8984 matches found
ruby:3.3 security update
ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 3.3.10-5 - Upgrade to Ruby 3.3.10. Resolves: RHEL-127912 - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes...
libpng security update
2:1.6.40-8.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161324...
ruby security update
3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244...
libpng security update
2:1.6.37-12.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161436...
vim security update
2:7.4.629-8.0.3 - Security update CVE-2026-25749 CVE-2026-28417 - CVE-2026-28421 CVE-2026-33412 Orabug: 39170094...
giflib security update
4.1.6-9.0.3 - Security update for CVE-2026-23868 Orabug: 39230174...
bind security update
32:9.11.4-26.0.7.P2.16 - Resolve CVE-2026-1519 Orabug: 39275755 32:9.11.4-26.0.5.P2.16 - Resolve CVE-2025-40778 Orabug: 38699863 32:9.11.4-26.0.3.P2.16 - Resolve CVE-2024-11187 Orabug: 37616907...
gimp:2.8 security update
gimp 2:2.8.22-26.6 - fix CVE-2026-4150 - fix CVE-2026-4153 - fix CVE-2026-4154 - fix CVE-2026-4887 2:2.8.22-26.5 - fix CVE-2026-0797 - fix CVE-2026-2044 - fix CVE-2026-2045 - fix CVE-2026-2048 2:2.8.22-26.4 - fix CVE-2025-14422 2:2.8.22-26.3 - fix CVE-2025-10920 - fix CVE-2025-10921 - fix...
rsync security update
3.1.3-25 - Resolves: RHEL-169141 - CVE-2026-41035 - Use-after-free vulnerability in extended attribute handling...
kernel security update
5.14.0-611.55.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
Unbreakable Enterprise kernel security update
6.12.0-202.76.4.2 - net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks Victor Nogueira Orabug: 39361451 CVE-2026-23270 - netfilter: nftables: always walk all pending catchall elements Florian Westphal Orabug: 39361449 CVE-2026-23278 - nfsd: fix heap overflow in NFSv4.0...
yggdrasil security update
0.4.8-5 - Bump release for rebuild...
gimp security update
2:3.0.4-1.5 - fix CVE-2026-4150 - fix CVE-2026-4151 - fix CVE-2026-4152 - fix CVE-2026-4153 - fix CVE-2026-4154 - fix CVE-2026-4887...
jq security update
1.7.1-13 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions 1.7.1-12 - Fix CVE-2026-39979 out-of-bounds read in jvparsesized...
kernel security update
4.18.0-553.124.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
git-lfs security update
3.4.1-10 - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 3.4.1-9 - Rebuild with new Golang - Resolves: RHEL-156637...
jq security update
1.6-19.0.2 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Resolves: RHEL-168184 1.6-19.1 - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168201 1.6-19 - Fix CVE-2025-48060 - Resolves: RHEL-92993 1.6-18 - Fix CVE-2024-23337 -...
Unbreakable Enterprise kernel security update
5.15.0-320.202.8.3 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache Jeff Layton Orabug: 39362036 CVE-2026-31402 - net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks Victor Nogueira Orabug: 39362005 CVE-2026-23270 - KVM: x86: disable preemption around the call to...
krb5 security update
1.18.2-34.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-34 - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Resolves: RHEL-171589 RHEL-171594...
jq security update
1.6-12 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168174 - Resolves: RHEL-168192...
kernel security update
6.12.0-124.56.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...
freerdp security update
2:2.11.7-1.7 - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in bitmapcacheput CVE-2026-29775 - Add DSP format checks CVE-2026-31884 - Fix DSP array bounds checks CVE-2026-31883 - Fix DSP array bounds...
glib2 security update
2.80.4-13 - Fix CVE-2025-14087 and CVE-2025-14512 2.80.4-12 - Fix NVR 2.80.4-11 - Add patch for CVE-2025-13601...
glib2 security update
2.68.4-169 - Add patch for CVE-2025-14087 and CVE-2025-14512...
glib2 security update
2.68.4-18.2 - Add patch for CVE-2025-14087 and CVE-2025-14512...
libsoup3 security update
3.6.5-11 - Add patches for CVE-2026-4271 and CVE-2026-5119 3.6.5-10 - Add patch for CVE-2026-1761 3.6.5-9 - Fix CVE-2026-0719 3.6.5-8 - Fix CVE-2025-14523 3.6.5-7 - Add patch for CVE-2025-12105 3.6.5-6 - Fix integer overflow in date/time parsing 3.6.5-5 - Bump revision number 3.6.5-4 - Fix severa...
libtiff security update
4.0.9-37 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159316...
thunderbird security update
140.10.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.10.0 - Add OpenELA debranding 140.10.0-1 - Update to 140.10.0 ESR...
freerdp security update
2:3.10.3-5.8 - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix clipboard use-after-free during auto-reconnect CVE-2026-25997 - Fix heap-buffer-overflow in bitmapcacheput CVE-2026-29775 - Add DSP format checks CVE-2026-31884 - Fix DSP array bounds checks CVE-2026-31883 - Fix DSP...
openexr security update
3.1.10-8.2 - fix CVE-2026-34588...
freerdp security update
2:2.11.7-9 - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159850 2:2.11.7-8 - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in bitmapcacheput CVE-2026-29775 - Add DSP...
openexr security update
3.1.1-3.2 - fix CVE-2026-34588...
corosync security update
3.1.9-2.1 - Resolves: RHEL-163815 - Resolves: RHEL-163836 - totemsrp: Return error if sanity check fails fixes CVE-2026-35091 - totemsrp: Fix integer overflow in membjoinsanity fixes CVE-2026-35092...
Unbreakable Enterprise kernel security update
6.12.0-202.76.4.1 - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Hyunwoo Kim Orabug: 39344513 CVE-2026-43500 - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells Orabug: 39344513 - rxrpc: only handle RESPONSE during service challenge Wang Jie...
Unbreakable Enterprise kernel security update
5.4.17-2136.355.3.1 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39344527 CVE-2026-43284 - x86/CPU/AMD: Add a fix for AMD-SB-7052 Prathyushi Nangia Orabug: 39344576 CVE-2025-54518 5.4.17-2136.355.3 - crypto: algifaead - Fix minimum RX size check for decryption...
Unbreakable Enterprise kernel security update
5.15.0-320.202.8.2 - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39344515 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39344515 CVE-2026-43284 5.15.0-320.202.8.1 - x86/CPU/AMD: Add a fix for AMD-SB-7052 Prathyushi Nangia Orabug...
Unbreakable Enterprise kernel security update: Dirty Frag
5.4.17-2136.354.4.3 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39342682 CVE-2026-43284...
Unbreakable Enterprise kernel security update: Dirty Frag
5.15.0-319.201.4.6 - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39342679 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39342679 CVE-2026-43284 5.15.0-319.201.4.5 - iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings...
Unbreakable Enterprise kernel security update: Dirty Frag
6.12.0-201.74.2.3 - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Hyunwoo Kim Orabug: 39342689 CVE-2026-43500 - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells Orabug: 39342689 - rxrpc: only handle RESPONSE during service challenge Wang Jie...
corosync security update
3.1.8-1.1 - Resolves: RHEL-163805 - Resolves: RHEL-163826 - totemsrp: Return error if sanity check fails fixes CVE-2026-35091 - totemsrp: Fix integer overflow in membjoinsanity fixes CVE-2026-35092...
mingw-libtiff security update
4.0.9-4 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile Resolves: RHEL-159337...
python security update
2.6.6-68.0.6 - Fix CVE-2026-4519 Orabug: 39253111...
resource-agents security update
4.9.0-54.33 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157190 4.9.0-54.32 - db2: do not use db2stop to avoid divergence in the log Resolves: RHEL-166181 4.9.0-54.31 - db2: set reintegration when promotion is successful Resolves: RHEL-153157...
libpng security update
2:1.6.40-8.3 - fix CVE-2026-33636: out-of-bounds R/W in the palette expansion on ARM Neon RHEL-161208...
libpng security update
2:1.6.37-12.3 - fix CVE-2026-33636: out-of-bounds R/W in the palette expansion on ARM Neon RHEL-161291...
freeipmi security update
1.6.17-1 - Update to 1.6.17, fixes CVE-2026-33554...
gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update
gstreamer1-plugins-bad-free 1.10.4-4.0.1 - Security update for CVE-2026-3082 Orabug: 39199326 gstreamer1-plugins-base 1.10.4-2.0.3 - Security update for CVE-2026-2921 Orabug: 39199326 1.10.4-2.0.1 - Fixed CVE-2024-47607,CVE-2024-47538 and CVE-2024-47615 Orabug: 37407070 gstreamer1-plugins-good...
image-builder security update
45-1.0.4 - Rebuilt to fix CVE-2026-25679, CVE-2026-27137...
image-builder security update
45-1.0.4 - Rebuilt to fix CVE-2026-25679, CVE-2026-27137...
git-lfs security update
3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651...