8997 matches found
openssl security update
1.0.2k-25fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059 1:1.0.2k-25 -...
openssl security update
1:1.0.2k-25 - Fixes CVE-2022-2078 Infinite loop in BNmodsqrt reachable when parsing certificates - Related: rhbz2067160...
expat security update
2.1.0-14.0.1 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910302 2.1.0-14 - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in 'xmlns:prefix' attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8...
openssl security update
1:1.1.1k-6 - Fixes CVE-2022-0778 openssl: Infinite loop in BNmodsqrt reachable when parsing certificates - Resolves: rhbz2067144...
httpd:2.4 security update
httpd 2.4.37-43.0.2.3 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-43.3 - Resolves: 2065247 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier...
httpd security update
2.4.6-97.0.5.5 - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.5 - Resolves: 2065243 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier...
openssl security update
1.0.1e-59.0.3 - Fix possible infinite loop in BNmodsqrt CVE-2022-0778Orabug: 33969800...
openssl security update
1:1.1.1k-5.0.1 - fix CVE-2022-0778 - possible infinite loop in BNmodsqrt Orabug: 33974871...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.305.5.3 - bpf: fix out-of-tree module build Alan Maguire Orabug: 33973548 - ACPICA: Enable sleep button on ACPI legacy wake Anchal Agarwal Orabug: 33973543 - Revert 'btrfs: inode: refactor the parameters of insertreservedfileextent' Srikanth C S Orabug: 33973491 - Revert 'btrfs: fix...
Unbreakable Enterprise kernel security update
5.4.17-2136.305.5.3 - bpf: fix out-of-tree module build Alan Maguire Orabug: 33973548 - ACPICA: Enable sleep button on ACPI legacy wake Anchal Agarwal Orabug: 33973543 - Revert 'btrfs: inode: refactor the parameters of insertreservedfileextent' Srikanth C S Orabug: 33973491 - Revert 'btrfs: fix...
openssl security update
1:1.1.1k-5.0.1 - fix CVE-2022-0778 - possible infinite loop in BNmodsqrt Orabug: 33974871...
libtpms security update
libtpms 0.8.8-1.el7 - spec: Update spec file to version 0.8.8 Fri Sep 17 2021 Stefan Berger - 0.8.7-1 - tpm2: Fixes for building and running with OpenSSL 3.0 Fri Sep 10 2021 Stefan Berger - 0.8.6-1 - tpm2: Marshal event sequence objects' hash state Wed Sep 01 2021 Stefan Berger - 0.8.5-1 - tpm2:...
openssl security update
1.0.2k-24.0.3 - fix CVE-2022-0778 - possible infinite loop in BNmodsqrt...
cyrus-sasl security update
2.1.23-15.0.1.2 - Escape password for SQL insert/update commands CVE-2022-24407Orabug: 33936121...
glibc security update
...
expat security update
2.2.5-4.0.1.3 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910314...
openssl security update
1.0.2k-24.0.3 - fix CVE-2022-0778 openssl: Fix possible infinite loop in BNmodsqrt - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 -...
openssl security update
1.0.2k-24.0.3 - fix CVE-2022-0778 - possible infinite loop in BNmodsqrt...
cri-o security update
1.20.7-1 - Added Oracle Specifile Files for cri-o...
cri-o security update
1.21.6-1 - Added Oracle Specifile Files for cri-o...
gnutls security update
3.6.16-4.0.1fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 - Allow bigger known RSA modulus sizes when calling rsageneratefips1864keypair directly Orabug: 33200526 - Change Epoch from 1 to 10...
glibc security update
2.28-164.0.5.3 - Merge external errata patches. - Siddhesh Poyarekar - 2.28-164.3 - CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak 2032280 - Siddhesh Poyarekar - 2.28-164.2 - CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc clntcreate for 'unix' and...
389-ds:1.4 security and bug fix update
1.4.3.23-14 - Bump version to 1.4.3.23-14 - Resolves: Bug 2059893 - Paged search lookthroughlimit counter doesnt take read ahead into account - Resolves: Bug 2060106 - Based on 1944494 RFC 4530 entryUUID attribute - plugin entryuuid failing - Resolves: Bug 2060110 - double-free of the virtual...
vim security update
8.0.1763-16.0.1 - - Remove upstream references Orabug: 31197557 2:8.0.1763-16.12 - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository 2:8.0.1763-16.11 - CVE-2022-0413 vim: use after free in src/excmds.c - Fix specfile problems - Resolves: rhbz2048525 2:8.0.1763-16.10 - CVE-2022-04...
libxml2 security update
2.9.7-12 - Fix CVE-2022-23308 2057663 2.9.7-11 - Fix CVE-2021-3541 1958783 2.9.7-10 - Fix CVE-2021-3516 1956976 - Fix CVE-2021-3517 1957001 - Fix CVE-2021-3518 1957028 - Fix CVE-2021-3537 1957284...
libarchive security update
3.3.3-3 - Do not follow symlinks when processing the fixup list CVE-2021-31566 3.3.3-2 - Fix handling of symbolic link ACLs CVE-2021-23177...
expat security update
2.2.5-4.3 - Improve fix for CVE-2022-25236 - Related: CVE-2022-25236 2.2.5-4.2 - Fix multiple CVEs - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315 2.2.5-4.1 - Fix multiple CVEs - CVE-2022-23852 expat: integer overflow in function XMLGetBuffer - CVE-2021-45960 expa...
expat security update
2.1.0-12.0.1 - lib: Prevent integer overflow on groupSize CVE-2021-46143Orabug: 33910302 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910302...
httpd:2.4 security update
httpd 2.4.37-43.0.2.2 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-43.2 - Resolves: 2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests - Resolves: 2059257 - CVE-2021-39275...
thunderbird security update
91.7.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.7.0-2 - Update to 91.7.0 build2 91.7.0-1 - Update to 91.7.0 build1...
thunderbird security update
91.7.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.7.0-2 - Update to 91.7.0 build2 91.7.0-1 - Update to 91.7.0 build1...
.NET 6.0 security and bugfix update
6.0.103-4.0.1 - Add missing Oracle RIDs 6.0.103-4 - Rebuild against .NET 6.0.102 to pick up the correct fixes - Resolves: RHBZ2059640 6.0.103-3 - Update to new source release for SDK 6.0.103 and Runtime 6.0.3 - Resolves: RHBZ2059640 6.0.103-2 - Switch to new source release for SDK 6.0.103 and...
.NET Core 3.1 security and bugfix update
3.1.417-1.0.1 - Add missing Oracle Linux Runtime IDs 3.1.417-1 - Update to .NET SDK 3.1.417 and Runtime 3.1.23 - Resolves: RHBZ2060567...
.NET 5.0 security and bugfix update
5.0.212-1.0.1 - Support AArch64 on Oracle Linux Orabug: 32738620 - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch 5.0.212-1 - Update to .NET SDK 5.0.212 and Runtime 5.0.15 - Resolves: RHBZ2060496...
kernel security, bug fix, and enhancement update
4.18.0-348.20.15.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
python-pip security update
9.0.3-8.0.1 - CVE-2019-20916 Orabug: 33861505...
firefox security update
91.7.0-3.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.7.0-3 - Update to 91.7.0 build3 91.7.0-2 - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 91.7.0-1 - Update to 91.7.0 build2 91.6.0-2 - Install...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.511.5.6.el7 - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942242 CVE-2022-0847...
firefox security and bug fix update
91.7.0-3.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build 91.7.0-3 - Update to 91.7.0 build3 91.7.0-2 - Added expat backports of...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.304.4.5 - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942329 CVE-2022-0847 - bpf: Disallow unprivileged bpf by default Pawan Gupta Orabug: 33942374...
Unbreakable Enterprise kernel security update
4.14.35-2047.511.5.6 - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942242 CVE-2022-0847...
Unbreakable Enterprise kernel security update
5.4.17-2136.304.4.5 - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942329 CVE-2022-0847 - bpf: Disallow unprivileged bpf by default Pawan Gupta Orabug: 33942374...
.NET 6.0 security and bugfix update
6.0.102-1.0.1 - Add missing Oracle RIDs 6.0.102-1 - Update to .NET SDK 6.0.102 and Runtime 6.0.2 - Resolves: RHBZ2048257...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.511.5.4.el7 - x86/speculation: Add knob for eibrsretpolineenabled Patrick Colp Orabug: 33922122 CVE-2021-26341 - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline Patrick Colp Orabug: 33922122 CVE-2021-26341 - x86/speculation: Update link to AMD...
Unbreakable Enterprise kernel security update
4.14.35-2047.511.5.4 - x86/speculation: Add knob for eibrsretpolineenabled Patrick Colp Orabug: 33922122 CVE-2021-26341 - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline Patrick Colp Orabug: 33922122 CVE-2021-26341 - x86/speculation: Update link to AMD...
ruby:2.5 security update
ruby 2.5.9-109.0.1 - Rebuild with a dependency containing fix for Orabug: 33921593 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.304.4.4 - arm64: Use the clearbhb instruction in mitigations James Morse Orabug: 33921646 - arm64: add IDAA64ISAR2EL1 sys register Joey Gouly Orabug: 33921646 - KVM: arm64: Allow SMCCCARCHWORKAROUND3 to be discovered and migrated James Morse Orabug: 33921646 - arm64: Mitigate spectre...
Unbreakable Enterprise kernel security update
5.4.17-2136.304.4.4 - arm64: Use the clearbhb instruction in mitigations James Morse Orabug: 33921646 - arm64: add IDAA64ISAR2EL1 sys register Joey Gouly Orabug: 33921646 - KVM: arm64: Allow SMCCCARCHWORKAROUND3 to be discovered and migrated James Morse Orabug: 33921646 - arm64: Mitigate spectre...
jquery-ui security update
1.10.4.custom-4.0.1 - Backport jQuery CVE-2020-11022 and CVE-2020-11023 fixes to bundled jQuery v1.10.2 Orabug: 33869588 1.10.4.custom-4 - removed %%defattr from specfile - removed Group from specfile - removed BuildRoot from specfiles Tue May 10 2016 Grant Gainey 1.10.4.custom-3 - jquery-ui: bui...
Unbreakable Enterprise kernel security update
5.4.17-2136.304.4.2 - netfilter: nftablesoffload: incorrect flow offload action array size Pablo Neira Ayuso Orabug: 33899500 CVE-2022-25636...