9160 matches found
libsoup security update
2.72.0-12.3 - Fix patch for CVE-2025-14523 to handle comparison case-insensitively 2.72.0-12.2 - Backport patch for CVE-2025-14523 2.72.0-12.1 - Backport patch for CVE-2025-4945 and CVE-2025-11021...
libsoup security update
2.62.3-11 - Backport patch for CVE-2025-14523...
mariadb:10.11 security update
galera mariadb 3:10.11.15-1 - Rebase to 10.11.15 - Resolves: RHBZ2417697 3:10.11.14-3 - Add installation of downstream sysusers.d config file in place of the upstream one 3:10.11.14-3 - Bump release for tmpfiles.d change 3:10.11.14-2 - Revert to soft static allocation of MariaDB and MySQL...
httpd security update
2.4.6-99.0.9.1 - Fix CVE-2025-58098 Orabug: 38816066 2.4.6-99.0.7.1 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 2.4.6-99.0.5.1 - Differentiate trusted sources Orabug: 37100272CVE-2024-38476 2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug:...
mariadb:10.3 security update
galera Judy mariadb 3:10.3.39-2 - Release bump for rebuild...
openssl security update
1:1.1.1k-14 - Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap Fix CVE-2025-9230 Resolves: RHEL-128613 - Fix bug for ticketlifetimehint exceed issue Resolves: RHEL-119891...
cups security update
1:2.3.3op2-34.2 - fix use-after-free reported by OSH 1:2.3.3op2-34.1 - RHEL-129746 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack - RHEL-129738 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues...
libpng security update
2:1.6.34-9 - CVE-2025-64720: buffer overflow RHEL-131452 - CVE-2025-65018: heap buffer overflow RHEL-131465 - CVE-2025-66293: out-of-bounds read in pngimagereadcomposite RHEL-133226 2:1.6.34-8 - Remove redundant fix for CVE-2017-12652 2:1.6.34-7 - Add upstream test suite and enable it in gating...
mariadb:10.5 security update
galera Judy mariadb 3:10.5.29-3 - Release bump for rebuild...
mariadb:10.11 security update
galera Judy mariadb 3:10.11.10-2 - Release bump for rebuild...
mingw-libpng security update
1.6.34-1 - Rebase to version 1.6.34 - Fix the following CVEs CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 - Resolves: RHEL-131458 - Resolves: RHEL-131471 - Resolves: RHEL-133229...
libpng security update
2:1.6.37-12.1 - CVE-2025-64720: buffer overflow RHEL-131580 - CVE-2025-65018: heap buffer overflow RHEL-131593 - CVE-2025-66293: out-of-bounds read in pngimagereadcomposite RHEL-133287...
mariadb security update
3:10.5.29-3 - Release bump for rebuild...
poppler security update
20.11.0-13 - Check bitmap in combine - Resolves: RHEL-131786...
poppler security update
21.01.0-23 - Bump release for build inheritance - Resolves: RHEL-131792 21.01.0-22 - Check bitmap in combine - Resolves: RHEL-131795, RHEL-131792...
python3.12 security update
3.12.12-1 - Update to 3.12.12 - Security fix for CVE-2025-8291 and CVE-2025-12084 Resolves: RHEL-128364, RHEL-135391...
bind security update
32:9.11.4-26.0.5.P2.16 - Resolve CVE-2025-40778 Orabug: 38699863 32:9.11.4-26.0.3.P2.16 - Resolve CVE-2024-11187 Orabug: 37616907 32:9.11.4-26.0.1.P2.16 - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Add ability to change runtime limits for max types and records per name 32:9.11.4-26.P2.16 -...
thunderbird security update
140.6.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.6.0 - Add OpenELA debranding 140.6.0-1 - Update to 140.6.0 ESR...
tar security update
2:1.34-9 - Fix the last patch to solve a regression with -x and --xattrs: RHEL-136277 also, fix another tiny mistake in the patch w/o visible consequences 2:1.34-8 - Backport upstream changes to jailify extraction directory Includes related gnulib changes to add openat2 Fixes CVE-2025-45582...
rsync security update
3.1.2-12.0.3 - Fix CVE-2024-12087 Orabug: 38771262 3.1.2-12.0.1 Back port fix for CVE-2024-12085 Orabug: 37524229...
audiofile security update
1:0.3.6-9.0.1 - Fix null pointer dereference CVE-2025-50950Orabug: 38777980 1:0.3.6-9 - Apply security patches. CVE-2018-17095, CVE-2018-13440 - Resolves: rhbz1600369, rhbz1601014, rhbz1637128 1:0.3.6-8 - Escape macros in %changelog 1:0.3.6-7 - Merge upstream pull requests 42,43,44 from Agostino...
gcc-toolset-14-binutils security update
2.41-5.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130669...
httpd:2.4 security update
httpd 2.4.37-65.0.1.7 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.7 - Resolves: RHEL-135054 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable...
python39:3.9 security update
modwsgi numpy python39 3.9.25-2 - Add explicit BR: libxcrypt-devel - Properly apply exported CFLAGS for dtrace/systemtap builds - Update to Python 3.9.25 - Move sysconfigdatadlinux.py to the debug subpackage - Fedora contributions by: Bjorn Esser Charalampos Stratakis Karolina Surma Tomas Orsava...
Unbreakable Enterprise kernel security update
5.4.17-2136.350.3.2 - fs/proc: fix uaf in procreaddirde Wei Yang Orabug: 38786776 CVE-2025-40271 5.4.17-2136.350.3.1 - Reapply 'cpuidle: menu: Avoid discarding useful information' Harshvardhan Jha Orabug: 38744458 - fbcon: fix integer overflow in font allocation Samasth Norway Ananda Orabug:...
thunderbird security update
140.6.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.6.0 - Add OpenELA debranding 140.6.0-1 - Update to 140.6.0 ESR...
Unbreakable Enterprise kernel security update
5.15.0-315.196.5.2 - tipc: Fix use-after-free in tipcmonreinitself. Kuniyuki Iwashima Orabug: 38786195 CVE-2025-40280 - fs/proc: fix uaf in procreaddirde Wei Yang Orabug: 38786194 CVE-2025-40271 - vsock: Ignore signal/timeout on connect if already established Michal Luczaj Orabug: 38786193...
grafana security update
9.2.10-26.0.1 - Fixes CVE-2024-1442 Add email verification when updating user email Orabug: 38550520 9.2.10-26 - Resolves RHEL-125664: CVE-2025-58183 - Resolves RHEL-132759: Grafana-selinux prevents plugins from searching cgroups...
httpd security update
2.4.62-7.0.1.3 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-7.3 - Resolves: RHEL-135063 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable override...
git-lfs security update
3.4.1-6 - Backport CVE-2025-26625 fixes - Resolves: RHEL-122423...
git-lfs security update
3.6.1-4 - Backport fix for CVE-2025-26625 - Resolves: RHEL-122431...
mod_md security update
1:2.4.26-1.1 - Resolves: RHEL-134496 - httpd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753...
php:8.3 security update
php 8.3.26-1 - rebase to 8.3.26 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 5.1.21-1 - update to 5.1.21 for PHP 8.1 2070040 php-pecl-redis6 6.1.0-2 - ignore 1 ONLINE test 6.1.0-1 - RHEL build 6.1.0-1 - update to 6.1.0 - drop patch merged upstream 6.1.0RC2-1 - update to 6.1.0R...
libssh security update
0.10.4-17 - Bump spec to resolve build tagging issues 0.10.4-16 - Fix CVE-2025-5987 Resolves: RHEL-130051 - Workaround sshd failure rate limiting in tests Resolves: RHEL-135506...
python3.9 security update
3.9.25-2.0.1 - Remove upstream URL reference 3.9.25-2 - Move sysconfigdatadlinux.py to the debug subpackage 3.9.25-1 - Update to Python 3.9.25 3.9.24-1 - Update to Python 3.9.24...
binutils security update
2.35.2-67.0.1.1 - Merge Oracle patches to 2.35.2-67.1. - CVE-2025-11083 - Reviewed-by: David Faust Oracle history: September-24-2025 Bruce McCulloch - 2.35.2-67.0.1 - Merge Oracle patches to 2.35.2-66. - Reviewed-by: Jose E. Marchesi September-5-2025 Bruce McCulloch - 2.35.2-66.0.1 - Merge Oracle...
gimp security update
2:2.22-1.0.5 - Fixes CVE-2025-10922 and CVE-2025-10934 Orabug: 38739185 2:2.8.22-1.0.3 - Fixes CVE-2025-5473 GIMP ICO File Parsing Integer Overflow Orabug: 38110877 - Fixes CVE-2025-48797 Multiple heap buffer overflows in TGA parser - Fixes CVE-2025-48798 Multiple use after free in XCF parser...
binutils security update
2.30-128.0.1 - Forward port Oracle patches to 2.30-128 - CVE-2025-11083 Reviewed-by: TBD Oracle history: October-8-2025 Bruce McCulloch - 2.30-127.0.1 - Forward port Oracle patches to 2.30-127. - Muting some failing ld-ctf tests. Reviewed-by: Jose E. Marchesi November-14-2024 Bruce McCulloch -...
kernel security update
5.14.0-611.16.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
python3.12 security update
3.12.12-1.0.1 - Remove upstream URL reference 3.12.12-1 - Update to 3.12.12 Resolves: RHEL-125856...
gcc-toolset-13-binutils security update
2.40-21.0.1.1 - Forward-port Oracle patches to 2.40-21.1. - CVE-2025-11083 - Reviewed-by: David Faust Oracle history: April-02-2024 Jose E. Marchesi - 2.40-21.0.1 - Forward-port Oracle patchs to 2.40-21. - Reviewed-by: Cupertino Miranda December-15-2023 Jose E. Marchesi - 2.40-13.0.1 - libctf,...
openssh security update
8.0p1-27.0.1 - Update upstream references Orabug: 36587718 8.0p1-27 - CVE-2025-61984: Reject usernames with control characters Resolves: RHEL-128400 - CVE-2025-61985: Reject URL-strings with NULL characters Resolves: RHEL-128390...
curl security update
7.61.1-34.el810.9 - cookie: don't treat the leading slash as trailing CVE-2025-9086 Resolves: RHEL-121655...
python-kdcproxy security update
0.3.2-3.0.1 - Use DNS discovery for declared realms only CVE-2025-59088 Orabug: 38745300 - Fix DoS vulnerability based on unbounded TCP buffering CVE-2025-59089...
webkit2gtk3 security update
2.50.4-1 - Update to 2.50.4...
skopeo security update
1:1.20.0-2 - rebuild for CVE-2025-58183 - Resolves: RHEL-125717...
podman security update
5.6.0-9.0.1 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 6:5.6.0-9 - update to the latest content of...
webkit2gtk3 security update
2.50.4-1 - Update to 2.50.4...
openssh security update
8.7p1-47.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-47 - CVE-2025-61984: Reject usernames with control characters Resolves: RHEL-1284...
glibc security update
2.28-251.0.3.27 - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: August-5-2025 Cupertino Miranda - 2.28-251.0.3.25 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi June-9-2025 Cupertino Miranda - 2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by:...