8998 matches found
bind9.16 security and bug fix update
32:9.16.23-0.14 - Handle subtle difference between upstream and rhel CVE-2022-3094 32:9.16.23-0.13 - Prevent flooding with UPDATE requests CVE-2022-3094 - Handle RRSIG queries when server-stale is active CVE-2022-3736 - Fix crash when soft-quota is reached and serve-stale is active CVE-2022-3924...
libreswan security and bug fix update
4.9-2.0.1.2 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.9-2.2 - Update libreswan-4.9-2176248-authby-rsasig.patch 4.9-2.1 - Resolves: rhbz2187647 authby=rsasig fails in FIPS policy 4.9-2 - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length...
git security update
2.39.3-1 - Update to 2.39.3 - Resolves: 2188364, 2188373, 2190157, 2190158...
unbound security and bug fix update
1.16.2-5 - Stop creating wrong devel manual pages 2135322 1.16.2-4 - Apply correctly previous change CVE-2022-3204 1.16.2-3 - Fix NRDelegation attack leading to uncontrolled resource consumption CVE-2022-3204...
Image Builder security, bug fix, and enhancement update
cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095 45-1 - New upstream release 44-1 - New upstream release 43-1 - New upstream release 42-1 - New upstream release 40-1 - New upstream release 39-1 - New upstream release 38-1 - New upstream release...
gssntlmssp security update
1.2.0-1 - New release 1.2.0 - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix CVE-2023-25565: incorrect free when decoding target information - Fix CVE-2023-25566: memory leak when parsing username...
postgresql-jdbc security update
42.2.14-2 - Fix CVE-2022-41946...
php:7.4 security update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support 1.5.2-1 - update to 1.5.2 - add all explicit cmake options to ensure openssl is used even in local build with other lilbraries available 1.5.1-1 - update to 1.5.1 - drop dependency on zlib-devel and bzip2-devel no more referenced in libzip.pc...
grafana-pcp security update
3.2.0-3 - resolve CVE-2022-27664 grafana-pcp: golang: net/http: handle server errors after sending GOAWAY...
bind security and bug fix update
32:9.11.36-8 - Correct regression preventing bind-dyndb-ldap build 2133889 32:9.11.36-7 - Prevent excessive resource use while processing large delegations. CVE-2022-2795 32:9.11.36-6 - Prevent freeing zone during statistics rendering 2101712...
freerdp security update
2:2.2.0-10 - Fix 'implicit declaration of function' errors 2136153, 2145139 - 2:2.2.0-9 - CVE-2022-39282: Fix length checks in parallel driver 2136151 - CVE-2022-39283: Add missing length check in video channel 2136153 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145139 -...
frr security and bug fix update
7.5.1-7.0.1 - Fix POSTIN scriptlet Orabug: 34712485 7.5.1-7 - Resolves: 2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service 7.5.1-6 - Resolves: 1939516 - frr service cannot reload itself, due to executing in the wrong SELinux context 7.5.1-5 -...
webkit2gtk3 security update
2.38.5-1.3 - Restore libwpe and wpebackend-fdo dependencies Related: 2185741 sort of 2.38.5-1.2 - Disable libwpe and wpebackend-fdo dependencies Related: 2185741 sort of 2.38.5-1.1 - Add patch for CVE-2023-28205 Resolves: 2185741 2.38.5-1 - Update to 2.38.5 Related: 2127468 2.38.4-1 - Update to...
libtiff security update
4.0.9-27 - Fix various CVEs - Resolves: CVE-2022-3627 CVE-2022-3970...
python-mako security update
1.0.6-14 - Fix CVE-2022-40023 2128977...
freeradius:3.0 security update
3.0.20-14 - Fix defect found by Covscan Resolves: 2151704 3.0.20-13 - Fix multiple CVEs - Add rpminspect configuration Resolves: 2151702 Resolves: 2151704 Resolves: 2151706...
tigervnc security and bug fix update
1.12.0-15 - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz2180305 1.12.0-14 - SELinux: allow vncsession create .vnc directory Resolves: bz2164704 1.12.0-13 - Add sanity check when cleaning up keymap changes Resolves: bz2169960...
emacs security and bug fix update
1:26.1-9 - Fix MH-E mail composition with GNU Mailutils 1991156 1:26.1-8 - Fix ctags local command execute vulnerability 2149386...
device-mapper-multipath security and bug fix update
0.8.4-37 - Fix bugzilla linked to the changes was previously linked to the wrong bug, 2162537 - Resolves: bz 2166468 0.8.4-36 - Add 0129-libmultipath-select-resize-action-even-if-reload-is-.patch - Add 0130-libmultipath-cleanup-ACTCREATE-code-in-selectactio.patch - Add...
xorg-x11-server-Xwayland security update
21.1.3-10 - Fix CVE-2023-0494 2166972 21.1.3-9 - Follow-up fix for CVE-2022-46340 2151777 21.1.3-8 - CVE fix for: CVE-2022-4283 2151802, CVE-2022-46340 2151777, CVE-2022-46341 2151782, CVE-2022-46342 2151785, CVE-2022-46343 2151792, CVE-2022-46344 2151795 21.1.3-7 - Fix CVE-2022-3550, CVE-2022-35...
grafana security update
7.5.15-4 - resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY - resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps - resolve...
curl security and bug fix update
7.61.1-30 - fix HTTP multi-header compression denial of service CVE-2023-23916 7.61.1-29 - h2: lower initial window size to 32 MiB 2166254 7.61.1-28 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 7.61.1-27 - upon HTTP11REQUIRED, retry the request with HTTP/1.1 21393...
libarchive security update
3.3.3-5 - Fix for CVE-2022-36227...
apr-util security update
1.6.1-6.1 - Resolves: 2196572 - CVE-2022-25147 apr-util: out-of-bounds writes in the aprbase64...
git security update
2.39.3-1 - Update to 2.39.3 - Resolves: 2188352, 2188361, 2189976, 2189977...
git security and bug fix update
...
python38:3.8 and python38-devel:3.8 security update
...
python-pip security update
9.0.3-8.0.3 - CVE-2021-3572 Orabug: 35240686...
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
hivex libguestfs 1.44.0-9.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.44.0-9 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 1:1.44.0-8 -...
python3-setuptools security update
39.2.0-10.0.1 - Back port fix for CVE-2022-40897 Orabug: 35034581...
git security update
1.8.3.1-25 - Fixes CVE-2023-25652 and CVE-2023-29007 - Resolves: 2188354, 2188365...
container-tools:ol8 security, bug fix, and enhancement update
...
python39:3.9 and python39-devel:3.9 security update
...
samba security, bug fix, and enhancement update
...
container-tools:4.0 security and bug fix update
...
kernel security, bug fix, and enhancement update
...
firefox security update
102.11.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.11.0-2 - Update to 102.11.0 build2 102.11.0-1 - Update to 102.11.0 build1...
apr-util security update
1.5.2-6.0.1.1 - Rebuild bumping release 1.5.2-6.1 - Resolves: 2196120 - CVE-2022-25147 apr-util: out-of-bounds writes in the aprbase64...
thunderbird security update
102.11.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.11.0-1 - Update to 102.11.0 build1...
emacs security update
1:27.2-8.1 - Fix etags local command injection vulnerability 2184369 - Fix htmlfontify.el command injection vulnerability 2184368 - Fix ruby-mode.el local command injection vulnerability 2184367 - Fix ob-latex.el command injection vulnerability 2184377 1:27.2-8 - Use a 64KB page size for pdump...
webkit2gtk3 security update
2.38.5-1.1 - Add patch for CVE-2023-28205 Resolves: 2185745 2.38.5-1 - Update to 2.38.5 Related: 2127467 2.38.4-1 - Update to 2.38.4 Related: 2127467 2.38.3-1 - Update to 2.38.3 Related: 2127467 2.38.2-1 - Update to 2.38.2 Related: 2127467 2.38.1-2 - Fix use with aarch64 64 KiB page size Related:...
curl security update
7.76.1-23.el92.1 - fix FTP too eager connection reuse CVE-2023-27535 7.76.1-23 - fix HTTP multi-header compression denial of service CVE-2023-23916 7.76.1-22 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 7.76.1-21 - fix POST following PUT confusion CVE-2022-32221...
apr-util security update
1.6.1-20.1 - Resolves: 2196575 - CVE-2022-25147 apr-util: out-of-bounds writes in the aprbase64...
libreswan security update
4.9-4.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.9-4 - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz2187171 4.9-3 - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz2187171...
firefox security update
102.11.0-2.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.11.0-2 - Update to 102.11.0 build2 102.11.0-1 - Update to 102.11.0 build1...
openssh security update
8.7p1-29 - Resolve possible self-DoS with some clients Resolves: rhbz2186473...
thunderbird security update
102.11.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.11.0-1 - Update to 102.11.0 build1...
libreswan security update
4.9-2.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.9-2 - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length rhbz2173674...
mysql security update
8.0.32-1 - Update to MySQL 8.0.32 8.0.31-1 - Update to MySQL 8.0.31...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.14.2-2 - Provide simduft - Resolves: 2159389 1:18.14.2-1 - Rebase to 18.14.2 - Resolves: 2159389 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon 2.0.20-2 - Patch bundled glob-parent -...