8998 matches found
mod_auth_openidc security and bug fix update
2.4.9.4-4 Resolves: rhbz2189268 - authopenidc.conf mode 0640 by default 2.4.9.4-3 - Resolves: rhbz2184145 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied 2.4.9.4-2 - Resolves: rhbz2153656 - CVE-2022-23527 - Open Redirect in...
opensc security update
0.23.0-2 - Fix regression in handling OpenPGP cards - Fix CVE-2023-2977: buffer overrun in pkcs15init for cardos 0.23.0-1 - Rebase to latest 0.23.0 release 2100409 - Use separate OpenSSL context to work better from inside of OpenSSL providers...
librabbitmq security update
0.11.0-7 - add missing gating.yaml - fix rpminspect issue Related: 2215766 0.11.0-6 - Resolves: 2215766, insecure credentials submission...
libpq security update
13.11-1 - Update to 13.11 Resolves: 2171370...
xorg-x11-server-Xwayland security, bug fix, and enhancement update
22.1.9-2 - Rebuild 2158761 22.1.9-1 - xwayland 22.1.9 2158761 21.1.3-8 - Fix CVE-2023-1393 2180299...
linux-firmware security, bug fix, and enhancement update
20230516-999.27.git6c9e0ed5.el9 - Update firmware for qat4xxx devices Orabug: 35811008...
libqb security update
2.0.6-4 - bump rpm version for rhel-exception build Resolves: rhbz2230712 2.0.6-3 - blackbox: fix buffer overflow with long log lines Resolves: rhbz2236171 2.0.6-1 - ipc: Retry receiving credentials if the the message is short Resolves: rhbz2149647 2.0.6-1 - Rebase to 2.0.6 Resolves: rhbz2072903...
httpd and mod_http2 security, bug fix, and enhancement update
httpd 2.4.57-5.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-5 - Fix issue found by covscan - Related: 2222001 2.4.57-4 - Resolves: 2217726 - Make PROPFIND tolerant of deletion race 2.4.57-3 - Resolves: 2222001 - modstatus lists BusyWorkers IdleWorkers keys twice...
perl-CPAN security update
2.29-3 - Resolves: rhbz2218907 - Fix CVE-2023-31484...
frr security and bug fix update
8.3.1-11 - Resolves: RHEL-2263 - bgpd: Do not explicitly print MAXTTL value for ebgp-multihop vty output 8.3.1-10 - Related: 2216912 - adding sysadmin to capabilities 8.3.1-9 - Resolves: 2215346 - frr policy does not allow the execution of /usr/sbin/ipsec 8.3.1-8 - Resolves: 2216912 - SELinux is...
perl-HTTP-Tiny security update
0.076-461 - Changes the verifySSL default parameter from 0 to 1 - CVE-2023-31486 - Resolves: rhbz2228412...
python-cryptography security update
36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 - Fix FTBFS due to failing testloadinvalideckeyfrompem and testdecryptinvaliddecrypt...
libreswan security update
4.12-1.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.12-1 - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz2215956 4.9-5 - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including t...
krb5 security and bug fix update
1.21.1-1.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-1 - New upstream version 1.21.1 - Fix double-free in KDC TGS processing CVE-2023-39975 - Add support for 'pacprivsvrenctype' KDB string attribute Resolves: rhbz2060421...
webkit2gtk3 security and bug fix update
2.40.5-1 - Update to 2.40.5 Related: 2176270 2.40.4-1 - Update to 2.40.4 Related: 2176270 2.40.3-2 - Disable JIT Related: 2176270 2.40.3-1 - Update to 2.40.3 Related: 2176270 2.40.2-1 - Update to 2.40.2 Related: 2176270 2.40.1-1 - Upgrade to 2.40.1 Resolves: 2176270...
protobuf-c security update
1.3.3-13 - Applied patch for for CVE-2022-48468 2186677...
libreoffice security update
7.1.8.1-11.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-11 - Resolves: rhbz2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Resolves: rhbz2210197...
qemu-kvm security, bug fix, and enhancement update
8.0.0-16.el93 - kvm-migration-Add-migration-prefix-to-functions-in-targe.patch bz2229868 - kvm-migration-Move-more-initializations-to-migrateinit.patch bz2229868 - kvm-migration-Add-.saveprepare-handler-to-struct-SaveVM.patch bz2229868 -...
buildah security update
1.31.3-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 1:1.31.3-1 - update to https://github.com/containers/buildah/releases/tag/v1.31.3 - Related: 2176063 1:1.31.2-1 - update to https://github.com/containers/buildah/releases/tag/v1.31.2 - Related: 2176063...
containernetworking-plugins security and bug fix update
1:1.3.0-4 - add Epoch in Provides - Related: 2176063 1:1.3.0-3 - remove noopenssl for FIPS compliance - Related: 2176063 1:1.3.0-2 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 -...
curl security update
7.76.1-26 - unify the upload/method handling CVE-2023-28322 - fix host name wildcard checking CVE-2023-28321 7.76.1-25 - adapt the fix of CVE-2023-27535 for RHEL 9 curl 7.76.1-24 - fix SSH connection too eager reuse still CVE-2023-27538 - fix GSS delegation too eager connection re-use...
samba security, bug fix, and enhancement update
evolution-mapi 3.40.1-6 - Related: 2190415 Rebuild against samba 4.18 openchange 2.3-41 - Related: 2190415 Rebuild against samba 4.18 samba 4.18.6-100 - related: rhbz2190415 - Update to version 4.18.6 - resolves: rhbz2211617 - Fix the rpcclient dfsgetinfo command 4.18.5-100 - resolves: rhbz222289...
tomcat security and bug fix update
1:9.0.62-37 - Resolves: RHEL-12551 - Remove JDK subpackges which are unused 1:9.0.62-16 - Related: 2184133 Declare file conflicts 1:9.0.62-15 - Resolves: 2184133 Fix bug in Obsoletes 1:9.0.62-14 - Resolves: 2210632 CVE-2023-28709 tomcat 1:9.0.62-13 - Resolves: 2189675 Missing Tomcat POM files in...
glib2 security and bug fix update
2.68.4-11 - Really fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: 2217771 2.68.4-10 - Fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: 2217771 2.68.4-9 - Resolve s390x crashes introduced by fixes for...
python-tornado security update
6.1.0-9 - Fix an open redirect in StaticFileHandler Resolves: CVE-2023-28370...
binutils security update
2.35.2-42.0.1 - Forward-port Oracle patches to 2.35.2-42...
ncurses security and bug fix update
6.2-10.20210508 - ignore TERMINFO and HOME only if setuid/setgid/capability 2211666 6.2-9.20210508 - fix buffer overflow on terminfo with too many capabilities CVE-2023-29491 - ignore TERMINFO and HOME environment variables if running as root 2211666...
gmp security and enhancement update
1:6.2.0-13 - Fix: previous commit removed one function from the library and thus broke the ABI - function gmpnpreinvdivrem1 should now not be removed Related: rhbz2044216 1:6.2.0-12 - Add SIMD optimization patches for s390x provided by the IBM Resolves: rhbz2044216 1:6.2.0-11 Fix: Integer overflo...
cloud-init security, bug fix, and enhancement update
23.1.1-11.0.2 - Fix Oracle Datasource network and getdata methods for OCI OL Orabug: 35950168 23.1.1-11.0.1 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permission Orabug: 35302969 - Update detection logic for OL distros in config template Orabug: 34845400 - Adde...
runc security update
4:1.1.9-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.9 - Related: 2176063 4:1.1.8-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.8 - Related: 2176063 4:1.1.7-2 - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - Resolves:...
yajl security update
2.1.0-22 - fix CVE-2023-33460 - Resolves: 2221253...
shadow-utils security and bug fix update
2:4.9-8 - gpasswd: fix password leak. Resolves: 2215948 2:4.9-7 - useradd: check if subid range exists for user. Resolves: 2179987 - findnewguid: Skip over IDs that are reserved for legacy reasons. Resolves: 2179988...
Unbreakable Enterprise kernel security update
5.4.17-2136.325.5 - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext Krister Johansen Orabug: 35905508 - char: misc: Increase the maximum number of dynamic misc devices to 1048448 D Scott Phillips Orabug: 35905508 - perf/arm-cmn: Fix invalid pointer when access dtc...
python3 security update
3.6.8-21.0.1 - Remove the 'getfile' feature of pydoc Orabug: 33182027CVE-2021-3426 - Fix buffer overflow in PyCArgrepr Orabug: 32551171CVE-2021-3177 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-21 - Test fixups for CVE-2023-40217 Resolves: RHEL-3139 3.6.8-20 - Security fi...
xorg-x11-server security update
1.20.4-24 - CVE fix for: CVE-2023-5367 Resolves: https://issues.redhat.com/browse/RHEL-13424...
squid security update
7:3.5.20-17.0.1 - Mutiple CVE fixes for squid Orabug: 33146289 - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing 788 - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range...
squid:4 security update
libecap squid 4.15-6.0.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847...
dnsmasq security update
2.76-17.0.3.3 - Fixed heap-based buffer overflow in sortrrset CVE-2020-25681 Orabug: 35904921 - Fixed buffer overflow in extractname CVE-2020-25682 Orabug: 35904921...
dnsmasq security update
2.76-17.0.3.3 - Fixed heap-based buffer overflow in sortrrset CVE-2020-25681 Orabug: 35904921 - Fixed buffer overflow in extractname CVE-2020-25682 Orabug: 35904921...
.NET 6.0 security update
6.0.124-1.0.1 - Update to .NET SDK 6.0.124 and Runtime 6.0.24 - Resolves: RHEL-14466...
ghostscript security update
9.54.0-11 - fix for CVE-2023-43115 - Resolves: rhbz2241108...
Unbreakable Enterprise kernel security update
4.1.12-124.80.1 - Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb Sungwoo Kim Orabug: 35814478 CVE-2023-40283 - net/sched: clsu32: No longer copy tcfresult on update to avoid use-after-free valis Orabug: 35814297 CVE-2023-4208 - RDMA/core: net: fix kernel NULL error Zhu Yanjun Orabug:...
squid security update
7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...
java-1.8.0-openjdk security update
1:1.8.0.392.b08-3.0.1 - Update to shenandoah-jdk8u392-b08 GA - OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 - OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 - A...
.NET 6.0 security update
6.0.124-1.0.1 - Update to .NET SDK 6.0.124 and Runtime 6.0.24 - Resolves: RHEL-14462...
.NET 7.0 security update
7.0.113-1.0.1 - Update to .NET SDK 7.0.113 and Runtime 7.0.13 - Resolves: RHEL-14467...
java-1.8.0-openjdk security update
1:1.8.0.392.b08-4.0.1 - Update to shenandoah-jdk8u392-b08 GA - OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 - OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 - A...
.NET 7.0 security update
7.0.113-1.0.1 - Update to .NET SDK 7.0.113 and Runtime 7.0.13 - Resolves: RHEL-14474...
binutils security update
2.30-119.0.2.2 - Fix for CVE-2022-4285. - Fix illegal memory address when parsing an ELF file contaiing corrupt symbol version information. Upstream commit 5c831a3c7f3ca98d6aba1200353311e1a1f84c70. - Partial backport of bfdmuloverflow support from upstream commit...
firefox security update
115.4.0-1.0.1 - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOMEURL...