9185 matches found
shim security update
shim - 15.8-2.0.3.el7 - Set shim.ol sbat generation to 3 Orabug: 36271343 - 15.8-2.0.1.el7 - Set SBATAUTOMATICDATE to 2021030218 Orabug: 36271343 - Rebuild with Oracle certificates Orabug: 36271343 - Full list of fixed CVEs: CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549,...
grub2 security update
2.02-0.87.0.26.el7.14 - Replace bugzilla.oracle.com reference Orabug: 35477723 - Backport kernel EFI allocation pacthes Orabug: 34301086 - Add to the list CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736 JIRA: OLDIS-16371 - bump SBAT generation JIRA:...
container-tools:ol8 security and bug fix update
aardvark-dns buildah 1:1.31.5-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 https://github.com/containers/buildah/commit/5fd539c - Resolves: RHEL-26772 1:1.31.3-3 - Make the module buildable again - Resolves: RHEL-16299 1:1.31.3-2 - Rebuild with golan...
tigervnc security update
1.8.0-33.0.1 - Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch, xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch, xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch,...
container-tools:4.0 security update
buildah 1.24.7-1 - bump to v1.24.7 - Resolves: RHEL-26767 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman python-podman runc 1.1.12-1.0.1 - rebuild with golang 1.20.12 for CVE-2023-39326 skopeo...
cri-o security update
cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...
cri-o security update
cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...
shim security update
15.8-4.0.1 - Add support for Oracle signed shim Orabug: 36540084 - Add shim binaries signed with Oracle Secure Boot Signing key 1 Orabug: 36540084 15.8-1.0.3 - Update shimx64.efi, shimia32.efi and shimaa64.efi v15.8 signed by Microsoft Orabug: 36072863 15.8-1.0.2 - Use binaries with correct shim....
buildah security update
1.31.5-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 1:1.31.5-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 https://github.com/containers/buildah/commit/5fd539c - Resolves: RHEL-26775...
tigervnc security update
1.13.1-2.10 - Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30981 1.13.1-2.9 - Rebuild z-stream target Resolves: RHEL-31011 Resolves: RHEL-30981 Resolves: RHEL-30998 1.13.1-2.8 - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents...
edk2 security update
Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL8 which includes the following fixed CVEs: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 - Update to OpenSSL 3.0.10 which include...
libreswan security and bug fix update
4.12-1.0.1.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.12-1.1 - Fix CVE-2024-2357 RHEL-29734 - x509: unpack IPv6 general names based on length RHEL-32719 4.12-1 - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz2215956 4.9-5 - Just bumping u...
edk2 security update
Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL8 which includes the following fixed CVEs: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 - Update to OpenSSL 3.0.10 which include...
java-1.8.0-openjdk security update
1:1.8.0.412.b08-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155...
owO: thunderbird security update
115.10.0-2.0.1 - Add Oracle prefs - Add OpenELA debranding 115.10.0-2 - Update to 115.10.0 build2 115.10.0-1 - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix...
kernel security and bug fix update
3.10.0-1160.118.1.0.1 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.118.1 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 -...
libreswan security update
4.12-2.0.1.2 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.12-2.2 - Fix patch application in the previous change 4.12-2.1 - Fix CVE-2024-2357 RHEL-28742...
go-toolset:ol8 security update
delve golang 1.20.12-8 - Update sources file - Related: RHEL-27928 1.20.12-7 - Fix CVE-2024-1394 - Resolves: RHEL-27928 1.20.12-6 - Fix CVE-2023-45288 - Resolves: RHEL-31914 go-toolset...
java-21-openjdk security update
1:21.0.3.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.3.0.9-1 - Update to jdk-21.0.3+9 GA - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves:...
golang security update
1.20.12-4 - Rebuild for z-stream - Related: RHEL-28939 1.20.12-3 - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests RHELBLD-14822...
java-11-openjdk security update
1:11.0.23.0.9-3.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:11.0.23.0.9-2 - Fix 11.0.22 release date in NEWS 1:11.0.23.0.9-1 - Update to jdk-11.0.23+9 GA - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - On...
thunderbird security update
115.10.0-2.0.1 - Add Oracle prefs 115.10.0 - Add OpenELA debranding 115.10.0-2 - Update to 115.10.0 build2 115.10.0-1 - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix...
shim bug fix update
15.8-1.0.3 - Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft Orabug: 36072879 - Update shim fb and mm binaries to match unsigned releases Orabug: 36072879 15.8-1.0.2 - Use binaries with correct shim.ol generation Orabug: 36072879 - Set SBATAUTOMATICDATE=2021030218 Orabug: 36072879...
thunderbird security update
115.10.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 115.10.0-2 - Update to 115.10.0 build2 115.10.0-1 - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix...
java-11-openjdk security update
1:11.0.23.0.9-2.0.1 - link atomic for ix86 build 1:11.0.23.0.9-2 - Fix 11.0.22 release date in NEWS - Restore ppc64le --with-jobs=1 workaround to avoid flaky ppc builds 1:11.0.23.0.9-1 - Update to jdk-11.0.23+9 GA - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdat...
java-17-openjdk security update
17.0.11.0.9-2.0.1 - Add Oracle vendor bug URL 1:17.0.11.0.9-2 - Update to jdk-17.0.11+9 GA - Add openjdk-17.0.11+9.tar.xz to .gitignore - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Update buildver from 7 to 9 - Update portablerelease from 1 to 3 - Change isga from 0 to ...
kernel security update
2.6.32-754.53.1.OL6 - net/sched: schqfq: refactor parsing of netlink parameters Orabug: 36517546 - net/sched: schqfq: account for stab overhead in qfqenqueue CVE-2023-3611 Orabug: 36517546 - net/sched: clsfw: Fix improper refcount update leads to use-after-free CVE-2023-3776 Orabug: 36517546 - ne...
nss security update
3.90.0-6fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35862190 - Update FIPS module name for Oracle Linux Orabug: 35862190 3.90.0-6 - Fix ecc DER wrapping. 3.90.0-5 - Pick up validated constant time implementations of p256, p384, and p521 from upsream - Mo...
gnutls security update
3.7.6-23.4fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 - Verify salt length and iteration count for PBKDF Orabug: 35925409 3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA...
firefox security update
115.10.0-1.0.1 - Change default prefs file to Oracle version 115.10.0-1 - Update to 115.10.0 build1...
firefox security update
115.10.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.10.0-1 - Update to 115.10.0 build1...
mod_http2 security update
1.15.19-5.1 - Resolves: RHEL-29826 - modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316...
gnutls security update
3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA RHEL-28958 - Fix potential crash during chain building/verification RHEL-28953...
firefox security update
115.10.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.10.0-1 - Update to 115.10.0 build1...
java-1.8.0-openjdk security update
1:1.8.0.412.b08-1 - Update to shenandoah-jdk8u412-b08 GA - Update release notes for shenandoah-8u412-b08. - Complete release note for Certainly roots - Switch to GA mode. - This tarball is embargoed until 2024-04-16 @ 1pm PT. - Related: RHEL-30926 1:1.8.0.412.b07-0.1.ea - Update to...
cri-o security update
cri-o 1.25.5-2 - Address CVE-2024-24786 cri-tools 1.25.0-4 - Address CVE-2024-24786 etcd 3.5.9-4 - Address protobuf CVE-2024-24786 3.5.9-3 - Address CVE-2023-39326 by upgrading golang to version 1.20.12 istio 1.16.7-4 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address...
cri-o security update
cri-o 1.25.5-2 - Address CVE-2024-24786 cri-tools 1.25.0-4 - Address CVE-2024-24786 etcd 3.5.9-4 - Address protobuf CVE-2024-24786 3.5.9-3 - Address CVE-2023-39326 by upgrading golang to version 1.20.12 istio 1.16.7-4 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address...
gnutls security update
3.6.16-8.3fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 - Allow bigger known RSA modulus sizes when calling rsageneratefips1864keypair directly Orabug: 33200526 - Change Epoch from 1 to 10fips...
unbound security update
1.16.2-5.6 - Rebuilt again with z-stream target 1.16.2-5.5 - Correct typo in new config file 1.16.2-5.4 - Ensure group access correction reaches also updated configs CVE-2024-1488 1.16.2-5.3 - Ensure only unbound group can change configuration CVE-2024-1488...
httpd:2.4/mod_http2 security update
httpd modhttp2 1.15.7-8.5 - Resolves: RHEL-29816 - httpd:2.4/modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 modmd...
bind and dhcp security update
bind 32:9.11.36-11.1 - Speed up parsing of DNS messages with many different names CVE-2023-4408 - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387 CVE-2023-50868 - Do not use headerprev in expirelruheaders dhcp 4.3.6 - Change bug tracker path 12:4.3.6-49.1 - Rebuild because of...
bind security update
bind 32:9.16.23-14.4 - Rebuild with correct z-stream tag again 32:9.16.23-14.3 - Rebuild together with bind-dyndb-ldap to adjust ABI changes 32:9.16.23-14.2 - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 32:9.16.23-14.1 - Prevent increased CPU load ...
bind9.16 security update
32:9.16.23-0.16.2 - Prevent crashing at masterformat system test CVE-2023-6516 32:9.16.23-0.16.1 - Prevent increased CPU load on large DNS messages CVE-2023-4408 - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones CVE-2023-5517 - Prevent assertion failure if DNS...
squid security update
7:3.5.20-17.0.1 - Mutiple CVE fixes for squid Orabug: 33146289 - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing 788 - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range...
X.Org server security update
1.20.4-29 - Fix regression caused by the fix for CVE-2024-31083 1.20.4-28 - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 Resolves: https://issues.redhat.com/browse/RHEL-31003 Resolves: https://issues.redhat.com/browse/RHEL-30989 Resolves:...
kernel security, bug fix, and enhancement update
4.18.0-513.24.19.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
unbound security update
1.16.2-3.5 - Rebuilt again with z-stream target 1.16.2-3.4 - Correct typo in new config file 1.16.2-3.3 - Ensure group access correction reaches also updated configs CVE-2024-1488 1.16.2-3.2 - Ensure only unbound group can change configuration CVE-2024-1488...
virt:kvm_utils3 security update
hivex libguestfs libguestfs-winsupport 8.9-1 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236372 libiscsi libnbd libtpms libvirt 9.0.0-5 - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364464 CVE-2024-1441 libvirt-dbus libvirt-python...
varnish security update
varnish 6.0.13-1 - new version 6.0.13 - Resolves: RHEL-30378 - varnish:6/varnish: HTTP/2 Broken Window Attack may result in denial of service CVE-2024-30156 varnish-modules...
rear security update
2.6-11.0.1 - Change OSVENDOR to OracleServer 2.6-11 - make initrd accessible only by root CVE-2024-23301, PR 3123...