8994 matches found
Unbreakable Enterprise kernel-container security update
5.4.17-2136.304.4.2.el7 - netfilter: nftablesoffload: incorrect flow offload action array size Pablo Neira Ayuso Orabug: 33899500 CVE-2022-25636...
virt:kvm_utils security update
hivex 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 libguestfs 1.40.2-28.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.40.2-28 -...
cyrus-sasl security update
2.1.26-24.0.1 - Check against gssapi null pointer Orabug: 33270138 2.1.26-24 - Fix for CVE-2022-24407 - Resolves: rhbz2055842...
cyrus-sasl security update
2.1.27-6 - Fix for CVE-2022-24407 - Resolves: rhbz2055846...
python-pillow security update
2.0.0-23gitd1c6db8 - Fixup for CVE-2022-22817 - Security fixes for CVE-2022-22815, CVE-2022-22816 Resolves: rhbz2042522 2.0.0-22gitd1c6db8 - Fix for CVE-2022-22817 Resolves: rhbz2042527...
python-pillow security update
5.1.1-18 - Fixup for CVE-2022-22817 - Security fixes for CVE-2022-22815, CVE-2022-22816 Resolves: rhbz2042522 5.1.1-17 - Fix for CVE-2022-22817 Resolves: rhbz2042527...
kernel security and bug fix update
3.10.0-1160.59.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...
389-ds-base security and bug fix update
1.3.10.2-15 - Bump version to 1.3.10.2-15 - Resolves: Bug 2049812 - Fix csn generator to limit time skew drift - Resolves: Bug 2048530 - CVE-2021-4091 389-ds-base: double-free of the virtual attribute context in persistent search...
openldap security update
2.4.44-25 - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 - Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input 2040538...
aide security update
0.14-11.0.1 - precalculate buffer size in base64 functions Orabug: 33835910CVE-2021-45417...
ruby:2.5 security update
rubygem-bundler 1.16.1-4 - Fix Bundler dependency confusion. Resolves: CVE-2020-36327...
thunderbird security update
91.6.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.6.0-1 - Update to 91.6.0 build1...
ruby:2.6 security update
ruby 2.6.9-108 - Upgrade to Ruby 2.6.9. - Skip JIT tests in RHEL 8. - Fix the issues required to start the 'make test-bundler' itself. - Fix Bundler dependency confusion. Resolves: CVE-2020-36327...
firefox security update
91.6.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build 91.6.0-1 - Update to 91.6.0 build1 91.5.0-2 - Use default update channel to fi...
thunderbird security update
91.6.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.6.0-1 - Update to 91.6.0 build1...
firefox security update
91.6.0-1.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.6.0-1 - Update to 91.6.0 build1 91.5.0-2 - Use default update channel to fix non working enterprise policies: rhbz2044667...
Unbreakable Enterprise kernel security update
5.4.17-2136.304.4.1 - Revert rds/ib: Kernel upgrade to rdsibconns info displayed by rds-info Rohit Nair Orabug: 33832625 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832582 CVE-2022-0492 5.4.17-2136.304.4 - scsi: libiscsi: Fix iscsitask use after free Mike...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.304.4.1 - Revert rds/ib: Kernel upgrade to rdsibconns info displayed by rds-info Rohit Nair Orabug: 33832625 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832582 CVE-2022-0492 5.4.17-2136.304.4 - scsi: libiscsi: Fix iscsitask use after free Mike...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.302.7.2.3 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832574 CVE-2022-0492...
Unbreakable Enterprise kernel security update
5.4.17-2136.302.7.2.3 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832574 CVE-2022-0492...
.NET 5.0 security and bugfix update
5.0.211-1.0.1 - Support AArch64 on Oracle Linux Orabug: 32738620 - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch 5.0.211-1 - Update to .NET SDK 5.0.211 and Runtime 5.0.14 - Resolves: RHBZ2047767...
aide security update
0.15.1-13.0.1 - Fix sha256 and sha512 output length Orabug: 30820565 0.15.1.1 - backported fix for CVE-2021-45417 resolves: rhbz2041952...
log4j security update
0:1.2.17-18 - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302...
aide security update
0.16.14.1 - backported fix for CVE-2021-45417 resolves: rhbz2041956...
qemu security update
15:4.2.1-15.el7 - Document CVE-2021-4158 and CVE-2021-3947 as fixed Mark Kanda Orabug: 33719302 Orabug: 33754145 CVE-2021-3947 CVE-2021-4158 - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 Philippe Mathieu-Daude Orabug: 32439466 CVE-2021-20196 - hw/block/fdc: Extract...
vim security update
8.0.1763-16.0.1.4 - - Remove upstream references Orabug: 31197557 2:8.0.1763-16.4 - CVE-2021-4193 vim: vulnerable to Out-of-bounds Read - CVE-2021-4192 vim: vulnerable to Use After Free 2:8.0.1763-16.3 - 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer...
bind security update
32:9.8.2-0.68.rc1.0.3.8 - Backport fix for CVE-2018-5741 Orabug: 33496185 32:9.8.2-0.68.rc1.0.2.8 - Backport possible assertion failure on DNAME processing CVE-2021-25215 32:9.8.2-0.68.rc1.0.1.8 - Backport the fix for buffer overflow CVE-2020-8625 Orabug: 32588749 32:9.8.2-0.68.rc1.8 - Fix...
varnish:6 security update
varnish 6.0.8-1.1 - Resolves: 2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules 0.15.0-6 - Related: 1982862 - rebuild for new varnish version...
rpm security update
4.14.3-19.2 - Address covscan issues in binding sigs validation patch 2022537 4.14.3-19.1 - Validate and require subkey binding sigs on PGP pubkeys 2022537 - Fixes CVE-2021-3521...
nodejs:14 security, bug fix, and enhancement update
nodejs 1:14.18.2-2 - Add missing fixes - Resolves: RHBZ2027642, RHBZ2027635 1:14.18.2-1 - Resolves: RHBZ2027609 - Resolves: RHBZ2027649, RHBZ2027646, RHBZ2027642, RHBZ2027635 - Rebase to new version to fix CVEs...
cryptsetup security update
2.3.3-4.1 - patch: fix CVE-2021-4122. - Resolves: 2036906...
samba security and bug fix update
4.10.16-18 - resolves: 2034800 - Fix usermap script regression caused by CVE-2020-25717 - resolves: 2036595 - Fix MIT realm regression caused by CVE-2020-25717 - resolves: 2046148 - Fix CVE-2021-44142...
samba security and bug fix update
4.14.5-9 - resolves: rhbz2046174 - Fix username map script regression of CVE-2020-25717 - resolves: rhbz2046160 - Fix possible segfault while joining a domain - resolves: rhbz2046152 - Fix CVE-2021-44142 4.14.5-8 - resolves: rhbz2026717 - Dir containing dangling symlinks cannot be deleted...
Unbreakable Enterprise kernel security update
4.1.12-124.60.1 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate Darrick J. Wong Orabug: 33699627 Orabug: 33762471 CVE-2021-4155 - fix regression in 'epoll: Keep a reference on files added to the check list' Al Viro Orabug: 33679854 Orabug: 33762505 CVE-2021-1048 CVE-2021-104...
nginx:1.20 security update
1.20.1-1.0.1 - Remove Red Hat references Orabug: 29498217 1:1.20.1-1 - rebase to 1.20.1 addressing CVE-2021-23017...
polkit security update
0.96-11.0.1.el610.1 - pkexec: local privilege escalation Orabug: 33789506CVE-2021-4034...
java-1.8.0-openjdk security and bug fix update
1:1.8.0.322.b06-2 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz2039366 1:1.8.0.322.b06-1 - Update to aarch64-shenandoah-jdk8u322-b06 EA - Update release notes for 8u322-b06. - Switch to GA mode for final release. - Require tzdata 2021e as of...
java-1.8.0-openjdk security update
1:1.8.0.322.b06-1 - Update to aarch64-shenandoah-jdk8u322-b06 EA - Update release notes for 8u322-b06. - Switch to GA mode for final release. - Require tzdata 2021e as of JDK-8275766. - Update tarball generation script to use git following shenandoah-jdk8u's move to github - Resolves: rhbz2039366...
parfait:0.5 security update
parfait 0.5.4-4 - Obsolete remove vulnerable versions of log4j12 NVR 1.2.17-23 when upgrading to parfait 0.5.4-4 CVE-2021-4104 0.5.4-3 - Drop all code explicitly using Log4J BZ 2032158...
log4j security update
0:1.2.14-6.4.1 - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 Orabug: 33689748...
polkit security update
0.115-13.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.115-13.el85.1 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034...
polkit security update
0.112-26.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.112-26.1 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034...
httpd:2.4 security update
httpd 2.4.37-43.1.0.1 - scoreboard: fix null pointer deference Orabug: 33690670CVE-2021-34798 - fix apescapequote logic Orabug: 33690686CVE-2021-39275 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html. 2.4.37-43.1 - Resolves:...
java-11-openjdk security update
1:11.0.14.0.9-1.0.1 - link atomic for ix86 build 1:11.0.14.0.9-1 - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT. - Resolves: rhbz2039366 1:11.0.14.0.8-0.1.ea - Update to jdk-11.0.14.0+8...
java-11-openjdk security update
1:11.0.14.0.9-2 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz2039366 1:11.0.14.0.9-1 - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT....
kernel security and bug fix update
4.18.0-348.12.25.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
gegl04 security update
0.4.4-6.2 - spec bump because of build pipeline issues 0.4.4-6.1 - Fix CVE-2021-45463 2035423...
libreswan security update
4.4-4.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.4-4 - Resolves: rhbz2036902 rebuild to enable rpminspect 4.4-3 - Resolves: rhbz2036902: fix patch application 4.4-2 - Resolves: rhbz2036902 ikev1: disable diagnostics logging on receiving malformed packets...
java-17-openjdk security update
1:17.0.2.0.8-4 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz2039366 1:17.0.2.0.8-3 - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes heap-heaps and @JAVASPECVER@ - Update icedteasync.sh with a VCS mode that retrieves...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.302.7.2.1 - vfs: fscontext: fix up param length parsing in legacyparseparam Jamie Hill-Daniel Orabug: 33761451 CVE-2022-0185...