthew Daley Orabug: 19028443 CVE-2014-1738 - floppy: ignore kernel-only members in FDRAWCMD ioctl input Matthew Daley Orabug: 19028436 CVE-2014-1737...
unbreakable enterprise kernel security update
2.6.39-400.215.3 - SELinux: Fix kernel BUG on empty security contexts. Stephen Smalley Orabug: 19028380 CVE-2014-1874 - floppy: don't write kernel-only members to FDRAWCMD ioctl output Matthew Daley Orabug: 19028444 CVE-2014-1738 - floppy: ignore kernel-only members in FDRAWCMD ioctl input Matthe...
kernel security and bug fix update
2.6.32-431.20.3 - kernel futex: Make lookuppistate more robust Jerome Marchand 1104516 1104517 CVE-2014-3153 - kernel futex: Always cleanup owner tid in unlockpi Jerome Marchand 1104516 1104517 CVE-2014-3153 - kernel futex: Validate atomic acquisition in futexlockpiatomic Jerome Marchand 1104516...
openssl security update
0.9.7a-43.18.0.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability...
kernel security and bug fix update
kernel 2.6.18-371.9.1 - nfs sunrpc: don't use a credential with extra groups Mateusz Guzik 1095062 976201 - scsi lpfc: Remove NDLP reference put in lpfccmplelslogoacc Rob Evers 1096061 1075228 - infiniband rds: dereference of a NULL device Jacob Tanenbaum 1079216 1079217 CVE-2013-7339 - kernel...
python-jinja2 security update
2.2.1-2 - Fix CVE-2014-1402 Resolves: rhbz1102889...
kernel security and bug fix update
kernel 2.6.18-371.9.1.0.1 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function orabug 14277030 - oprofile oprofile, x86: Fix nmi-unsafe callgraph support orabug 14277030 - oprofile oprofile: use...
firefox security update
24.6.0-1.0.1.el65 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 24.6.0-1 - Update to 24.6.0 ESR 24.5.0-2 - Disabled unused patches...
thunderbird security update
24.6.0-1.0.1.el65 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 24.6.0-1 - Update to 24.6.0...
qemu-kvm security and bug fix update
0.12.1.2-2.415.el65.10 - kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch bz1095692 - kvm-usb-sanity-check-setupindex-setuplen-in-postload.patch bz1095743 - kvm-usb-sanity-check-setupindex-setuplen-in-postload-2.patch bz1095743 -...
unbreakable enterprise kernel security update
2.6.39-400.215.2 - futex: Make lookuppistate more robust Thomas Gleixner Orabug: 18918614 CVE-2014-3153 - futex: Always cleanup owner tid in unlockpi Thomas Gleixner Orabug: 18918614 CVE-2014-3153 - futex: Validate atomic acquisition in futexlockpiatomic Thomas Gleixner Orabug: 18918614...
Unbreakable Enterprise kernel security update
kernel-uek 2.6.32-400.36.2uek - futex: Make lookuppistate more robust Thomas Gleixner Orabug: 18918736 CVE-2014-3153 - futex: Always cleanup owner tid in unlockpi Thomas Gleixner Orabug: 18918736 CVE-2014-3153 - futex: Validate atomic acquisition in futexlockpiatomic Thomas Gleixner Orabug:...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-35.1.1.el6uek - futex: Make lookuppistate more robust Thomas Gleixner Orabug: 18918552 CVE-2014-3153 - futex: Always cleanup owner tid in unlockpi Thomas Gleixner Orabug: 18918552 CVE-2014-3153 - futex: Validate atomic acquisition in futexlockpiatomic Thomas Gleixner Orabug:...
openssl security update
1.0.1e-16.14 - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerabilit...
openssl security update
0.9.8e-27.3 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability 0.9.8e-27.1 - replace expired GlobalSign Root CA certificate in ca-bundle.crt...
openssl097a and openssl098e security update
0.9.8e-18.0.1.el65.2 - Updated the description 0.9.8e-18.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability 0.9.8e-18 - fix for CVE-2012-2110 - memory corruption in asn1d2ireadbio 814185...
gnutls security update
2.8.5-14 - fix session ID length check 1102024...
libtasn1 security update
2.3-6 - added check for null pointer 1102336 2.3-5 - fix various DER decoding issues 1102336 2.3-4 - fix CVE-2012-1569 - missing length check when decoding DER lengths 804920...
gnutls security update
1.4.1-16 - added missing check for null pointer 1102355 1.4.1-15 - fix session ID length check and null pointer dereference 1102355 - fix minitasn1 issues 1102355 - Renamed gnutls-1.4.1-cve-2014-5138.patch to cve-2009-5138.patch...
squid security update
7:3.1.10-20.3 - Resolves: 1098134 - CVE-2014-0128 squid: denial of service when using SSL-Bump 7:3.1.10-20.2 - revert: Resolves: 1039088 - issues with timeout on HTTPS connections 7:3.1.10-20.1 - Resolves: 1093072 - issues with timeout on HTTPS connections...
libvirt security and bug fix update
0.10.2-29.0.1.el65.8 - Replace docs/et.png in tarball with blank image 0.10.2-29.el65.8 - LSN-2014-0003: Don't expand entities when parsing XML CVE-2014-0179 - QoS: make tc filters match all traffic rhbz1096806 - use virBitmapFree instead of VIRFREE for cpumask rhbz1091206 - Properly free vcpupin...
curl security and bug fix update
7.19.7-37.el65.3 - fix re-use of wrong HTTP NTLM connection CVE-2014-0015 - fix connection re-use when using different log-in credentials CVE-2014-0138 7.19.7-37.el65.2 - fix authentication failure when server offers multiple auth options 1096797 7.19.7-37.el65.1 - refresh expired cookie in test1...
mysql55-mysql security update
5.5.37-1 - Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419 Resolves: 1089202...
libxml2 security update
2.7.6-14.0.1.el65.1 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2-2.7.6-14.el65.1 - Improve handling of xmlStopParserCVE-2013-2877 - Do not fetch external parameter entities CVE-2014-0191...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-35.el6uek - ntty: Fix nttywrite crash when echoing in raw mode Peter Hurley Orabug: 18754908 CVE-2014-0196 CVE-2014-0196 3.8.13-34.el6uek - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18721960 CVE-2013-6383 - vhost: fix total length when packets are too...
Unbreakable Enterprise kernel security update
3.8.13-26.2.4.el6uek - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18721961 CVE-2013-6383 - vhost: fix total length when packets are too short Michael S. Tsirkin Orabug: 18721976 CVE-2014-0077...
Unbreakable Enterprise kernel security update
kernel-uek 2.6.32-400.34.5uek - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18723276 CVE-2013-6383...
Unbreakable Enterprise kernel security update
2.6.39-400.214.6 - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18721962 CVE-2013-6383 - vhost: fix total length when packets are too short Michael S. Tsirkin Orabug: 18721977 CVE-2014-0077...
kernel security and bug fix update
2.6.32-431.17.1 - scsi qla2xxx: Fixup looking for a space in the outstandingcmds array in qla2x00allociocbs Chad Dupuis 1085660 1070856 - scsi isci: fix reset timeout handling David Milburn 1080600 1040393 - scsi isci: correct erroneous foreachiscihost macro David Milburn 1074855 1059325 - kernel...
struts security update
1.2.9-4jpp.7 - Resolves: rhbz1092457 - CVE-2014-0114: Fixed ClassLoader manipulation vulnerability - Added dist tag to release...
firefox security update
24.5.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel = 4.10.0 to fix build failure 24.5.0-1 - Update to 24.5.0 ESR 24.4.0-3 - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 24.4.0...
thunderbird security update
24.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 24.5.0-1 - Update to 24.5.0...
kernel security, bug fix, and enhancement update
kernel 2.6.18-371.8.1.0.1 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function orabug 14277030 - oprofile oprofile, x86: Fix nmi-unsafe callgraph support orabug 14277030 - oprofile oprofile: use...
kernel security, bug fix, and enhancement update
kernel 2.6.18-371.8.1 - virt HID: memory corruption flaw drivers/usb/input/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - virt HID: memory corruption flaw in drivers/hv/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - scsi lpfc: Fix task management commands having a fixed...
tomcat6 security update
0:6.0.24-64 - Resolves: CVE-2014-0050 0:6.0.24-63 - Resolves: CVE-2013-4322 CVE-2013-4286...
qemu-kvm security update
0.12.1.2-2.415.el65.8 - kvm-virtio-net-fix-guest-triggerable-buffer-overrun.patch bz1078605 bz1078849 - kvm-qcow2-Check-backingfileoffset-CVE-2014-0144.patch bz1079452 bz1079453 - kvm-qcow2-Check-refcount-table-size-CVE-2014-0144.patch bz1079452 bz1079453 -...