9151 matches found
evince security update
3.28.4-17 - Fix CVE-2026-46529: quote string arguments passed to evspawn - Resolves: RHEL-184039...
valkey security update
8.0.9-1 - Rebase to 8.0.9 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631...
gnutls security update
3.8.10-4 - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix CVE-2026-33845 DTLS fragment reassembly, High, heap overread - Fix CVE-2026-42010 PSK authentication, High, authentication bypass - Fix...
nginx:1.24 security update
1.24.0-3.0.1.2 - Remove Red Hat references Orabug: 29498217 1:1.24.0-3.2 - Resolves: RHEL-178676 - nginx:1.24/nginx: code execution and denial of service CVE-2026-9256 - Resolves: RHEL-182543 - nginx: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack 1:1.24.0-3.1 -...
postgresql:16 security update
pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47604 1.4.8-1 - Resolves: RHEL-3636 - Initial import for PG 16...
vim security update
8.0.1763-24.0.1 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-24 - CVE-2026-41411 vim: Command injection via backticks in tag files...
hplip security update
3.21.2-6.4 - Fix more leaks in hpcups 3.21.2-6.3 - OSH fixes after CVE-2026-8631 3.21.2-6.2 - CVE-2026-8631 hplip: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups 3.21.2-6.1 - CVE-2026-8632 hplip: Privilege escalation and arbitrary code execution via OS...
python-markdown security update
3.3.4-4.2 - Fix CVE-2025-69534 RHEL-153747...
tomcat security update
1:9.0.117-1 - Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation - Resolves: Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 - Resolves: Tomcat: Cloud membership for clustering component exposed the Kubernet...
tigervnc security update
1.15.0-7.1 - Fix CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003 xorg-x11-server: various XKB and XSYNC vulnerabilities Resolves: RHEL-163213 Resolves: RHEL-163281 Resolves: RHEL-163267 - Fix CVE-2026-34352 Resolves: RHEL-167986 1.15.0-7 - Fix CVE-2025-62229:...
php:8.2 security update
php 8.2.31-1 - rebase to 8.2.31 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 php-pecl-rrd 2.0.3-4 - build for PHP 8.1 2070040 2.0.3-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688 2.0.3-2 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz1971065...
memcached security update
0:1.6.9-7.1 - Fix timing side-channel in SASL password database authentication CVE-2026-47783 - Resolves: RHEL-179093...
podman security update
5.8.2-3.0.1 - Rework CNI/Netavark detection logic JIRA: EVG-3769 - Rebuild on new golang to support experimental GODEBUG fipsnoenforceems - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 6:5.8.2-3 - Rebuild for CVE-2026-32283 - Resolves: RHEL-167685 6:5.8.2-2 - Rebui...
xorg-x11-server security, bug fix, and enhancement update
1.20.11-34.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184288 1.20.11-34.1 - CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263, CVE-2026-50264 Resolves:...
kernel security update
4.18.0-553.137.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
flatpak security update
1.12.9-4.1 - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165643 - Fix arbitrary file deletion on host via improper cache file path validation Resolves: RHEL-170171...
compat-openssl11 security update
1:1.1.1k-5.3 - Fixes CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing Resolves: RHEL-165863...
postgresql-jdbc security update
42.2.28-2.2 - Add tests for CVE-2026-42198 42.2.28-2.1 - Fix CVE-2026-42198: limit SCRAM PBKDF2 iterations to prevent DoS - Resolves: RHEL-173489...
dovecot security update
1:2.3.16-18 - rebuild 1:2.3.16-17 - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161640 - fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command RHEL-162288 - fix CVE-2026-27857: denial of service via...
gimp security update
2:3.0.4-4.4 - fix CVE-2026-4150 - align with Y-stream - fix CVE-2026-4151 - fix CVE-2026-4152 - fix CVE-2026-4153 - fix CVE-2026-4154 - fix CVE-2026-4887 2:3.0.4-4.3 - fix CVE-2026-4150 - Resolves: RHEL-167738...
libexif security update
0.6.22-6.1 - Fix integer underflow in MakerNote decoding CVE-2026-40386 - Fix integer overflow in Nikon MakerNote handling CVE-2026-40385 Resolves: RHEL-170253, RHEL-170234...
poppler security update
21.01.0-24.el98.1 - Fix integer overflow in tilingPatternFill CVE-2026-10118 - Resolves: RHEL-180580...
virt:kvm_utils3 security update
hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 1.3.18-22.el8 - Resolves: bz2000225 Rebase virt:rhel module:stream based on AV-8.6 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade...
dnsmasq security update
2.85-18.1 - Prevent overflow in extractname function CVE-2026-2291 - Prevent DoS in DNSSEC validation CVE-2026-4890 - Prevent out-of-bounds read in DNSSEC validation CVE-2026-4891 - Prevent out-of-bounds write in DHCPv6 server CVE-2026-4892 - Prevent source check avoidance by RFC 7871 client-subn...
rsync security update
3.2.5-7.2 - Fix integer overflow in compressed-token decoding CVE-2026-43618 - Resolves: RHEL-174932 3.2.5-7.1 - Fix TOCTOU symlink race in daemon no-chroot mode CVE-2026-29518 - Resolves: RHEL-174952 3.2.5-4 - Resolves: RHEL-104404 - Do not clear DISPLAY unconditionally...
mod_http2 security update
2.0.26-6.1 - Resolves: RHEL-182417 - modhttp2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 2.0.26-6 - Resolves: RHEL-166293 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020...
pcs security update
0.11.11-2.el98.1 - Fixed CVE-2026-4800 by updating pcs-web-ui to 0.1.24.3 Resolves: RHEL-164206...
libcap security update
2.48-10.1 - Fix TOCTOU race condition in capsetfile CVE-2026-4878 Resolves: RHEL-169312...
openexr security update
3.1.1-3.2 - fix CVE-2026-34588...
libsndfile security update
1.0.32-9.1 - apply patch for CVE-2026-37555 Resolves: ?RHEL-174543...
python3.9 security update
3.9.25-7.0.1 - Remove upstream URL reference 3.9.25-7 - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 3.9.25-6 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 3.9.25-5 - Rebuilding previous fixes for different build target Related: RHEL-143117,...
jmc security update
8.2.0-5 - Remove the websocket plugin. Related: RHEL-168615 8.2.0-4 - Bump LZ4 Version to 1.10.2. Related: RHEL-135478...
cockpit security update
356.2-1.0.1 - Apply the patch for duplicate reference Orabug: 39250109 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference...
mysql:8.0 security update
mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo - Resolves: 2180411 0.996-2 - Rebuild to fix the issue described in 2000986 - Resolves: 2000986 0.996-1.9 - Release bump for rebuilding on new arches...
mysql:8.4 security update
mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo - Resolves: 2180411 0.996-2 - Rebuild to fix the issue described in 2000986 - Resolves: 2000986 0.996-1.9 - Release bump for rebuilding on new arches...
git-lfs security update
3.7.1-4 - Rebuild with new Golang - Resolves: RHEL-158765, RHEL-166675, RHEL-167677, RHEL-170838...
xorg-x11-server-Xwayland security, bug fix, and enhancement update
24.1.9-4.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184292 24.1.9-4.1 - CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263 Resolves:...
skopeo security update
1:1.22.2-6 - Rebuild for CVE-2026-32283 - Resolves: RHEL-167688 1:1.22.2-5 - Rebuild for CVE-2026-25679 - Re-add test file installation to fix tier0 tests - Resolves: RHEL-158789...
libsoup security update
2.72.0-16.1 - Backport patch for CVE-2026-5119 2.72.0-16 - Backport patch for CVE-2026-1761 2.72.0-15 - Backport patch for CVE-2026-0719 - Fix NTLM authentication test failures in FIPS mode 2.72.0-14 - Backport patch for CVE-2025-14523 2.72.0-13 - Backport patch for CVE-2025-4945 and CVE-2025-110...
frr security update
8.5.3-13 - Resolves: RHEL-174677 - denial of service via crafted FlowSpec component...
giflib update
5.2.1-10.1 - rebuild 5.2.1-10 - fix CVE-2026-23868: double free in GifMakeSavedImage RHEL-154864...
python3.14-urllib3 security update
2.6.3-2 - Security fix for CVE-2026-44431 and CVE-2026-44432 - Resolves: RHEL-184902 - Resolves: RHEL-185127...
libtasn1 security update
4.16.0-10 - Backport the fix for CVE-2025-13151 RHEL-139568...
vim security update
8.2.2637-26.0.1.el98.6 - Remove upstream references Orabug: 31197557 2:8.2.2637-26.6 - CVE-2026-41411 vim: Command injection via backticks in tag files 2:8.2.2637-26.5 - RHEL-170136 CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 2:8.2.2637-26.4 -...
python3.12-urllib3 security update
1.26.19-3 - Security fix for CVE-2026-44431 - Security fix for CVE-2026-44432 Resolves: RHEL-184901, RHEL-185126 1.26.19-2 - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 - Security fix for CVE-2026-21441 Resolves: RHEL-142909, RHEL-139399, RHEL-142922...
libxml2 security update
2.9.13-14.1 - Fix CVE-2024-34459 RHEL-177882...
libpng15 security update
1.5.30-15.1 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161449 1.5.30-15 - fix CVE-2026-25646: heap buffer overflow in pngsetquantize RHEL-148412...
grafana-pcp security update
5.1.1-15 - Resolves RHEL-166679: CVE-2026-32282 - Resolves RHEL-167679: CVE-2026-32283...
grafana security update
10.2.6-22 - Resolves RHEL-161803: CVE-2026-27877 - Resolves RHEL-166678: CVE-2026-32282 - Resolves RHEL-167678: CVE-2026-32283...
libtiff security update
4.4.0-18 - rebuild 4.4.0-15.3 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159331...