Download
| Alert*
|
oval:org.secpod.oval:def:1506305
[5:2.2.6-1] - Rebase to upstream version 2.2.6 Resolves: CVE-2022-1328 oval:org.secpod.oval:def:1505973 [91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505854 Oracle Linux 9 is installed oval:org.secpod.oval:def:1505983 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505863 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.1-1] - Update to 91.9.1 build1 oval:org.secpod.oval:def:1505867 [91.9.1-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.1-1] - Update to 91.9.1 build1 oval:org.secpod.oval:def:1506455 [0.11.3-4.el9_1.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159426 oval:org.secpod.oval:def:1506022 [28-5.1] - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213 oval:org.secpod.oval:def:1506452 [2:1.34-6] - Fix CVE-2022-48303 - Resolves: CVE-2022-48303 oval:org.secpod.oval:def:1505930 [6.0.108-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.108-1] - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ#2112413 oval:org.secpod.oval:def:1506201 [4.2.0-7.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-7] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel - Resolves: #2120436 [2:4.2.0-6] - update to the latest content of https://github.com/containers/podman/t ... oval:org.secpod.oval:def:1505878 [7.5.11-5] - resolve CVE-2022-31107 grafana: OAuth account takeover oval:org.secpod.oval:def:1506653 [3.0.21-37] - Fix defect found by covscan Resolves: #2151705 [3.0.21-36] - Fix multiple CVEs Resolves: #2151705 Resolves: #2151703 Resolves: #2151707 [3.0.21-35] - Rebuild to add subpackages to CRB report Resolves: #2126380 oval:org.secpod.oval:def:1506665 [1.18.4-6] - Fixes for CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 Resolves: rhbz#2131034, rhbz#2131039, rhbz#2131045, rhbz#2131049, rhbz#2131054, rhbz#2131060, rhbz#2131064 oval:org.secpod.oval:def:1506694 jss [5.3.0-1] - Rebase to JSS 5.3.0 [5.3.0-0.3.beta2] - Rebase to JSS 5.3.0-beta2 - Bug 2017098 - pki pkcs12-cert-add command failing with "Unable to validate PKCS #12 file: Digests do not match" exception [5.3.0-0.2.beta1] - Rebase to JSS 5.3.0-beta1 ldapjdk [5.3.0-1] - Rebase to LDAP SDK 5.3.0 [5. ... oval:org.secpod.oval:def:1506679 [1:5.9.1-9.0.1] - fix error index value when snmpget is used a proxy pass [Orabug: 35010262] [1:5.9.1-9] - fix CVE-2022-44792 and CVE-2022-44793 and - fix memory leak when ipv6 disable set to 1 [1:5.9.1-8] - fix default snmpd.conf file content oval:org.secpod.oval:def:1505858 [91.11.0-2.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.11.0-2] - Update to 91.11.0 build2 oval:org.secpod.oval:def:1505865 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 oval:org.secpod.oval:def:1505881 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:1505870 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 oval:org.secpod.oval:def:1505882 [91.9.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.0-1] - Update to 91.9.0 oval:org.secpod.oval:def:1506646 [1.1.4-6] - Fix CVE-2022-40023 oval:org.secpod.oval:def:87161 [2.1.3-4] - Bump version to 2.1.3-4 - Resolves: Bug 1872451 - Fix regression with dscreate template [2.1.3-3] - Bump version to 2.1.3-3 - Resolves: Bug 2118765 [2.1.3-2] - Bump version to 2.1.3-2 - Resolves: Bug 2118765 - SIGSEGV in sync_repl [2.1.3-1] - Bump version to 2.1.3-1 - Resolves: Bug 20618 ... oval:org.secpod.oval:def:1506197 [0.8.7-12.1] - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133998 oval:org.secpod.oval:def:87145 [1.0.10-6.el9.2] - Security fixes for CVE-2022-25308, CVE-2022-25309, CVE-2022-25310 Resolves: rhbz#2050086, rhbz#2050069, rhbz#2050063 oval:org.secpod.oval:def:1506319 [102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features oval:org.secpod.oval:def:1506320 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption oval:org.secpod.oval:def:1506250 [1.19.1-24.0.1] - Fixed race condition in krb5_set_password [Orabug: 33609767] [1.19.1-24] - Fix integer overflows in PAC parsing - Resolves: rhbz#2140970 oval:org.secpod.oval:def:1505859 [7:5.2-1.1] - Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server responses oval:org.secpod.oval:def:1506620 [590-2] - Fix CVE-2022-46663 - Resolves: CVE-2022-46663 oval:org.secpod.oval:def:1506387 [3.5.13-8] - Fix CVE-2022-46285: infinite loop on unclosed comments - Fix CVE-2022-44617: runaway loop with width of 0 - Fix CVE-2022-4883: compression depends on $PATH oval:org.secpod.oval:def:1506444 [53.0.0-10.1] - Security fix for CVE-2022-40897 Resolves: rhbz#2158559 oval:org.secpod.oval:def:1506676 [7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 - Resolves: bz#2156876 [7.2.0-13] - kvm-target-i386-fix-operand-size-of-unary-SSE-operations.patch [bz#2173590] - kvm-tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch [bz#2173590] - kvm-target-i386-Fix-BEXTR-instruction.patch [bz ... oval:org.secpod.oval:def:1506683 [1:27.2-8] - Use a 64KB page size for pdump [1:27.2-7] - Fix ctags local command execute vulnerability oval:org.secpod.oval:def:1506454 [250-12.0.2.3] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set RemoveIPC=no in logind.conf as default for OL7.2 [Orabu ... oval:org.secpod.oval:def:1506370 [2.9.13-3] - Fix CVE-2022-40303 - Fix CVE-2022-40304 oval:org.secpod.oval:def:1506215 [6.5.1-1] - Update to 6.5.1 Resolves: CVE-2022-3500 oval:org.secpod.oval:def:1506279 [6.6.2-2.1] - Resolves: #2142095 - CVE-2022-45060 varnish: Request Forgery Vulnerability oval:org.secpod.oval:def:1506673 [12.5.4-5.0.1] - add mpstat -H option to also display physically hotplugged vCPUs [Orabug: 34683087] [12.5.4-5] - Fix --dec argument validation [12.5.4-4] - arithmetic overflow in allocate_structures on 32 bit systems oval:org.secpod.oval:def:1506394 [250-12.0.2.el9_1.1] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set RemoveIPC=no in logind.conf as default for OL7.2 ... oval:org.secpod.oval:def:1506391 [4.16.0-9] - Resolves: rhbz#2140602 oval:org.secpod.oval:def:1506647 [12:4.4.2-18.b1] - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 - Use systemd-sysusers for dhcp user and group oval:org.secpod.oval:def:1506652 [1.16.2-3] - Fix NRDelegation attack leading to uncontrolled resource consumption oval:org.secpod.oval:def:1506682 [1:3.4.10-4] - Resolves: #2152064 - CVE-2022-3190 wireshark: f5ethtrailer Infinite loop in legacy style dissector [1:3.4.10-3] - Resolves: #2083581 - capinfos aborts in FIPS [1:3.4.10-2] - Resolves: #2160648 - Enhanced TMT testing for centos-stream oval:org.secpod.oval:def:1506659 [4.10.0-43] - fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout to remove tmp dirs Resolves: rhbz#2122944 [4.10.0-42] - fencing/fence_wti: add --plug-separator to be able to avoid characters that are in node name Resolves: rhbz#2152107 [4.10.0-41] - fence_scsi: skip key g ... oval:org.secpod.oval:def:1506684 evolution-mapi [3.40.1-5] - Related: #2131993 openchange [2.3-40] - Related: #2131993 samba [4.17.5-102.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.17.5-102] - resolves: rhbz#2169980 - Fix winbind memory leak - resolves: rhbz#2156056 - Fix Samba shares not accessible is ... oval:org.secpod.oval:def:1505868 [1.10-9] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 oval:org.secpod.oval:def:1506257 [21.11.2-1] - Rebase to 21.11.2 - Includes fixes for CVE-2022-2132 and CVE-2022-28199 [21.11.1-1] - Rebase to 21.11.1 - Includes fix for CVE-2021-3839 oval:org.secpod.oval:def:1506670 [21.01.0-14] - Check for overflow when computing number of symbols - in JBIG2 text region - Resolves: #2126364 oval:org.secpod.oval:def:1506021 [2.36.7-1] - Update to 2.36.7 Related: #2123430 oval:org.secpod.oval:def:1506373 [42.2.18-6] - fix for CVE-2022-31197 * Tue Aug 10 2021 Mohan Boddu mboddu at redhat.com - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 oval:org.secpod.oval:def:1505975 [3.2.3-9.2] - Resolves: #2111176 - remote arbitrary files write inside the directories of connecting peers oval:org.secpod.oval:def:1506655 [2.42.6-3] - Backport fixes for CVE-2021-46829 and CVE-2021-44648 - Resolves: rhbz#2115213 - Resolves: rhbz#2044346 oval:org.secpod.oval:def:1506252 [1.3.3] - Rebased to libtirpc-1.3.3 oval:org.secpod.oval:def:1506660 [0.31.1-65] - Resolves: rhbz#2121828 Fix the gating tests by using only local test Upstream testsuite will not work as this package code is very old [0.31.1-64] - Resolves: rhbz#2121828 CVE-2022-32323 - heap-buffer overflow via the ReadImage at input-bmp.c oval:org.secpod.oval:def:1506272 [4.6.5-3] - Security fix for CVE-2022-2309 - Resolves: rhbz#2107571 oval:org.secpod.oval:def:1506023 [2.3.3-2] - Fix CVE-2022-34903 oval:org.secpod.oval:def:1506448 [5.4.4-2] - Resolves CVE-2021-43519 [5.4.4-1] - Rebase to lua 5.4.4 - Resolves CVE-2021-44964 [5.4.2-7] - Fix up CVE-2022-33099 patch [5.4.2-6] - Enable gating [5.4.2-5] - apply upstream fix for CVE-2022-33099 oval:org.secpod.oval:def:1506369 [4.4.0-5] - Bump release - Resolves: CVE-2022-2953 [4.4.0-4] - Resolves: CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 [4.4.0-3] - Fix CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 - Resolves: #2106768 oval:org.secpod.oval:def:1506264 [2.7.4-8] - Resolves:rh#2103849 - Update tests.yaml [2.7.4-7] - Resolves:rh#2103849 CVE-2022-33068 - Fix Covscan compiler warning for inclusion of parenthesis - Update tests.yaml [2.7.4-6] - Resolves:rh#2103849 CVE-2022-33068 harfbuzz: integer overflow in the component hb-ot-shape-fallback.c oval:org.secpod.oval:def:1505857 [1:2.3.3op2-13.1] - CVE-2022-26691 cups: authorization bypass when using quot;localquot; authorization oval:org.secpod.oval:def:1506640 [9.2-1] - Rebase to ntfs-3g 2022.5.17 - Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 resolves: rhbz#2127235 rhbz#2127242 oval:org.secpod.oval:def:1506254 [3.18.0-7] - lockState: do not print error: when exit code is unaffected [3.18.0-6] - fix potential DoS from unprivileged users via the state file * Mon Aug 09 2021 Mohan Boddu - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.18.0-4] - make renamecopy and copytruncate ove ... oval:org.secpod.oval:def:1505862 [2.9.13-1.1] - Fix CVE-2022-29824 oval:org.secpod.oval:def:87134 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #20613 ... oval:org.secpod.oval:def:87133 [2:4.2.0-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releas ... oval:org.secpod.oval:def:87144 [1.27.0-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test sub ... oval:org.secpod.oval:def:1506661 [5.4.4-3] - Apply upstream patch for CVE-2022-28805 oval:org.secpod.oval:def:1506378 [1.0.0-10.2] - Fix dbus memory leak on connection failure - Fix unauthorized access via D-bus Resolves: rhbz#2127877 oval:org.secpod.oval:def:87139 [2.0.7-6.0.1] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - replaced upstream references [Orabug:34089586] [1:2.0.7-6] - Install qemu-ga package during conversion resolves: rhbz#2028764 [1:2.0.7-5] - Remove LVM2 devices file during conversion resolves: rhbz#2112801 - Add support for ... oval:org.secpod.oval:def:87136 [1.48.4-2.0.1] - Add btrfs-progs to the packages installed in the appliance [Orabug: 34137448] - Replace upstream references from a description tag - Fix build on Oracle Linux [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.48.4-2] - Rebase to new stable branch version 1.48.4 ... oval:org.secpod.oval:def:87137 [1.48.2-5] - Rebase to guestfs-tools 1.48.2 resolves: rhbz#2059286 - Default to --selinux-relabel in various tools resolves: rhbz#2075718, rhbz#2089748 - Add lvm system.devices cleanup operation to virt-sysprep resolves: rhbz#2072493 - Refactor virt-customize --install, --update options in common su ... oval:org.secpod.oval:def:1506601 [1.17.1-5.1] - Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z] oval:org.secpod.oval:def:1506972 [1:2.3.3op2-16.1] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation oval:org.secpod.oval:def:87149 [1.16.2-2] - Require openssl tool for unbound-keygen [1.16.2-1] - Update to 1.16.2 [1.16.0-3] - Disable ED25519 and ED448 in FIPS mode [1.16.0-2] - Restart keygen service before every unbound start [1.16.0-1] - Update to 1.16.0 [1.15.0-1] - Update to 1.15.0 - Update icannbundle.pem [1.13.2-1] ... oval:org.secpod.oval:def:87154 [4:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061316 oval:org.secpod.oval:def:87158 [2.14.0-1] - New release - Add ignition-apply symlink - Add ignition-rmcfg symlink and ignition-delete-config.service [2.13.0-2] - Rename -validate-nonlinux subpackage to -validate-redistributable - Add static Linux binaries to -redistributable - Fix macro invocation in comment - Avoid kernel lockdo ... oval:org.secpod.oval:def:87155 [6.2.7-1] - rebase to 6.2.7 #2083151 oval:org.secpod.oval:def:87168 [1.46.5-3] - Add sanity check to extent manipulation oval:org.secpod.oval:def:87164 [2.4.0-7] - Fix CVE-2022-1122 oval:org.secpod.oval:def:87159 [5.4.0-5] - CVE-2021-44269 wavpack: heap Out-of-bounds Read - Resolves: CVE-2021-44269 oval:org.secpod.oval:def:87156 [0.7.0-3.20211109gitb79fd91] - Disable OpenSSL FIPS mode to avoid libtpms failures Resolves: rhbz#2090219 [0.7.0-2.20211109gitb79fd91] - Add fix for CVE-2022-23645. Resolves: rhbz#2056518 oval:org.secpod.oval:def:87140 [3.14.0-13] - Rebuilt for test fixes [3.14.0-12] - Rebuilt for test fixes [3.14.0-11] - Applied patch for for CVE-2021-22570 oval:org.secpod.oval:def:87153 [1.3.3-10] - handle end-of-stream when encoding with verification oval:org.secpod.oval:def:1505872 [1.19.3-2] - CVE-2022-1215: fix a format string vulnerability oval:org.secpod.oval:def:1507118 [9.2-2] - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz#2236130 oval:org.secpod.oval:def:1506668 [0.8.7-20] - Add 0083-multipath.rules-fix-smart-bug-with-failed-valid-path.patch - Add 0084-libmultipath-limit-paths-that-can-get-wwid-from-envi.patch - Change how the installation dir for kpartx_id is specified - Resolves: bz #1926147 [0.8.7-19] - Fix bugzilla linked to the changes - Resolves: bz ... oval:org.secpod.oval:def:1506696 [2.0.2-4] - fix RHEL9.2 build - thanks to Debarshi Ray - Related: #2124478 [2.0.2-3] - rebuild - Resolves: #2037812 [2.0.2-2] - limit to golang arches only - Related: #2061316 * Thu Aug 04 2022 Jindrich Novy - update to 2.0.2 - Related: #2061316 [2.0.0-18.gitaf8da76] - fix gating.yaml as we have no ... oval:org.secpod.oval:def:87152 [2.85-5] - Prevent endless loop in forward_query [2.85-4] - Prevent use after free in dhcp6_no_relay oval:org.secpod.oval:def:87141 [2:2.99.8-3] - fix CVE-2022-30067 - fix CVE-2022-32990 oval:org.secpod.oval:def:87170 [1.2.12-2] - Fix changelog Related: rhbz#2068371 [1.2.12-1] - Bump version to 1.2.12 to fix CVE-2018-25032 Related: rhbz#2068371 oval:org.secpod.oval:def:1505860 [3.2.3-9.1] - Resolves: #2074784 - A flaw found in zlib v1.2.2.2 through zlib v1.2.11 when compressing certain inputs oval:org.secpod.oval:def:1505861 [1.2.11-31.1] - Fix CVE-2018-25032 Resolves: CVE-2018-25032 oval:org.secpod.oval:def:1505879 [1:1.1.1k-4.0.1] - Backport upstream PRs 18446 and 18481 which update certificates used for the self-tests [Orabug: 34326055] [1:1.1.1k-4] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates Resolves: rhbz#2063147 - Disable FIPS mode; it does not work and ... oval:org.secpod.oval:def:87147 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506658 [8.3.1-5] - Resolves: #2147522 - It is not possible to run FRR as a non-root user [8.3.1-4] - Resolves: #2144500 - AVC error when reloading FRR with provided reload script [8.3.1-3] - Related: #2129743 - Adding missing rules for vtysh and other daemons [8.3.1-2] - Resolves: #2128738 - out-of-bounds ... oval:org.secpod.oval:def:87160 [21.01.0-13] - Dont run out of file for Hints - Rebuild for #2096451 - Resolves: #2090970, #2096451 oval:org.secpod.oval:def:87169 [2.70.1-2] - Rebuild for mingw-zlib update resolves: rhbz#2116278 oval:org.secpod.oval:def:1506649 [1.12.0-13] - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz#2180309 [1.12.0-12] - SELinux: allow vncsession create .vnc directory Resolves: bz#2164703 [1.12.0-11] - Add sanity check when cleaning up keymap changes Resolves: bz#21699 ... oval:org.secpod.oval:def:87162 [4.4.0-2] - Update to version 4.4.0 - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1354 CVE-2022-1355 oval:org.secpod.oval:def:1507052 [9.54.0-10] - fix for CVE-2023-36664 - Resolves: rhbz#2217798 oval:org.secpod.oval:def:1506687 [102.13.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 oval:org.secpod.oval:def:1506692 [102.13.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 oval:org.secpod.oval:def:87171 [7.0.100-0.5.rc2.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.100-0.5.rc2] - Add lldb as a build dependency - Related: RHBZ#2134641 [7.0.100-0.4.rc2] - Enable ppc64le builds - Related: RHBZ#2134641 [7.0.100-0.3.rc2] - Update to .NET 7 ... oval:org.secpod.oval:def:1506686 jackson-annotations [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-core [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-databind [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-jaxrs-providers [2.14.1-1] - Update to version 2.14.1 - Resolves: ... oval:org.secpod.oval:def:1506006 [6.0.109-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.109-1] - Update to .NET SDK 6.0.109 and Runtime 6.0.9 - Resolves: RHBZ#2123791 oval:org.secpod.oval:def:1505871 [6.0.105-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082268 [6.0.104-1] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 - Resolves: RHBZ#2080460 oval:org.secpod.oval:def:1505873 [1.14.1-5] - Fix for CVE-2022-24070 oval:org.secpod.oval:def:1506600 [1:16.19.1-2] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:1506607 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:1506383 [1.12.20-7.0.1] - fix netlink poll: error 4 [1:1.12.20-7] - Fix CVE-2022-42010 - Fix CVE-2022-42011 - Fix CVE-2022-42012 oval:org.secpod.oval:def:87166 [2.5.2-1] - Rebase to version 2.5.2 - resolves: rhbz#2109017 - Fix CVE-2022-32746 [2.5.1-1] - related: rhbz#2077490 - Rebase to version 2.5.1 [2.5.0-1] - resolves: rhbz#2077490 - Rebase to version 2.5.0 oval:org.secpod.oval:def:1506374 [7.1.8.1-8.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor=Oracle America, Inc. - Added the --with-hamcrest option to configure. [1:7.1.8.1-8] - Resolves: rhbz#2134759 Untrusted Macros - Resolves: rhbz#2134757 Weak Master Keys - Resolves: rhbz#2134755 Static In ... oval:org.secpod.oval:def:1506970 [1.66.1-2] - rust-cargo: cargo does not respect the umask when extracting dependencies oval:org.secpod.oval:def:1507150 [4:20230808-2.0.2] - update 06-6a-06 to 0xd0003b9 {CVE-2023-23583} oval:org.secpod.oval:def:1506689 [32:9.16.23-11] - Correct backport issue in statistics rendering fix [32:9.16.23-10] - Handle subtle difference between upstream and rhel [32:9.16.23-9] - Prevent flooding with UPDATE requests - Handle RRSIG queries when server-stale is active - Fix crash when soft-quota is reached and serve-sta ... oval:org.secpod.oval:def:1506664 [1.8.10-2.0.1] - Drop pesign.service restart in postun [Orabug: 34760075] - Update signing certificate [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir [Orabug: 29881368] - Use new signing cert ... oval:org.secpod.oval:def:1506341 [6.0.113-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.113-1] - Update to .NET SDK 6.0.113 and Runtime 6.0.13 - Resolves: RHBZ#2154459 oval:org.secpod.oval:def:1506654 [6.0.120-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.120-1] - Update to .NET SDK 6.0.120 and Runtime 6.0.20 - Resolves: RHBZ#2219637 oval:org.secpod.oval:def:1507018 [102.15.1-1.0.1] - Update to 102.15.1 oval:org.secpod.oval:def:1507013 [102.15.1-1.0.1] - Update to 102.15.1 build2 oval:org.secpod.oval:def:1507020 [1.2.0-7] - Added fix for CVE-2023-4863 oval:org.secpod.oval:def:1506631 [2.38.5-1.2] - Add patch for CVE-2023-28204 Resolves: #2209747 - Add patch for CVE-2023-32373 Resolves: #2209730 oval:org.secpod.oval:def:1506625 [9:20200406-26] - Resolves: #2209872, CVE-2023-32700 oval:org.secpod.oval:def:1506634 [1.28.7-11.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] - Fixes [Orabug: 29163824] source indentation not following convention [1.28.7-11.1] - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend oval:org.secpod.oval:def:1506265 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506681 [12.1.5-1.0.2] - [CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module oval:org.secpod.oval:def:1506645 [2:2.4.1-5] - Fix "implicit declaration of function" errors [- 2:2.4.1-4] - CVE-2022-39282: Fix length checks in parallel driver - CVE-2022-39283: Add missing length check in video channel - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx - CVE-2022-39318: Fix division by zero ... oval:org.secpod.oval:def:1506656 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:87165 [1:2.3.16-7.0.1] - do not run systemd commands during leapp upgrade [Orabug: 34680501] [1:2.3.16-7] - fix possible privilege escalation when similar master and non-master passdbs are used [1:2.3.16-6] - fix possible nonzero return value of postinst script [1:2.3.16-5] - workaround sysuers macro def ... oval:org.secpod.oval:def:1506328 [6.4.1-9] - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 oval:org.secpod.oval:def:1506194 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-4] - Fix for expat CVE-2022-40674 oval:org.secpod.oval:def:1506195 [102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc oval:org.secpod.oval:def:1506368 [2.4.9-1.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 oval:org.secpod.oval:def:1506040 [32:9.16.23-1.1] - Fix possible serve-stale related crash - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing oval:org.secpod.oval:def:1506288 [12:4.4.2-17.b1] - omshell: add support for hmac-sha512 algorithm [12:4.4.2-16.b1] - Fix for CVE-2021-25220 oval:org.secpod.oval:def:87151 [32:9.16.23-5] - Fix possible serve-stale related crash - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing [32:9.16.23-4] - Export bind-doc package [32:9.16.23-3] - Tighten cache protection against record from forwarders - Include test of forwarders [32:9. ... oval:org.secpod.oval:def:87146 [5.15.3-1] - 5.15.3 Resolves: bz#2061352 oval:org.secpod.oval:def:1506451 [2.4.53-7.0.1] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: ... oval:org.secpod.oval:def:1507003 [6.0.122-1.0.1] - Update to .NET SDK 6.0.122 and Runtime 6.0.22 - Resolves: RHEL-1997 oval:org.secpod.oval:def:1507132 [6.0.124-1.0.1] - Update to .NET SDK 6.0.124 and Runtime 6.0.24 - Resolves: RHEL-14462 oval:org.secpod.oval:def:1507133 [7.0.113-1.0.1] - Update to .NET SDK 7.0.113 and Runtime 7.0.13 - Resolves: RHEL-14467 oval:org.secpod.oval:def:87150 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match - Resolves: #2098248 - CVE-2022-31813 ht ... oval:org.secpod.oval:def:87131 [0.11.3-4] - Fixed ruby socket permissions - Resolves: rhbz#2116841 [0.11.3-3] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#2026725 rhbz#2058243 [0.11.3-2] - Fixed "pcs resource restart" traceback - Resolves: rhbz#2102663 [0.11. ... oval:org.secpod.oval:def:1506015 [0.11.1-10.el9_0.2] - Fixed ruby socket permissions - Resolves: rhbz#2116839 oval:org.secpod.oval:def:1506365 [1.9.5p2-7.1] RHEL 9.1.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161224 oval:org.secpod.oval:def:1507224 [4.10.0-55.2] - python-certifi: Removal of e-Tugra root certificate - python-urllib3: Cookie request header isn"t stripped during cross-origin redirects oval:org.secpod.oval:def:1507238 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Update to 115.6.0 build2 oval:org.secpod.oval:def:1507234 [115.6.0-1.0.1] - Udate to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file oval:org.secpod.oval:def:1507153 [12.2.5-3.0.1.2] - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. - Address CVE-2023-34059 - BZ 2246962 - vmware-user-suid-wrapper oval:org.secpod.oval:def:1506695 [3.0.7-6.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-6] - Fixes RNG slowdown in FIPS mode Resolves: rhbz#2168224 [1:3.0.7-5] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double f ... oval:org.secpod.oval:def:1506266 [21.1.3-3] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2110440, rhbz#2110433 oval:org.secpod.oval:def:1506273 [1.20.11-11] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2108157, rhbz#2108162 oval:org.secpod.oval:def:1506574 [2.39.3-1] - Update to 2.39.3 - Resolves: #2188352, #2188361, #2189976, #2189977 oval:org.secpod.oval:def:1506690 golang [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] go-toolset [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] oval:org.secpod.oval:def:1507119 [1:11.0.21.0.9-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Update to jdk-11.0.21+9 - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication - OpenJDK: Additional zip64 files validation - OpenJDK: Print an exception when encounteri ... oval:org.secpod.oval:def:1507123 [1:17.0.9.0.9-2.0.1] - Update to jdk-17.0.9+9 - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x86_64 with AVX-512 - OpenJDK: certificate path validation issue during client authentication - OpenJDK: Additional zip64 files validation oval:org.secpod.oval:def:1506980 [102.15.0-1.0.1] - Update to 102.15.0 build1 oval:org.secpod.oval:def:1507045 [115.3.1-1.0.1] - Update to 115.3.1 build1 oval:org.secpod.oval:def:1507047 [115.3.1-1.0.1] - Update to 115.3.1 oval:org.secpod.oval:def:1507120 [115.4.1-1.0.1] - Update to 115.4.1 build1 - Add fix for CVE-2023-44488 oval:org.secpod.oval:def:1507121 [115.4.0-1.0.1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL oval:org.secpod.oval:def:1506977 [102.15.0-1.0.1] - Update to 102.15.0 build2 oval:org.secpod.oval:def:1506523 [17.0.7.0.7-1.0.1] - Replace upstream references [Orabug: 34340155] [1:17.0.7.0.7-1] - Update to jdk-17.0.7.0+7 - Update release notes to 17.0.7.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 amp; JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the ... oval:org.secpod.oval:def:1506524 [11.0.19.0.7-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.19.0.7-1] - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 amp; JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to ... oval:org.secpod.oval:def:1506530 [1.8.0.372.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.372.b07-1] - Update to shenandoah-jdk8u372-b07 - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 - Reintroduce jconsole-plugin.patch from RHEL 9 - Updat ... oval:org.secpod.oval:def:1507012 [8.3.1-5.2] - Fix for CVE-2023-38802 oval:org.secpod.oval:def:1505856 [1.8.0.342.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script wit ... oval:org.secpod.oval:def:1505869 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image - * Introduce variables to refer t ... oval:org.secpod.oval:def:1505884 [1:11.0.16.0.8-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, ... oval:org.secpod.oval:def:1506666 [1.20.1-8.0.1] - Fixed race condition in krb5_set_password [Orabug: 33609767] [1.20.1-8] - Fix datetime parsing in kadmin on s390x - Resolves: rhbz#2169985 [1.20.1-7] - Fix double free on kdb5_util key creation failure - Resolves: rhbz#2166603 [1.20.1-6] - Add support for MS-PAC extended KDC signatu ... oval:org.secpod.oval:def:1506446 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:1506643 [20221207gitfff6d81270b5-9] - edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247] - Resolves: bz#2169247 [20221207gitfff6d81270b5-8] - edk2-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174605] - Resolves: bz#2174605 [20221207gitfff6d81270b5-7] - edk2-Revert-Mde ... oval:org.secpod.oval:def:1506461 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:1506641 [5.1.1-1] - update to 5.1.1 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY [5.0.0-4] - update to 5.0.0 tagged upstream community sources, see CHANGELOG - install plugin in /usr/share and create symlink from /var u ... oval:org.secpod.oval:def:1506648 [9.0.9-2] - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws [9.0.9-1] - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from a ... oval:org.secpod.oval:def:87132 cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream rele ... oval:org.secpod.oval:def:87148 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ... oval:org.secpod.oval:def:1506377 golang [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - Resolves: rhbz#2149311 go-toolset [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - R ... oval:org.secpod.oval:def:1506259 [3.2.0-3] - bump NVR oval:org.secpod.oval:def:1507043 [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi < jose.marchesi at oracle.com > oval:org.secpod.oval:def:1507135 [9.54.0-11] - fix for CVE-2023-43115 - Resolves: rhbz#2241108 oval:org.secpod.oval:def:1505874 [1:17.0.3.0.7-1] - April 2022 security update to jdk 17.0.3+7 - Update to jdk-17.0.3.0+7 tarball - Update release notes to 17.0.3.0+7 - Add missing README.md and generate_source_tarball.sh - Resolves: rhbz#2073578 oval:org.secpod.oval:def:1505875 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 - Update release notes for 8u332-b09. - Resolves: rhbz#2074649 oval:org.secpod.oval:def:1505883 [1:11.0.15.0.10-1] - Update to jdk-11.0.15.0+10 - Update release notes to 11.0.15.0+10 - Switch to GA mode for release - Rebase RH1996182 FIPS patch after JDK-8254410 - Resolves: rhbz#2073594 oval:org.secpod.oval:def:1506299 [2.10.4-9] - Guard face- oval:org.secpod.oval:def:1506614 [7.0.107-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.107-1] - Update to .NET SDK 7.0.107 and Runtime 7.0.7 - Resolves: RHBZ#2211877 [7.0.106-1] - Update to .NET SDK 7.0.106 and Runtime 7.0.6 - Resolves: RHBZ#2190269 oval:org.secpod.oval:def:1506599 [6.0.118-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.118-1] - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ#2212379 [6.0.117-1] - Update to .NET SDK 6.0.117 and Runtime 6.0.17 - Resolves: RHBZ#2190264 oval:org.secpod.oval:def:1507151 [9.54.0-14] - fix for CVE-2023-43115 - Resolves: RHEL-10184 [9.54.0-13] - fix for CVE-2023-38559 - Resolves: rhbz#2224372 [9.54.0-12] - fix for CVE-2023-36664 - Resolves: rhbz#2217810 oval:org.secpod.oval:def:1507363 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:1506398 [1.8.0.362.b09-2.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.362.b09-2] - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update to shenandoah-jdk8u352-b09 - Update release notes for shenandoah-8u352-b09. - Resolves: rhbz#2163594 [1:1.8.0.362.b08-2] - Update to s ... oval:org.secpod.oval:def:1506360 [11.0.18.0.10-2.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.18.0.10-2] - Update to jdk-11.0.18+10 - Update release notes to 11.0.18+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2157798 [1:11.0.18.0.9-0.2.ea] - Upda ... oval:org.secpod.oval:def:1506364 [1:17.0.6.0.10-3.0.1] - Replace upstream references [Orabug: 34340155] [1:17.0.6.0.10-3] - Add missing release note for JDK-8295687 - Resolves: rhbz#2160111 [1:17.0.6.0.10-3] - Update FIPS support to bring in latest changes - * OJ1357: Fix issue on FIPS with a SecurityManager in place - Related: rhb ... oval:org.secpod.oval:def:1507383 [20230524-4.el9_3.2] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 R ... oval:org.secpod.oval:def:1507379 [1:9.0.62-37.el9_3.2] - Resolves: #2252050 HTTP request smuggling via malformed trailer headers oval:org.secpod.oval:def:1507372 [8.0.36-1] - Update to MySQL 8.0.36 oval:org.secpod.oval:def:1507369 [2.4.22-3] - Reject # as part of URI path component [2.4.22-2] - Reject any empty content-length header value oval:org.secpod.oval:def:1507353 pgaudit pg_repack postgres-decoderbufs postgresql [15.6-1] - update to 15.6 - Fixes CVE-2024-0985 [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 Resolves: RHEL-16100, RHEL-16124, RHEL-16139 [15.3-1] - update to 15.3 - Fixes CVE-2023- ... oval:org.secpod.oval:def:1506604 [13.11-1.0.1] - Fixed postgresql port binding issue during bootup [Orabug: 35420628] [13.11-1] - Update to 13.11 - Resolves: #2207935 oval:org.secpod.oval:def:1506917 pgaudit pg_repack postgres-decoderbufs postgresql [15.3-1] - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875 [15.2-1] - update to 15.2 - Resolves: #2128410 [15.0-2] - update postgresql-setup to 8.8 [15.0-1] - Initial import for postgresql 15 - Resolves: #2128410 oval:org.secpod.oval:def:1506428 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506432 [102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506399 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 oval:org.secpod.oval:def:1506372 [102.7.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9 oval:org.secpod.oval:def:1506573 [102.11.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1 oval:org.secpod.oval:def:1506624 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:1506517 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 oval:org.secpod.oval:def:1506639 [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 oval:org.secpod.oval:def:1506513 [102.10.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2 oval:org.secpod.oval:def:1506606 [102.12.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:93827 A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. oval:org.secpod.oval:def:1507354 [0.23.0-4] - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding oval:org.secpod.oval:def:1507223 [0.23.0-3] - Fix file caching with different offsets - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys - Fix CVE-2023-5992: Side-channel leaks whil ... oval:org.secpod.oval:def:1506616 [4.4.0-8] - Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 - Resolves: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2 ... oval:org.secpod.oval:def:1507129 [1:1.8.0.392.b08-3.0.1] - Update to shenandoah-jdk8u392-b08 - OpenJDK: segmentation fault in ciMethodBlocks - OpenJDK: IOR deserialization issue in CORBA - OpenJDK: certificate path validation issue during client authentication - A maximum signature file size property, jdk.jar.maxSignatureFile ... oval:org.secpod.oval:def:1506888 nodejs [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188292 rhbz#2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222285 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:1506899 [1:16.20.1-1] - Rebase to 16.20.1 Resolves: rhbz#2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2177781 oval:org.secpod.oval:def:1506680 [3.5.3-4] - Resolves: CVE-2022-36227 oval:org.secpod.oval:def:1506685 [42.2.27-1] - rebase to 42.2.27 - fix for CVE-2022-41946 oval:org.secpod.oval:def:1506366 [7.76.1-19.el9_1.1] - fix POST following PUT confusion oval:org.secpod.oval:def:1505877 [7.76.1-14.el9_0.4] - fix too eager reuse of TLS and SSH connections [7.76.1-14.el9_0.3] - fix leak of SRP credentials in redirects [7.76.1-14.el9_0.2] - add missing tests to Makefile [7.76.1-14.el9_0.1] - fix credential leak on redirect - fix auth/cookie leak on redirect - fix OAUTH2 bearer byp ... oval:org.secpod.oval:def:1506262 [7.76.1-19] - fix unpreserved file permissions - fix HTTP compression denial of service - fix FTP-KRB bad message verification [7.76.1-18] - fix too eager reuse of TLS and SSH connections [7.76.1-17] - fix leak of SRP credentials in redirects [7.76.1-16] - add missing tests to Makefile [7.76.1- ... oval:org.secpod.oval:def:1506619 [9.0.0-10.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [9.0.0-10.2.el9_2] - virpci: Resolve leak in virPCIVirtualFunctionList cleanup oval:org.secpod.oval:def:87143 [8.5.0-7.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [8.5.0-7] - security_selinux: Dont ignore NVMe disks when setting image label [8.5.0-6] - qemu_process: Destroy domains namespace after killing QEMU [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations [8.5.0-4] - qe ... oval:org.secpod.oval:def:1506662 [0.9.1-3.20211126git1ff6fe1f43] - Backport "tpm2: Check size of buffer before accessing it" Resolves: rhbz#2173960 Resolves: rhbz#2173967 oval:org.secpod.oval:def:1506362 [3.34.1-6] - Fixes CVE-2022-35737 oval:org.secpod.oval:def:1506669 [7.76.1-23] - fix HTTP multi-header compression denial of service [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel [7.76.1-21] - fix POST following PUT confusion [7.76.1-20] - control code in cookie denial of service oval:org.secpod.oval:def:1507004 [5.15.0-105.125.6.2.1.el9uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35713695] {CVE-2023-22024} oval:org.secpod.oval:def:1505948 [5.15.0-1.43.4.2.el9uek] - rds: copy_from_user only once per rds_sendmsg system call [Orabug: 33981854] {CVE-2022-21385} oval:org.secpod.oval:def:1506033 [5.15.0-2.52.3.el9uek] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec oval:org.secpod.oval:def:1506327 [5.15.0-5.76.5.1] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit ... oval:org.secpod.oval:def:1505853 [5.15.0-0.30.20.1.el9uek] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386636] {CVE-2022-21505} oval:org.secpod.oval:def:1505855 [5.15.0-0.30.20.el9uek] - floppy: use a statically allocated error counter [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported [Orabug: 34335631] {CVE-2022-29901} {CV ... oval:org.secpod.oval:def:1506390 [5.14.0-162.12.1.el9_1.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15.3-1.0.5] - Remove nmap ... oval:org.secpod.oval:def:1506226 [5.15.0-4.70.5.2] - Revert "sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle" [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols [Orabug: 34595591] - Rever ... oval:org.secpod.oval:def:1506202 [3.9.14-1.1] - Fix for CVE-2022-42919 Resolves: rhbz#2138705 oval:org.secpod.oval:def:1506445 [3.9.14-1.2] - Security fix for CVE-2022-45061 Resolves: rhbz#2144072 oval:org.secpod.oval:def:1506608 [3.11.2-2.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1506602 [3.9.16-1.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1505866 [6.2.0-11.el9_0.3] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2071102] - kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch [bz#2075635] - kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch [bz#2075640] - Resolves: bz#2071102 - Resolves: bz#2075635 - ... oval:org.secpod.oval:def:87138 [7.0.0-13] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2117546] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2117546] - Resolves: bz#2117546 [7.0.0-12] - kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120275] - kvm-vhost-Get-vring-base-from-vq- ... oval:org.secpod.oval:def:1506382 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151617 [1:16.18.1-2] - Add back libs and v8-devel subpackages - Related: RHBZ#2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 [1:16.18.1-1] - Rebase + CVEs - Resolves: #2142808 - Resolves: #2142826, #2131745, ... oval:org.secpod.oval:def:1506032 nodejs [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 [16.14.0-5] - Decouple dependency bundling from bootstrapping nodejs-nodemon oval:org.secpod.oval:def:87130 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 oval:org.secpod.oval:def:87142 [1.2.0-11] - CVE-2020-23903 speex: divide by zero in read_samples via crafted WAV file - Resolves: CVE-2020-23903 oval:org.secpod.oval:def:1506449 [8.2.2637-20.0.1] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-20] - CVE-2022-47024 vim: no check if the return value of XChangeGC is NULL [2:8.2.2637-19] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both in regexp.c - CVE-2022-1927 v ... oval:org.secpod.oval:def:1506020 [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz#2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 oval:org.secpod.oval:def:1505985 [7.76.1-14.el9_0.5] - fix unpreserved file permissions - fix HTTP compression denial of service - fix FTP-KRB bad message verification oval:org.secpod.oval:def:1506284 [3.2.3-18] - Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers [3.2.3-17] - Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [3.2.3-16] - Related: #2081296 - Adding ci.fm ... oval:org.secpod.oval:def:1505880 [8.2.2637-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.2] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.2.2637-16.1] - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior - CVE-2022-0943 vim: Heap-based Buffer Overflow ... oval:org.secpod.oval:def:87163 [8.0.20-3] - snmp3 calls using authPriv or authNoPriv immediately return false #2104630 [8.0.20-2] - fix patch41 not applied [8.0.20-1] - rebase to 8.0.20 #2095752 - clean unneeded dependency on useradd command #2095447 - add upstream patch to initialize pcre before mbstring - retrieve tzdata versi ... oval:org.secpod.oval:def:1507390 [- 7.0.117-1.0.1] - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port revert Disable implicit rejection for RSA PKCS#1 patch [- 7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 * Tue Jan 16 2024 Luk#225;#353; Lipinsk#253; - 7.0.115-1.0.1 - Update to .NET SDK 7.0.115 and Runtime 7.0 ... oval:org.secpod.oval:def:1507389 [- 8.0.103-2.0.1] - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. - Resolves: RHEL-25254 - Backport MSBuild locale fix - Resolves: RHEL-23936 oval:org.secpod.oval:def:1507375 [2.6-21.0.1] - rear: creates a world-readable initrd oval:org.secpod.oval:def:1506453 - [5.14.0-162.18.1.el9_1.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64] - Remove nmap referenc ... oval:org.secpod.oval:def:1506633 [5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" - riscv: mm: remove redundant parameter of create_fdt_early_page_table - kernfs: change kernfs_rename_lock into a read-write loc ... oval:org.secpod.oval:def:1507002 - [5.14.0-284.30.0.1.el9_2.OL9] - x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637} - x86/speculation: Restore speculation related MSRs {CVE-2023-1637} - x86/pm: Save the MSR validity status at context setup {CVE-2023-1637} - x86/pm: Fix false positive kmemleak report in msr_bui ... oval:org.secpod.oval:def:1507113 [20230516-999.27.git6c9e0ed5.el9] - Update firmware for qat_4xxx devices [20230516-999.26.git6c9e0ed5.el9] - Run dracut -f in %posttrans instead of %post - Drop latest AMD microcode commits to family 19 file to include Milan microcode but not Genoa [20230516-999.27.git6c9e0ed5.el9] - Add missing ... oval:org.secpod.oval:def:1506900 [20230516-999.25.git6c9e0ed5.el9] - Add missing amd-ucode/ files to nano and core rpm - Add posttrans scriptlet to reload microcode on AMD - Recreate initramfs for AMD systems [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode oval:org.secpod.oval:def:1506909 [20230516-999.20.git6c9e0ed5.el9] - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode [20230516-999.19.git6c9e0ed5.el9] - Rebase to upstream - Revert removal of old iwlwifi firmwares oval:org.secpod.oval:def:1506926 [20230516-999.23.git6c9e0ed5.el9] - Firmware files need to be uncompressed for early kernel load to work - Resolves Zenbleed {CVE-2023-20593} [20230516-999.22.git6c9e0ed5.el9] - Move the README removal, it needs to happen during build - Resolves Zenbleed {CVE-2023-20593} [20230516-999.21.git6c9e0 ... oval:org.secpod.oval:def:1507227 [5.14.0-362.13.1.el9_3.OL9] - x86/retpoline: Document some thunk handling aspects {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon {CVE-2023-20569} - x86/calldepth: Rename __x86_return_skl to call_depth_return_thunk {CV ... oval:org.secpod.oval:def:1507403 [1:16.20.2-4.0.1] - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 oval:org.secpod.oval:def:1507411 nodejs [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 - Fixes: CVE-2023-46809 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:1506672 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506459 [5.15.0-7.86.6.1] - net/rds: Delegate fan-out to a background worker [Orabug: 35051226] [5.15.0-7.86.6] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001044] - rds: ib: Make sure messages that errors out also get unmapped [Orabug: 35015598] - Ignore hot plug eve ... oval:org.secpod.oval:def:1506637 [5.15.0-101.103.2.1] - Revert "attr: use consistent sgid stripping checks" [Orabug: 35346968] - Revert "iommu: Force iommu shutdown on panic" [Orabug: 35346963] [5.15.0-101.103.2] - uek-rpm: mod-extra: Remove mt7921e.ko from extras list [Orabug: 34999685] - crypto: allow ECDH and ECDSA algorithms ... oval:org.secpod.oval:def:1506344 [5.15.0-6.80.3.1.el9uek] - Revert rds: ib: Enable FC by default oval:org.secpod.oval:def:1507400 [42.2.28-1] - rebase to 42.2.28 - fix for CVE-2024-1597 oval:org.secpod.oval:def:1506388 [5.1.8-6] - Add a null check in parameter_brace_transform function Resolves: CVE-2022-3715 oval:org.secpod.oval:def:1507385 [5.15.0-204.147.6.2.el9uek] - smb3: Replace smb2pdu 1-element arrays with flex-arrays [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove - hv_netvsc: Calculate correct ... oval:org.secpod.oval:def:1507394 [5.14.0-362.24.1.el9_3.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 = 15.3-1.0.5] - Remove nm ... oval:org.secpod.oval:def:1507397 [7:5.5-6.0.1.8] - Rebuild with release bump [7:5.5-6.8] - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing [7:5.5-6.7] - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding [7:5.5-6.6] - Resolves: RHEL-26091 - squid: denial of service in HTTP header pars ... oval:org.secpod.oval:def:1506447 [8.0.27-1] - rebase to 8.0.27 oval:org.secpod.oval:def:1506642 php-pecl-apcu [5.1.21-1] - update to 5.1.21 for PHP 8.1 #2070040 php-pecl-rrd [2.0.3-4] - build for PHP 8.1 #2070040 php-pecl-xdebug3 [3.1.4-1] - update to 3.1.4 for PHP 8.1 #2070040 php-pecl-zip [1.20.1-1] - update to 1.20.1 for PHP 8.1 #2070040 php [8.1.14-1] - rebase to 8.1.14 [8.1.8-1] - update ... oval:org.secpod.oval:def:1507382 [3.21.0-9] - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts Resolves: RHEL-22792 oval:org.secpod.oval:def:1507154 [4.18.6-101] - resolves: RHEL-11937 Fix CVE-2023-3961 - smbd must check the pipename - resolves: RHEL-11937 Fix CVE-2023-4091 - SMB clients can truncate files - resolves: RHEL-11937 Fix CVE-2023-42669 - Remove rpcecho server oval:org.secpod.oval:def:1506588 golang [1.19.9-2] - Fix TestEncryptOAEP and TLS failures in FIPS mode - Resolves: rhbz#2204476 [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204476 go-toolset [1.19.9-1] - Update to Go 1.19.9 - Related: rhbz#2204476 oval:org.secpod.oval:def:1507116 [1:1.22.1-3.0.1.1] - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack oval:org.secpod.oval:def:1507148 [1.43.0-5.1] - fix HTTP/2 Rapid Reset oval:org.secpod.oval:def:1507107 [6.6.2-3.el9_2.1] - Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487 - Resolves: RHEL-12818 oval:org.secpod.oval:def:1507370 [7.3.0-13] - Backport fix for CVE-2023-3674 Resolves: RHEL-21013 oval:org.secpod.oval:def:1506263 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process shou ... oval:org.secpod.oval:def:87157 * Tue Jun 14 2022 Michal Ruprich - 8.2.2-4 - Resolves: #2095404 - frr use systemd-sysusers [8.2.2-3] - Resolves: #2081304 - Enhanced TMT testing for centos-stream [8.2.2-2] - Resolves: #2069571 - the dynamic routing setup does not work any more [8.2.2-1] - Resolves: #2069563 - Rebase frr to version ... oval:org.secpod.oval:def:1507378 [1.31.4-1.0.1] - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33 oval:org.secpod.oval:def:1507155 [7.76.1-26.el9_3.2] - fix cookie injection with none file [7.76.1-26.el9_3.1] - socks: return error if hostname too long for remote resolve oval:org.secpod.oval:def:1507414 [2.5.0-1.1] - CVE-2023-52425: Fix parsing of large tokens - CVE-2024-28757: Reject direct parameter entity recursion - Resolves: RHEL-29698 - Resolves: RHEL-29695 oval:org.secpod.oval:def:1506663 [1.29.1-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.29.1-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 - Related: #2124478 [1:1.29.0-3] - update to the latest content of https://github.com/containers/bui ... oval:org.secpod.oval:def:1506678 [2:1.11.2-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 - Related: #2124478 [2:1.11.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.11.1 - Related: #2124478 [2:1.11.0-1] - update to 1.11.0 release - Related: #2124478 [2:1.11.0-0. ... oval:org.secpod.oval:def:1506688 [1:1.2.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: #2124478 oval:org.secpod.oval:def:1506644 [4.4.1-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/t ... oval:org.secpod.oval:def:1506657 [2:2.1.7-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.7 - Resolves: #2173697 [2:2.1.6-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.6 - Related: #2124478 [2:2.1.5-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.5 - Related: #2124 ... oval:org.secpod.oval:def:1506618 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 p ... oval:org.secpod.oval:def:1506026 [8.0.30-3] - Release bump for rebuild [8.0.30-1] - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, OpenSSL 3, s390 and robin hood - Add a new plugin [8.0.29-1] - Update to MySQL 8.0.29 oval:org.secpod.oval:def:1507371 [1.20.12-1] - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 oval:org.secpod.oval:def:1507381 [2:1.13.3-4] - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service via Resource Consumption via HTTP requests oval:org.secpod.oval:def:1506674 cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release osbuild [81-1] - New upstream release [80-1] - New upstr ... oval:org.secpod.oval:def:1506650 [2.06-46.0.4.el9_1.3] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Or ... oval:org.secpod.oval:def:1506343 [2.06-46.0.4] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] [2.06-46.0.3] - Fix CVE-2022-2601 and CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI oval:org.secpod.oval:def:1506024 [5.14.0-70.26.1.0.1.el9_0.OL9] - lockdown: also lock down previous kgdb use oval:org.secpod.oval:def:1507380 [5.14.0-362.18.1.el9_3.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 = 15.3-1.0.5.el9 - Remove ... oval:org.secpod.oval:def:1505933 [5.14.0-70.22.1.0.1.el9_0.OL9] [lockdown: also lock down previous kgdb use [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.22.1.el9_0.OL9] [Update Oracle Linux certificates [Disable signing for aarch64 [Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 295392 ... oval:org.secpod.oval:def:1506245 [5.14.0-162.6.1_1.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Remove nmap references from ... oval:org.secpod.oval:def:1506691 [21.1.3-7] - Fix CVE-2023-0494 [21.1.3-6] - Follow-up fix for CVE-2022-46340 [21.1.3-5] - CVE fix for: CVE-2022-4283 , CVE-2022-46340 , CVE-2022-46341 , CVE-2022-46342 , CVE-2022-46343 , CVE-2022-46344 [ 21.1.3-4] - Fix CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140769, rhbz#2140771 oval:org.secpod.oval:def:1506651 [1.20.11-17] - Fix xvfb-run script with --listen-tcp Resolves: rhbz#2172116 [1.20.11-16] - CVE-2023-0494 [1.20.11-15] - Follow-up fix for CVE-2022-46340 [1.20.11-14] - CVE fix for: CVE-2022-4283 , CVE-2022-46340 , CVE-2022-46341 , CVE-2022-46342 , CVE-2022-46343 , CVE-2022-46344 [1.20.11-13] - Dr ... oval:org.secpod.oval:def:1507233 [1.13.1-3.3] - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions - xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty oval:org.secpod.oval:def:1507402 [1.20.12-2] - Fix CVE-2024-1394 - Resolves: RHEL-27189 oval:org.secpod.oval:def:1507413 [5.1.1-2] - Rebuild with latest version of golang - resolves CVE-CVE-2024-1394 oval:org.secpod.oval:def:1507416 [9.2.10-8] - Rebuild with latest version of golang - resolve RHEL-24313 oval:org.secpod.oval:def:1507410 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 oval:org.secpod.oval:def:1507374 [8.7p1-34.3] - Fix Terrapin attack Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname Resolves: RHEL-19822 oval:org.secpod.oval:def:1507152 [7:5.5-6.1] - Resolves: RHEL-14819 - squid: squid: denial of Servicein FTP - Resolves: RHEL-14807 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14780 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP [7:5.5-6] - Resolves: #2231827 - Crash with half_cl ... oval:org.secpod.oval:def:1507134 [7:5.5-5.el9_2.1] - Improve HTTP chunked encoding compliance - Fix stack buffer overflow when parsing Digest Authorization - Fix userinfo percent-encoding oval:org.secpod.oval:def:1507392 [2.85-14.1] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 oval:org.secpod.oval:def:1507362 [1.16.2-3.1] - Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks oval:org.secpod.oval:def:1507373 [7.76.1-26.el9_3.3] - cap SFTP packet size sent - lowercase the domain names before PSL checks oval:org.secpod.oval:def:1507408 [115.9.1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.9.1] - Add debranding patches - Add OpenELA default preferences [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-5242 ... oval:org.secpod.oval:def:1507399 [1:7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols oval:org.secpod.oval:def:1505864 [2.06-27.0.6.el9_0.7] - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump ... oval:org.secpod.oval:def:1505876 [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to ... oval:org.secpod.oval:def:1506667 [6.1.1-6.el9] - Update changelog [Orabug: 35343538] - ebpf: fix compatibility with libbpf 1.0+ [Orabug: 35268538] - ebpf: replace deprecated bpf_program__set_socket_filter [Orabug: 35268538] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: d ... oval:org.secpod.oval:def:87167 [3.9.14-1] - Update to 3.9.14 - Security fixes for CVE-2020-10735 and CVE-2021-28861 Resolves: rhbz#2120642, rhbz#1834423, rhbz#2128249 [3.9.13-3] - Fix test_get_ciphers in test_ssl.py for FIPS mode Resolves: rhbz#2058233 [3.9.13-2] - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 [3.9.13-1] ... oval:org.secpod.oval:def:1505932 galera [26.4.11-1.0.1] - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Patches from previous release have been deleted - Drop nmap-ncat requirement. [Orabug: 34116228] - Added galera-skip-lp1184034-testcase.patch - Added backport-removes-nmap-probing-in-ga ... oval:org.secpod.oval:def:1506443 [2.36.7-1.2] - Add patch for CVE-2023-23529 Resolves: #2170000 oval:org.secpod.oval:def:1506527 [2.36.7-1.3] - Add patch for CVE-2023-28205 Resolves: #2185744 oval:org.secpod.oval:def:1506677 [2.38.5-1] - Update to 2.38.5 Related: #2127467 [2.38.4-1] - Update to 2.38.4 Related: #2127467 [2.38.3-1] - Update to 2.38.3 Related: #2127467 [2.38.2-1] - Update to 2.38.2 Related: #2127467 [2.38.1-2] - Fix use with aarch64 64 KiB page size Related: #2127467 [2.38.1-1] - Update to 2.38.1 Resolves: ... oval:org.secpod.oval:def:1506671 [4.4.0-7] - Fix CVE-2022-3970 - Resolves: CVE-2022-3970 [4.4.0-6] - Fix CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 - Resolves: CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 oval:org.secpod.oval:def:1506693 [3.2.0-1] - Update to 3.2.0 - Resolves: #2139383 [2.13.3-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.13.3-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [2.13.3-2] - Fixed name of source tarball - Fixed date in the latest changelog entry - Relate ... |
