9178 matches found
rsync security update
3.1.3-14.3 - Resolves: 2111174 - remote arbitrary files write inside the directories of connecting peers...
php:7.4 security update
php 7.4.19-4 - fix uninitialized array in pgqueryparams leading to RCE CVE-2022-31625...
thunderbird security update
91.13.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.13.0-1 - Update to 91.13.0 build1...
firefox security update
91.13.0-1.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.13.0-1 - Update to 91.13.0 build1...
curl security update
7.76.1-14.el90.5 - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208...
curl security update
7.61.1-22.el86.4 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208...
podman security update
1.6.4-36.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - handle redirect from the docker registry v2 Orabug: 29874238 [email protected] - remove changes in NaiveDiffDriver 1.6.4-36 - update to the latest content of...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.516.2.1 - rds: copyfromuser only once per rdssendmsg system call Hans Westgaard Ry Orabug: 33981856 CVE-2022-21385...
Unbreakable Enterprise kernel security update
5.4.17-2136.310.7.1 - rds: copyfromuser only once per rdssendmsg system call Hans Westgaard Ry Orabug: 33981855 CVE-2022-21385...
Unbreakable Enterprise kernel-container security update
5.15.0-1.43.4.2 - rds: copyfromuser only once per rdssendmsg system call Hans Westgaard Ry Orabug: 33981854 CVE-2022-21385...
Unbreakable Enterprise kernel security update
5.15.0-1.43.4.2 - rds: copyfromuser only once per rdssendmsg system call Hans Westgaard Ry Orabug: 33981854 CVE-2022-21385...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.310.7.1 - rds: copyfromuser only once per rdssendmsg system call Hans Westgaard Ry Orabug: 33981855 CVE-2022-21385...
Unbreakable Enterprise kernel security update
4.14.35-2047.516.2.1 - rds: copyfromuser only once per rdssendmsg system call Hans Westgaard Ry Orabug: 33981856 CVE-2022-21385...
cri-o security update
1.22.5-1 - Addresses CVE-2022-1708...
cri-o security update
1.21.7-2 - Addresses CVE-2022-1708 1.21.7-1 - Added Oracle Specifile Files for cri-o...
cri-o security update
1.21.7-2 - Addresses CVE-2022-1708 1.21.7-1 - Added Oracle Specifile Files for cri-o...
cri-o security update
1.22.5-1 - Addresses CVE-2022-1708...
httpd security update
2.2.15-69.0.5 - handle large writes in aprputs CVE-2022-28614Orabug: 34317854...
Unbreakable Enterprise kernel-container security update
r 5.4.17-2136.310.7 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - x86/specctrl: limit IBRSFW to retpoline only Ankur Arora Orabug: 34450896 - x86/bugs: display dynamic retbleed state Ankur Arora Orabug: 34450896 - x86/bugs:...
Unbreakable Enterprise kernel security update
5.4.17-2136.310.7 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - x86/specctrl: limit IBRSFW to retpoline only Ankur Arora Orabug: 34450896 - x86/bugs: display dynamic retbleed state Ankur Arora Orabug: 34450896 - x86/bugs:...
.NET 6.0 security, bug fix, and enhancement update
6.0.108-1.0.1 - Add missing Oracle RIDs 6.0.108-1 - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ2112412...
.NET Core 3.1 security, bug fix, and enhancement update
3.1.422-1.0.1 - Add missing Oracle Linux Runtime IDs 3.1.422-1 - Update to .NET SDK 3.1.422 and Runtime 3.1.28 - Resolves: RHBZ2115351...
kernel security and bug fix update
3.10.0-1160.76.1.0.1.OL7 debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.76.1.OL7 Update Oracle Linux certificates Ilya Okomin Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] Update x509.genkey Orabug: 24817676 Confli...
kernel security, bug fix, and enhancement update
5.14.0-70.22.1.0.10.OL9 lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.22.10.OL9 Update Oracle Linux certificates Kevin Lyons Disable signing for aarch64 Ilya Okomin Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...
httpd:2.4 security update
httpd 2.4.37-47.0.2.2 - modproxy: approxyhttprequest to clear hop-by-hop first and...
galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
galera 26.4.11-1.0.1 - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Patches from previous release have been deleted - Drop nmap-ncat requirement. Orabug: 34116228 - Added galera-skip-lp1184034-testcase.patch - Added...
.NET 6.0 security, bug fix, and enhancement update
6.0.108-1.0.1 - Add missing Oracle RIDs - Build all packages on source-build even when in servicing 6.0.108-1 - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ2112413...
vim security update
8.2.2637-16.0.1.3 - Remove upstream references Orabug: 31197557 2:8.2.2637-16.3 - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vimregsubboth in regexp.c - CVE-2022-1927 vim: buffer over-read in utfptr2char in mbyte.c...
Unbreakable Enterprise kernel security update
4.14.35-2047.516.1.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460938 CVE-2022-2588 4.14.35-2047.516.1 - KVM: x86: Avoid theoretical NULL pointer dereference in kvmirqdeliverytoapicfast Vitaly Kuznetsov Orabug: 34323860 CVE-2022-2153 - KVM: x8...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.516.1.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460938 CVE-2022-2588 4.14.35-2047.516.1 - KVM: x86: Avoid theoretical NULL pointer dereference in kvmirqdeliverytoapicfast Vitaly Kuznetsov Orabug: 34323860 CVE-2022-2153 - KVM: x8...
Unbreakable Enterprise kernel security update
5.4.17-2136.309.5.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460937 CVE-2022-2588...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.309.5.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460937 CVE-2022-2588...
Unbreakable Enterprise kernel security update
4.1.12-124.65.1.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460939 CVE-2022-2588...
Unbreakable Enterprise kernel security update
5.15.0-1.43.4.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460936 CVE-2022-2588 5.15.0-1.43.4 - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour Alan Maguire Orabug: 34399286 - Revert selftests/bpf: Add test for reg2btfids o...
Unbreakable Enterprise kernel-container security update
5.15.0-1.43.4.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460936 CVE-2022-2588 5.15.0-1.43.4 - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour Alan Maguire Orabug: 34399286 - Revert selftests/bpf: Add test for reg2btfids o...
virt:kvm_utils security update
libvirt 5.7.0-34.el8 - qemu: blockcopy: Allow late opening of the backing chain of a shallow copy Peter Krempa Orabug: 33091019 - qemu: capabilities: Introduce QEMUCAPSBLOCKDEVSNAPSHOTALLOWWRITEONLY Peter Krempa Orabug: 33091019 - qemuDomainBlockCopyCommon: Record updated flags to block job Peter...
kernel security and bug fix update
4.18.0-372.19.1.0.16.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...
virt:ol and virt-devel:ol security, bug fix, and enhancement update
libvirt 8.0.0-5.2.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-5.2.el8 - cpumap: Disable cpu64-rhel for host-model and baseline rhbz2084030 - cputest: Drop some old artificial baseline tests rhbz2084030 - cputest: Give...
vim security update
8.0.1763-19.0.1.4 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-19.4 - fix issue reported by covscan 2:8.0.1763-19.3 - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in...
openssl security update
1:1.1.1k-7 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz2100554 - Fix CVE-2022-1292: openssl: crehash script allows command injection Resolves: rhbz2090371 - Fix CVE-2022-2068: the...
xorg-x11-server security update
1.20.4-18 - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz2109031, rhbz2109033...
php security update
8.0.13-2 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626...
httpd security update
2.2.15-69.0.4 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34317859 2.2.15-69.0.3 - core: Simpler connection close logic CVE-2022-22720Orabug: 33991577...
httpd security update
2.4.51-7.0.2 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381949...
httpd security update
2.4.6-97.0.7.5 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850...
go-toolset:ol8 security and bug fix update
delve 1.7.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.7.2-1 - Rebase to 1.7.2 - Related: rhbz2014088 golang 1.17.12-1 - Update Go to version 1.17.12 - Resolves: rhbz2109182 1.17.10-2 - Clean up dist-git patches - Resolves: rhbz2109173 go-toolset 1.17.12-1 - Update Go to...
389-ds:1.4 security update
1.4.3.28-7 - Bump version to 1.4.3.28-7 - Resolves: Bug 2081008 - CVE-2022-0996 389-ds:1.4/389-ds-base: expired password was still allowed to access the database - Resolves: Bug 2081014 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS...
ruby:2.5 security update
ruby 2.5.9-110 - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 - CGI::Cookie.parse no longer decodes cookie names to prevent spoofing...
mariadb:10.5 security, bug fix, and enhancement update
galera 26.4.11-1 - Rebase to 26.4.11 mariadb 3:10.5.16-2 - Release bump for rebuild 3:10.5.16-1 - Rebase to 10.5.16 3:10.5.15-1 - Rebase to 10.5.15...
Unbreakable Enterprise kernel security update
4.1.12-124.65.1 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33825689 CVE-2022-0492 - ocfs2: kill EBUSY from dlmfsevictinode Junxiao Bi Orabug: 34091904 - ocfs2: dlmfs: fix error handling of userdlmdestroylock Junxiao Bi via Ocfs2-devel Orabug: 34091904 - ocfs2:...