8998 matches found
grafana security, bug fix, and enhancement update
7.5.15-3 - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ...
nodejs:14 security update
nodejs 1:14.20.1-2 - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 1:14.20.1-1 - Rebase to version 14.20.1 Resolves: CVE-2022-35256 nodejs-packaging 23-3 - Updated - Removed pathfix.py 23-2 - Rebuilt for...
nodejs:18 security update
nodejs 1:18.8.0-1 - Rebase to version 18.8.0 - Include sources for WASM blobs nodejs-packaging 2021.06-4 - NPM bundler: also find namespaced bundled dependencies 2021.06-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora35MassRebuild 2021.06-2 - Fix hard-coded output directory in the bundler...
Unbreakable Enterprise kernel security update
5.4.17-2136.313.6 - Uninitialized variable imageext in fixupvdsoexception of extable.c Alok Tiwari Orabug: 33000550 - NFSD: fix use-after-free on source server when doing inter-server copy Dai Ngo Orabug: 34475857 - EDAC/mceamd: Do not load edacmceamd module on guests Smita Koralahalli Orabug:...
libxml2 security update
2.9.7-15 - Fix CVE-2016-3709 2120781 2.9.7-14 - Fix CVE-2022-29824 2082298...
mutt security update
5:2.0.7-2 - Fix CVE-2022-1328 2109247...
xorg-x11-server and xorg-x11-server-Xwayland security and bug fix update
xorg-x11-server 1.20.11-9 - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz2108156, rhbz2108161 1.20.11-8 - Rebuild again for ipv6 xtrans fix Related: 2075132 1.20.11-6 - Rebuild for ipv6 xtrans fix Related: 2075132 xorg-x11-server-Xwayland 21.1.3-6 - CVE fix...
yajl security update
2.1.0-11 - fix CVE-2022-24795 - Related: 2061390...
gstreamer1-plugins-good security update
1.16.1-3 - Add patches for matroskademux. CVE-2021-3497 - Resolves: rhbz1948942...
libtiff security update
4.0.9-23 - Fix various CVEs - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1355...
php:7.4 security, bug fix, and enhancement update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.30-1 - rebase to 7.4.30 2099615 7.4.19-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 7.4.19-2 - fix SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 - fix Local privilege escalation via...
kernel security, bug fix, and enhancement update
4.18.0-425.3.1.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
redis:6 security, bug fix, and enhancement update
6.2.7-1 - rebase to 6.2.7 1999873...
container-tools:3.0 security update
buildah 1.19.9-6 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 https://github.com/containers/buildah/commit/6d7f496 - Related: 2061390 1.19.9-5 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19...
libreoffice security update
6.4.7.2-11.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor=Oracle America, Inc. - Added the --with-hamcrest option to configure. 1:6.4.7.2-11 - Resolves: rhbz2060559 CVE-2021-25636...
poppler security and bug fix update
20.11.0-5 - Dont run out of file for Hints - Rebuild for 2096452 - Resolves: 2090969, 2096452...
e2fsprogs security and bug fix update
1.45.6-5 - Update e2fsprogs with upstream fixes and improvements 2083621 - Fix out-of-bounds read/write via crafter filesystem 2073548...
python27:2.7 security update
babel 2.5.1-10 - Fix CVE-2021-20095 Resolves: rhbz1955615 2.5.1-9 - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz1695587 2.5.1-8 - Fix unversioned requires/buildrequires - Resolves: rhbz1628242 2.5.1-7 - Remove unversioned binaries - Resolves: rhbz1613343 2.5.1-6 - Make...
rsync security and enhancement update
3.1.3-19 - Resolves: 2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field 3.1.3-18 - Resolves: 2111175 - remote arbitrary files write inside the directories of connecting peers 3.1.3-17 - Related: 2043753 - New option should...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.519.2.1.el7 - xfs: trim IO to found COW extent limit Eric Sandeen Orabug: 34765284 - xfs: don't use delalloc extents for COW on files with extsize hints Christoph Hellwig Orabug: 34765284 4.14.35-2047.519.2 - Revert 'xfs: don't use delalloc extents for COW on files with extsize hints...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.313.6 - Uninitialized variable imageext in fixupvdsoexception of extable.c Alok Tiwari Orabug: 33000550 - NFSD: fix use-after-free on source server when doing inter-server copy Dai Ngo Orabug: 34475857 - EDAC/mceamd: Do not load edacmceamd module on guests Smita Koralahalli Orabug:...
dnsmasq security and bug fix update
2.79-24 - Prevent endless loop in forwardquery 2120357 2.79-23 - Add IPv6 ntp-server suboptions support 2049691 2.79-22 - Prevent use after free in dhcp6norelay CVE-2022-0934...
Unbreakable Enterprise kernel security update
4.14.35-2047.519.2.1 - xfs: trim IO to found COW extent limit Eric Sandeen Orabug: 34765284 - xfs: don't use delalloc extents for COW on files with extsize hints Christoph Hellwig Orabug: 34765284 4.14.35-2047.519.2 - Revert 'xfs: don't use delalloc extents for COW on files with extsize hints'...
libldb security, bug fix, and enhancement update
2.5.2-2 - resolves: rhbz2108998 - Rebuild to include python3-ldb-devel in CRB 2.5.2-1 - Rebase to version 2.5.2 - resolves: rhbz2109016 - Fix CVE-2022-32746 2.5.1-1 - related: rhbz2077484 - Rebase to version 2.5.1 2.5.0-1 - resolves: rhbz2077484 - Rebase to version 2.5.0...
bind9.16 security update
32:9.16.23-0.9.1 - Fix possible serve-stale related crash CVE-2022-3080 - Fix memory leak in ECDSA verify processing CVE-2022-38177 - Fix memory leak in EdDSA verify processing CVE-2022-38178 32:9.16.23-0.9 - Tighten cache protection against record from forwarders CVE-2021-25220 - Include test of...
python38:3.8 and python38-devel:3.8 security update
Cython 0.29.14-4 - Exclude unsupported i686 arch 0.29.14-3 - Unversioned binaries renamed 0.29.14-2 - Adjusted for Python 3.8 module in RHEL 8 - without emacs plugin 0.29.14-1 - Update to 0.29.14 1768034 - Python 2 subpackage has been removed scipy 1.3.1-4 - Exclude unsupported i686 arch 1.3.1-3 ...
grafana-pcp security update
3.2.0-2 - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read -...
zlib security update
1.2.7-20.0.1 - Resolves: CVE-2022-37434 Orabug: 34752508...
zlib security update
1.2.3-29.0.3 - Fix for CVE-2022-37474 Orabug: 34759428...
kvm_utils security update
hivex 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release 1.3.18 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release 1.3.15...
ol8addon security update
golang 1.17.13-1.0.1 - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust 1.17.12-1 - Update Go to version 1.17.12 - Resolves: rhbz2109182 go-toolset 1.17.13-1 - Set version to correspond to the matching build golang version...
qemu security update
15:4.2.1-21.el7 - qemu-kvm.spec: Fix the qemu-regdump sos report plugin path Mark Kanda Orabug: 34680062 - qmp-regdump: Require python3 on OL8 Mark Kanda Orabug: 34672256 - iotests: Adjust 186.out to account for 'null' node-name Mark Kanda Orabug: 34447388 - block: Set the name of BlockBackend if...
kernel security, bug fix, and enhancement update
5.14.0-70.30.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.30.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...
pcs security update
0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery in web-ui - Resolves: rhbz2099578 rhbz2093232 0.9.169-3.el73.1 - Explicitly close libcurl connections to prevent stalled TCP connections in...
php-pear security update
1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949...
pki-core security update
11.0.6-1.0.1 - Replaced upstream graphical references Orabug: 33952704 11.0.6-1 - Bug 2107335 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE rhel-9.0.0.z...
kernel security and bug fix update
3.10.0-1160.80.1.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.80.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 2481767...
zlib security update
1.2.11-32 - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434...
python3.9 security update
3.9.10-3 - Security fix for CVE-2020-10735 - Fix the test suite support for Expat = 2.4.5 Resolves: rhbz1834423...
lua security update
5.4.2-4.3 - Fix up CVE-2022-33099 patch 5.4.2-4.2 - Enable gating 5.4.2-4.1 - apply upstream fix for CVE-2022-33099...
openssl security update
3.0.1-43.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-43 - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 1:3.0.1-42 - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602...
Unbreakable Enterprise kernel security update
4.1.12-124.68.3 - Orabug: 34733462 Alok Tiwari 4.1.12-124.68.2 - ptp: fix the race between the release of ptpclock and cdev Vladis Dronov Orabug: 31350707 CVE-2020-10690 - ptp: Fix pass zero to ERRPTR in ptpclockregister YueHaibing Orabug: 31350707 - chardev: add helper function to register char...
openssl security update
3.0.1-41.0.3 - Add units tests for CVE-2022-3786, CVE-2022-3602 patches 3.0.1-41.0.2 - Fix CVE-2022-3786, CVE-2022-3602 3.0.1-41.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz2115861 - Add FIPS indicator for HKDF...
compat-expat1 security update
1.95.8-8.0.1 - Ensure raw tagnames are safe exiting internalEntityParser CVE-2022-40674Orabug: 34708578...
expat security update
2.0.1-13.0.2 - Ensure raw tagnames are safe exiting internalEntityParser CVE-2022-40674Orabug: 34694174...
thunderbird security update
102.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.4.0-1 - Update to 102.4.0 build1...
mysql:8.0 security, bug fix, and enhancement update
mecab 0.996-2 - Rebuild to fix the issue described in 2000986 - Resolves: 2000986 mysql 8.0.30-1 - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, s390 and robin hood - Add a new plugin 'conflictingvariables.so' 8.0.29-1 - Update to MySQL 8.0.29 8.0.28-1 - Update to MySQL 8.0.2...
postgresql:12 security update
postgresql 12.12-1 - Resolves: 2131177 - Update to version 12.12...
firefox security update
102.3.0-6.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.3.0-6 - Update to 102.3.0 build1...
389-ds:1.4 security update
1.4.3.28-8 - Bump version to 1.4.3.28-8 - Resolves: Bug 2131743 - SIGSEGV in syncrepl...