9151 matches found
firefox security update
140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.12.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.12.0-1 - Update to 140.12.0 ESR...
evince security update
40.5-4.el98.1 - Sanitize arguments CVE-2026-46529 - Resolves: RHEL-184047...
libxslt security update
1.1.34-14.0.1.el98.1 - Fix memory leak in exclPrefixPush Orabug: 37871881 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.34-14.1 - Fix CVE-2025-10911 RHEL-171991 1.1.34-14.1 - Fix upgrade path for CVE-2023-40403 RHEL-82213 1.1.34-12.1 - Fix CVE-2023-40403...
postfix security update
2:3.5.25-3 - Fix for CVE-2026-43964: buffer over-read via malformed enhanced status code. Resolves: RHEL-176550...
webkit2gtk3 security update
2.52.4-1 - Update to 2.52.4...
golang security update
1.26.3-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var 1.26.3-1 - Update to Go 1.26.3 fips-1 - Resolves: RHEL-175607...
samba security update
0:4.23.5-10 - Bump build number 0:4.23.5-9 - Security release for CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 CVE-2026-4480 CVE-2026-40170 CVE-2026-4408 - resolves: RHEL-156319 - CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 samba: various flaws - resolves: RHEL-161657 - CVE-2026-4480 - Fix Samba...
expat security update
2.5.0-6.1 - Fix CVE-2026-45186 - Resolves: RHEL-177988...
jq security update
1.6-19.2 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Resolves: RHEL-168185 1.6-19.1 - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168202...
httpd security update
2.4.62-13.0.1.el98.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-13.1 - Resolves: RHEL-173555 - httpd: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-28780 - Resolves: RHEL-175080 - httpd: NULL pointer dereference can...
freerdp security update
2:2.11.7-7.3 - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 2:2.11.7-7.2 - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in bitmapcacheput CVE-2026-29775 - Add D...
nginx security update
1.20.1-28.0.1.el98.2 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-28.2 - Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 2:1.20.1-28.1 -...
krb5 security update
1.21.1-10.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-10 - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Resolves: RHEL-171590 RHEL-171596...
389-ds-base security, bug fix, and enhancement update
2.8.0-7 - Resolves: RHEL-152356 - Getting 'buildcandidatelist - Database error 11' messages after migrating to LMDB. rhel-9.8.z - Resolves: RHEL-168967 - Web console doesn't show the sub suffix of ou=foo,ou=people,dc=example,dc=com. rhel-9.8.z - Resolves: RHEL-170269 - DS 12 does not handle escap...
fence-agents security update
4.10.0-110.3 - bundled PyJWT: upgrade to v2.13.0 to fix CVE-2026-48526 Resolves: RHEL-182313 4.10.0-110.2 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157202 4.10.0-110.1 - bundled cryptography: replace with dependency to fix CVE-2026-26007 - bundled PyJWT: upgrade to v2.12.1 to fix...
.NET 9.0 security update
9.0.118-1.0.1 - Add support for Oracle Linux 9.0.118-1 - Update to .NET SDK 9.0.118 and Runtime 9.0.17 - Resolves: RHEL-181553 9.0.117-1 - Update to .NET SDK 9.0.117 and Runtime 9.0.16 - Resolves: RHEL-173918...
.NET 8.0 security update
8.0.128-1.0.1 - Add support for Oracle Linux 8.0.128-1 - Update to .NET SDK 8.0.128 and Runtime 8.0.28 - Resolves: RHEL-181055 8.0.127-1 - Update to .NET SDK 8.0.127 and Runtime 8.0.27 - Resolves: RHEL-173923...
.NET 10.0 security update
10.0.109-1.0.1 - Add support for Oracle Linux 10.0.109-1 - Update to .NET SDK 10.0.109 and Runtime 10.0.9 - Resolves: RHEL-181558 10.0.108-1 - Update to .NET SDK 10.0.108 and Runtime 10.0.8 - Resolves: RHEL-173910...
unbound security update
1.24.2-3.1 - Fix CVE-2026-33278 RHEL-177822 Fix CVE-2026-42944 RHEL-177936 Fix CVE-2026-42959 RHEL-177797 1.24.2-3 - Install correct trust anchor source in Image Mode RHEL-127540...
thunderbird security update
140.11.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.11.0 - Add OpenELA debranding 140.11.0-1 - Update to 140.11.0 ESR 140.10.1-1 - Update to 140.10.1 ESR...
bind9.18 security update
32:9.18.29-14.2 - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946...
nginx:1.24 security update
1.24.0-7.1.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-7.1 - Resolves: RHEL-176234 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 1:1.24.0-7 - Resolves: RHEL-157889 CVE-2026-32647...
postgresql:16 security update
pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1 postgres-decoderbufs 2.4.0-1.Final - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql 16.14-1 - Update to 16.14 - Fix...
redis:7 security update
7.2.14-1.0.1 - Build with 64k pages to support redis on UEK on aarch64 7.2.14-1 - rebase to 7.2.14 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631...
kernel security, bug fix, and enhancement update
4.18.0-553.136.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
libpq security update
13.23-2 - Backport fixes for CVE-2026-6478, CVE-2026-6637, CVE-2026-6477, CVE-2026-6475, CVE-2026-6473 from PostgreSQL 14.23 - Resolves: RHEL-179806...
firefox security update
140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.12.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.12.0-1 - Update to 140.12.0 ESR...
postgresql:15 security update
pgaudit 1.7.0-1 - Update to 1.7.0 - Support postgresql 15 - Related: 2128241 1.5.0-1 - Update to version 1.5.0 Related: 1855776 1.4.0-4 - Bump release for rebuild against libpq-12.1-3 1.4.0-3 - BuildRequires libpq-devel 1.4.0-2 - BuildRequires postgresql-server-devel 1.4.0-1 - Update to 1.4.0...
redis:6 security update
6.2.22-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.22-1 - rebase to 6.2.22 for CVE-2026-25243...
openssl security update
1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolves: RHEL-180983 1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing...
openssh security update
7.4p1-23.0.5 - Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35385Orabug: 39480251...
389-ds:1.4 security update
1.4.3.39-24 - Bump version to 1.4.3.39-24 - Resolves: RHEL-170278 - Memory leaks in syncrepl plugin during persistent search operations rhel-8.10.z - Resolves: RHEL-163375 - WARN - keys2idl - received NULL idl from indexreadextallids - Resolves: RHEL-159306 - ns-slapd crash in libdb possible memo...
xorg-x11-server-Xwayland security, bug fix, and enhancement update
21.1.3-20.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184293 21.1.3-20.1 - CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263 Resolves:...
xorg-x11-server security, bug fix, and enhancement update
1.20.11-28.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184289 1.20.11-28.1 - CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263, CVE-2026-50264 Resolves:...
httpd:2.4 security update
httpd 2.4.37-65.0.1.8 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.8 - Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-28780 - Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointe...
dracut security update
049-244.git20260529.0.1 - Refactor getucodefile Orabug: 36989953 - Revert the fixes for bugs 33676753 and 33888951 due to regressions Orabug: 35656614 - Fix typo in orabug33888951-dracut-Enable-the-code-to-create-ifcfg-file.patch Orabug: 35268918 - Enable the code to create ifcfg file Orabug:...
kernel security update
4.18.0-553.134.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
libpng15 security update
1.5.30-9 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161346...
libxml2 security update
2.9.7-21.5 - Fix CVE-2024-34459 RHEL-36405...
libpng12 security update
1.2.57-7 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161345...
hplip security update
3.18.4-13 - Fix more leaks in hpcups 3.18.4-12 - OSH fixes after CVE-2026-8631 3.18.4-11 - CVE-2026-8631 hplip: Arbitrary code execution and privilege escalation via integer overflow in hpcups 3.18.4-10 - CVE-2026-8632 hplip: Privilege escalation and arbitrary code execution via OS command...
rsync security update
3.1.3-27 - Integer overflow in compressed-token decoding CVE-2026-43618 - Resolves: RHEL-174951 3.1.3-26 - Resolves: RHEL-174950 - CVE-2026-29518 - TOCTOU symlink race in non-chrooted daemon modules...
openssl security update
1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolves: RHEL-180983...
postfix security update
2:3.5.8-8 - Fix for CVE-2026-43964: buffer over-read via malformed enhanced status code. Resolves: RHEL-176548...
libxslt security update
1.1.32-6.4.0.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.32-6.4 - Fix CVE-2025-10911 RHEL-171739...
opencryptoki security update
3.22.0-3.3 - Resolves: RHEL-171558, Fix possible out-of-bounds access in BER decode functions...
Unbreakable Enterprise kernel security update
6.12.0-203.76.7.5 - uek-rpm: avoid final module link in early FIPS symvers pass Sherry Yang Orabug: 39563330 - netfilter: nftables: unconditionally bump set-nelems before insertion Pablo Neira Ayuso Orabug: 39562729 CVE-2026-23272 6.12.0-203.76.7.4 - net: bonding: fix use-after-free in...
firefox security update
140.10.0-1.0.1 - Update to 140.10.0 ESR Orabug: 39499844CVE-2026-6746CVE-2026-6747 CVE-2026-6748CVE-2026-6749CVE-2026-6750CVE-2026-6751CVE-2026-6752 CVE-2026-6753CVE-2026-6754CVE-2026-6757CVE-2026-6759CVE-2026-6761 CVE-2026-6762CVE-2026-6763CVE-2026-6764CVE-2026-6765CVE-2026-6766...
Unbreakable Enterprise kernel security update
5.15.0-321.202.5.2 - net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption Muhammad Alifa Ramdhan Orabug: 39543209 CVE-2026-31533 - net: fix fanout UAF in packetrelease via NETDEVUP race Yochai Eisenrich Orabug: 39543208 CVE-2026-31504 - net: tap: NULL pointer derefence in...
gstreamer-plugins-base and gstreamer-plugins-good security update
gstreamer-plugins-base 0.10.36-10.0.1 - Security update CVE-2026-2921 Orabug: 39201593 gstreamer-plugins-good 0.10.31-13.0.1 - Security update for CVE-2026-3083 CVE-2026-3085 Orabug: 39199326...