8998 matches found
thunderbird security update
115.4.1-1.0.1 - Update to 115.4.1 build1 - Add fix for CVE-2023-44488...
thunderbird security update
115.4.1-1.0.1 - Update to 115.4.1 build1 - Add fix for CVE-2023-44488...
thunderbird security update
115.4.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 115.4.1-1 - Update to 115.4.1 build1 115.4.0-3 - Update to 115.4.0 build3 115.4.0-2 - Update to 115.4.0 build2 115.4.0-1 - Update to 115.4.0 build1...
java-17-openjdk security and bug fix update
1:17.0.9.0.9-2.0.1 - Update to jdk-17.0.9+9 GA - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client authentication JDK-8309966 CVE-2023-22081 - OpenJDK: Additional zip64...
libguestfs-winsupport security update
9.2-2 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236130...
firefox security update
115.4.0-1.0.1 - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOMEURL...
firefox security update
115.4.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.4.0-1 - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME...
java-17-openjdk security and bug fix update
1:17.0.9.0.9-2.0.1 - Update to jdk-17.0.9+9 GA - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client authentication JDK-8309966 CVE-2023-22081 - OpenJDK: Additional zip64...
java-11-openjdk security and bug fix update
1:11.0.21.0.9-2.0.1 - Update to jdk-11.0.21+9 GA - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 - OpenJDK: Additional zip64 files validation 8313765 RHBZ2237170 - OpenJDK: Print an exception when encountering nu...
grub2 security update
2.02-0.87.0.26.el79.9 - Enable common subpackage for aarch64 - Do not sign aarch64 efi binaries Orabug: 32670043 - Remove aarch64 deps on shim Orabug: 32670043 - Restore versioned certificate provide for aarch64 package to satisfy shim Orabug: 32670043 2.02-0.87.0.24.el79.9 - Replace...
java-11-openjdk security and bug fix update
1:11.0.21.0.9-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 - Update to jdk-11.0.21+9 GA - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 - OpenJDK: Additional zip64 files validation 8313765 RHBZ2237170 -...
nginx:1.22 security update
1:1.22.1-3.0.1.1 - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack CVE-2023-44487...
python39:3.9 and python39-devel:3.9 security update
Cython 0.29.21-5 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz1877430 modwsgi 4.7.1-5 - Core dumped upon file upload = 1GB Resolves: rhbz2125172 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 pybind11 2.7.1-1 - Update...
python3 security update
3.6.8-51.0.1.2 - Security fix for CVE-2023-40217 Resolves: rhbz2235789...
varnish security update
6.6.2-3.el92.1 - Add parameters h2rstallowance and h2rstallowanceperiod to mitigate CVE-2023-44487 - Resolves: RHEL-12818...
tomcat security update
1:9.0.62-5.2 - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...
varnish security update
varnish 6.0.8-3.1 - Add parameters h2rstallowance and h2rstallowanceperiod to mitigate CVE-2023-44487 varnish-modules...
dnsmasq security update
2.76-17.0.1.3 - Prevent use after free in dhcp6norelay CVE-2022-0934 Orabug: 34775167...
python27:2.7 security update
babel Cython numpy pytest python2 2.7.18-13.0.1.2 - Security fix for CVE-2023-40217 python2-pip python2-rpm-macros python2-setuptools python2-six python-attrs python-backports python-backports-sslmatchhostname python-chardet python-coverage python-dns python-docs python-docutils python-funcsigs...
linux-firmware security update
20230516-999.27.git6c9e0ed5.el9 - Update firmware for qat4xxx devices Orabug: 35811008 20230516-999.26.git6c9e0ed5.el9 - Run dracut -f in %posttrans instead of %post Orabug: 35661938 - Drop latest AMD microcode commits to family 19 file to include Milan microcode but not Genoa Orabug: 35708511...
dnsmasq security update
2.76-17.0.1.3 - Prevent use after free in dhcp6norelay CVE-2022-0934 Orabug: 34775167...
php:8.0 security update
libzip php 8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip...
nodejs:18 security update
nodejs 1:18.18.2-1 - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon nodejs-packaging...
tomcat security update
1:9.0.62-11.3 - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...
php security update
8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946...
nodejs security update
1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487...
nodejs:16 security update
nodejs 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 nodejs-nodemon nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df...
kernel security update
2.6.32-754.49.1.OL6 - x86/speculation: Use generic retpoline by default on AMD CVE-2021-26401 Orabug: 34986011...
18 security update
nodejs 1:18.18.2-2 - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging 2021.06-4 - NPM bundler: also find namespaced bundled dependencies 2021.06-3 - Rebuilt for...
grafana security update
7.5.15-5 - Resolve CVE-2023-44487 Rapid Reset Attack - Resolve CVE-2023-39325 rapid stream resets can cause excessive work...
grafana security update
9.0.9-4 - Resolve CVE-2023-44487 Rapid Reset Attack - Resolve CVE-2023-39325 rapid stream resets can cause excessive work...
java-11-openjdk security and bug fix update
1:11.0.21.0.9-1.0.1 - link atomic for ix86 build 1:11.0.21.0.9-1 - Update to jdk-11.0.21+9 GA - Update release notes to 11.0.21+9 - Remove system crypto policy patch which doesn't belong on RHEL 7 with no system policies - Update generatetarball.sh to be closer to upstream vanilla script inc. no...
nghttp2 security update
1.33.0-5 - fix HTTP/2 Rapid Reset CVE-2023-44487 1.33.0-4 - prevent DoS caused by overly large SETTINGS frames CVE-2020-11080...
kvm_utils2 security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt 7.10.0-3.el8 - virpci: Resolve leak in virPCIVirtualFunctionList cleanup Tim Shearer Orabug: 35395469 CVE-2023-2700 libvirt-dbus libvirt-python 7.10.0-3.el8 - Update version number to match libvirt 7.10.0-3 Karl Heubaum nbdkit...
dotnet7.0 security update
7.0.112-1.0.1 - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698...
nghttp2 security update
1.43.0-5.1 - fix HTTP/2 Rapid Reset CVE-2023-44487...
java-1.8.0-openjdk security update
1:1.8.0.392.b08-2 - Revert jcmd move as jcmd will not operate without tools.jar - Related: RHEL-13577 1:1.8.0.392.b08-1 - Update to shenandoah-jdk8u392-b08 GA - Update release notes for shenandoah-8u392-b08. - Update generatetarball.sh to be closer to upstream vanilla script inc. no more ECC...
python-reportlab security update
3.4.0-8.1 - python-reportlab: code injection in paraparser.py allows code execution CVE-2019-19450...
go-toolset:ol8 security update
delve golang 1.19.13-1 - Rebase to Go 1.19.13 CVE-2023-39325 CVE-2023-44487 go-toolset 1.19.13-1 - Rebase to Go 1.19.13 CVE-2023-39325 CVE-2023-44487...
curl security update
7.76.1-23.el92.4 - curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 - curl: cookie injection with none file CVE-2023-38546...
galera and mariadb security update
galera 26.4.14-1.0.1 - Rebase to 26.4.14 26.4.13-1.0.1 - Rebase to 26.4.13 26.4.12-1.0.1 - Rebase to 26.4.12 mariadb 3:10.5.22-1 - Rebase to 10.5.22 3:10.5.21-1 - Rebase to version 10.5.21 3:10.5.20-2 - Use fortifylevel to disable fortification in debug builds 3:10.5.20-1 - Rebase to version...
.NET 7.0 security update
7.0.112-1.0.1 - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698...
go-toolset and golang security and bug fix update
golang 1.19.13-1 - Update to go 1.19.13 CVE-2023-44487 CVE-2023-39325 CVE-2023-29409 go-toolset 1.19.13-1 - Update to Go version 1.19.13...
dotnet6.0 security update
6.0.123-1.0.1 - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696...
dotnet6.0 security update
6.0.123-1.0.1 - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.323.8.2.el8 - netfilter: nfnetlinkosf: avoid OOB read Wander Lairson Costa Orabug: 35824307 - netfilter: xtsctp: validate the flaginfo count Wander Lairson Costa Orabug: 35824307 - netfilter: xtu32: validate user space input Wander Lairson Costa Orabug: 35824307 - netfilter: ipset: ad...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.323.8.2.el7 - netfilter: nfnetlinkosf: avoid OOB read Wander Lairson Costa Orabug: 35824307 - netfilter: xtsctp: validate the flaginfo count Wander Lairson Costa Orabug: 35824307 - netfilter: xtu32: validate user space input Wander Lairson Costa Orabug: 35824307 - netfilter: ipset: ad...
nginx security update
1:1.20.1-14.0.1.1 - Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...
nginx:1.22 security update
1:1.22.1-1.0.1.1 - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset AttackCVE-2023-44487...
nginx:1.20 security update
1:1.20.1-1.0.1.1 - Resolves: RHEL-12732 - nginx:1.20/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...