9158 matches found
perl:5.32 security update
perl 4:5.32.1-474 - Resolves: RHEL-153834 - Fix CVE-2025-40909 - Clone dirhandles without fchdir 4:5.32.1-473 - Fix CVE-2023-47038 - Added perl-autouse and perl-ExtUtils-MM-Utils to perl run-requires 4:5.32.1-472 - Add definition of OPTIMIZE to .ph files, if optimizing is used bug2159760...
.NET 9.0 security update
9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163394...
.NET 10.0 security update
10.0.106-1.0.1 - Add support for Oracle Linux 10.0.106-1 - Update to .NET SDK 10.0.106 and Runtime 10.0.6 - Resolves: RHEL-163381...
python3 security update
3.6.8-21.0.9 - Security update CVE-2025-15366, CVE-2025-15367, CVE-2026-1299 Orabug: 39159999 3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS...
python security update
2.7.5-94.0.5 - Fix for CVE-2025-15366 and CVE-2025-15367 Orabug: 39114639 2.7.5-94.0.3 - Fix for CVE-2025-12084 Orabug: 38902314...
.NET 10.0 security update
10.0.106-1.0.1 - Add support for Oracle Linux 10.0.106-1 - Update to .NET SDK 10.0.106 and Runtime 10.0.6 - Resolves: RHEL-163385...
.NET 8.0 security update
8.0.126-1.0.1 - Add support for Oracle Linux 8.0.126-1 - Update to .NET SDK 8.0.126 and Runtime 8.0.26 - Resolves: RHEL-163417...
freerdp security update
2:3.10.3-5.6 - Update CLEARVBARENTRY size after alloc CVE-2026-33984 - Fail progressiverfxquantsub on invalid values CVE-2026-33983 Resolves: RHEL-162946, RHEL-162962...
.NET 10.0 security update
10.0.106-1.0.1 - Add support for Oracle Linux 10.0.106-1 - Update to .NET SDK 10.0.106 and Runtime 10.0.6 - Resolves: RHEL-163384...
squid:4 security update
libecap 1.0.1-2 - Resolves: 1695587 - Ensure modular RPM upgrade path 1.0.1-1 - new version 1.0.1 - autoconf.h moved from lookaside to dist-git 1.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora27BinutilsMassRebuild 1.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild...
thunderbird security update
140.9.1-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.9.1 - Add OpenELA debranding 140.9.1-1 - Update to 140.9.1 ESR...
.NET 9.0 security update
9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163396...
bind security update
32:9.11.36-16.7 - Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519...
Unbreakable Enterprise kernel security update
5.4.17-2136.354.4.1 - Revert 'rds: Drop rds conn in connect worker if not in down state.' Alok Tiwari Orabug: 39200399 5.4.17-2136.354.4 - macvlan: fix possible UAF in macvlanforwardsource Eric Dumazet Orabug: 38887731 CVE-2026-23001 - macvlan: Use 'hash' iterators to simplify code Christophe...
Unbreakable Enterprise kernel security update
6.12.0-201.74.2.1 - Revert 'rds: Drop rds conn in connect worker if not in down state.' Vijayendra Suman Orabug: 39200413 - iouring/kbuf: check if target buffer list is still legacy on recycle Jens Axboe Orabug: 39202438 - ipv6: use RCU in ip6xmit Eric Dumazet Orabug: 39202432 CVE-2025-40135 - ds...
vim security update
8.2.2637-23.0.1.el97.2 - Remove upstream references Orabug: 31197557 2:8.2.2637-23.2 - RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin - RHEL-155422 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap fi...
pcs security update
0.10.18-2.0.1.el810.9 - Replaced HAM-logo 0.10.18 - Debrand PCS 0.10.18-2.el810.9 - Fixed CVE-2026-31958 by patching bundled Tornado Resolves: RHEL-155293...
fontforge security update
20200314-7 - Resolves: RHEL-138168 CVE-2025-15270 SFD File Parsing Remote Code Execution Vulnerability - Resolves: RHEL-138174 CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138190 CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow - Resolves: RHEL-1381...
bind9.18 security update
32:9.18.29-5.4 - Correct backport issue in the patch CVE-2026-1519 32:9.18.29-5.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519...
bind9.16 security update
32:9.16.23-0.22.5 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519...
golang-github-openprinting-ipp-usb security update
0.9.27-5.1 - rebuilt to fix CVE-2026-25679...
cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
344-3.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation...
bind security update
9.16.23-34.0.1.el97.2 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.2 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes...
squid security update
7:6.10-6.3 - Resolves: RHEL-160667 - squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 7:6.10-6.2 - Resolves: RHEL-160665 - squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526...
firefox security update
140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 140.9.1 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.9.1-1 - Update to 140.9.1 ESR...
nodejs:20 security update
nodejs 1:20.20.2-1 - Update to version 20.20.2 Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-164336 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves:...
nghttp2 security update
1.33.0-6.2 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
vim security update
9.1.083-6.0.1.el101.3 - Remove upstream references Orabug: 31197557 2:9.1.083-6.3 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function 2:9.1.083-6.2 - RHEL-155409 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted sw...
firefox security update
140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.9.1 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.9.1-1 - Update to 140.9.1 ESR...
firefox security update
140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.9.1-1 - Update to 140.9.1 ESR...
perl-XML-Parser security update
2.46-9.1.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.46-9.1 - Fix CVE-2006-10002, CVE-2006-10003...
perl-XML-Parser security update
2.44-12.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.44-12 - Fix CVE-2006-10002, CVE-2006-10003...
nghttp2 security update
1.43.0-6.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
perl-XML-Parser security update
2.47-6.1.0.1 - Add perlLWP Requires 2.47-6.1 - Fix CVE-2006-10002, CVE-2006-10003...
nodejs:24 security update
nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 Related: RHEL-151374 1:24.14.1-1 - Update to 24.14.0 Resolves: RHEL-151374 nodejs-nodemon 3.0.3-1 - Initial import into nodejs:24 module nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves:...
openexr security update
3.1.10-8.1 - fix CVE-2026-27622...
nghttp2 security update
1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
nginx:1.26 security update
2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...
kea security update
3.0.1-3 - Fixes CVE-2026-3608...
cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
344-2.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation...
nodejs:24 security update
nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 1:24.14.1-1 - Update to version 24.14.1 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fix BR for nodejs-npm nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121581 2021.06-5 -...
nodejs:22 security update
nodejs 1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-152...
Unbreakable Enterprise kernel security update
6.12.0-200.74.27.2 - ipv6: use RCU in ip6xmit Eric Dumazet Orabug: 39186444 CVE-2025-40135 - netfilter: nftables: fix use-after-free in nftablesaddchain Inseo An Orabug: 39181102 CVE-2026-23231 - dst: fix races in rt6uncachedlistdel and rtdeluncachedlist Eric Dumazet Orabug: 39181101 CVE-2026-230...
grafana security update
9.2.10-29.0.1 - Fixes CVE-2024-1442 Add email verification when updating user email Orabug: 38550520 9.2.10-29 - Resolves RHEL-156639: CVE-2026-25679...
nodejs:22 security update
nodejs 1:22.22.2-1 - Update to version 22.22.2 Resolves: RHEL-154019 Fixes: CVE-2026-1528 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-27135 CVE-2026-1528 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883...
git-lfs security update
3.6.1-8 - Rebuild with new Golang - Resolves: RHEL-158724...
capstone security update
5.0.1-7 - Fix CVE-2025-67873 heap buffer overflow Resolves: RHEL-141551 - Fix CVE-2025-68114 memory corruption Resolves: RHEL-137747...
nginx security update
1.20.1-24.0.1.el97.2 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-24.2 - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer...
nginx:1.24 security update
1.24.0-5.2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-5.2 - Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159445...
libtiff security update
4.6.0-6.2 - fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file RHEL-148254...