skopeo security and bug fix update

2:1.14.3-2 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 https://github.com/containers/skopeo/commit/5f2b9af - Resolves: RHEL-28736 2:1.14.3-1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14...

mod_http2 security update

2.0.26-2 - Resolves: RHEL-31855 - modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 2.0.26-1 - Resolves: RHEL-14691 - modhttp2 rebase to 2.0.26...

ipa security update

4.11.0-9.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 - Add bind to ipa-server-common Requires Orabug: 36518596 4.11.0-9 - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests...

pam security update

1.3.1-19.0.1 - pamlimits: fix use after free in pamsmopensession Orabug: 36406534 1.3.1-19 - pamnamespace: protectdir: use ODIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 1.3.1-18 - libpam: use getlogin from libc and not utmp. Resolves: RHEL-16727 - pamaccess:...

pcp security update

6.2.0-1.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-1 - Rebase to latest stable version of PCP RHEL-2317 6.1.1-4 - Fix pcp-ss1 handling of UDP packet states RHEL-17649 6.1.1-2 - Fix pcp-ss1 default handling of listen state RHEL-17335 - Added pcp package dependency on...

grub2 security update

2.06-77.0.1 - Support setting custom kernels as default kernels Orabug: 36043978 - Bump SBAT metadata for grub to 3 Orabug: 34872719 - Fix CVE-2022-3775 Orabug: 34871953 - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image Orabug...

mingw-glib2 security update

2.78.0-1 - Bump glib2 version 2.78.0 - Drop DesktopQE gating - Fix CVEs: CVE-2023-32636, CVE-2023-29499, CVE-2023-32611, CVE-2023-32665, DoS - Resolves: RHEL-5019 - Resolves: RHEL-5020 - Resolves: RHEL-5092 - Resolves: RHEL-5093 - Resolves: RHEL-5094...

ming2-puxman security update

0.42.2-3 - Bump pixman version 0.42.2 - Drop DesktopQE gating - Fix CVEs: CVE-2022-44638 - Resolves: RHEL-5013...

systemd security update

252-32.0.2 - Due to a new Orabug: 36564551 filed on April 29 2024, reverting from back to - previous Tony Lam patch Orabug: 25897792 until issue with Orabug: 36564551 is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch Orabug: 25897792 - Removed the following, associate...

edk2 security update

20231122-6.0.1 - Replace upstream references Orabug:36569119 20231122-6 - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853 - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch RHEL-21841...

buildah security update

1.33.6-2.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 2:1.33.6-2 - update tags for systemd libsubid - Resolves: RHEL-26594 2:1.33.6-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33...

libvirt security update

10.0.0-6.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 10.0.0-6 - qemu: virtiofs: do not crash if cgroups are missing RHEL-7386 - qemu: virtiofs: set correct label when creating the socket RHEL-7386 - qemu: virtiofs: error out if getting the group or user name fails RHEL-7386 10.0.0-5...

openssl and openssl-fips-provider security update

openssl 1:3.0.7-27.0.3 - Enable openssl-fips-provider dependency Orabug: 36504822 1:3.0.7-27.0.2 - Temporary disable openssl-fips-provider dependency Orabug: 36504822 1:3.0.7-27.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-27 - Use certified FIPS module instead of freshly built one ...

Image builder components bug fix, enhancement and security update

osbuild 110-1 - New upstream release 109-1 - New upstream release 106-1 - New upstream release 105-1 - New upstream release 104-2 - Fix unit tests in RHEL CI by backporting upstream fixes 104-1 - New upstream release 103-1 - New upstream release 102-1 - New upstream release 101-2 - Change unit-te...

httpd security update

2.4.57-8.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-8 - modxml2enc: fix media type handling Resolves: RHEL-17686 - moddav: add DavBasePath Resolves: RHEL-6600 2.4.57-7 - Resolves: RHEL-14447 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.57-...

avahi security update

0.8-20 - Fix CVE-2023-38469 RHEL-5637 0.8-19 - Fix CVE-2023-38471 RHEL-5642 0.8-18 - Fix CVE-2023-38472 RHEL-5645 0.8-17 - Fix CVE-2023-38470 RHEL-5641 0.8-16 - Fix CVE-2023-38473 RHEL-5729...

podman security update

2:4.9.4-0.1.0.1 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 2:4.9.4-0.1 - update to the...

pcs security update

0.11.7-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26446, RHEL-26448, RHEL-26450 0.11.7-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7740 0.11.6-6 - Rebased to the latest upstream sources see CHANGELOG.md Resolves:...

traceroute security update

3:2.1.0-18 - add gating.yaml 3:2.1.0-17 - fix improper command line parsing CVE-2023-46316...

tigervnc security update

1.13.1-8 - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20533 1.13.1-7 - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent...

libnbd security update

1.18.1-3 - Backport unit test of recent libnbd API addition resolves: RHEL-16292 1.18.1-2 - Fix assertion in ext-mode BLOCKSTATUS CVE-2023-5871 resolves: RHEL-15143 1.18.1-1 - Rebase to 1.18.1 resolves: RHEL-14476...

libjpeg-turbo security update

2.0.90.7 - Fix CVE-2021-29390 - Resolves: RHEL-5413...

python3.11-cryptography security update

37.0.2-6 - Security fix for CVE-2023-49083 - Resolves: RHEL-19832...

frr security update

8.5.3-4 - Resolves: RHEL-14825 - crafted BGP UPDATE message leading to a crash 8.5.3-3 - Resolves: RHEL-14822 - mishandled malformed data leading to a crash 8.5.3-2 - Resolves: RHEL-15915 - crash from specially crafted MPUNREACHNLRI-containing BGP UPDATE message - Resolves: RHEL-15918 - crash fro...

kernel security, bug fix, and enhancement update

5.14.0-427.13.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

runc security update

4:1.1.12-2 - Switch dependency on criu to Recommends - Resolves: RHEL-25116...

mingw components security update

mingw-binutils 2.41-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora40MassRebuild 2.41-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora40MassRebuild 2.41-1 - Update to 2.41 2.40-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora39MassRebuild mingw-crt Thu Jan 25 2024 Fedora Release...

python3.11 security update

3.11.7-1 - Rebase to 3.11.7 Resolves: RHEL-20233 3.11.5-2 - Security fix for CVE-2023-27043 Resolves: RHEL-21325...

file security update

5.39-16 - Fix stack-based buffer over-read in filecopystr CVE-2022-48554 5.39-15 - Fix segfault in python3-file-magic concurrent method calls...

mod_http2 security update

2.0.26-1 - Resolves: RHEL-14691 - modhttp2 rebase to 2.0.26...

libX11 security update

1.7.0-9 - Fix CVE-2023-43785: out-of-bounds memory access in XkbReadKeySyms - Fix CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage - Fix CVE-2023-43787: integer overflow in XCreateImage leading to a heap overflow...

tcpdump security update

14:4.99.0-9 - Resolves: RHEL-21558 - tcpslice: use-after-free in extractslice 14:4.99.0-8 - Resolves: RHEL-10714 - Fix PGM option printing...

zziplib security update

0.13.71-11 - Fix CVE-2020-18770 Previous patch was causing segfault Resolves: RHEL-14967 0.13.71-10 - Fix CVE-2020-18770 Resolves: RHEL-14967...

qemu-kvm security update

8.2.0-11 - kvm-coroutine-cap-per-thread-local-pool-size.patch RHEL-28947 - kvm-coroutine-reserve-5-000-mappings.patch RHEL-28947 - Resolves: RHEL-28947 Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory' 8.2.0-10 -...

libtiff security update

4.4.0-12 - Fix CVE-2023-6228 - Resolves: RHEL-10084 4.4.0-11 - Fix CVE-2023-40090 CVE-2023-3618 CVE-2023-40745 CVE-2023-41175 - Resolves: RHEL-5458 RHEL-5455 RHEL-5405 RHEL-5450...

fence-agents security and bug fix update

4.10.0-62 - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-21345 4.10.0-61 - fencezvmip: document required user permissions in metadata/manpage Resolves: RHEL-14344...

freeglut security update

3.2.1-10 - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25176 Resolves: https://issues.redhat.com/browse/RHEL-25178...

xorg-x11-server-Xwayland security update

21.1.9-5 Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 21.1.9-4 - Fix for CVE-2023-6377, CVE-2023-6478 22.1.9-3 - Fix for CVE-2023-5367...

python3.11-urllib3 security update

1.26.12-2 - Security fix for CVE-2023-43804 Resolves: RHEL-12003...

libssh security update

0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245...

LibRaw security update

0.21.1-1 - 0.21.1 - Include the fix for CVE-2023-1729 from Fedora Resolves: RHEL-768...

gstreamer1-plugins-bad-free security update

1.22.1-4 - CVE-2023-40474: Integer overflow leading to heap overwrite in MXF - CVE-2023-40475: Integer overflow leading to heap overwrite in MXF - CVE-2023-40476: Integer overflow in H.265 video parser - ZDI-CAN-22300: buffer overflow vulnerability - Resolves: RHEL-19501, RHEL-19505, RHEL-19506,...

libXpm security update

3.5.13-10 - Drop hardening patches from previous version to keep ABI compatibility 3.5.13-9 - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage - CVE-2023-43787 libX11: integer overflow in XCreateImage leading to a heap overflow - CVE-2023-43788 libXpm: out of bounds...

containernetworking-plugins security update

1:1.4.0-2 - rebuild - Related: RHEL-18372 1:1.4.0-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0 - Related: RHEL-2112 1:1.3.0-5 - fix path to dhcp service - Resolves: RHEL-3140 1:1.3.0-4 - add Epoch in Provides - Related: 2176063 1:1.3.0-3 - remove noopenssl for...

squashfs-tools security update

4.4-10.git1 - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz2007304 RHEL-7763 4.4-9.git1 - CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing...

skopeo security update

2:1.14.3-0.1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 https://github.com/containers/skopeo/commit/1c2ab99 - Related: RHEL-2112 2:1.14.1-2 - Switch to the maint branch - Related: Jira:RHEL-2112 2:1.14.1-1 - update to...

python-jinja2 security update

2.11.3-5 - Security fix for CVE-2024-22195 Resolves: RHEL-21349...

mod_jk and mod_proxy_cluster security update

modjk 1.2.49-1 - Related: RHEL-27511 - Rebase to upstream 1.2.49 release modproxycluster 1.3.20-1 - Rebase modcluster to upstream 1.3.20.Final tag - Related: RHEL-27497 - Rebase to upstream 1.3.20.Final release...

perl security update

4:5.32.1-481 - Fixes: CVE-2023-47038...

ansible-core bug fix, enhancement, and security update

1:2.14.14-1 - ansible-core 2.14.14 release RHEL-23783 - Fix CVE-2024-0690 possible information leak in tasks that ignore ANSIBLENOLOG configuration RHEL-22124 1:2.14.13-1 - ansible-core 2.14.13 release RHEL-19298 1:2.14.12-1 - ansible-core 2.14.12 release RHEL-18950...