8984 matches found
fontforge security update
20200314-7 - Resolves: RHEL-138168 CVE-2025-15270 SFD File Parsing Remote Code Execution Vulnerability - Resolves: RHEL-138174 CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138190 CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow - Resolves: RHEL-1381...
firefox security update
140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.9.1-1 - Update to 140.9.1 ESR...
openexr security update
3.1.10-8.1 - fix CVE-2026-27622...
nghttp2 security update
1.43.0-6.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
vim security update
9.1.083-6.0.1.el101.3 - Remove upstream references Orabug: 31197557 2:9.1.083-6.3 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function 2:9.1.083-6.2 - RHEL-155409 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted sw...
nodejs24 security update
1:24.14.1-2.0.1 - Update upstream references 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 1:24.14.1-1 - Update to version 24.14.1...
perl-XML-Parser security update
2.47-6.1.0.1 - Add perlLWP Requires 2.47-6.1 - Fix CVE-2006-10002, CVE-2006-10003...
nghttp2 security update
1.33.0-6.2 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
perl-XML-Parser security update
2.46-9.1.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.46-9.1 - Fix CVE-2006-10002, CVE-2006-10003...
firefox security update
140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.9.1 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.9.1-1 - Update to 140.9.1 ESR...
perl-XML-Parser security update
2.44-12.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.44-12 - Fix CVE-2006-10002, CVE-2006-10003...
nodejs:24 security update
nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 Related: RHEL-151374 1:24.14.1-1 - Update to 24.14.0 Resolves: RHEL-151374 nodejs-nodemon 3.0.3-1 - Initial import into nodejs:24 module nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves:...
nghttp2 security update
1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
nginx:1.26 security update
2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...
kea security update
3.0.1-3 - Fixes CVE-2026-3608...
nodejs:22 security update
nodejs 1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-152...
nodejs:24 security update
nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 1:24.14.1-1 - Update to version 24.14.1 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fix BR for nodejs-npm nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121581 2021.06-5 -...
cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
344-2.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation...
grafana security update
9.2.10-29.0.1 - Fixes CVE-2024-1442 Add email verification when updating user email Orabug: 38550520 9.2.10-29 - Resolves RHEL-156639: CVE-2026-25679...
git-lfs security update
3.6.1-8 - Rebuild with new Golang - Resolves: RHEL-158724...
Unbreakable Enterprise kernel security update
6.12.0-200.74.27.2 - ipv6: use RCU in ip6xmit Eric Dumazet Orabug: 39186444 CVE-2025-40135 - netfilter: nftables: fix use-after-free in nftablesaddchain Inseo An Orabug: 39181102 CVE-2026-23231 - dst: fix races in rt6uncachedlistdel and rtdeluncachedlist Eric Dumazet Orabug: 39181101 CVE-2026-230...
nodejs:22 security update
nodejs 1:22.22.2-1 - Update to version 22.22.2 Resolves: RHEL-154019 Fixes: CVE-2026-1528 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-27135 CVE-2026-1528 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883...
go-toolset:ol8 security update
delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.7-2 - Update to Go 1.25.8 fips-1 - Resolves: RHEL-156551 1.25.7-1 - Update to Go 1.25.7 fips-1 - Resolves: RHEL-146469...
grafana-pcp security update
5.1.1-13 - Resolves RHEL-156641: CVE-2026-25679...
nginx:1.24 security update
1.24.0-3.0.1 - Remove Red Hat references Orabug: 29498217 1:1.24.0-3 - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of Service via undisclose...
vim security update
8.0.1763-22.0.1.el810.1 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-22.1 - RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155428...
nginx security update
1.20.1-24.0.1.el97.2 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-24.2 - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer...
grub2 security update
2.02-0.87.0.29.el7.14 - Unregister gettext command on module unload CVE-2025-61662Orabug: 39112125 2.02-0.87.0.27.el7.14 - Fix OOB write in grubnetsearchconfigfile CVE-2025-0624 Orabug: 37770226 - Also adds implementation of grubstrlcpy for clean backport 2.02-0.87.0.26.el7.14 - Replace...
nodejs22 security update
1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 1:22.22.0-4 - sources: changed ICU version syntax...
git-lfs security update
3.6.1-8 - Rebuild with new Golang...
capstone security update
5.0.1-7 - Fix CVE-2025-67873 heap buffer overflow Resolves: RHEL-141551 - Fix CVE-2025-68114 memory corruption Resolves: RHEL-137747...
libtiff security update
4.6.0-6.2 - fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file RHEL-148254...
nginx:1.24 security update
1.24.0-5.2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-5.2 - Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159445...
python3.9 security update
3.9.25-3.0.1.el97.2 - Remove upstream URL reference 3.9.25-3.2 - Security fix for CVE-2026-4519 Resolves: RHEL-158052 3.9.25-3.1 - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299 Resolves: RHEL-143108 RHEL-143169 RHEL-144893...
rsync security update
3.4.1-2.2 - Resolves: RHEL-152885 - CVE-2025-10158 Out of bounds array access via negative index 3.4.1-2.1 - Resolves: RHEL-152878 - clearing DISPLAY breaks SSHASKPASS expectations...
ImageMagick security update
6.9.10.68-7.0.7 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memory allocation with excessive without limits in the internal SVG decoder CVE-2026-25985 6.9.10.68-7.0.5 - Fix CVE-2025-62171 and CVE-2026-23876 Orabug: 38997140 6.9.10.68-7.0.3 - Security...
thunderbird security update
140.9.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.9.0 - Add OpenELA debranding 140.9.0-1 - Update to 140.9.0 ESR...
kernel security update
6.12.0-124.49.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...
kernel security update
5.14.0-611.47.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
freerdp security update
2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes Resolves: RHEL-147948, RHEL-147949, RHEL-147956, RHEL-147963, RHEL-147964 Resolves: RHEL-147972, RHEL-147979, RHEL-147984, RHEL-147985, RHEL-148898...
kernel security update
4.18.0-553.117.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update
gstreamer1-plugins-bad-free 1.16.1-6.0.1 - Update origin URL Orabug: 36209826 1.16.1-6 - Add patch for CVE-2026-3082 Resolves: RHEL-156202 gstreamer1-plugins-base 1.16.1-6.0.1 - Update origin URL Orabug: 36209826 1.16.1-6 - Add patch for CVE-2026-2921 Resolves: RHEL-156169 gstreamer1-plugins-good...
nginx security update
2:1.26.3-2.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-6 - Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via...
crun security update
1.27-1 - update to https://github.com/containers/crun/releases/tag/1.27 - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-10.1.z - Resolves: RHEL-161416...
fontforge security update
20230101-15 - Resolves: RHEL-138129 CVE-2025-15270 SFD File Parsing Remote Code Execution Vulnerability...
crun security update
1.27-1 - update to https://github.com/containers/crun/releases/tag/1.27 - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-9.7.z - Resolves: RHEL-161439...
libvpx security update
1.3.0-8.0.3 - Fixes heap buffer overflow in libvpx CVE-2026-2447 Orabug: 39112729 1.3.0-8.0.1 - Fixes CVE-2025-5283 vpxcodecencinitmulti fix double free on init fail Orabug: 38103810...
freerdp security update
2:2.11.7-6 - Fix use of nscprocessmessage Resolves: RHEL-155984 2:2.11.7-5 - Backport several CVE fixes Resolves: RHEL-147954, RHEL-147955, RHEL-147970, RHEL-147977, RHEL-147980 Resolves: RHEL-148002, RHEL-148014, RHEL-148031, RHEL-148906, RHEL-148996 Resolves: RHEL-149007, RHEL-149056, RHEL-1559...
fontforge security update
20201107-8 - Resolves: RHEL-138245 CVE-2025-15270 SFD File Parsing Remote Code Execution Vulnerability...
perl-YAML-Syck security update
1.30-6 - Resolves: RHEL-156475 - Fix CVE-2026-4177...