Download
| Alert*
oval:org.secpod.oval:def:1502612
Oracle Linux 8 is installed oval:org.secpod.oval:def:72245 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:1505656 jss [4.9.3-1] - Rebase to JSS 4.9.3 - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8] [4.9.2-1] - Rebase to JSS 4.9.2 ldapjdk [4.23.0-1] - Rebase to LDAP SDK 4.23.0 [4.23.0-0.1] - Rebase to LDAP SDK 4.23.0-alpha1 pki-core [10.12.0-2.0.1] - Remove up ... oval:org.secpod.oval:def:1505640 [1:6.4.7.2-10.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor="Oracle America, Inc." - Added the --with-hamcrest option to configure. [1:6.4.7.2-10] - Related: rhbz#2029810 bump n-v-r [1:6.4.7.2-9] - Related: rhbz#2029810 set NoDisplay=true for .desktop on s390 ... oval:org.secpod.oval:def:1506182 [1.16.1-3] - Add patches for matroskademux. CVE-2021-3497 - Resolves: rhbz#1948942 oval:org.secpod.oval:def:1506177 [1.0.3-11] - Fix double byteswap on big-endian systems also while reading partition names resolves: #2065205 [1.0.3-10] - Fix CVE-2021-0308 resolves: #2052364 oval:org.secpod.oval:def:1505974 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505977 [91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1506179 [5:2.0.7-2] - Fix CVE-2022-1328 oval:org.secpod.oval:def:1506172 apache-commons-collections apache-commons-net [3.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.6-1] - Update to upstream version 3.6 jss [4.9.4-1] - Rebase to JSS 4.9.4 - Bug 2013674 - JSS canno ... oval:org.secpod.oval:def:1506353 [10.23-1] - Fix CVE-2022-2625 - Resolves: #2143167 - Rebase to 10.23 oval:org.secpod.oval:def:1504946 pki-core [10.10.5-3.0.1] - Remove upstream reference. [10.10.5-3] - Bug 1960146 - CVE-2021-3551 Dogtag installer pkispawn logs admin credentials into a world-readable log file oval:org.secpod.oval:def:1506408 istio [1.13.9-1] - Added Oracle specific files for 1.13.9-1 olcne [1.4.10-1] - Upgraded istio-1.13.7 to istio-1.13.9 to resolve Istio CVE-2022-39278 [1.4.9-2] - Fix 1.21 kubernetes version to align with last upstream release [1.4.9-1] - Resolve kubernetes CVE-2022-3294 CVE-2022-3162 for version 1.2 ... oval:org.secpod.oval:def:1506403 istio [1.15.3-1] - Added Oracle specific files for 1.15.3-1 olcne [1.5.10-2] - Update istio to 1.15.3 to address Istio CVE-2022-392787 [1.5.9-1] - Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly [1.5.8-4] - Fix 1.21 kubernetes versi ... oval:org.secpod.oval:def:1506016 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip prin ... oval:org.secpod.oval:def:1506011 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29 ... oval:org.secpod.oval:def:1505241 olcne [1.3.2-2] - Turn off default PodDisruptionBudget in istio template to unblock kubernetes module upgrade - Update Kubernetes version to 1.20.11 to address CVE-2021-25741 - Update Istio to 1.9.8, 1.10.4 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 - ... oval:org.secpod.oval:def:1505251 olcne [1.2.5-2] - Update Istio to 1.9.8 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 - Update proxyv2 image to select iptables legacy or latest based on host operating system - Turn off Istio PodDisruptionBudget istio [1.9.8-3] - Updated iptables-switch ... oval:org.secpod.oval:def:1505686 [264.1-1.0.1] - Remove duplicate reference to server in cockpit [Orabug: 33862832] - Update documentation links [Orabug: 32795691] - Make documentation links point to Oracle Linux information [Orabug: 30271413] [Orabug: 32013095] - Fix rendering of hwinfo page on systems with some empty memory slots ... oval:org.secpod.oval:def:1506456 [0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5.el8_7.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159424 oval:org.secpod.oval:def:1506163 [6.4.7.2-11.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor=Oracle America, Inc. - Added the --with-hamcrest option to configure. [1:6.4.7.2-11] - Resolves: rhbz#2060559 CVE-2021-25636 oval:org.secpod.oval:def:1504650 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504739 qemu-kvm [4.2.0-34.el8_3.4] - kvm-virtiofsd-extract-lo_do_open-from-lo_open.patch [bz#1919109] - kvm-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch [bz#1919109] - kvm-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch [bz#1919109] - Resolves: bz#1919109 oval:org.secpod.oval:def:1504922 libnma [1.8.30-2] - Rebuild with new gtk-doc to fix multilib issues NetworkManager [1.30.0-7.0.1] - add connectivity check via Oracle servers [Orabug: 32051972] - Disable the build of NetworkManager-config-connectivity-* subpackage for 8.3 [1:1.30.0-7] - initrd: set multi-connect=single for connect ... oval:org.secpod.oval:def:1504930 evolution [3.28.5-16] - Resolves: #1902630 [3.28.5-15] - Resolves: #1883619 evolution-data-server [3.28.5-15] - Resolves: #1862403 evolution-ews [3.28.5-10] - Resolves: #1886026 - Resolves: #1885229 oval:org.secpod.oval:def:1505248 [1.5.3-12] - Add missing license file [1.5.3-11] - Fix CVE-2020-17541 oval:org.secpod.oval:def:1505263 [8.5.0-3.0.2] - Fix Orabug 33451471 and backport CTF/BTF enhancements ctfc: Free CTF container elements in ctfc_delete_container ctf: Do not warn for CTF not supported for GNU GIMPLE ICE in btf_finalize when compiling with -gbtf Reviewed-by: Jose E. Marchesi [8.5.0-3.0.1] - Merge the following orac ... oval:org.secpod.oval:def:1505256 [2.0.20-57.0.3] - Merge 8.4 extra patches for SB boot environment [Orabug: 33512440] [2.0.20-57.0.2] - Merge SRPM/ol8-u4 orabug patches into SRPM/ol8-u5 [Orabug: 33471981] [2.0.20-57.0.1] - makedumpfile: Add support for newer kernels up to v5.12 [Orabug: 33250117] [2.0.20-57] - kdumpctl: enable secu ... oval:org.secpod.oval:def:1505653 [1.1-6.0.1] - Increase db_max_size to 100M [1.1-6] - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path Resolves: rhbz#2069120 [1.1-4] RHEL 8.6.0 ERRATUM - fapolicyd denies access to /usr/lib64/ld-2.28.so Resolves: rhbz#2066300 [1.1-1] RHEL 8.6.0 ERRATUM - rebase to 1.1 Resolves: rhbz#19 ... oval:org.secpod.oval:def:1506212 [0.8.4-28.1] - Add 0111-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133995 oval:org.secpod.oval:def:1504535 gstreamer1 [1.16.1-2] - Update to 1.16.2 for correctly pick up for side gating - Resolves: rhbz#1756299 [1.16.1-1] - Update to 1.16.1 - Enable libcap for the ptp helper permissions - Resolves: rhbz#1756299 gstreamer1-plugins-bad-free [1.16.1-1] - Update to 1.16.1 - Remove upstreamed patches - Remove ... oval:org.secpod.oval:def:1504763 buildah [1.11.6-8.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-8] - exclude i686 arch - Related: #1821193 [1.11.6-7] - fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file ... oval:org.secpod.oval:def:1504749 buildah [1.5-8.gite94b4f9.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.5-8.gite94b4f9] - bump release to preserve upgrade path - Related: #1821193 [1.5-4.gite94b4f9] - fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build ... oval:org.secpod.oval:def:1506234 kubernetes [1.21.14-3] - Addresses CVE-2022-3294 CVE-2022-3162 [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.9-2] - Fix 1.21 kubernetes version to align with last upstream release [1.4.9-1] - Resolve kubernetes CVE-2022-3294 CVE-2022-3162 for version ... oval:org.secpod.oval:def:1506235 kubernetes [1.22.16-1] - Added Oracle specific build files for Kubernetes - Add preBuildOL8Commands to Jenkinsfile kubernetes [1.23.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.8-4] - Fix 1.21 kubernetes ... oval:org.secpod.oval:def:1504913 rust [1.49.0-1] - Update to 1.49.0. [1.48.0-1] - Update to 1.48.0. rust-toolset [1.49.0-1] - Update to Rust and Cargo 1.49.0. [1.48.0-1] - Update to Rust and Cargo 1.48.0. oval:org.secpod.oval:def:1505217 rust-toolset [1.54.0-1] - Update to Rust and Cargo 1.54.0. [1.53.0-1] - Update to Rust and Cargo 1.53.0. rust [1.54.0-2] - Make std-static-wasm* arch-specific to avoid s390x. [1.54.0-1] - Update to 1.54.0. [1.53.0-2] - Use llvm-ranlib to fix wasm archives. [1.53.0-1] - Update to 1.53.0. [1.52.1-2] - ... oval:org.secpod.oval:def:1506436 [1.30-6.1] - Fix CVE-2022-48303 - Resolves: CVE-2022-48303 oval:org.secpod.oval:def:1505938 [6.0.108-1.0.1] - Add missing Oracle RIDs [6.0.108-1] - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ#2112412 oval:org.secpod.oval:def:1505940 [3.1.422-1.0.1] - Add missing Oracle Linux Runtime IDs [3.1.422-1] - Update to .NET SDK 3.1.422 and Runtime 3.1.28 - Resolves: RHBZ#2115351 oval:org.secpod.oval:def:1503033 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505056 [20.3-10.0.1] - Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938] - Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938] - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] - limit permissions [Orabug: 3135 ... oval:org.secpod.oval:def:1504957 [1.0.6-2] + gupnp-1.0.6-2 - Fix DNS rebind issue - Resolves: #1964710 oval:org.secpod.oval:def:1504964 [1.0.0-3] - Added fixes for rhbz#1956829, rhbz#1956843, rhbz#1956919 oval:org.secpod.oval:def:1505706 [2.9.0-9] - Fix LVM-VDO statistics tests - Fix GError ownership [2.9.0-8] - CVE-2021-3802: Harden the default mount options for ext filesystems oval:org.secpod.oval:def:1505647 [2.12-11] - Fixed CVE-2021-38185 oval:org.secpod.oval:def:1505663 [0.14.0-12.1] - Resolves: rhbz#1986805 - CVE-2021-3639 mod_auth_mellon: Open Redirect vulnerability in logout URLs [rhel-8] oval:org.secpod.oval:def:1506181 [1.0.4-9] - Fix security issues CVE-2022-25308, CVE-2022-25309, CVE-2022-25310. Resolves: rhbz#2050085, rhbz#2050068, rhbz#2050062 - Drop --disable-docs from %configure. no such options available. oval:org.secpod.oval:def:72222 The RPM package tftp should be installed. oval:org.secpod.oval:def:72144 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:72353 Ensure ip6tables in enabled and running oval:org.secpod.oval:def:72264 The RPM package aide should be installed. oval:org.secpod.oval:def:72330 The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivil ... oval:org.secpod.oval:def:72208 SSL capabilities should be enabled for the mail server. oval:org.secpod.oval:def:72393 If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate. oval:org.secpod.oval:def:72159 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72321 SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into ... oval:org.secpod.oval:def:72370 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:72182 Limit Users SSH Access should be configured appropriately. oval:org.secpod.oval:def:72374 All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:72248 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:72137 The RPM package libreswan should be installed. oval:org.secpod.oval:def:72266 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:72366 iptables allows configuration of the IPv4 tables in the linux kernel and the rules stored within them. Most firewall configuration utilities operate as a front end to iptables. oval:org.secpod.oval:def:72141 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72207 The kernel module hfs should be disabled. oval:org.secpod.oval:def:72288 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:72355 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:72265 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72202 The RPM package httpd should be removed. oval:org.secpod.oval:def:72339 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. oval:org.secpod.oval:def:72250 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:72299 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:72152 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:72177 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:72171 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:72289 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:72238 The default umask for users of the csh shell oval:org.secpod.oval:def:72187 Specify Additional Remote chrony Servers (/etc/chrony.conf) should be configured appropriately. oval:org.secpod.oval:def:72261 The password minclass should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72170 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:org.secpod.oval:def:72220 The RPM package rsh should be installed. oval:org.secpod.oval:def:72367 Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub boot parameters. Rationale: SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are not overridden. oval:org.secpod.oval:def:72413 Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:72324 To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartups to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:72416 Ensure root is the only UID 0 account oval:org.secpod.oval:def:72189 Postfix network listening should be disabled oval:org.secpod.oval:def:72211 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72386 Ensure mounting of FAT filesystems is limited oval:org.secpod.oval:def:72194 Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:72158 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72234 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:72140 rsyslogd should reject remote messages oval:org.secpod.oval:def:72191 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:72160 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72167 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72364 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. oval:org.secpod.oval:def:72230 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:72258 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:72354 Ensure cron daemon is enabled and running oval:org.secpod.oval:def:72283 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:72270 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:72318 Ensure only strong MAC algorithms are used oval:org.secpod.oval:def:72204 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:72139 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:72285 The RPM package telnet should be installed. oval:org.secpod.oval:def:72251 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:72323 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:72206 The RPM package dovecot should be removed. oval:org.secpod.oval:def:72322 When usePAM is set to yes, PAM runs through account and session types properly. This is important if you want to restrict access to services based off of IP, time or other factors of the account. Additionally, you can make sure users inherit certain environment variables on login or disallow access ... oval:org.secpod.oval:def:72380 The .netrcfile presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrcfiles from other systems which could pose a risk to those systems. oval:org.secpod.oval:def:72384 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:72131 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:72193 Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:72138 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:72205 The mod_security package installation should be configured appropriately. oval:org.secpod.oval:def:72310 Ensure nftables is not installed or stopped and masked oval:org.secpod.oval:def:72292 The kernel module sctp should be disabled. oval:org.secpod.oval:def:72186 A remote chrony Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:72365 Ensure LDAP Client is not installed oval:org.secpod.oval:def:72309 Ensure nfs-utils is not installed or the nfs-server service is masked oval:org.secpod.oval:def:72378 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. oval:org.secpod.oval:def:72373 Ensure users' home directories permissions are 750 or more restrictive oval:org.secpod.oval:def:72336 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:72296 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:72136 The kernel module tipc should be disabled. oval:org.secpod.oval:def:72313 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:72381 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:72317 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and ... oval:org.secpod.oval:def:72301 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72145 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:72254 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:72306 Audit files deletion events. oval:org.secpod.oval:def:72178 Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately. oval:org.secpod.oval:def:72372 Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribu ... oval:org.secpod.oval:def:72326 Disable Automounting oval:org.secpod.oval:def:72382 The X Window System provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Windows system is typically used on workstations where users login, but not on servers where users typically do not login. oval:org.secpod.oval:def:72335 Since the /var/tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:72350 Ensure iptables in enabled and running oval:org.secpod.oval:def:72344 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:72377 Ensure sudo log file exists oval:org.secpod.oval:def:72244 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:72146 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:72304 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72385 Ensure rsyslog default file permissions configured oval:org.secpod.oval:def:72375 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. oval:org.secpod.oval:def:72403 A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network connections, interfaces and sources. oval:org.secpod.oval:def:72406 The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:72417 Ensure no duplicate group names account oval:org.secpod.oval:def:72163 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72219 The RPM package mcstrans should be installed. oval:org.secpod.oval:def:72275 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:72284 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:72149 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:72398 TMOUT is an environmental setting that determines the timeout of a shell in seconds. oval:org.secpod.oval:def:72331 Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:72282 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:72257 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:72419 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:72287 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:72312 Ensure rsync is not installed or the rsyncd service is masked oval:org.secpod.oval:def:72400 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a ... oval:org.secpod.oval:def:72362 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72210 Configure Dovecot to Use the SSL Key file should be configured appropriately. oval:org.secpod.oval:def:72415 File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:72196 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:72302 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:72133 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:72134 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72221 The RPM package ypbind should be installed. oval:org.secpod.oval:def:72300 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:72150 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:72401 Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters. oval:org.secpod.oval:def:72253 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:72319 To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:72389 Ensure auditd service is enabled and running oval:org.secpod.oval:def:72277 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:72164 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72203 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:72166 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72239 The default umask for all users should be set correctly oval:org.secpod.oval:def:72247 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:72169 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:72278 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:72329 The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. oval:org.secpod.oval:def:72407 It is critical to ensure that the /etc/passwd- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions. oval:org.secpod.oval:def:74430 Change the default policy to DROP (from ACCEPT) for the FORWARD built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:72156 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72201 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:72349 Ensure inactive password lock is 30 days or less oval:org.secpod.oval:def:72225 The RPM package talk should be installed. oval:org.secpod.oval:def:72240 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:72199 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:72327 SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory access control) as contrary to the DAC (Discretionary access control). oval:org.secpod.oval:def:72161 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72376 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. oval:org.secpod.oval:def:72173 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:72360 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72345 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:72190 Protect against unnecessary release of information. oval:org.secpod.oval:def:72223 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72359 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to use ... oval:org.secpod.oval:def:72155 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:72346 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames and is the successor to iptables. oval:org.secpod.oval:def:72395 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk oval:org.secpod.oval:def:72252 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:72130 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:72412 Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:72272 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72268 The kernel module dccp should be disabled. oval:org.secpod.oval:def:72397 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:72279 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72363 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72255 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:72332 Since the /tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:72340 There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data. oval:org.secpod.oval:def:72197 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:72348 Ensure journald is configured to write logfiles to persistent disk oval:org.secpod.oval:def:72314 Ensure only strong Key Exchange algorithms are used oval:org.secpod.oval:def:72280 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:72176 The RPM package ypserv should be removed. oval:org.secpod.oval:def:74444 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:72402 If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:72243 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:72388 >Ensure mail transfer agent is configured for local-only mode oval:org.secpod.oval:def:72165 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72180 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72227 The daemon umask should be set as appropriate oval:org.secpod.oval:def:72408 The /etc/shadow- file is used to store backup information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72142 The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72290 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72162 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72135 The kernel module rds should be disabled. oval:org.secpod.oval:def:72356 Ensure ntp is configured oval:org.secpod.oval:def:72276 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:72228 Core dumps for all users should be disabled oval:org.secpod.oval:def:72185 Logging (/etc/rsyslog.conf) should be configured appropriately. oval:org.secpod.oval:def:72175 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:72383 sudo can be configured to run only from a pseudo-pty oval:org.secpod.oval:def:72325 Setting the LoginGraceTime parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. It will also limit the number of concurrent unauthenticated connections While the recommended setting is 60 seconds (1 Minute), set the number based on site policy. oval:org.secpod.oval:def:72209 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:72351 Ensure rsyslog Service is enabled and running oval:org.secpod.oval:def:72411 Ensure no duplicate user names account oval:org.secpod.oval:def:72357 Ensure no users have .forward files oval:org.secpod.oval:def:72369 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:72200 Restrict Access to Anonymous Users should be configured appropriately. oval:org.secpod.oval:def:72404 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72320 SSH provides several logging levels with varying amounts of verbosity. DEBUG is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. INFO level is the basic level that only re ... oval:org.secpod.oval:def:72316 Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disa ... oval:org.secpod.oval:def:72216 Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:72295 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:72215 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:72168 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72226 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72241 The RPM package tmux should be installed. oval:org.secpod.oval:def:72273 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72157 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72297 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:72305 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:72286 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:72347 Ensure journald is configured to send logs to rsyslog oval:org.secpod.oval:def:72392 Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly managed. oval:org.secpod.oval:def:72361 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72184 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:72333 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:72291 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:72342 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:72269 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:72391 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72334 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:72147 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:72399 Ensure default group for the root account is GID 0 oval:org.secpod.oval:def:72195 The RPM package bind should be removed. oval:org.secpod.oval:def:72183 Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately. oval:org.secpod.oval:def:72246 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:72229 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:72293 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72396 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:72179 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:72368 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:72371 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:72236 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72379 Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user dot file permissions and determine the action to be taken in accordance with site po ... oval:org.secpod.oval:def:72188 The RPM package sendmail should be removed. oval:org.secpod.oval:def:72153 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:72311 Ensure rpcbind is not installed or the rpcbind services are masked oval:org.secpod.oval:def:72337 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:72414 Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them. oval:org.secpod.oval:def:72410 Ensure root is the only UID 0 account oval:org.secpod.oval:def:72263 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:72242 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:72328 The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unau ... oval:org.secpod.oval:def:72338 The /home directory is used to support disk storage needs of local users. oval:org.secpod.oval:def:72213 The RPM package squid should be removed. oval:org.secpod.oval:def:72294 The password minimum length should be set appropriately. oval:org.secpod.oval:def:72307 The system login banner text should be set correctly. oval:org.secpod.oval:def:72154 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:72267 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:72315 While the complete removal of /etc/sshd/sshd_config files is recommended if any are required on the system secure permissions must be applied. oval:org.secpod.oval:def:72218 The RPM package setroubleshoot should be installed. oval:org.secpod.oval:def:72192 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:72224 The RPM package talk-server should be installed. oval:org.secpod.oval:def:72308 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:72298 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72151 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:72212 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:72174 The RPM package xinetd should be removed. oval:org.secpod.oval:def:72409 It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Other/world should not have the ability to view this information. Group should not have the ability to modify this information. oval:org.secpod.oval:def:72271 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:72181 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:72387 Ensure use of privileged commands is collected oval:org.secpod.oval:def:72132 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:72358 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:72418 Ensure root is the only UID 0 account oval:org.secpod.oval:def:72303 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72390 All password hashes should be shadowed. oval:org.secpod.oval:def:72231 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:72198 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:72352 Ensure firewalld service is enabled and running oval:org.secpod.oval:def:72129 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:72341 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:72249 The Kernel Parameter for Accepting Source-Routed Packets By Default and all interfaces should be enabled or disabled as appropriate oval:org.secpod.oval:def:72233 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:72214 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:72148 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:72172 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:72235 Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately. oval:org.secpod.oval:def:72237 The default umask for users of the bash shell oval:org.secpod.oval:def:72405 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. oval:org.secpod.oval:def:72232 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:72217 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:72143 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:72281 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:72260 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:72259 The password warning age should be set appropriately. oval:org.secpod.oval:def:1506199 aardvark-dns [2:1.1.0-5] - fix Two aardvark-dns instances trying to use the same port on the same interface - Resolves: #2130234 buildah [1:1.27.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.27 - Resolves: #2136438 [1:1.27.2-1] - update to the latest con ... oval:org.secpod.oval:def:74458 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:74451 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:74479 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:74465 Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The /var/run/failock directory maint ... oval:org.secpod.oval:def:74472 The use of wireless networking can introduce many different attack vectors into the organization's network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP ... oval:org.secpod.oval:def:74437 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:72343 Ensure iptables packages are installed oval:org.secpod.oval:def:1505673 [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files [7.5.11-1] - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226 [7.5.10-1] - ... oval:org.secpod.oval:def:1506437 [239-68.0.2] - Backport upstream pstore dmesg fix [Orabug: 34850699] - Standardize ioctl check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] - Disable unprivileged BPF by default [Orabug: 32870980] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix mem ... oval:org.secpod.oval:def:1506214 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 oval:org.secpod.oval:def:1506779 [1.0.6-14] - Fix CVE-2022-40023 oval:org.secpod.oval:def:1505690 [4.0.9-21] - Fix CVE-2020-19131 oval:org.secpod.oval:def:1506318 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption oval:org.secpod.oval:def:1506322 [102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features oval:org.secpod.oval:def:1505235 [1:2.2.6-40] - 1955964 - PreserveJobHistory doesnt work with seconds - 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8] [1:2.2.6-39] - 1941437 - cupsd doesnt log job ids when logging into journal - 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEN ... oval:org.secpod.oval:def:1504653 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505054 [1.4.3.16-19] - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin [1.4.3.16-18] - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed [1.4. ... oval:org.secpod.oval:def:1505642 [1.0.28-12] - fix heap buffer overflow in flac [1.0.28-11] - a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution oval:org.secpod.oval:def:1504935 [5.52-4] + bluez-5.52-4 - Fixing [5.52-3] + bluez-5.52-3 - Revering the 5.52-2 patch due some mismatch with upsream patch. [5.52-2] + bluez-5.52-2 - Fixing [5.52-1] + bluez-5.52-1 - Fixing oval:org.secpod.oval:def:1505689 [3.32.2-44] - Fix more JS warnings Resolves: #2025940 [3.32.2-43] - Backport fix for CVE-2020-17489 Resolves: #1874259 [3.32.2-42] - Backport WPA3 support Resolves: #1924593 [3.32.2-41] - Add bugs introduced in backport for #1651378 Related: #2000918 - Tidy up patch list a bit oval:org.secpod.oval:def:1505307 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506231 [1.18.2-22.0.1] - Fixed race condition in krb5_set_password [Orabug: 33609767] [1.] - Fix integer overflows in PAC parsing - Resolves: rhbz#2140967 oval:org.secpod.oval:def:1506043 libecap squid [7:4.15-3.1] - Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses oval:org.secpod.oval:def:1505812 squid [7:4.15-3.1] - Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses oval:org.secpod.oval:def:1506380 [3.5.12-9] - Fix CVE-2022-46285: infinite loop on unclosed comments - Fix CVE-2022-44617: runaway loop with width of 0 - Fix CVE-2022-4883: compression depends on $PATH oval:org.secpod.oval:def:1506438 [39.2.0-6.1] - Security fix for CVE-2022-40897 Resolves: rhbz#2158559 oval:org.secpod.oval:def:1506740 [1:26.1-9] - Fix MH-E mail composition with GNU Mailutils [1:26.1-8] - Fix ctags local command execute vulnerability oval:org.secpod.oval:def:1506355 [2.9.7-15.1] - Fix CVE-2022-40303 - Fix CVE-2022-40304 oval:org.secpod.oval:def:1506229 varnish [6.0.8-2.1] - Resolves: #2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery Vulnerability [6.0.8-2] - Resolves: #2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules [0.15.0-6] - Related: #1982862 - rebuild for new varnish versio ... oval:org.secpod.oval:def:1506793 [11.7.3-9.0.1] - add mpstat -H option to also display physically hotplugged vCPUs [Orabug: 34683071] [11.7.3-9] - add -f flag to force fdatasync after sa file update [11.7.3-8] - arithmetic overflow in allocate_structures on 32 bit systems oval:org.secpod.oval:def:1506357 [239-68.0.2.1] - Backport upstream pstore dmesg fix [Orabug: 34850699] - Standardize ioctl check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] - Disable unprivileged BPF by default [Orabug: 32870980] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix m ... oval:org.secpod.oval:def:1506342 [4.13-4] - Resolves: rhbz#2140600 oval:org.secpod.oval:def:1506724 [12:4.3.6-49] - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 - send back dhcp6.vendor-opts again oval:org.secpod.oval:def:1506735 [1.16.2-5] - Stop creating wrong devel manual pages [1.16.2-4] - Apply correctly previous change [1.16.2-3] - Fix NRDelegation attack leading to uncontrolled resource consumption oval:org.secpod.oval:def:1506725 [1.21.0-1] - wayland 1.21.0 oval:org.secpod.oval:def:1506765 [32:9.11.36-8] - Correct regression preventing bind-dyndb-ldap build [32:9.11.36-7] - Prevent excessive resource use while processing large delegations. [32:9.11.36-6] - Prevent freeing zone during statistics rendering oval:org.secpod.oval:def:1506776 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506356 [21.11-2] - Backport fixes for CVE-2022-2132 oval:org.secpod.oval:def:1506752 [20.11.0-6] - Check for overflow when computing number of symbols - in JBIG2 text region - Resolves: #2126361 oval:org.secpod.oval:def:1506034 [2.36.7-1] - Update to 2.36.7 Related: #2123429 oval:org.secpod.oval:def:1506350 [4.0.9-26] - Fix various CVEs - Resolves: CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2953 [4.0.9-25] - Fix CVE-2022-2867 - Fix CVE-2022-2868 - Fix CVE-2022-2869 [4.0.9-24] - Fix CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 - Resolves: #2103222 oval:org.secpod.oval:def:1506760 [1.2.20-17] - fix use-after-free bugs introduced by incorrect memleak fixes [1.2.20-16] - fix memory leaks through gnu_long{name,link} - fix out-of-bounds read in gnu_long{name,link} oval:org.secpod.oval:def:1505972 [3.1.3-14.3] - Resolves: #2111174 - remote arbitrary files write inside the directories of connecting peers oval:org.secpod.oval:def:1506175 [1.16.2-2] - Require openssl tool for unbound-keygen [1.16.2-1] - Update to 1.16.2 [1.16.0-2] - Restart keygen service before every unbound start [1.16.0-1] - Upgrade to 9.16.0 - Update to recent version with compatibility with RHEL8 - Ensure also source level compatibility with previous versio ... oval:org.secpod.oval:def:1505996 [2.2.20-3] - Fix CVE-2022-34903 oval:org.secpod.oval:def:1505830 olcne [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1 ... oval:org.secpod.oval:def:1505832 olcne [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-202 ... oval:org.secpod.oval:def:1506184 aardvark-dns [2:1.1.0-4] - remove windows binaries and regenerate vendor tarball - Related: #2061390 [2:1.1.0-3] - add gating.yaml - Related: #2061390 [2:1.1.0-2] - bump Epoch to preserve upgrade path - Related: #2061390 [1.1.0-1] - initial import - Related: #2061390 buildah [1:1.27.0-2] - fix CVE-2 ... oval:org.secpod.oval:def:1506180 buildah [1:1.24.5-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 - Related: #2061390 [1:1.24.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 - Related: #2061390 cockpit-podman [46-1] - update to https://gi ... oval:org.secpod.oval:def:1506185 [20.11.0-5] - Dont run out of file for Hints - Rebuild for #2096452 - Resolves: #2090969, #2096452 oval:org.secpod.oval:def:1506155 [6.2.7-1] - rebase to 6.2.7 #1999873 oval:org.secpod.oval:def:1504925 helm [3.3.4-2] - Address CVE-2021-27918 coredns [1.7.0-1] - Added Oracle specific build files cri-o [1.18.4-2] - Fix for CVE-2021-27918 [1.18.4-1] - Added Oracle Specifile Files for cri-o cri-tools [1.18.0-2] - Address CVE-2021-27918 etcd [3.4.3-1.0.5] - Address CVE-2021-27918 flannel [0.12.0-2] - A ... oval:org.secpod.oval:def:1505230 [7.5.9-4] - resolve CVE-2021-39226 [7.5.9-3] - rebuild to resolve CVE-2021-34558 [7.5.9-2] - remove unused dependency property-information - always include FIPS patch in SRPM [7.5.9-1] - update to 7.5.9 tagged upstream community sources, see CHANGELOG [7.5.8-1] - update to 7.5.8 tagged upstream comm ... oval:org.secpod.oval:def:1506192 [1.45.6-5] - Update e2fsprogs with upstream fixes and improvements - Fix out-of-bounds read/write via crafter filesystem oval:org.secpod.oval:def:1506150 [2.4.0-5] - Fix CVE-2022-1122 oval:org.secpod.oval:def:1506176 [5.1.0-16] - CVE-2021-44269 wavpack: heap Out-of-bounds Read - Resolves: CVE-2021-44269 oval:org.secpod.oval:def:1505357 postgresql [13.5-1] - Update to 13.5 - Resolves: #2024608 oval:org.secpod.oval:def:1505358 postgresql [12.9-1] - Update to 12.9 - Resolves: #2024677 oval:org.secpod.oval:def:1506348 [1.0.0-8.2] - Fix unauthorized access via D-bus - Fix memory leak on D-bus connection failure Resolves: rhbz#2127848 oval:org.secpod.oval:def:1505643 [4.15.5-5] - resolves: rhbz#2064325 - Fix "create krb5 conf = yes" when a KDC has a single IP address. [4.15.5-4] - resolves: rhbz#2057503 - Fix winbind kerberos ticket refresh [4.15.5-3] - related: rhbz#1979959 - Fix typo in testparm output [4.15.5-2] - resolves: rhbz#1979959 - Improve idmap autori ... oval:org.secpod.oval:def:1506156 [3.5.0-15] - Applied patch for for CVE-2021-22570 oval:org.secpod.oval:def:1506158 [0.3.15-4] - Fix out-of-bounds read in *larrv - Resolves: CVE-2021-4048 oval:org.secpod.oval:def:1505340 [3:2.1.29-12.2] - Fix for CVE-2021-44227 - Resolves: #2026871 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:1505840 [ 1.8.5-7_fips] - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations [Orabug: 33081130] - Change Epoch from 1 to 10 [1.8.5-7] - Fix CVE-2021-33560 oval:org.secpod.oval:def:1505262 [1.0.0-5] - Added fixes for rhbz#1956853, rhbz#1956856, rhbz#1956868, rhbz#1956917 oval:org.secpod.oval:def:1505450 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505218 buildah [1.19.9-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - fixes CVE-2021-3602 - Related: #1977943 oval:org.secpod.oval:def:1505242 buildah [1.11.6-9.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-9] - update to the latest content of https://github.com/containers/buildah/tree/release-1.11-rhel - fixes CVE-2021-3602 - Related: ... oval:org.secpod.oval:def:1505659 cairo [1.15.12-6] - Fix CVE reference test [1.15.12-5] - Add reference test to CVE fix [1.15.12-4] - Fix CVE-2020-35492 pixman [0.38.4-2] - Backport the pixman part of cairo CVE-2020-35492 oval:org.secpod.oval:def:1506008 php-pear [1:1.10.13-1] - update PEAR to 1.10.13 - update Archive_Tar to 1.4.14 oval:org.secpod.oval:def:1503067 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504912 accountsservice [0.6.55-1] - Rebase to 0.6.55 Resolves: #1846376 atkmm [2.24.2-7] - Rebuild for annobin fixes - Resolves: rhbz#1703969 cairomm [1.12.0-8] - Rebuild for the annobin fixes - Resolves: rhbz#1703971 chrome-gnome-shell [10.1-7] - Disable updates support Resolves: #1802105 dleyna-core [0.6 ... oval:org.secpod.oval:def:1504905 [3.26.0-13] - enabled fts3conf.test on s390x and ppc64 architectures [3.26.0-12] - Fixed CVE-2020-13434 - Fixed CVE-2020-15358 oval:org.secpod.oval:def:1503046 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505316 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505284 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502671 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506582 [1.2.0-1] - New release 1.2.0 - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix CVE-2023-25565: incorrect free when decoding target information - Fix CVE-2023-25566: memory leak when parsing usernames ... oval:org.secpod.oval:def:1506727 istio [1.15.7-1] - Added Oracle specific files for 1.15.7-1 kubernetes [1.24.8-2] - libct/cg: add misc controller to v1 drivers [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.12-6] - Updated the CVE ID"s in Istio-1.15.7 changelog entry [1.5.12-5] - Bug fix - Append a slash ... oval:org.secpod.oval:def:1506750 [1.6.1-9] - Updated the CVE ID"s in Istio-1.16.4 changelog entry * [1.6.1-8] - Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x * [1.6.1-7] - Bugfix:Append a slash in oci-instance-metada query url * [1.6.1-6] - Fixed helm installation in OLCNE upgrade * [1.6.1-5] - Deprec ... oval:org.secpod.oval:def:1506771 istio [1.16.4-1] - Added Oracle specific files for 1.16.4-1 kubernetes [1.25.7-2] - libct/cg: add misc controller to v1 drivers olcne [1.6.1-9] - Updated the CVE ID"s in Istio-1.16.4 changelog entry [1.6.1-8] - Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x [1.6.1-7] - ... oval:org.secpod.oval:def:1507017 [1:3.3-4.1] - Resolves: CVE-2023-30630 oval:org.secpod.oval:def:1506611 [1.13.0-6.1] - Resolves: rhbz#2209516 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.8.0.z] oval:org.secpod.oval:def:1506974 [1:2.2.6-51.1] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation oval:org.secpod.oval:def:1506928 cjose [0.6.1-3] - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz#2223308 mod_auth_openidc [2.4.9.4-1] - Resolves: rhbz#2025368 - Rebase to new version oval:org.secpod.oval:def:1505733 [10.21-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [10.21-1] - Resolves: CVE-2022-1552 - Update to 10.21 - Release notes: https://www.postgresql.org/docs/release/10.21/ [10.19-2] - Add missing files into file section ... oval:org.secpod.oval:def:1505742 postgresql [12.11-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [12.11-1] - Resolves: CVE-2022-1552 - Update to 12.11 - Release notes: https://www.postgresql.org/docs/release/12.11/ oval:org.secpod.oval:def:1505747 postgresql [13.7-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [13.7-1] - Resolves: CVE-2022-1552 - Update to 13.7 - Release notes: https://www.postgresql.org/docs/release/13.7/ oval:org.secpod.oval:def:1505760 [5.2.4-4] - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 oval:org.secpod.oval:def:1505587 [1.9-13] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 oval:org.secpod.oval:def:1505585 buildah [1.11.6-10.0.1] - Handling redirect from the docker registry [Orabug: 29874238] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] [1.11.6-10] - update to the latest content of https://github.com/containers/buildah/tree/release-1.11-rhel - fixes CVE-2022-27649 podman ... oval:org.secpod.oval:def:1505688 buildah [1.19.9-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Resolves: #2067540 container-selinux [2:2.178.0-2] - remove conflict on udica - we still ship udica 2.4 in 3.0-8.6.0 - Related: #2067540 [2:2.178.0-1] - update to https://github.com/contai ... oval:org.secpod.oval:def:1505648 [10.19-2] - Add missing files into file section of server package postgresql-setup v8.6 newly provides postgresql-upgrade oval:org.secpod.oval:def:1505666 [13.5-1] - Rebase to 13.5 Resolves: #2023294 oval:org.secpod.oval:def:1505586 [0.115-13.0.1.el8_5.2] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.115-13.el8_5.2] - necessary version bump due to build versioning - Resolves: CVE-2021-4115 oval:org.secpod.oval:def:1505327 httpd [2.4.37-43.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43] - Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path [2.4.37-42] - Resolves: #2007235 - CVE-2 ... oval:org.secpod.oval:def:1504945 [0.115-11.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.115-11.1] - early disconnection from D-Bus results in privilege esc. - Resolves: CVE-2021-3560 oval:org.secpod.oval:def:1505676 buildah [1:1.24.2-4] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 - Related: #2059296 [1:1.24.2-3] - switch to RHEL maintenance branch which fixes CVE-2022-27651 - Resolves: #2067559 [1:1.24.2-2] - Add patch to fix bash symtax for gating tests - Upstream ... oval:org.secpod.oval:def:1505377 [4.4-4.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.4-4] - Resolves: rhbz#2036902 rebuild to enable rpminspect [4.4-3] - Resolves: rhbz#2036902: fix patch application [4.4-2] - Resolves: rhbz#2036902 ikev1: disable diagnostics logging on receiving malformed packets oval:org.secpod.oval:def:1505378 [0.4.4-6.2] - spec bump because of build pipeline issues [0.4.4-6.1] - Fix CVE-2021-45463 oval:org.secpod.oval:def:1505052 [20200602gitca407c7246bf-4.el8_4.2] - edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch [bz#1956676] - edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch [bz#1956676] - edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch [bz#1956676] - edk2-NetworkPkg-IScsiDxe- ... oval:org.secpod.oval:def:1505668 [2.1.5-8] - Fix DBus policy restrictions [2.1.5-7] - Fix log-facility option oval:org.secpod.oval:def:1505289 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:1505655 [6.4.24-1] - Update to fetchmail-6.4.24 Resolves: #1999275, #2002698 oval:org.secpod.oval:def:1505356 [1:1.1.1k-5] - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#2005400 oval:org.secpod.oval:def:1505417 [1:1.1.1k-5] - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#2005400 oval:org.secpod.oval:def:1505679 [0.2.4-1] - Update to 0.2.4 Resolves: #1997941 oval:org.secpod.oval:def:1505677 cjose [0.6.1-2] - fix concatkdf big endian architecture problem. Upstream issue #77. [0.6.1-1] - upgrade to latest upstream 0.6.1 [0.5.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.1-1] - In ... oval:org.secpod.oval:def:1505025 [239-45.0.2] - Disable unprivileged BPF by default [Orabug: 32870980] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catal ... oval:org.secpod.oval:def:1505644 [12:0.60.6.1-22] - resolves: #1988497 fix CVE-2019-25051 oval:org.secpod.oval:def:1505243 [3.1.1-1] - update to 3.1.1 - add read-only UDS port - add option to set clockClass threshold - dont repeat some log messages in multi-port configuration - increase default TX timestamp timeout to 10 ms oval:org.secpod.oval:def:1505004 [2.0-5.el8_4.1] - validate length of forwarded messages oval:org.secpod.oval:def:1505669 [1:2.3.16-2] - do not disable xz/lzma for now despite being deprecated [1:2.3.16-1] - dovecot updated to 2.3.16, pigeonhole to 0.5.16 - fix CVE-2021-33515 plaintext commands injection oval:org.secpod.oval:def:1505227 [0.13.68-9] - Fix CVE-2020-18442 - Resolves: CVE-2020-18442 oval:org.secpod.oval:def:1505257 [1.8.5-6] - Fix for CVE-2021-33560 - Enable HW optimizations in FIPS - Performance enchancements for ChaCha20 and Poly1305 [1.8.5-5] - Performance enchancements for AES-GCM, CRC32 and SHA2 oval:org.secpod.oval:def:1505268 [2.6.0-12] - Fix a dead code issue in the signature wrapping patch - Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses [rhel-8] [2.6.0-11] - Bump release to force the package through OSCI as the previous build reached CI just in time for ... oval:org.secpod.oval:def:1505201 [4.1.1-5] - Bump nvr to trigger osci. resolves: rhbz#1965981 [4.1.1-4] - Fix CVE-2021-3565 resolves: rhbz#1965981 [4.1.1-3] - Fix resource leak. - Fix to restrict policy digest size. - Fix incompatible pointer cast. - Fix error message in files_load_##name - Fix issue where execution couldnt reach f ... oval:org.secpod.oval:def:1504956 [10.17-1] - Update to 10.17 Resolves: #1964520 Fix: CVE-2021-32027, CVE-2021-32028 oval:org.secpod.oval:def:1504965 [9.6.22-1] - Rebase to 9.6.22 Resolves: #1964516 Fix: CVE-2021-32027, CVE-2021-32028 oval:org.secpod.oval:def:1504975 pgaudit [1.5.0-1] - Update to version 1.5.0 Related: #1855776 postgresql [13.3-1] - Update to 13.3 Resolves: #1966338 Fix: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 oval:org.secpod.oval:def:1504973 pgaudit [1.4.0-6] - Fix build requires [1.4.0-5] - Fix build requires postgresql [12.7-1] - Update to 12.7 Resolves: #1964510 Fix: CVE-2021-32027,CVE-2021-32028 oval:org.secpod.oval:def:1504948 [1.18.0-3.1.0.1] - Remove Red Hat references [Orabug: 29498217] [1:1.18.0-3.1] - Resolves: #1963178 - CVE-2021-23017 nginx:1.18/nginx: Off-by-one in ngx_resolver_copy when labels are followed by a pointer to a root domain name oval:org.secpod.oval:def:1504968 [1.16.1-2.0.1.1] - Remove Red Hat references [Orabug: 29498217] [1:1.16.1-2.1] - Resolves: #1963174 - CVE-2021-23017 nginx:1.16/nginx: Off-by-one in ngx_resolver_copy when labels are followed by a pointer to a root domain name oval:org.secpod.oval:def:1504533 asio [1.10.8-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.10.8-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.8-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.8-4] - Rebuilt for Boost 1.64 [1.10.8-3] - ... oval:org.secpod.oval:def:1505583 buildah [1.19.9-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - fixes CVE-2022-27651 - Resolves: #2067539 podman [3.0.1-8] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel - fixes CVE-2022-27649 - Resolves: #206751 ... oval:org.secpod.oval:def:1504953 runc [1.0.0-65.rc10] - fix CVE-2021-30465 - Resolves: #1955650 oval:org.secpod.oval:def:1505232 [1.6.8-5] - Fix CVE-2021-31535 oval:org.secpod.oval:def:1504961 [12:4.3.6-44.1] - Fix for CVE-2021-25217 oval:org.secpod.oval:def:1505311 [2.28-164.0.1] - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASI ... oval:org.secpod.oval:def:1505260 [2.28-164.0.1] - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASI ... oval:org.secpod.oval:def:1504876 slapi-nis [0.56.6-2] - CVE 2021-3480: idm:DL1/slapi-nis: NULL dereference with specially crafted Binding DN - Resolves: rhbz#1944713 oval:org.secpod.oval:def:1505247 dnf [4.7.0-4.0.1] -Fixed python stack trace with updateinfo list cves command [Orabug: 32749660] - Replaced upstream bugzilla reporting reference. [Orabug: 32829849] [4.7.0-4] - Update translations [4.7.0-3] - Improve signature checking using rpmkeys [4.7.0-2] - Fix covscan issue: dnf/rpm/miscutil ... oval:org.secpod.oval:def:1504929 [2.0.15-16] - Resolves: rhbz#1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault [2.0.15-15] - Resolves: rhbz#1896534 CVE-2017-18926 raptor: heap-based buffer overflow [2.0.15-14] - Resolves: rhbz#1896340 Suppress documentation in Flatpak builds oval:org.secpod.oval:def:1505236 [1.32.10-4.0.1] - add connectivity check via Oracle servers [Orabug: 32051972] - Disable the build of NetworkManager-config-connectivity-* subpackage for 8.3 [1:1.32.10-4] - revert unapproved patches part of "cloud-setup" change [1:1.32.10-3] - preserve the IPv6 multicast route added by kernel - c ... oval:org.secpod.oval:def:1504874 [6.0.9-3] - fix integer overflow via STRALGO LCS command CVE-2021-29477 oval:org.secpod.oval:def:1505272 [4.14.3-19] - Unbreak in-tree kmod strip by reverting brp-strip fix [4.14.3-18] - Address important covscan issues , vol. 2 [4.14.3-17] - Address important covscan issues [4.14.3-16] - Add support for read-only sqlite rpmdb - Drop compat .decode method from returned Py3 strings [4.14.3-15] - Add ... oval:org.secpod.oval:def:1505058 rust [1.52.1-1] - Update to 1.52.1. Includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. [1.51.0-1] - Update to 1.51.0. Update to 1.51.0. Includes security fixes for CVE-2021-28875 and CVE-2021-28877. [1.50.0-1] - Update to 1.50.0. rust-tool ... oval:org.secpod.oval:def:1504733 [2.02-90.0.2] - Fix CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 [Orabug: 32530657] - Fix various coverity issues [Orabug: 32530657] - Disable os-prober by default [Orabug: 32530657] - Add SBAT metadata to grubx64.efi [Orabug: 32530657] oval:org.secpod.oval:def:1504746 [2.02-90.0.2.el8_3.1] - Fix various coverity issues [Orabug: 32530657] - Add SBAT metadata to grubx64.efi [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - Update signing certificate for efi bin ... oval:org.secpod.oval:def:1504924 delve [1.5.0-2.0.1] - Disable DWARF compression which has issues [1.5.0-2] - Add golang-1.15.4 related patch - Resolves: rhbz#1901189 [1.5.0-1] - Rebase to 1.5.0 - Related: rhbz#1870531 golang [1.15.7-1] - Rebase to 1.15.7 - Resolves: rhbz#1870531 - Resolves: rhbz#1919261 [1.15.5-1] - Rebase to 1.1 ... oval:org.secpod.oval:def:1504738 kubernetes [1.18.10-3] - Kata CVE-2020-28914 kata-proxy [1.11.5-1] - Added Oracle Specific Build Files for kata-proxy kata-shim [1.11.5-1] - Added Oracle Specific Build Files for kata-shim kata-ksm-throttler [1.11.5-1] - Added Oracle Specific Build Files for kata-ksm-throttler kata-runtime [1.11.5-1 ... oval:org.secpod.oval:def:1504907 [1.8.29-7] - RHEL 8.4 ERRATUM - CVE-2021-3156 Resolves: rhbz#1917734 - CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhzb#1916434 - CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit Resolves: rhbz#1917038 - updated upstream url ... oval:org.secpod.oval:def:1504910 [1:2.3.8-9] - fix CVE-2020-24386 IMAP hibernation function allows mail access [1:2.3.8-8] - fix CVE-2020-25275 denial of service via mail MIME parsing [1:2.3.8-7] - change run directory from /var/run to /run [1:2.3.8-6] - fix mail storage block count parsing - MIME parser crashed when boundaries ... oval:org.secpod.oval:def:1505277 [2.30-108.0.2] - Forward-port the following update: [2.30-93.0.4 - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps - Backport test result fixes for new GCC-based CTF generation [Orabug: 33344570] - Reviewed-by: David Faust - Reviewed-by: Jose E. Marchesi [2.30-108.0.1] - Forwar ... oval:org.secpod.oval:def:1504940 [7.3.6-2] - change working dir to in grafana-cli wrapper - add pcp-redis-datasource to allow_loading_unsigned_plugins config option [7.3.6-1] - update to 7.3.6 tagged upstream community sources, see CHANGELOG - remove dependency on SAML [7.3.4-1] - update to 7.3.4 tagged upstream community sources ... oval:org.secpod.oval:def:1505205 cockpit-podman [29-2] - fix gating test failure for cockpit-podman - Related: #1914884 [29-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29 - Related: #1883490 conmon [2:2.0.26-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.26 - Related: #188349 ... oval:org.secpod.oval:def:1505701 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505661 httpcomponents-client [4.5.10-4] - Fix incorrect handling of malformed authority component in request URIs - Resolves: CVE-2020-13956 maven [1:3.6.2-7] - Add maven-openjdk17 - Resolves: rhbz#1991521 oval:org.secpod.oval:def:1504902 [0.20.0-3] - Fix mouse problems in multi-monitor environments under Wayland Resolves: rhbz#1790904 rhbz#1824610 [0.20.0-2] - Resolves: CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653 oval:org.secpod.oval:def:1505204 [14:4.9.3-2] - Resolves: #1860216 - tcpdump can not parse mptcp options - Resolves: #1901635 - ppp decapsulator can be convinced to allocate a large amount of memory - Adding tedude test to gating oval:org.secpod.oval:def:1504895 [0.20.0-4] - Use file cache by default - Avoid calloc with 0 argument [0.20.0-3] - Support PIN change for HID Alt tokens - Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572 - Fix right padding of token labels of some cards oval:org.secpod.oval:def:1504647 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503031 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505279 [5.3.4-12] - Fix segfault in getlocal and setlocal oval:org.secpod.oval:def:1504915 [0.3.15-1] - Rebase to 0.3.15 - Fix CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 resolves: rhbz#1725782 rhbz#1877517 rhbz#1882402 rhbz#1882414 oval:org.secpod.oval:def:1504920 [5.12.5-8] - Build against system xkb and openssl 1.1 Resolves: bz#1882375 [5.12.5-7] - Fix buffer overflow in XBM parser Resolves: bz#1870364 oval:org.secpod.oval:def:1503039 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503037 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504938 [2:2.2.0-1] - Update to 2.2.0 oval:org.secpod.oval:def:1505288 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504904 [239-45.0.1] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - fix to generate systemd-p ... oval:org.secpod.oval:def:1505209 apache-commons-collections jss [4.8.1-2] - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error [4.8.1-1] - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla #1489256 - [RFE] jss should support RSA wi ... oval:org.secpod.oval:def:1502854 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503032 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504511 cjose [0.6.1-2] - fix concatkdf big endian architecture problem. Upstream issue #77. [0.6.1-1] - upgrade to latest upstream 0.6.1 [0.5.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.1-1] - In ... oval:org.secpod.oval:def:1502852 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505253 [3.26.0-15] - Removing fix for CVE-2019-19645 - Removing fix for CVE-2019-19880 [3.26.0-14] - Fixed CVE-2019-5827 - Fixed CVE-2019-13750 - Fixed CVE-2019-13751 - Fixed CVE-2019-19603 - Fixed CVE-2020-13435 oval:org.secpod.oval:def:1504891 [4.4.19-14] - Fix hang when limit for nproc is very high Resolves: #1890888 [4.4.19-13] - Correctly drop saved UID when effective UID is not equal to its real UID Resolves: #1793943 oval:org.secpod.oval:def:1502759 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505303 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505313 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504509 gnome-boxes [3.28.5-7] - Bump the release to 3.28.5-7 - Related: #1739897 [3.28.5-7] - Filter off unsupported architectures - Related: #1739897 [3.28.5-6] - Revert "Add 3D acceleration option " - Related: #1647004 [3.28.5-5] - Add 3D acceleration option - Resolves: #1647004 [3.28.5-4] - Add rhel-8. ... oval:org.secpod.oval:def:1504928 [5.3.28-40] - Resolves: CVE-2019-2708 - Resolves: #1856237 oval:org.secpod.oval:def:1505315 [5.56-1] + bluez-5.56-1 - Fixing - Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56 oval:org.secpod.oval:def:1504942 [4.18.0-305.3.1.el8_4.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less than or equal 15-11.0 ... oval:org.secpod.oval:def:1504901 [0.14.3-4] - Disable client-side renegotiation to prevent potential DoS Resolves: rhbz#1904459 [0.14.3-3] - Fix some static analyzer issues - Removed Obsoletes line for spice-client Related: rhbz#1840240 [0.14.3-2] - Fix multiple buffer overflows in QUIC decoding code Resolves: rhbz#1829946 [0.14.3- ... oval:org.secpod.oval:def:1504608 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504944 [78.11.0-3.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.11.0-3] - Update to 78.11.0 build2 [78.11.0-2] - Fix rhel_minor_version for dist .el8_4 and .el8 [78.11.0-1] - Update to 78.11.0 build1 oval:org.secpod.oval:def:1504950 [78.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.11.0-1] - Update to 78.11.0 build1 oval:org.secpod.oval:def:1505070 [78.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.13.0-1] - Update to 78.13.0 build1 oval:org.secpod.oval:def:1505073 [78.13.0-2.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.13.0-2] - Update to 78.13.0 build2 [78.13.0-1] - Update to 78.13.0 build1 oval:org.secpod.oval:def:1505430 [91.6.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.6.0-1] - Update to 91.6.0 build1 [91.5.0-2] - Use default update channel to fix non working enterprise policies: rhbz#2044667 oval:org.secpod.oval:def:1505729 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.9.1-1] - Update to 91.9.1 build1 oval:org.secpod.oval:def:1505741 [91.10.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:1505723 [91.10.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:1505237 [2:2.2.0-7] - Updated: Refactored RPC gateway parser + fixed issues discovered by Covscan [2:2.2.0-6] - Refactored RPC gateway parser [2:2.2.0-5] - Revert: Refactored RPC gateway parser [2:2.2.0-4] - Refactored RPC gateway parser [2:2.2.0-3] - Add checks for bitmap and glyph width/heigth values oval:org.secpod.oval:def:1505229 [0.3.6-3] + grilo-0.3.6-3 - Fix TLS not being validated correctly - Resolves: rhbz#1997234 oval:org.secpod.oval:def:1505244 [2.9-3] - cil: Fix out-of-bound read of file context pattern ending with "\" - cil: Destroy classperms list when resetting classpermission - cil: Destroy classperm list when resetting map perms - cil: cil_reset_classperms_set should not reset classpermission - cil: Set class field to NULL when re ... oval:org.secpod.oval:def:1504939 [1.11.0-6] - Use GNOME as default session Resolves: bz#1853608 [1.11.0-5] - Make sure we log properly output to journal Resolves: bz#1841537 [1.11.0-4] - Make sure we log properly output to journal Resolves: bz#1841537 [1.11.0-3] - vncserver: ignore new "session" parameter from the new systemd supp ... oval:org.secpod.oval:def:1505274 [2.40.1-43] - Fixed races during pdf documentation build which should build docs correctly Related: CVE-2020-18032 [2.40.1-42] - Rebuilt, because pdf documentation were built incorrectly Related: CVE-2020-18032 [2.40.1-41] - Fixed buffer overflow in lib/common/shapes.c Resolves: CVE-2020-18032 oval:org.secpod.oval:def:1504648 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504767 nodejs [1:14.16.0-2] - Resolves: RHBZ#1932427 - remove --debug-nghttp2 option [1:14.16.0-1] - Resolves: RHBZ#1932317, RHBZ#1932425 - Rebase, remove ini patch [1:14.15.4-2] - Add patch for yarn crash - Resolves: RHBZ#1916465 [1:14.15.4-1] - Security rebase to 14.15.4 - https://nodejs.org/en/blog/vuln ... oval:org.secpod.oval:def:1504768 nodejs [1:10.24.0-1] - Resolves: RHBZ#1932373, RHBZ#1932426 - Resolves CVE-2021-22883 and CVE-2021-22884 - remove -debug-nghttp2 flag - remove ini patch merged upstream oval:org.secpod.oval:def:1504741 nodejs [1:12.21.0-1] - Resolves: RHBZ#1932315, RHBZ#1932424 - remove --debug-nghttp2 option - remove ini patch - Backport patch to use getauxval oval:org.secpod.oval:def:1506781 [0.8.4-37] - Fix bugzilla linked to the changes - Resolves: bz #2166468 [0.8.4-36] - Add 0129-libmultipath-select-resize-action-even-if-reload-is-.patch - Add 0130-libmultipath-cleanup-ACT_CREATE-code-in-select_actio.patch - Add 0131-libmultipath-keep-renames-from-stopping-other-multip.patch - Reso ... oval:org.secpod.oval:def:1505057 golang [1.15.14-1] - Rebase to go-1.15.14-1-openssl-fips - Resolves: rhbz#1982287 - Addresses CVE-2021-34558 [1.15.13-4] - Related: rhbz#1978567 go-toolset [1.15.14-1] - Rebase to go-1.15.14-1-openssl-fips - Resolves: rhbz#1982287 - Addresses CVE-2021-34558 [1.15.13-2] - Related: rhbz#1978567 oval:org.secpod.oval:def:1504958 [5.0.204-1.0.1] - Add support for new Oracle release [5.0.204-1] - Update to .NET SDK 5.0.204 and Runtime 5.0.7 - Resolves: RHBZ#1966166 oval:org.secpod.oval:def:1504974 [3.1.116-1.0.1] - Update patch to support 8.3 - support OL release scheme [3.1.116-1] - Update to .NET SDK 3.1.116 and Runtime 3.1.16 - Resolves: RHBZ#1965505 [3.1.115-1] - Update to .NET SDK 3.1.115 and Runtime 3.1.15 - Resolves: RHBZ#1954333 oval:org.secpod.oval:def:1505416 [5.0.211-1.0.1] - Support AArch64 on Oracle Linux [Orabug: 32738620] - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch [5.0.211-1] - Update to .NET SDK 5.0.211 and Runtime 5.0.14 - Resolves: RHBZ#2047767 oval:org.secpod.oval:def:1506170 [2.79-24] - Prevent endless loop in forward_query [2.79-23] - Add IPv6 ntp-server suboptions support [2.79-22] - Prevent use after free in dhcp6_no_relay oval:org.secpod.oval:def:1505681 [3.6.8-45.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-45] - Security fix for CVE-2021-4189: ftplib should not use the host from the PASV response Resolves: rhbz#2036020 [3.6.8-44] - Use the monotonic clock for theading.Condition - Use the monotonic clock for the glo ... oval:org.secpod.oval:def:1505259 [9.0.3-20] - Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references Resolves: rhbz#1962856 oval:org.secpod.oval:def:1505270 [2.5.1-7] - Include the /usr/bin/pybabel binary that runs on Python 3.6 in the python3-babel package Resolves: rhbz#1967173 [2.5.1-6] - Fix CVE-2021-20095 Resolves: rhbz#1955615 oval:org.secpod.oval:def:1505589 galera [25.3.34-4] - Explicitly require the "procps-ng" package - Otherwise it will not require it in the lightweight systems - and Galera won"t work properly [25.3.34-3] - Use downstream garbd-wrapper and garbd.service to ensure compatibility - Add upstream versions of garbd-wrapper and garbd.ser ... oval:org.secpod.oval:def:1505590 [1.2.11-18] - Resolves: CVE-2018-25032 [1.2.11-17] - Fixed DFLTCC compression level switching issues - Enabled HW compression for compression levels 1 through 6 - Fixed inflateSyncPoint bad return value on z15 oval:org.secpod.oval:def:1504919 [2.9.7-9.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-9] - Fix CVE-2020-24977 oval:org.secpod.oval:def:1505664 [5.5.1-9] - do not perform PROMPT_SUBST evaluation on file.file/%K arguments [5.5.1-8] - improve printing of error messages introduced by the fix of CVE-2019-20044 [5.5.1-7] - drop privileges securely when unsetting PRIVILEGED option oval:org.secpod.oval:def:1506160 glib2 [2.56.4-159.0.1] - Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] - Add --interface-info-[body|header] modes to gdbus-codegen - Related: #2061994 webkit2gtk3 oval:org.secpod.oval:def:1505743 [0.10.12-6.0.1.el8_6.1] - Replace HAM-logo.png with a generic one [0.10.12-6.el8_6.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081331 oval:org.secpod.oval:def:1505731 [8.2102.0-7.1] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081400 oval:org.secpod.oval:def:1505216 [3.6.8-41.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-41] - Security fix for CVE-2021-3733: Denial of service when identifying crafted invalid RFCs Resolves: rhbz#1995234 [3.6.8-40] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933 ... oval:org.secpod.oval:def:1506782 [7.5.1-7.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] [7.5.1-7] - Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service [7.5.1-6] - Resolves: #1939516 - frr service cannot reload itself, due to executing in the wrong SELinux context [7.5. ... oval:org.secpod.oval:def:1505762 go-toolset [1.16.15-1] - Rebase to Go 1.16.15 golang [1.16.15-1.0.1] - Add patches from 1.16.12 to 1.16.15 - Add Sources for 3 binary files that changed between 1.16.12 and 1.16.15 - Rename base_vrsn to base_version - Reviewed-by: XXX XXX oval:org.secpod.oval:def:1505667 delve [1.7.2-1.0.1] - Disable DWARF compression which has issues [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch - Resolves: rhbz#2015930 go-toolset [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch - Resol ... oval:org.secpod.oval:def:1505684 [5.15.2-4] - Fix out-of-bound write that may lead to DoS Resolves: bz#2038487 oval:org.secpod.oval:def:1505252 [6.1-9.20180224] - fix tput to accept -x option [6.1-8.20180224] - fix buffer overflow in terminfo entry hashtable - handle missing character after backslash in terminfo entry oval:org.secpod.oval:def:1505692 xorg-x11-server [1.20.11-5] - Fix crash with NVIDIA proprietary driver with Present [1.20.11-4] - CVE fix for: CVE-2021-4008 , CVE-2021-4009 , CVE-2021-4010 , CVE-2021-4011 [1.20.11-3] - xf86/logind Fix drm_drop_master before vt_reldis Resolves: #1771863 xorg-x11-server-Xwayland [21.1.3-2] - CVE f ... oval:org.secpod.oval:def:1502652 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505249 [8.0p1-10] - sshd -T requires -C when "Match" is used in sshd_config [8.0p1-9] - CVE-2020-14145 openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation - Hostbased ssh authentication fails if session ID contains a "/" [8.0p1-8] - ssh doesnt restore the blocking ... oval:org.secpod.oval:def:1505286 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504656 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504655 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505295 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504875 squid [7:4.11-4.2] - Resolves: #1944260 - CVE-2020-25097 squid:4/squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling oval:org.secpod.oval:def:1504520 qt5-qtbase [5.11-1-7] - Move libQt5EglFSDeviceIntegration lib out of the -devel subpkg Resolves: bz#1692970 - Fix QImage allocaion failure Resolve: bz#1667860 - Fix double free in QXmlStreamReader Resolve: bz#1667858 - Fix segmentation fault on malformed BMP file Resolve: bz#1667859 [5.11.1-6] - Cre ... oval:org.secpod.oval:def:1504525 evolution [3.28.5-12] - Add patch for RH bug #1778799 [3.28.5-11] - Update patch for RH bug #1764563 [3.28.5-10] - Add patch for RH bug #1764563 - Add patch for RH bug #1753220 evolution-data-server [3.28.5-13] - Resolves: #1791547 [3.28.5-12] - Add patch for RH bug #1788478 evolution-ews [3.2 ... oval:org.secpod.oval:def:1504532 accountsservice [0.6.50-8] - Dont set HasNoUsers=true if realmd has providers Related: #1750516 appstream-data [8-20191129] - Regenerate the RHEL metadata to include the latest evince changes - Resolves: #1768461 clutter [1.26.2-8] - rebuild to get the new in 8.2.0 - plus address #1785233 evince [3. ... oval:org.secpod.oval:def:1502680 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505318 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505320 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504921 [2.12-10] - Fixed improper input validation when writing tar header fields [2.12-9] - Extract: retain times for symlinks oval:org.secpod.oval:def:1505245 [5.33-20] - rebuild [5.33-18] - fix heap-based buffer overflow in cdf_read_property_info [5.33-17] - improve magic for script recognition and other changes oval:org.secpod.oval:def:1502822 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502849 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502855 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505328 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502733 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505224 [5.4.3-11] - Security fix for CVE-2019-18874: double free because of refcount mishandling Resolves: rhbz#1772014 oval:org.secpod.oval:def:1502848 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504641 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504923 [1.0.27-22] - related 1852663 - needed to rebuild due infrastructure error [1.0.27-21] - 1852663, 1848097 - NULL pointer dereference in sanei_epson_net_read function [1.0.27-20] - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2_img - 1852668, 1852667, 1852666, 1852665 - disable ... oval:org.secpod.oval:def:1504903 [3:2.1.29-11] - Fixes for CVE-2020-12108 and CVE-2020-15011 oval:org.secpod.oval:def:1504909 egl-wayland [1.1.5-3] - Add upstream patch to address rhbz#1842473 [1.1.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.1.5-1] - Update to 1.1.5 libdrm [2.4.103-1] - Update to 2.4.103 libglvnd [1.3.2-1] - Update to 1.3.2 release libinput [1.16.3-1] - libinput 1.16.3 libw ... oval:org.secpod.oval:def:1504514 bogofilter [1.2.5-2] - Bump version to have OSCI/gating tests rerun with updated tests [1.2.5-1] - Resolves: #1836279 evolution [3.28.5-14] - Related: #1817143 [3.28.5-13] - Resolves: #1836165 evolution-data-server [3.28.5-14] - Resolves: #1859141 evolution-mapi [3.28.3-3] - Rebuild for samba 4. ... oval:org.secpod.oval:def:1504512 freerdp [2:2.1.1-1] - Update to 2.1.1 . [2:2.0.0-47.rc4] - Fix SCARD_INSUFFICIENT_BUFFER error - Do not advertise /usb in help output vinagre [3.22.0-23] - Remove unused variable - Related: #1839744 [3.22.0-22] - Rebuild due to new version of FreeRDP - Fix an issue when RDP connection shows just ... oval:org.secpod.oval:def:1503040 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503049 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503023 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503029 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505264 [0.9.4-3] - Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL oval:org.secpod.oval:def:1504640 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504893 [4:5.26.3-419] - Fix CVE-2020-10543 - Fix CVE-2020-10878 - Fix a file mode of a perl-example.stp example [4:5.26.3-418] - Fix CVE-2020-12723 oval:org.secpod.oval:def:1504609 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503165 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505196 python2 [2.7.18-4.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [2.7.18-4] - Security fix for CVE-2021-3177 Resolves: rhbz#1919163 [2.7.18-3] - Fixes for bundling prefix=/app build in gimp/inkscape containers Resolves: rhbz#1907592 [2.7.18-2] - Security fix for CVE-2020-2611 ... oval:org.secpod.oval:def:1504926 [0.23.22-1] - Rebase to 0.23.22 to fix memory safety issues - Preserve DT_NEEDED information from the previous version, flagged by rpmdiff - Add xsltproc to BR [0.23.21-4] - Fix realloc usage on proxy cleanup - Make "trust anchor --store" preserve all attributes from .p11-kit files [0.23.21-3] - R ... oval:org.secpod.oval:def:1504932 evince [3.28.4-11] - Add remaining translations of string "Reset form" - Resolves: #1896006 [3.28.4-10] - Add available translations of string "Reset form" - Resolves: #1896006 [3.28.4-9] - Ship evince-devel - Resolves: #1919423 [3.28.4-8] - Handle ResetForm action - Resolves: #1889793 poppler [20.1 ... oval:org.secpod.oval:def:1504937 [1.24.2-5.0.1] - set RECENT_DATE to 01/30/2019 to make checks happy [Orabug: 30228991] [1.24.2-5] - Security fix for CVE-2020-26137 Resolves: rhbz#1883889 oval:org.secpod.oval:def:1504900 [4.2.3-2] - Security fix for CVE-2020-27783: mXSS due to the use of improper parser Resolves: rhbz#1901633 oval:org.secpod.oval:def:1504911 [1.18.2-8] - Add recursion limit for ASN.1 indefinite lengths - Resolves: #1906492 [1.18.2-7] - Document -k option in kvno synopsis - Resolves: #1869055 [1.18.2-6] - Enable MD5 override for FIPS RADIUS - Resolves: #1872689 [1.18.2-5.2] - Unify kvno option documentation - Resolves: #1869055 [1.18.2- ... oval:org.secpod.oval:def:1504530 accountsservice [0.6.50-7] - Dont send change updates for login history changes Resolves: #1713080 appstream-data [8-20190805] - Regenerate the RHEL metadata to include the latest cockpit changes - Resolves: #1673011 [8-20190719] - Regenerate the RHEL metadata - Resolves: #1673011 [8-20180721] - Reg ... oval:org.secpod.oval:def:1503047 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503050 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504570 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505250 python38 [3.8.6-3] - Security fix for CVE-2021-3177 Resolves: rhbz#1919161 [3.8.6-2] - Add support for upstream architecture names https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names Resolves: rhbz#1868006 [3.8.6-1] - Update to 3.8.6 - Security fix for CVE-2020-26116 python-req ... oval:org.secpod.oval:def:1505258 [2.0.14-5] - Fix CVE-2021-26927 - Fix CVE-2021-26926 - Fix CVE-2021-3272 - Fix CVE-2020-27828 oval:org.secpod.oval:def:1505271 [2.4.0-4] - Fix Covscan defect [2.4.0-3] - Fix CVE-2021-3575 - Fix resource leak identified by Covscan [2.4.0-2] - Fix CVE-2021-29338 [2.4.0-1] - Rebase to 2.4.0 - Resolves: CVE-2018-5727 - Resolves: CVE-2018-5785 - Resolves: CVE-2018-20845 - Resolves: CVE-2018-20847 - Resolves: CVE-2019-12973 ... oval:org.secpod.oval:def:1504644 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504659 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504856 [78.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.10.0-1] - Update to 78.10.0 oval:org.secpod.oval:def:1504877 [32:9.11.26-4] - Possible assertion failure on DNAME processing oval:org.secpod.oval:def:1505305 [4.1.1-98] - storage-mon: new resource agent Resolves: rhbz#1509319 [4.1.1-97] - podman: fix possible race during container creation Resolves: rhbz#1972743 [4.1.1-96] - LVM-activate: fix drop-in check to avoid re-creating drop-in Resolves: rhbz#1972035 [4.1.1-95] - lvmlockd: remove cmirrord support, ... oval:org.secpod.oval:def:1504918 [1:2.9-5] - P2P: Fix a corner case in peer addition based on PD Request - Fix buffer overflow when processing P2P group information [1:2.9-4] - enable WPA-EAP-SUITE-B-192 [1:2.9-3] - fix p2p_listen unexpectedly stopped after 5 seconds - allow changing "bridge" via D-Bus - expose OWE configurabi ... oval:org.secpod.oval:def:1504769 [1:2.9-2.1] - P2P: Fix a corner case in peer addition based on PD Request oval:org.secpod.oval:def:1504799 [78.9.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.9.0-1] - Update to 78.9.0 build1 oval:org.secpod.oval:def:1504798 [78.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.9.0-3] - Update to 78.9.0 build2, updated langpacks [78.9.0-2] - Update to 78.9.0 build2 [78.9.0-1] - Update to 78.9.0 build1 oval:org.secpod.oval:def:1504725 [3.6.8-31.0.3] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] oval:org.secpod.oval:def:1505221 [2.56.4-15] - Fix test failure introduced in previous update - Related: #1971533 [2.56.4-14] - Refresh GHmac patchset - Resolves: #1971533 [2.56.4-13] - Rename and consolidate existing patches for better maintainability - Refresh CVE-2021-27219 patcheset, using better-targeted fixes Resolves: #19391 ... oval:org.secpod.oval:def:1505238 [3.4.4-4.el4] - Fix header parsing oval:org.secpod.oval:def:1505246 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1505445 python-docs [3.6.7-2] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [3.6.7-1] - Modify for RHEL8 - Update to new Python version - Resolves: rhbz#1656044 python-wheel [1:0.31.1-3] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#193305 ... oval:org.secpod.oval:def:1505255 [4.0.9-20] - Rebuild for fixed binutils [4.0.9-19] - Fix CVE-2020-35521 - Fix CVE-2020-35522 - Fix CVE-2020-35523 - Fix CVE-2020-35524 oval:org.secpod.oval:def:1505265 [32:9.11.26-6] - Use random entropy to generate unique TKEY identifiers [32:9.11.26-5] - Fix possible assertion failure isc_refcount_current == 0 in free_rbtdb oval:org.secpod.oval:def:1505287 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1506728 [21.1.3-10] - Fix CVE-2023-0494 [21.1.3-9] - Follow-up fix for CVE-2022-46340 [21.1.3-8] - CVE fix for: CVE-2022-4283 , CVE-2022-46340 , CVE-2022-46341 , CVE-2022-46342 , CVE-2022-46343 , CVE-2022-46344 [ 21.1.3-7] - Fix CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140767, rhbz#2140774 oval:org.secpod.oval:def:1506734 [1.12.0-15] - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz#2180305 [1.12.0-14] - SELinux: allow vncsession create .vnc directory Resolves: bz#2164704 [1.12.0-13] - Add sanity check when cleaning up keymap changes Resolves: bz#21699 ... oval:org.secpod.oval:def:1506774 [1.20.11-15] - Rebuild for the missing debuginfo Related: rhbz#2169522 [1.20.11-14] - Fix xvfb-run script with --listen-tcp Resolves: rhbz#2169522 [1.20.11-13] - Fix CVE-2023-0494 [1.20.11-12] - Follow-up fix for CVE-2022-46340 [1.20.11-11] - CVE fix for: CVE-2022-4283 , CVE-2022-46340 , CVE-2022- ... oval:org.secpod.oval:def:1506046 kubernetes [1.22.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.23.11-1] - Added Oracle specific build files for Kubernetes olcne [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - R ... oval:org.secpod.oval:def:1506187 [4.0.9-23] - Fix various CVEs - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1355 oval:org.secpod.oval:def:1506788 [102.13.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 oval:org.secpod.oval:def:1506747 [102.13.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 oval:org.secpod.oval:def:1506203 [7.0.100-0.4.rc2.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.100-0.4.rc2] - Enable ppc64le builds - Related: RHBZ#2134642 [7.0.100-0.3.rc2] - Update to .NET 7 RC 2 - Resolves: RHBZ#2134642 oval:org.secpod.oval:def:1506000 [6.0.109-1.0.1] - Add missing Oracle RIDs [6.0.109-1] - Update to .NET SDK 6.0.109 and Runtime 6.0.9 - Resolves: RHBZ#2123789 oval:org.secpod.oval:def:1506019 [3.1.423-1.0.1] - Add missing Oracle Linux Runtime IDs [3.1.423-1] - Update to .NET SDK 3.1.423 and Runtime 3.1.29 - Resolves: RHBZ#2123785 oval:org.secpod.oval:def:1505759 subversion [1.14.1-2] - add fix for CVE-2022-24070 oval:org.secpod.oval:def:1504931 [1.0.6-3] - Resolves: CVE-2020-8927 oval:org.secpod.oval:def:1506159 [1.0.14-2] - Fix CVE-2022-21682 [1.0.14-1] - Update to 1.0.14 oval:org.secpod.oval:def:1504614 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505658 [0.9.6-3] - Remove STI tests [0.9.6-2] - Remove bad patch causing errors - Adding BuildRequires for openssh [0.9.6-1] - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism - Rebase to version 0.9.6 - Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in te ... oval:org.secpod.oval:def:1505657 [0.27.5-2] - Remove RPATH Resolves: bz#2018422 [0.27.5-1] - Exiv2 0.27.5 Resolves: bz#2018422 Fix stack exhaustion issue in the printIFDStructure function leading to DoS Resolves: bz#2003673 oval:org.secpod.oval:def:1505682 [0.26-7] - Fix stack exhaustion issue in the printIFDStructure function Resolves: bz#2003669 oval:org.secpod.oval:def:1505280 [0.13.1-2] - rebuild [0.13.1-1] - Fix CVE-2020-12762 out-of-bounds write via a large JSON file - Resolves: rhbz#1835626 oval:org.secpod.oval:def:1506741 nodejs [1:16.19.1-2] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:1506352 [1.12.8-23.0.1] - fix netlink poll: error 4 [1:1.12.8-23.1] - Fix CVE-2022-42010 - Fix CVE-2022-42011 - Fix CVE-2022-42012 oval:org.secpod.oval:def:1502757 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505060 [2.1.525-1] - Update to .NET SDK 2.1.525 and Runtime 2.1.29 - Resolves: RHBZ#1988581 [2.1.524-1] - Update to .NET SDK 2.1.524 and Runtime 2.1.28 - Resolves: RHBZ#1953766 oval:org.secpod.oval:def:1505065 [5.0.206-1.0.1] - Add support for new Oracle release [5.0.206-1] - Update to .NET SDK 5.0.206 and Runtime 5.0.9 - Resolves: RHBZ#1990965 oval:org.secpod.oval:def:1505064 [3.1.118-1.0.1] - Update patch to support 8.3 - support OL release scheme [3.1.118-1] - Update to .NET SDK 3.1.118 and Runtime 3.1.18 - Resolves: RHBZ#1990189 oval:org.secpod.oval:def:1504880 [3.1.115-1.0.1] - Update patch to support 8.3 - support OL release scheme [3.1.115-1] - Update to .NET SDK 3.1.115 and Runtime 3.1.15 - Resolves: RHBZ#1954333 [3.1.114-2] - Rebuild to tag into the correct location - Resolves: RHBZ#1947455 [3.1.114-1] - Update to .NET Core SDK 3.1.114 and Runtime 3.1 ... oval:org.secpod.oval:def:1504881 [5.0.203-1.0.1] - Add support for new Oracle release [5.0.203-1] - Update to .NET SDK 5.0.203 and Runtime 5.0.6 - Resolves: RHBZ#1954328 [5.0.202-1] - Update to .NET SDK 5.0.202 and Runtime 5.0.5 - Resolves: RHBZ#1947662 oval:org.secpod.oval:def:1504710 [2.1.522-1] - Update to .NET Core SDK 2.1.522 and Runtime 2.1.26 - Resolves: RHBZ#1933844 oval:org.secpod.oval:def:1504713 [3.1.113-1.0.1] - Update patch to support 8.3 - support OL release scheme [3.1.113-1] - Update to .NET Core SDK 3.1.113 and Runtime 3.1.13 - Resolves: RHBZ#1933845 oval:org.secpod.oval:def:1504732 [5.0.104-1.0.1] - Add support for new Oracle release [5.0.104-1] - Update to .NET SDK 5.0.104 and Runtime 5.0.4 - Resolves: RHBZ#1934247 oval:org.secpod.oval:def:1504633 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504765 [3.1.112-1.0.1] - Update patch to support 8.3 - support OL release scheme [3.1.112-1] - Update to .NET Core SDK 3.1.112 and Runtime 3.1.12 - Resolves: RHBZ#1923377 oval:org.secpod.oval:def:1504744 [5.0.103-1.0.1] - Add support for new Oracle release [5.0.103-1] - Update to .NET SDK 5.0.103 and Runtime 5.0.3 - Resolves: RHBZ#1924765 oval:org.secpod.oval:def:1504756 [5.0.102-2.0.1] - Add support for new Oracle release [5.0.102-2] - Rebuild with updated tests - Resolves: RHBZ#1912684 [5.0.102-1] - Update to .NET SDK 5.0.102 and Runtime 5.0.2 - Resolves: RHBZ#1912684 oval:org.secpod.oval:def:1505346 [4.14.5-7] - related: rhbz#2021171 - Fix CVE-2020-25717 - Fix running ktest [4.14.5-6] - related: rhbz#2021171 - Fix CVE-2020-25717 - Add missing checks for IPA DC server role oval:org.secpod.oval:def:1506148 [2.5.2-2] - resolves: rhbz#2108998 - Rebuild to include python3-ldb-devel in CRB [2.5.2-1] - Rebase to version 2.5.2 - resolves: rhbz#2109016 - Fix CVE-2022-32746 [2.5.1-1] - related: rhbz#2077484 - Rebase to version 2.5.1 [2.5.0-1] - resolves: rhbz#2077484 - Rebase to version 2.5.0 oval:org.secpod.oval:def:1506361 [6.4.7.2-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor=Oracle America, Inc. - Added the --with-hamcrest option to configure. [1:6.4.7.2-12] - Resolves: rhbz#2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz#2134751 CVE-2022-26307 Weak Master Keys - ... oval:org.secpod.oval:def:1505675 [5.56-3] + bluez-5.56-3 - Fixing - Fixing CVE-2021-41229 [5.56-2] + bluez-5.56-2 - Fixing - Removing bccmd check from tests [5.56-1] + bluez-5.56-1 - Fixing - Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56 oval:org.secpod.oval:def:1506971 [1.66.1-2] - rust-cargo: cargo does not respect the umask when extracting dependencies oval:org.secpod.oval:def:1506742 kubernetes [1.25.11-1] - Added Oracle specific build files for Kubernetes olcne [1.6.2-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x [1.6.1-9] - Updated the CVE ID"s in Istio-1.16.4 changelog entry [1.6.1-8] - Update Is ... oval:org.secpod.oval:def:1506743 kubernetes [1.24.8-2] - libct/cg: add misc controller to v1 drivers [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.13-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 - Added script to support upgrade from OL7 to OL8 using leapp oval:org.secpod.oval:def:1506751 [1.6.2-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x oval:org.secpod.oval:def:1507143 [4:20230808-2.0.2] - update 06-6a-06 to 0xd0003b9 {CVE-2023-23583} oval:org.secpod.oval:def:1504908 [9.27-1] - Rebase to 9.27 - Resolves: rhbz#1874523 oval:org.secpod.oval:def:1506529 [1:26.1-7.1] - Fix ob-latex.el command injection vulnerability oval:org.secpod.oval:def:1506586 [1:26.1-10.2] - Bump release [1:26.1-10.1] - Bump release [1:26.1-10] - Fix ob-latex.el command injection vulnerability [1:26.1-9] - Fix MH-E mail composition with GNU Mailutils [1:26.1-8] - Fix ctags local command execute vulnerability oval:org.secpod.oval:def:1506739 [32:9.16.23-0.14] - Handle subtle difference between upstream and rhel [32:9.16.23-0.13] - Prevent flooding with UPDATE requests - Handle RRSIG queries when server-stale is active - Fix crash when soft-quota is reached and serve-stale is active [32:9.16.23-0.12] - Include bind9.16-dnssec-utils i ... oval:org.secpod.oval:def:1506626 [7.0.107-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.107-1] - Update to .NET SDK 7.0.107 and Runtime 7.0.7 - Resolves: RHBZ#2211876 [7.0.106-2] - Update to .NET SDK 7.0.106 and Runtime 7.0.6 - Resolves: RHBZ#2190267 oval:org.secpod.oval:def:1506347 [6.0.113-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.113-1] - Update to .NET SDK 6.0.113 and Runtime 6.0.13 - Resolves: RHBZ#2154458 oval:org.secpod.oval:def:1506746 [7.0.109-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.109-1] - Update to .NET SDK 7.0.109 and Runtime 7.0.9 - Resolves: RHBZ#2219632 oval:org.secpod.oval:def:1506761 [6.0.120-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.120-1] - Update to .NET SDK 6.0.120 and Runtime 6.0.20 - Resolves: RHBZ#2219637 oval:org.secpod.oval:def:1507015 [102.15.1-1.0.1] - Update to 102.15.1 build2 oval:org.secpod.oval:def:1507021 [102.15.1-1.0.1] - Update to 102.15.1 oval:org.secpod.oval:def:1506638 [2.38.5-1.4] - Add patch for CVE-2023-28204 Resolves: #2209744 - Add patch for CVE-2023-32373 Resolves: #2209727 oval:org.secpod.oval:def:1506617 [7:20180414-29] - Resolves: #2209869, CVE-2023-32700 oval:org.secpod.oval:def:1506732 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:1505652 [1.13.0-6] - Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8] oval:org.secpod.oval:def:1503034 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506629 [1.20.0-29.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] - Fixes [Orabug: 29163824] source indentation not following convention [1.20.0-29.2] - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend oval:org.secpod.oval:def:1506188 [2.1.0-11] - fix CVE-2022-24795 - Related: #2061390 oval:org.secpod.oval:def:1507218 [1.16.1-2] - Resolves MXF demuxer use-after-free vulnerability oval:org.secpod.oval:def:1506758 [12.1.5-1.0.2] - [CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module oval:org.secpod.oval:def:1506729 [2:2.2.0-10] - Fix "implicit declaration of function" errors [- 2:2.2.0-9] - CVE-2022-39282: Fix length checks in parallel driver - CVE-2022-39283: Add missing length check in video channel - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx - CVE-2022-39318: Fix division by zero ... oval:org.secpod.oval:def:1506780 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506149 [1:2.3.16-3] - fix possible privilege escalation when similar master and non-master passdbs are used oval:org.secpod.oval:def:1506786 [2.38.5-1.5] - Disable JIT oval:org.secpod.oval:def:1506785 [4.0.9-28] - Fix CVE-2022-48281 - Resolves: CVE-2022-48281 oval:org.secpod.oval:def:1505660 [2.02-123.0.1] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 ... oval:org.secpod.oval:def:1505833 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506216 [102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 a ... oval:org.secpod.oval:def:1506147 [1.51.0-8] - Address some Coverity issues in the patch set [1.51.0-7] - lib: Prevent more integer overflows - Prevent integer overflow on m_groupSize in doProlog oval:org.secpod.oval:def:1506349 [2.2.5-10.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-10.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 oval:org.secpod.oval:def:1506315 [0.12.0-9] - Fix CVE-2022-1471 by using SafeConstructor. oval:org.secpod.oval:def:1506189 [32:9.11.36-5] - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing [32:9.11.36-4] - Tighten cache protection against record from forwarders - Include test of forwarders [32:9.11.36-2] - Reduce memory used per-view on machine with few processors [32:9.11.36-2 ... oval:org.secpod.oval:def:1506041 [32:9.16.23-0.7.1] - Fix possible serve-stale related crash - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing oval:org.secpod.oval:def:1506044 [32:9.11.36-3.1] - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing oval:org.secpod.oval:def:1505630 [1.0.2-1.el8] - Fix multiple CVEs : CVE-2017-18342, CVE-2020-10109, CVE-2020-10108, CVE-2021-33203, CVE-2021-33571, CVE-2021-44420, CVE-2021-31542, CVE-2021-28658, CVE-2021-28957, CVE-2021-43818, CVE-2020-27783 [Orabug: 34109801] oval:org.secpod.oval:def:1505646 [4.2.3-4] - Security fix for CVE-2021-43818 Resolves: rhbz#2032569 oval:org.secpod.oval:def:1505645 numpy [1.17.3-6] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933055 python38 [3.8.12-1] - Update to 3.8.12 Resolves: rhbz#2004587 [3.8.11-1] - Update to 3.8.11 - Fix for CVE-2021-3733 and CVE-2021-3737 Resolves: rhbz#1995234, rhbz#1995162 python3x-pip [19.3.1-5] ... oval:org.secpod.oval:def:1505691 [32:9.11.36-2] - Reduce memory used per-view on machine with few processors [32:9.11.36-2] - Rebuilt on a new side-tag [32:9.11.36-1] - Update to 9.11.36 [32:9.11.26-9] - Correct tsig system test [32:9.11.26-8] - Propagate ephemeral port ranges to chroot [32:9.11.26-7] - Do not request softhsm fr ... oval:org.secpod.oval:def:1505223 [0.7.19-1] - Update to 0.7.19 - repo_add_conda: add flag to skip v2 packages - fix rare segfault in resolve_jobrules that could happen if new rules are learnt - fix error handling in solv_xfopen_fd - fix memory leaks [0.7.17-2] - Fix rpm dependency [0.7.17-1] - Update to 0.7.17 - selected bug fixes: ... oval:org.secpod.oval:def:1505654 babel [9.0.3-19] - Remove bundled windows executables - Resolves: rhbz#2006792 python2 [2.7.18-10.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [2.7.18-10] - Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs Resolves: rhbz#2047 ... oval:org.secpod.oval:def:1505651 mod_wsgi [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.7.1-2] - Rebuilt for Python 3.9 [4.7.1-1] - update to 4.7.1 python39 [3.9.7-1] - Update to 3.9.7 Resolves: rhbz#2003102 ... oval:org.secpod.oval:def:1506168 [32:9.16.23-0.9.1] - Fix possible serve-stale related crash - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing [32:9.16.23-0.9] - Tighten cache protection against record from forwarders - Include test of forwarders [32:9.16.23-0.8] - TCP connections with ke ... oval:org.secpod.oval:def:1506169 [5.15.3-1] - 5.15.3 Resolves: bz#2061377 oval:org.secpod.oval:def:1504649 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504651 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505240 gnutls [3.6.16-4] - p11tool: Document ID reuse behavior when importing certs [3.6.16-3] - Treat SHA-1 signed CA in the trusted set differently [3.6.16-2] - Filter certificate_types in TLS 1.2 CR based on signature algorithms [3.6.16-1] - Update to upstream 3.6.16 release - Fix potential use-afte ... oval:org.secpod.oval:def:1505053 [1:1.41.1-1] - Rebase to 1.41.1 - Change description to reflect upstream - Resolves: RHBZ1980033 oval:org.secpod.oval:def:1505062 nodejs [1:14.17.3-2] - Resolves: RHBZ#1980032, RHBZ#1978203 - Resolves RHBZ#1842826 - Don"t use patch3 [1:14.17.3-1] - Resolves: RHBZ#1980032, RHBZ#1978203 - Resolves RHBZ#1842826 - Resolves CVE-2021-22918, use system cipher list [1:14.16.0-3] - Resolves: RHBZ#1930775 - Always build with systemtap oval:org.secpod.oval:def:1505061 nodejs [1:12.22.3-2] - Resolves: RHBZ#1980031, RHBZ#1978201 - Fix typo, BR systemtap-sdt-level always, remove y18n patch [1:12.22.3-1] - Resolves: RHBZ#1980031, RHBZ#1978201 - Resolves #1952915 - Resolves CVE-2021-22918, use system cipher list nodejs-nodemon [2.0.3-1] - Resolves: RHBZ#1920692, RHBZ# ... oval:org.secpod.oval:def:1505929 httpd [2.4.37-47.0.2.2] - mod_proxy: ap_proxy_http_request to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381946] oval:org.secpod.oval:def:1505575 [2.4.37-43.0.3.3] - Resolves: CVE-2021-33193 a crafted method sent through HTTP/2 will bypass validation [Orabug: 33942809] oval:org.secpod.oval:def:1506439 httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write ... oval:org.secpod.oval:def:1505326 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505187 httpd [2.4.37-39.0.2.1] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] oval:org.secpod.oval:def:1507130 [7.0.113-1.0.1] - Update to .NET SDK 7.0.113 and Runtime 7.0.13 - Resolves: RHEL-14474 oval:org.secpod.oval:def:1507136 [6.0.124-1.0.1] - Update to .NET SDK 6.0.124 and Runtime 6.0.24 - Resolves: RHEL-14466 oval:org.secpod.oval:def:1505425 httpd [2.4.37-43.1.0.1] - scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798] - fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43.1 ... oval:org.secpod.oval:def:1505672 mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy mod_md oval:org.secpod.oval:def:1505203 httpd [2.4.37-41.0.1] - Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-41] - Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS ... oval:org.secpod.oval:def:1506153 httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: ... oval:org.secpod.oval:def:1507001 [6.0.122-1.0.1] - Update to .NET SDK 6.0.122 and Runtime 6.0.22 - Resolves: RHEL-1996 oval:org.secpod.oval:def:1504892 [3.2.1-4] - CVE-2020-36242: Fixed a bug where certain sequences of update calls when symmetrically encrypting very large payloads oval:org.secpod.oval:def:1506236 [0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5] - Fixed ruby socket permissions - Resolves: rhbz#2116838 [0.10.14-4] - Fixed enable sbd from webui - Resolves: rhbz#2117650 [0.10.14-3] - Fixed pcs quorum device remove - Resolves: rhbz#2115326 [0.10.14-2] - Fixed booth ticket mod ... oval:org.secpod.oval:def:1505670 qemu-kvm [4.2.1.16.el8] - Document CVE-2021-4145 as fixed [Orabug: 33791496] {CVE-2021-4145} - migration: Tally pre-copy, downtime and post-copy bytes independently - migration: Introduce ram_transferred_add - ACPI ERST: specification for ERST support - ACPI ERST: step 6 of bios-tables-test.c - ... oval:org.secpod.oval:def:1506384 [1.8.29.8.1] RHEL 8.7.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161220 oval:org.secpod.oval:def:1504934 [3.6.8-37.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-37] - Fix for CVE-2021-23336 Resolves: rhbz#1928904 [3.6.8-36] - Fix for CVE-2021-3177 Resolves: rhbz#1918168 [3.6.8-35] - New options -a and -k for pathfix.py script backported from upstream Resolves: rhbz#19176 ... oval:org.secpod.oval:def:1504750 [2.02-78.0.2] - grub-set-bootflag: fix grubenv update method, fix CVE-2019-14865 [Orabug: 30607067] oval:org.secpod.oval:def:1507235 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [115.6.0-1] - Update to 115.6.0 build2 oval:org.secpod.oval:def:1507236 [115.6.0-1.0.1] - Update to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file oval:org.secpod.oval:def:1506166 xorg-x11-server [1.20.11-9] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2108156, rhbz#2108161 [1.20.11-8] - Rebuild again for ipv6 xtrans fix Related: #2075132 [1.20.11-6] - Rebuild for ipv6 xtrans fix Related: #2075132 xorg-x11-server-Xwayland [21.1.3-6] - ... oval:org.secpod.oval:def:1505342 [91.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.4.0-1] - Update to 91.4.0 build1 oval:org.secpod.oval:def:1505345 [91.4.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.4.0-2] - Update to 91.4.0 build2 [91.4.0-1] - Update to 91.4.0 build1 oval:org.secpod.oval:def:1505678 [5.15.2-4] - Fix out-of-bounds write in QOutlineMapper::convertPath Resolves: bz#1996877 oval:org.secpod.oval:def:1506580 [2.39.3-1] - Update to 2.39.3 - Resolves: #2188364, #2188373, #2190157, #2190158 oval:org.secpod.oval:def:1505324 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505337 [3.67.0-7] - Fix CVE 2021 43527 oval:org.secpod.oval:def:1506745 delve [1.9.1-1.0.1] - Disable DWARF compression which has issues [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] go-toolset [1.19.10-1.0.1] - Update for Go 1.19.10 [CVE-2023-29402 ... oval:org.secpod.oval:def:1505700 libecap squid [7:4.15-3] - Resolves: #1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP protocol data may lead to information disclosure [7:4.15-2] - Resolves: #2006121 - SQUID shortens FTP Link wrong that contains a semi-colon and as a result is not able to download zip file.CODE 4 ... oval:org.secpod.oval:def:1507115 [1:11.0.21.0.9-2.0.1] - Update to jdk-11.0.21+9 - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication - OpenJDK: Additional zip64 files validation - OpenJDK: Print an exception when encountering null addresses while producing thread dumps oval:org.secpod.oval:def:1507117 [1:17.0.9.0.9-2.0.1] - Update to jdk-17.0.9+9 - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x86_64 with AVX-512 - OpenJDK: certificate path validation issue during client authentication - OpenJDK: Additional zip64 files validation oval:org.secpod.oval:def:1507048 [115.3.1-1.0.1] - Update to 115.3.1 oval:org.secpod.oval:def:1507049 [115.3.1-1.0.1] - Update to 115.3.1 build1 oval:org.secpod.oval:def:1507122 [115.4.1-1.0.1] - Update to 115.4.1 build1 - Add fix for CVE-2023-44488 oval:org.secpod.oval:def:1507124 [115.4.0-1.0.1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL oval:org.secpod.oval:def:1506979 [102.15.0-1.0.1] - Update to 102.15.0 build2 oval:org.secpod.oval:def:1506981 [102.15.0-1.0.1] - Update to 102.15.0 build1 oval:org.secpod.oval:def:1507182 pgaudit pg_repack postgres-decoderbufs postgresql [13.13-1.0.1] - Fixed postgresql port binding issue during bootup [Orabug: 35103668] [13.13-1] - Update to 13.13 - Fixes: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 - Resolves: RHEL-16085 RHEL-16123 oval:org.secpod.oval:def:1507231 pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rh ... oval:org.secpod.oval:def:1507219 pgaudit pg_repack postgres-decoderbufs postgresql oval:org.secpod.oval:def:1507222 [10.23-3.0.1] - Resolves: CVE-2023-5869 oval:org.secpod.oval:def:1506522 [1:11.0.19.0.7-1] - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 amp; JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarba ... oval:org.secpod.oval:def:1506525 [1:17.0.7.0.7-1] - Update to jdk-17.0.7.0+7 - Update release notes to 17.0.7.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 amp; JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball. ... oval:org.secpod.oval:def:1506531 [1:1.8.0.372.b07-1] - Update to shenandoah-jdk8u372-b07 - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to ge ... oval:org.secpod.oval:def:1507019 [7.5.1-7.0.1.2] - Fix BFD crash in FRR running in MetalLB - Fix for CVE-2023-38802 oval:org.secpod.oval:def:1505649 [8.0p1-13] - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour [8.0p1-12] - Add support for "Include" directive in sshd_config file [8.0p1-11] - CVE-2021-41617 upstream fix oval:org.secpod.oval:def:1505222 [8.0.1763-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.0.1763-16] - 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace in normal.c [rhel-8.5.0] - 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char in mbyte.c [rhel-8.5.0] oval:org.secpod.oval:def:1505851 [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use git apply with patch ... oval:org.secpod.oval:def:1505852 [1:17.0.4.0.8-0.2.ea] - Add rpminspect.yaml to turn off Java bytecode inspections - java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode - Resolves: rhbz#2109106 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative s ... oval:org.secpod.oval:def:1505849 [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update ... oval:org.secpod.oval:def:1503069 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505440 [1:17.0.2.0.8-4] - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz#2039366 [1:17.0.2.0.8-3] - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes oval:org.secpod.oval:def:1505028 [1:1.8.0.302.b08-0] - Update to aarch64-shenandoah-jdk8u302-b08 - Update release notes for 8u302-b08. - Switch to GA mode for final release. - This tarball is embargoed until 2021-07-20 @ 1pm PT. - Resolves: rhbz#1972395 [1:1.8.0.302.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u302-b07 - Update ... oval:org.secpod.oval:def:1505032 [1:11.0.12.0.7-0] - Update to jdk-11.0.12.0+7 - Update release notes to 11.0.12.0+7 - Switch to GA mode for final release. - This tarball is embargoed until 2021-07-20 @ 1pm PT. - Resolves: rhbz#1972395 [1:11.0.12.0.6-0.0.ea] - Update to jdk-11.0.12.0+6 - Update release notes to 11.0.12.0+6 - Switch ... oval:org.secpod.oval:def:1505273 [1:17.0.1.0.12-2] - Extend LTS check to exclude EPEL. - Related: rhbz#2013841 [1:17.0.1.0.12-2] - Set LTS designator. - Related: rhbz#2013841 [1:17.0.1.0.12-1] - Drop JDK-8272332/RH2004078 patch which is upstream in 17.0.1 - Resolves: rhbz#2013841 [1:17.0.1.0.12-1] - October CPU update to jdk 17.0.1 ... oval:org.secpod.oval:def:1505321 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506790 runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589 oval:org.secpod.oval:def:1506775 runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589 oval:org.secpod.oval:def:1504917 [0.27.3-2] - Avoid duplicating Changelog file Resolves: bz#1880984 [0.27.3-1] - Update to 0.27.3 Resolves: bz#1880984 oval:org.secpod.oval:def:1504527 exiv2 [0.27.2-5] - Fix failing test Resolves: bz#1800472 [0.27.2-4] - Drop test for the previous CVE as we test it manually and we dont have POC available Resolves: bz#1800472 [0.27.2-3] - Fix infinite loop and hang in Jp2Image::readMetadata Resolves: bz#1800472 [0.27.2-2] Rebuild Resolves: bz#16519 ... oval:org.secpod.oval:def:1505226 [0.26-6] - Fix out-of-bounds read in Exiv2::Jp2Image::printStructure Resolves: bz#1993283 - Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Resolves: bz#1993246 oval:org.secpod.oval:def:1505078 [0.26-11] - Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS Resolves: bz#1990397 oval:org.secpod.oval:def:1505077 [0.27.3-3] - Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS Resolves: bz#1990355 oval:org.secpod.oval:def:1503013 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503074 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506783 [20220126gitbb1bba3d77-4] - edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581] - edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581] - Resolves: bz#2164531 - Resolves: bz#2164543 - Resolves: bz#2164558 - Resolves: bz#21 ... oval:org.secpod.oval:def:1505428 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1507220 [1:1.1.1k-12] - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series Resolves: RHEL-17696 [1:1.1.1k-11] - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] - ... oval:org.secpod.oval:def:1506183 buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-4] - update to the latest content of htt ... oval:org.secpod.oval:def:1505758 go-toolset [1.17.10-1] - Set version to correspond to the matching build golang version - delve can be now added to aarch64 as well, remove ifarch. golang [1.17.10-1.0.1] - Add patches between Go 1.17.7 and Go 1.17.10 - Rename base_versn to base_version - Remove unneeded patches from previous versio ... oval:org.secpod.oval:def:1506228 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506731 [3.2.0-3] - resolve CVE-2022-27664 grafana-pcp: golang: net/http: handle server errors after sending GOAWAY oval:org.secpod.oval:def:1505820 go-toolset [1.18.3-1] - Update to golang 1.18.3 golang [1.18.3-1.0.1] - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify Patch51852 to remove portions already upstream - Use base_version to distinguish the version of the tarball from the final version - Reviewed-by: Jo ... oval:org.secpod.oval:def:1506768 [7.5.15-4] - resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY - resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps - resolve CVE-2022-28 ... oval:org.secpod.oval:def:1506143 golang [1.17.13-1.0.1] - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 go-toolset [1.17.13-1] - Set version to correspond to the matching build golang version oval:org.secpod.oval:def:1506151 cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095] [41-1] - New upstream release oval:org.secpod.oval:def:1506393 golang [1.18.9-1] - Update to Go 1.18.9 - Add big-endian.patch - Increase GO_TEST_TIMEOUT_SCALE due to a Brew issue - Add do-not-reuse-far-trampolines.patch - Resolves: rhbz#2149313 [1.18.7-2] - Fix version mismatch from previous rebase - Related: rhbz#2136719 [1.18.7-1] - Update to Go 1.18.7 - Reso ... oval:org.secpod.oval:def:1506157 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ... oval:org.secpod.oval:def:1506171 [3.2.0-2] - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - res ... oval:org.secpod.oval:def:1507046 [2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi < jose.marchesi at oracle.com > oval:org.secpod.oval:def:1505577 [1:17.0.3.0.6-2] - Add JDK-8284920 fix for XPath regression - Related: rhbz#2073575 [1:17.0.3.0.6-2] - JDK-8275082 should be listed as also resolving JDK-8278008 CVE-2022-21476 - Related: rhbz#2073575 [1:17.0.3.0.6-1] - JDK-8283911 patch no longer needed now we"re GA... - Resolves: rhbz#2073575 [1: ... oval:org.secpod.oval:def:1505579 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is embargoed until 2022-04-19 @ 1pm PT. - Resolves: rhbz#2073422 [1:1.8.0.332.b06-0.1.ea] - Update to shenandoah-jdk8u332-b06 - Update release notes f ... oval:org.secpod.oval:def:1505591 [1:11.0.15.0.9-2] - Add JDK-8284920 fix for XPath regression - Related: rhbz#2073422 [1:11.0.15.0.9-2] - Remove security items from release notes that were only in 17u and N/A for 11u - Related: rhbz#2073422 [1:11.0.15.0.9-1] - Update to jdk-11.0.15.0+9 - Update release notes to 11.0.15.0+9 - Switch ... oval:org.secpod.oval:def:1506190 [2.9.1-9] - Guard face- oval:org.secpod.oval:def:72262 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72274 The passwords to remember should be set correctly. oval:org.secpod.oval:def:72256 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:1506605 [6.0.118-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.118-1] - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ#2212378 [6.0.117-2] - Update to .NET SDK 6.0.117 and Runtime 6.0.17 - Resolves: RHBZ#2190262 oval:org.secpod.oval:def:1505068 [2.4.0-9.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] - Restore default debug level for shadow-utils tools [Orabug: 32810448] - Revert Redhat"s change of disallowing duplicated incomplete gid when id_provider=ldap is used, which caused regression in AD environment. [Orabug: 29 ... oval:org.secpod.oval:def:1502831 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504519 nodejs [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependenc ... oval:org.secpod.oval:def:1504526 nodejs [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:1507357 [115.8.0-1.0.1] - Update to 115.8.0 build 1 oval:org.secpod.oval:def:1507360 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:1506581 [1.6.1-6.1] - Resolves: #2196572 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 oval:org.secpod.oval:def:1506402 [1:1.8.0.362.b09-2] - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update to shenandoah-jdk8u352-b09 - Update release notes for shenandoah-8u352-b09. - Resolves: rhbz#2163595 [1:1.8.0.362.b08-2] - Update to shenandoah-jdk8u352-b08 - Update release notes for shenandoah-8u352-b08 ... oval:org.secpod.oval:def:1506397 [1:1.8.0.362.b09-2] - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update to shenandoah-jdk8u352-b09 - Update release notes for shenandoah-8u352-b09. - Resolves: rhbz#2163595 [1:1.8.0.362.b08-2] - Update to shenandoah-jdk8u352-b08 - Update release notes for shenandoah-8u352-b08 ... oval:org.secpod.oval:def:1506358 [1:17.0.6.0.10-3] - Add missing release note for JDK-8295687 - Resolves: rhbz#2160111 [1:17.0.6.0.10-3] - Update FIPS support to bring in latest changes - * OJ1357: Fix issue on FIPS with a SecurityManager in place - Related: rhbz#2147473 [1:17.0.6.0.10-3] - Fix flatpak builds by disabling TestTrans ... oval:org.secpod.oval:def:1506359 [1:11.0.18.0.10-1] - Update to jdk-11.0.18+10 - Update release notes to 11.0.18+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2157797 [1:11.0.18.0.9-0.2.ea] - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local c ... oval:org.secpod.oval:def:1507376 [20220126gitbb1bba3d77-6.el8_9.6] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21840 RHEL-21842] - Resolves: RHEL-21842 - Resolves: RHEL-21850 oval:org.secpod.oval:def:1507395 ruby [3.1.4-142] - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in URI. Resolves: RHEL-28567 Resolves: RHEL-28576 - Fix ReDos vulnerability in Time. Resolves: RHEL-28566 - Make RDoc soft dependency in IRB. Resolves: ... oval:org.secpod.oval:def:1507358 pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rh ... oval:org.secpod.oval:def:1507355 pgaudit [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.6-3] - Release bump - enable gating postgres-decoderbufs [0.10.0-2] - Release bump for rebuild against libpq-12.1-3 postgresql [13.14-1.0.1] - update to 13.14 - Fixes CVE-2024-0985 oval:org.secpod.oval:def:1507364 [10.23-4.0.1] - Resolves: CVE-2024-0985 oval:org.secpod.oval:def:1507365 pgaudit [1.4.0-7] - Release bump to avoid regression in nvrs - Resolves: RHEL-24969 pg_repack postgres-decoderbufs postgresql [12.18-1.0.1] - Update to version 12.18 - Fixes CVE-2024-0985 oval:org.secpod.oval:def:1506430 [102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506431 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506396 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 oval:org.secpod.oval:def:1506363 [102.7.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 ... oval:org.secpod.oval:def:1506603 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:1506612 [102.12.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:1506512 [102.10.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2 oval:org.secpod.oval:def:1506516 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 oval:org.secpod.oval:def:1506587 [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 oval:org.secpod.oval:def:1506597 [102.11.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1 oval:org.secpod.oval:def:1507352 [0.20.0-8] - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding oval:org.secpod.oval:def:1507221 [0.20.0-7] - Fix file caching with different offsets - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS#1.5 padding oval:org.secpod.oval:def:1504634 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504639 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1507127 [1:1.8.0.392.b08-4.0.1] - Update to shenandoah-jdk8u392-b08 - OpenJDK: segmentation fault in ciMethodBlocks - OpenJDK: IOR deserialization issue in CORBA - OpenJDK: certificate path validation issue during client authentication - A maximum signature file size property, jdk.jar.maxSignatureFile ... oval:org.secpod.oval:def:1506748 [42.2.14-2] - Fix CVE-2022-41946 oval:org.secpod.oval:def:1506764 [3.3.3-5] - Fix for CVE-2022-36227 oval:org.secpod.oval:def:1505685 hivex [1.3.18-23] - Limit recursion in ri-records resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ... oval:org.secpod.oval:def:1505841 [7.61.1-22.el8_6.3] - fix too eager reuse of TLS and SSH connections [7.61.1-22.el8_6.2] - fix invalid type in printf argument detected by Coverity [7.61.1-22.el8_6.1] - fix credential leak on redirect - fix auth/cookie leak on redirect - fix OAUTH2 bearer bypass in connection re-use oval:org.secpod.oval:def:1506767 hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] ... oval:org.secpod.oval:def:1506326 hivex libguestfs [1.40.2-28.0.4] - v2v: Cope with libvirt vpx/esx driver which does not set [Orabug: 34026544] [1.40.2-28.0.3] - virt-v2v: Specify backing file format to qemu-img command [Orabug: 33906330] - Require "kernel-uek" RPM for installation instead of "kernel" [Orabug: 33986812] [1.40.2-28. ... oval:org.secpod.oval:def:1505420 libguestfs-winsupport [8.2] - Resolves: bz#1810193 libguestfs [1.40.2-28.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.40.2-28] - daemon: lvm: Use lvcreate --yes to avoid i ... oval:org.secpod.oval:def:1505269 [7.61.1-22] - fix STARTTLS protocol injection via MITM - fix protocol downgrade required TLS bypass [7.61.1-21] - fix TELNET stack contents disclosure again - fix TELNET stack contents disclosure - fix bad connection reuse due to flawed path name checks - disable metalink support to fix the fol ... oval:org.secpod.oval:def:1505231 libvirt [6.0.0-35.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 oval:org.secpod.oval:def:1505254 [8.42-6] - Rebuild for BZ#1954441 [8.42-5] - Fix CVE-2019-20838 - Fix CVE-2020-14155 oval:org.secpod.oval:def:1505306 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506733 hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] ... oval:org.secpod.oval:def:1504906 [7.61.1-18] - http: send payload when authentication is done - curl: Inferior OCSP verification - libcurl: FTP wildcard stack overflow - curl: trusting FTP PASV responses [7.61.1-17] - validate an ssl connection using an intermediate certificate [7.61.1-16] - fix multiarch conflicts in libcurl ... oval:org.secpod.oval:def:1504936 gssdp [1.0.5-1] + gssdp-1.0.5-1 - Update to 1.0.5 - Fix SUBSCRIBE misbehaviour - Resolves: #1861928 gupnp [1.0.6-1] + gupnp-1.0.6-1 - Update to 1.0.6 - Fix SUBSCRIBE misbehaviour - Resolves: #1846589 oval:org.secpod.oval:def:1506346 [3.26.0-17] - Fixed CVE-2022-35737 oval:org.secpod.oval:def:1506772 [7.61.1-30] - fix HTTP multi-header compression denial of service [7.61.1-29] - h2: lower initial window size to 32 MiB [7.61.1-28] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel [7.61.1-27] - upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 [7.61.1-26] - control code in c ... oval:org.secpod.oval:def:1506167 [2.9.7-15] - Fix CVE-2016-3709 [2.9.7-14] - Fix CVE-2022-29824 oval:org.secpod.oval:def:1507007 [5.4.17-2136.323.8.1.el8uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35713696] {CVE-2023-22024} oval:org.secpod.oval:def:1507008 [5.4.17-2136.323.8.1.el8] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35713696] {CVE-2023-22024} oval:org.secpod.oval:def:1507010 [5.15.0-105.125.6.2.1.el8uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35713695] {CVE-2023-22024} oval:org.secpod.oval:def:1507126 [2.30-119.0.2.2] - Fix for CVE-2022-4285. - Fix illegal memory address when parsing an ELF file contaiing corrupt symbol version information. Upstream commit 5c831a3c7f3ca98d6aba1200353311e1a1f84c70. - Partial backport of _bfd_mul_overflow support from upstream commit 1f4361a77b18c5ab32baf2f30fefe5e ... oval:org.secpod.oval:def:1506759 [2.38-17] - Fix an illegal memory access parsing a corrupt ELF file oval:org.secpod.oval:def:1506028 [5.15.0-2.52.3.el8uek] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec oval:org.secpod.oval:def:1506030 [5.15.0-2.52.3.el8] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec oval:org.secpod.oval:def:1506719 [5.4.17-2136.321.4] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index oval:org.secpod.oval:def:1506969 [5.4.17-2136.321.4.el8uek] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index 0 [Orabug: 35510149] [5.4.17-2136.321.3.el8uek] - selinux: don"t use make"s grouped targets feature yet - lib: cpu_rmap: Fix potential use ... oval:org.secpod.oval:def:1506967 [5.4.17-2136.321.4.el8] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index 0 [Orabug: 35510149] [5.4.17-2136.321.3.el8] - selinux: don"t use make"s grouped targets feature yet - lib: cpu_rmap: Fix potential use-after ... oval:org.secpod.oval:def:1506770 [5.4.17-2136.321.4.el8] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index oval:org.secpod.oval:def:1506141 [5.4.17-2136.313.6.el8uek] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy [Orabug: 34475857] oval:org.secpod.oval:def:1506351 [4.18.0-425.10.1.el8.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15.3-1.0.3 - Remove upstrea ... oval:org.secpod.oval:def:1506136 [5.4.17-2136.313.6.el8] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests [Orabug: 34484268] - uek: kabi: ... oval:org.secpod.oval:def:1505745 [5.4.17-2136.307.3.2] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:1505936 [5.4.17-2136.310.7.el8uek] - net_sched: cls_route: remove from list when handle is 0 [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only [Orabug: 34450896] - x86/bugs: display dynamic retbleed state [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_ ... oval:org.secpod.oval:def:1505937 [5.4.17-2136.310.7.el8] - net_sched: cls_route: remove from list when handle is 0 [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only [Orabug: 34450896] - x86/bugs: display dynamic retbleed state [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_ini ... oval:org.secpod.oval:def:1506422 [5.4.17-2136.316.7.el8] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001045] [5.4.17-2136.316.6.el8] - block: Change the granularity of io ticks from ms to ns. oval:org.secpod.oval:def:1506423 [5.4.17-2136.316.7.el8uek] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001045] [5.4.17-2136.316.6.el8uek] - block: Change the granularity of io ticks from ms to ns oval:org.secpod.oval:def:1506440 [4.18.0-425.13.1.el8_7.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list oval:org.secpod.oval:def:1505559 [5.4.17-2136.305.5.5.el8uek] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34034594] {CVE-2022-1158} oval:org.secpod.oval:def:1505558 [5.4.17-2136.305.5.5.el8] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34034594] {CVE-2022-1158} oval:org.secpod.oval:def:1506226 [5.15.0-4.70.5.2] - Revert "sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle" [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols [Orabug: 34595591] - Rever ... oval:org.secpod.oval:def:1506233 [5.15.0-4.70.5.2] - Revert "sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle" [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols [Orabug: 34595591] - Rever ... oval:org.secpod.oval:def:1505638 [5.4.17-2136.307.3.2.el8] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:1505637 [5.4.17-2136.307.3.2.el8uek] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:1505814 - 5.15.0-0.30.20.el8 - floppy: use a statically allocated error counter [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported [Orabug: 34335631] {CVE-2022-23816} {CVE-2 ... oval:org.secpod.oval:def:1505824 [5.15.0-0.30.20.1] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386636] {CVE-2022-21505} oval:org.secpod.oval:def:1505821 [5.4.17-2136.309.5] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1505837 [5.15.0-0.30.20] - floppy: use a statically allocated error counter [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported [Orabug: 34335631] {CVE-2022-29901} {CVE-2022- ... oval:org.secpod.oval:def:1505831 [5.4.17-2136.309.5] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1505834 [5.15.0-0.30.20.1] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386636] {CVE-2022-21505} oval:org.secpod.oval:def:1505847 [5.15.0-0.30.20.1.el8uek] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386636] {CVE-2022-21505} oval:org.secpod.oval:def:1505843 [5.15.0-0.30.20.1.el8] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386636] {CVE-2022-21505} oval:org.secpod.oval:def:1505844 [5.4.17-2136.309.5.el8uek] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1505845 [5.4.17-2136.309.5.el8] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1506309 [5.4.17-2136.314.6.2.el8] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el8] - RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_u ... oval:org.secpod.oval:def:1506312 [5.4.17-2136.314.6.2.el8uek] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el8uek] - RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to des ... oval:org.secpod.oval:def:1506323 [5.15.0-5.76.5.1] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit ... oval:org.secpod.oval:def:1506327 [5.15.0-5.76.5.1] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit ... oval:org.secpod.oval:def:1505997 [3.6.8-47.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-47] - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 [3.6.8-46] - Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs - Fix the test suite support for Expat = ... oval:org.secpod.oval:def:1506609 [3.6.8-51.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-51.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1506200 python39 [3.9.13-2] - Fix for CVE-2022-42919 Resolves: rhbz#2138705 oval:org.secpod.oval:def:1506623 [3.11.2-2.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1506738 python39 [3.9.16-1.1] - Security fix for CVE-2023-24329 oval:org.secpod.oval:def:1506736 babel [2.7.0-11] - Fix CVE-2021-20095 Resolves: rhbz#1955615 Cython [0.29.14-4] - Exclude unsupported i686 arch mod_wsgi [4.6.8-4] - Core dumped upon file upload oval:org.secpod.oval:def:1506789 babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343 [2.5.1- ... oval:org.secpod.oval:def:1506749 babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 Cython [0.28.1-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 numpy [1:1.14.2-16] - Fix include path - Related: rhbz#1907601 pytest python2 [2.7.18-13.0.1.1] - Fix for CVE-2023-24329 - Add missing part ... oval:org.secpod.oval:def:1506161 babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343 [2.5.1- ... oval:org.secpod.oval:def:1506162 Cython [0.29.14-4] - Exclude unsupported i686 arch [0.29.14-3] - Unversioned binaries renamed [0.29.14-2] - Adjusted for Python 3.8 module in RHEL 8 - without emacs plugin [0.29.14-1] - Update to 0.29.14 - Python 2 subpackage has been removed scipy [1.3.1-4] - Exclude unsupported i686 arch [1.3.1-3 ... oval:org.secpod.oval:def:1506165 Cython [0.29.21-5] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [0.29.21-4] - Drop build dependency on coverage [0.29.21-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [0.29.21-2] - Re-enable tests. [0.29.21-1] - 0.29.21 scipy [1.5.4-3] - Spe ... oval:org.secpod.oval:def:1505761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506406 libvirt [8.0.0-10.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 oval:org.secpod.oval:def:1506463 libvirt [5.7.0-38.el8] - qemu: Don"t report spurious errors from vCPU tid validation on hotunplug timeout [Orabug: 34826758] - security: fix SELinux label generation logic [Orabug: 34773029] {CVE-2021-3631} - qemu: Set default qdisc before setting bandwidth [Orabug: 34724925] - qemu: Taint cpu ho ... oval:org.secpod.oval:def:1505427 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506145 hivex [1.3.18-21] - Bounds check for block exceeding page length resolves: rhbz#1950501 [1.3.18] - Resolves: bz#1810193 [1.3.18] - Resolves: bz#1810193 [1.3.15-7] - Rebuild all virt packages to fix RHEL"s upgrade path - Resolves: rhbz#1695587 [1.3.15-6] - Drop hivex-static subpackage resolves: r ... oval:org.secpod.oval:def:1505063 hivex [1.3.18-21] - Bounds check for block exceeding page length resolves: rhbz#1950501 libvirt [6.0.0-35.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 = 1:10.2.5 - Disable parallel builds [6.0.0-35.1.el8] - network: make it safe to call netwo ... oval:org.secpod.oval:def:1506173 libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] - Obs ... oval:org.secpod.oval:def:1504896 [5.4.17-2102.201.3.el8] - locking/qrwlock: Fix ordering in queued_write_lock_slowpath [Orabug: 32805544] [5.4.17-2102.201.2.el8] - md/bitmap: wait for external bitmap writes to complete during tear down [Orabug: 32764237] - ocfs2: fix deadlock between setattr and dio_end_io_write [Orabug: 3276384 ... oval:org.secpod.oval:def:1505588 [4.18.0-348.23.1.el8_5.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 lt;= 15-11.0.5.el8 [4.18. ... oval:org.secpod.oval:def:1506029 [5.4.17-2136.311.6.el8uek] - Revert KVM: x86: Print error code in exception injection tracepoint iff valid [Orabug: 34535896] oval:org.secpod.oval:def:1506031 [5.4.17-2136.311.6.el8] - Revert KVM: x86: Print error code in exception injection tracepoint iff valid oval:org.secpod.oval:def:1505375 [5.4.17-2136.302.7.2.1.el8] - vfs: fs_context: fix up param length parsing in legacy_parse_param [Orabug: 33761451] {CVE-2022-0185} oval:org.secpod.oval:def:1505454 qemu-kvm [4.2.0-59.el8_5] - kvm-hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch [bz#2025605] - kvm-e1000-fix-tx-re-entrancy-problem.patch [bz#2025011] - Resolves: bz#2025605 - Resolves: bz#2025011 oval:org.secpod.oval:def:1505228 [4.18.0-348.2.1_5.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-348.2.1_5] - tipc: fix ... oval:org.secpod.oval:def:1505650 [4.18.0-372.9.1.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-372.9.1] - scsi: qedi: F ... oval:org.secpod.oval:def:1505421 [5.4.17-2136.302.7.2.1] - vfs: fs_context: fix up param length parsing in legacy_parse_param [Orabug: 33761451] {CVE-2022-0185} oval:org.secpod.oval:def:1505424 [4.18.0-348.7.1_5.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-348.7.1_5] - sched: Fi ... oval:org.secpod.oval:def:1506186 nodejs [1:14.20.1-2] - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 [1:14.20.1-1] - Rebase to version 14.20.1 Resolves: CVE-2022-35256 nodejs-packaging [23-3] - Updated - Removed pathfix.py [23-2] - Rebuilt f ... oval:org.secpod.oval:def:1505999 nodejs [1:16.16.0-3] - Fix build - Resolves: RHBZ#2111416 [1:16.16.0-2] - Refactor spec - Resolves: RHBZ#2111416 [1:16.16.0-1] - Rebase to latest version - Resolves: RHBZ#2106369 - CVE fixes for CVE-2022-32212/3/4/5 - Resolves: #2109578, #2109581, #2109584, #2109588 nodejs-nodemon [2.0.19-2] - Switc ... oval:org.secpod.oval:def:1506004 nodejs [1:14.20.0-2] - Replace with_* macros with RPM confitionals - Unify configure calls into single command - Refactor bootstrap-related parts - Decouple dependency bundling from bootstrapping - Resolves: RHBZ#2111417 [1:14.20.0-1] - Rebase to latest version - Resolves: RHBZ#2106367 - CVE fixes f ... oval:org.secpod.oval:def:1506321 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151546 [1:16.18.1-2] - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [1:16.18.1-1] - Rebase + CVE fixes - Resolves: #214280 ... oval:org.secpod.oval:def:1506336 nodejs [1:14.21.1-2] - Apply upstream fix for CVE-2022-24999 Resolves: CVE-2022-24999 - Record CVEs fixed by current or previous upstream releases Resolves: CVE-2021-44906 [1:14.21.1-1] - Rebase to version 14.21.1 Resolves: rhbz#2129805 CVE-2022-43548 CVE-2022-3517 oval:org.secpod.oval:def:1506174 nodejs [1:18.8.0-1] - Rebase to version 18.8.0 - Include sources for WASM blobs nodejs-packaging [2021.06-4] - NPM bundler: also find namespaced bundled dependencies [2021.06-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2021.06-2] - Fix hard-coded output directory in the b ... oval:org.secpod.oval:def:1504933 [2.28-151.0.1.el8_4] - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD v ... oval:org.secpod.oval:def:1504976 [2.28-151.0.1.el8_4] - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD v ... oval:org.secpod.oval:def:1505674 rust [1.58.1-1] - Update to 1.58.1. [1.58.0-1] - Update to 1.58.0. [1.57.0-1] - Update to 1.57.0. [1.56.1-2] - Add rust-std-static-wasm32-wasi Resolves: rhbz#1980080 [1.56.0-1] - Update to 1.56.1. [1.55.0-1] - Update to 1.55.0. - Backport support for LLVM 13. [1.54.0-2] - Make std-static-wasm* arch- ... oval:org.secpod.oval:def:1506003 ruby [3.0.4-141] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109431 Resolves: rhbz#2110981 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 oval:org.secpod.oval:def:1506005 ruby [2.7.6-138] - Upgrade to Ruby 2.7.6. Resolves: rhbz#2109424 - Fix FTBFS due to an incompatible load directive. Related: rhbz#2109424 - Fix a fiddle import test on an optimized glibc on Power 9. Related: rhbz#2109424 - Fix regular Expression Denial of Service Vulnerability of Date Parsing Method ... oval:org.secpod.oval:def:1506154 [3.1.3-19] - Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [3.1.3-18] - Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers [3.1.3-17] - Related: #2043753 - New option s ... oval:org.secpod.oval:def:1506584 mecab [0.996-2.12] - Bump version for "mysql" module rebuild We are moving the "mecab-devel" RPM from the "buildroot" repo to the "AppStream" repo - Resolves: #2180411 mecab-ipadic mysql [8.0.32-1] - Update to MySQL 8.0.32 [8.0.31-1] - Update to MySQL 8.0.31 oval:org.secpod.oval:def:1506585 [7.61.1-30.el8_8.2] - sftp: do not specify O_APPEND when not in append mode [7.61.1-30.el8_8.1] - fix FTP too eager connection reuse oval:org.secpod.oval:def:1506371 ruby [2.5.9-110.0.1] - Fix for CVE-2022-28739 [Orabug: 34824177] oval:org.secpod.oval:def:1505322 [5.4.17-2136.301.1.2.el7] - Revert "net/rds: Allocate pages on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Use the same vector for send & receive" [Orabug: 33561324] - Revert "net/rds: Get ri ... oval:org.secpod.oval:def:1505453 [5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task use after free [Orabug: 33794250] - sc ... oval:org.secpod.oval:def:1505432 [5.4.17-2136.302.6.1] - rds/ib: Use both iova and key in free_mr socket call [Orabug: 33667276] [5.4.17-2136.302.6] - Revert fs: align IOCB_* flags with RWF_* flags [Orabug: 33627551] [5.4.17-2136.302.5] - Revert drm: Initialize struct drm_crtc_state.no_vblank from device settings [Orabug: 336118 ... oval:org.secpod.oval:def:1505449 [5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task use after free [Orabug: 33794250] - sc ... oval:org.secpod.oval:def:1505055 [4.18.0-305.12.1.el8_4.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15-11.0.5.el8 [4.18.0-305 ... oval:org.secpod.oval:def:1505297 [5.4.17-2136.301.1.2] - Revert "net/rds: Allocate pages on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Use the same vector for send & receive" [Orabug: 33561324] - Revert "net/rds: Get rid of ... oval:org.secpod.oval:def:1505031 [5.4.17-2102.203.6.el8uek] - seq_file: disallow extremely large seq buffer allocations [Orabug: 33135632] {CVE-2021-33909} oval:org.secpod.oval:def:1505036 [5.4.17-2102.203.6.el8] - seq_file: disallow extremely large seq buffer allocations [Orabug: 33135632] {CVE-2021-33909} oval:org.secpod.oval:def:1504642 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504625 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504629 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504708 [5.4.17-2036.104.4.el8uek] - KVM: arm64: guest context in x18 instead of x29 [Orabug: 32545182] [5.4.17-2036.104.3.el8uek] - config: enable CONFIG_MLX5_MPFS [Orabug: 32249042] - net: Fix bridge enslavement failure [Orabug: 32503298] - inet: do not call sublist_rcv on empty list [Orabug: 32512814 ... oval:org.secpod.oval:def:1504722 [5.4.17-2036.104.4.el8] - KVM: arm64: guest context in x18 instead of x29 [Orabug: 32545182] [5.4.17-2036.104.3.el8] - config: enable CONFIG_MLX5_MPFS [Orabug: 32249042] - net: Fix bridge enslavement failure [Orabug: 32503298] - inet: do not call sublist_rcv on empty list [Orabug: 32512814] - KV ... oval:org.secpod.oval:def:1503064 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504588 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504590 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504941 [2.56.4-10] - Fix various problems in GMainContext Resolves: #1953553 - Fix CVE-2021-27219 Resolves: #1960600 oval:org.secpod.oval:def:1505059 [2.56.4-10.1] - Fix CVE-2021-27218 Resolves: #1974888 oval:org.secpod.oval:def:1504927 [0.9.11-17] - Fix CVE-2020-25708 Resolves: #1898078 [0.9.11-16] - Fix CVE-2019-20839 Resolves: #1851032 - Fix CVE-2018-21247 Resolves: #1852516 - Fix CVE-2020-14405 Resolves: #1860527 - Fix CVE-2020-14397 Resolves: #1861152 oval:org.secpod.oval:def:1503019 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:70440 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503044 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503014 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503068 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504894 [4.18.0-305.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-305] - perf/x86/intel/uncore ... oval:org.secpod.oval:def:1502679 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505304 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506193 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php [7.4.30-1] - rebase to 7.4.30 #2099615 [7.4.19-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 [7.4.19-2] - fix SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705 - fix Local privilege escalation ... oval:org.secpod.oval:def:1506191 libzip [1.7.3-1] - update to 1.7.3 php-pecl-apcu [5.1.20-1] - update to 5.1.20 php-pecl-rrd [2.0.3-1] - update to 2.0.3 php-pecl-xdebug3 [3.1.2-1] - update to 3.1.2 rhbz#2030322 oval:org.secpod.oval:def:1505984 php [7.4.19-4] - fix uninitialized array in pg_query_params leading to RCE CVE-2022-31625 oval:org.secpod.oval:def:1505314 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505810 php [8.0.13-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 oval:org.secpod.oval:def:1505838 php [7.4.19-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 oval:org.secpod.oval:def:1503030 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505215 libzip php [7.4.19-1] - rebase to 7.4.19 #1944110 oval:org.secpod.oval:def:1505671 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php-pear [1:1.10.12-1] - update PEAR to 1.10.12 - update Archive_Tar to 1.4.9 - update Console_Getopt to 1.4.3 - update XML_Util to 1.4.5 php-pecl-apcu [5.1.18-1] - update to 5.1.18 php-pecl-rrd php-pecl-xdebug [2.9.5-1] - update to 2.9.5 php- ... oval:org.secpod.oval:def:1502673 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502684 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502685 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505317 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:72394 Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected. oval:org.secpod.oval:def:97485 X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays Rationale: XDMCP is inherently insecure. 1. XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a ... oval:org.secpod.oval:def:97482 The noexec mount option specifies that the filesystem cannot contain executable . Rationale: Since the /var/log filesystem is only intended for log files, set this option to ensure that users cannot run executable binaries from /var/log . oval:org.secpod.oval:def:97488 Journald (via systemd-journal-remote) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management.Rationale:Storing log data on a remote host protects log integrity from local attacks. If an attacker gains ... oval:org.secpod.oval:def:97473 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:97471 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:97477 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. The disable-user-list option controls is a list of users is displayed on the login screen. Rationale: Displaying the user list eliminates half of the Userid/Password equation that an unauthorized ... oval:org.secpod.oval:def:97478 By default GNOME automatically mounts removable media when inserted as a convenience to the user. Rationale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it ... oval:org.secpod.oval:def:97480 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var. oval:org.secpod.oval:def:97490 systemd-coredump file should configured properly oval:org.secpod.oval:def:97491 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log/audit filesystem is not intended to support devices, set this option to ensure that users cannot create a block or character special devices in /var/log/audit. oval:org.secpod.oval:def:97493 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log/audit filesystem is only intended for variable files such as logs, set this option to ensure that users cannot create setuid files in /var/log/audit. oval:org.secpod.oval:def:97465 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97486 Journald includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is the configuration file used to specify how logs generated by Journald should be rotated.Rationale:By keeping the log ... oval:org.secpod.oval:def:97487 Journald (via systemd-journal-remote) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management.Rationale:Storing log data on a remote host protects log integrity from local attacks. If an attacker gains ... oval:org.secpod.oval:def:97489 Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts.Rationale:If a client is configured to also receive data, thus turning it into a server, the client system is acting outside it's operational boundary. oval:org.secpod.oval:def:97463 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Unix-based systems have typically displayed information about the OS release and patch level upon logging in to the system. This information can be useful to developers who ... oval:org.secpod.oval:def:97466 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97467 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97468 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97474 The contents of the /etc/issue file are displayed to users prior to login for local terminals. Rationale: If the /etc/issue file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:97476 The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making /tmp its own file system allows an administrator to set the noexec option on the mount, making /tmp useless for an attacker to install executable code. It ... oval:org.secpod.oval:def:97483 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/log. oval:org.secpod.oval:def:97481 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /home filesystem is only intended for user file storage, set this option to ensure that users cannot create setuid files in /home oval:org.secpod.oval:def:97492 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/log/audit filesystem is only intended for audit logs, set this option to ensure that users cannot run executable binaries from /var/log/audit oval:org.secpod.oval:def:97461 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log . Any time a command i ... oval:org.secpod.oval:def:97462 The GNOME Display Manager (GDM) is a program that manages graphical display servers and handles graphical user logins. If a Graphical User Interface (GUI) is not required, it should be removed to reduce the attack surface of the system. oval:org.secpod.oval:def:97464 Ensure that the systemd-journald service is enabled to allow capturing of logging events. If the systemd-journald service is not enabled to start on boot, the system will not capture logging events. oval:org.secpod.oval:def:97469 sudo provides users with temporary elevated privileges to perform operations, either as the superuser or another user. Creating an audit log of users with temporary elevated privileges and the operation(s) they performed is essential to reporting. Administrators will want to correlate the events wr ... oval:org.secpod.oval:def:97479 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var/log. oval:org.secpod.oval:def:97484 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var. oval:org.secpod.oval:def:97472 Sudo caches used credentials for a default of 15 minutes. This is for ease of use when there are multiple administrative tasks to perform. The timeout can be modified to suit local security policies. oval:org.secpod.oval:def:97475 The contents of the file /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:1507386 [8.0.103-1.0.1] - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Backport MSBuild locale fix oval:org.secpod.oval:def:1507393 [7.0.117-1.0.1] - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port Revert Disable implicit rejection for RSA PKCS#1 patch oval:org.secpod.oval:def:97470 Without cryptographic integrity protections, information can be altered by unauthorized users which can not be detected.The system-wide crypto-policies followed by the crypto core components allow consistently deprecating and disabling algorithms system-wide. oval:org.secpod.oval:def:1505275 libecap squid [7:4.15-1] - new version 4.15 - Resolves: #1964384 - squid:4 rebase to 4.15 [7:4.11-5] - Resolves: #1944261 - CVE-2020-25097 squid:4/squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling oval:org.secpod.oval:def:1507051 [32:9.16.23-14.2] - stack exhaustion in control channel code may lead to DoS oval:org.secpod.oval:def:1507050 [32:9.11.36-8.2] - stack exhaustion in control channel code may lead to DoS oval:org.secpod.oval:def:1506737 [32:9.16.23-14.1] - Improve RBT overmem cache cleaning oval:org.secpod.oval:def:1506784 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505219 [4.18.0-348.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-348] - drm/nouveau/fifo/ga10 ... oval:org.secpod.oval:def:1505049 [5.4.17-2102.204.4.2.el8] - rds/ib: quarantine STALE mr before dereg [Orabug: 33150447] - rds/ib: update mr incarnation after forming inv wr [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean [Orabug: 33150427] - arm64: mm: kdump: Fix /proc/kcore [Orabug: 32570847] [5.4.17-2102.204.4.e ... oval:org.secpod.oval:def:1505047 [5.4.17-2102.204.4.2.el8uek] - rds/ib: quarantine STALE mr before dereg [Orabug: 33150447] [5.4.17-2102.204.4.1.el8uek] - rds/ib: update mr incarnation after forming inv wr [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean [Orabug: 33150427] - arm64: mm: kdump: Fix /proc/kcore [Orabug ... oval:org.secpod.oval:def:1506630 [4.18.0-477.13.1_8.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Remove upstream reference d ... oval:org.secpod.oval:def:1506633 [5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" - riscv: mm: remove redundant parameter of create_fdt_early_page_table - kernfs: change kernfs_rename_lock into a read-write loc ... oval:org.secpod.oval:def:1506947 [20230516-999.25.git6c9e0ed5.el8] - Add missing amd-ucode/ files to nano and core rpm - Add posttrans scriptlet to reload microcode on AMD - Recreate initramfs for AMD systems [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode oval:org.secpod.oval:def:1506907 [20230516-999.22.git6c9e0ed5.el8] - remove amd-ucode/README - Resolves Zenbleed {CVE-2023-20593} oval:org.secpod.oval:def:1506923 [20230516-999.20.git6c9e0ed5.el8] - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode [20230516-999.19.git6c9e0ed5.el8] - Rebase to upstream - Revert removal of old iwlwifi firmwares oval:org.secpod.oval:def:1507409 nodejs [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 - Fixes: CVE-2023-46809 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:1507112 Cython [0.29.21-5] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 mod_wsgi [4.7.1-5] - Core dumped upon file upload gt;= 1GB Resolves: rhbz#2125172 numpy [1.19.4-3] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933055 pybind11 [2.7.1 ... oval:org.secpod.oval:def:1507106 [3.6.8-51.0.1.2] - Security fix for CVE-2023-40217 Resolves: rhbz#2235789 oval:org.secpod.oval:def:1507108 babel Cython numpy pytest python2 [2.7.18-13.0.1.2] - Security fix for CVE-2023-40217 python2-pip python2-rpm-macros python2-setuptools python2-six python-attrs python-backports python-backports-ssl_match_hostname python-chardet python-coverage python-dns python-docs python-docutils python-funcsigs ... oval:org.secpod.oval:def:1505426 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505429 mod_wsgi [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.7.1-2] - Rebuilt for Python 3.9 [4.7.1-1] - update to 4.7.1 numpy [1.19.4-3] - Adjusted the postun scriptlets to enable ... oval:org.secpod.oval:def:1506425 [5.15.0-7.86.6.1.el8uek] - net/rds: Delegate fan-out to a background worker [Orabug: 35051226] [5.15.0-7.86.6.el8uek] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001044] - rds: ib: Make sure messages that errors out also get unmapped [Orabug: 35015598] - Ignor ... oval:org.secpod.oval:def:1506427 [5.15.0-7.86.6.1.el8uek] - net/rds: Delegate fan-out to a background worker [Orabug: 35051226] [5.15.0-7.86.6.el8uek] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001044] - rds: ib: Make sure messages that errors out also get unmapped [Orabug: 35015598] - Ignor ... oval:org.secpod.oval:def:1506635 [5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW [Orabug: 35449815] - KVM: arm64: Add kvm_vcpu_has_pmu helper [Orabug: 35 ... oval:org.secpod.oval:def:1506637 [5.15.0-101.103.2.1] - Revert "attr: use consistent sgid stripping checks" [Orabug: 35346968] - Revert "iommu: Force iommu shutdown on panic" [Orabug: 35346963] [5.15.0-101.103.2] - uek-rpm: mod-extra: Remove mt7921e.ko from extras list [Orabug: 34999685] - crypto: allow ECDH and ECDSA algorithms ... oval:org.secpod.oval:def:1506338 [5.4.17-2136.315.5.el8] - Revert xfs: fix use-after-free on CIL context on shutdown oval:org.secpod.oval:def:1506339 [5.4.17-2136.315.5.el8uek] - Revert xfs: Lower CIL flush limit for large logs oval:org.secpod.oval:def:1506762 [5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW [Orabug: 35449815] - KVM: arm64: Add kvm_vcpu_has_pmu helper [Orabug ... oval:org.secpod.oval:def:1506345 [5.15.0-6.80.3.1.el8] - Revert rds: ib: Enable FC by default oval:org.secpod.oval:def:1506340 [5.15.0-6.80.3.1.el8uek] - Revert rds: ib: Enable FC by default oval:org.secpod.oval:def:1507404 [42.2.14-3] - Fix CVE-2024-1597 oval:org.secpod.oval:def:1507384 [5.15.0-204.147.6.2.el8uek] - smb3: Replace smb2pdu 1-element arrays with flex-arrays [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove - hv_netvsc: Calculate correct ... oval:org.secpod.oval:def:1505737 maven-shared-utils [3.2.1-0.2] - Fix commandline injection vulnerability - Resolves: CVE-2022-29599 oval:org.secpod.oval:def:1505740 maven-shared-utils [3.2.1-0.4] - Build with OpenJDK 8 oval:org.secpod.oval:def:1507398 libecap squid [7:4.15-7.10] - Resolves: RHEL-19551 - squid:4/squid: denial of service in HTTP request parsing [7:4.15-7.9] - Resolves: RHEL-28611 - squid:4/squid: Denial of Service in HTTP Chunked Decoding [7:4.15-7.6] - Resolves: RHEL-26087 - squid:4/squid: denial of service in HTTP header parser oval:org.secpod.oval:def:1507237 libecap squid [7:4.15-7.5] - Fix squid: Denial of Service in SSL Certificate validation - Fix squid: NULL pointer dereference in the gopher protocol code - Fix squid: Buffer over-read in the HTTP Message processing feature - Fix squid: Incorrect Check of Function Return Value In Helper Process ma ... oval:org.secpod.oval:def:1504515 dleyna-renderer [0.6.0-3] - Add a manual Resolves: #1612579 frei0r-plugins [1.6.1-7] - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz#1703994 gdm [3.28.3-34] - Fix file descriptor leak Resolves: #1877853 [3.28.3-33] - Fix problem with Xorg fal ... oval:org.secpod.oval:def:1506435 php [8.0.27-1] - rebase to 8.0.27 oval:org.secpod.oval:def:1506755 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support [1.5.2-1] - update to 1.5.2 - add all explicit cmake options to ensure openssl is used even in local build with other lilbraries available [1.5.1-1] - update to 1.5.1 - drop dependency on zlib-devel and bzip2-devel no more referenced in libzip ... oval:org.secpod.oval:def:1507111 [1:9.0.62-5.2] - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack oval:org.secpod.oval:def:1507109 varnish [6.0.8-3.1] - Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487 varnish-modules oval:org.secpod.oval:def:1507401 nodejs [1:16.20.2-4.0.1] - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging [26-1] - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df oval:org.secpod.oval:def:1507181 [4.18.0-513.9.1.el8_9.OL8] - media: dvb-core: Fix use-after-free due to race at dvb_register_device {CVE-2022-45884} - cifs: Fix UAF in cifs_demultiplex_thread {CVE-2023-1192} - nvmet-tcp: Fix a possible UAF in queue intialization setup {CVE-2023-5178} - net: tun: fix bugs for oversize packet whe ... oval:org.secpod.oval:def:1506434 [4.16.4-4.0.1] - Gluster volumes not accessible via Samba due to missing samba-vfs-glusterfs in OL8 [Orabug: 30205755] [4.16.4-4] - related: rhbz#2154369 - Add additional patch for CVE-2022-38023 [4.16.4-3] - resolves: rhbz#2154369 - Fix CVE-2022-38023 [4.16.4-2] - resolves: rhbz#2120956 - Do not re ... oval:org.secpod.oval:def:1504898 openchange [2.3-27.0.1] - Use ldconfig_scriptlets [2.3-27] - Rebuild for newer samba samba [4.13.3-3] - resolves: #1924615 - Fix a memcache bug when cache is full - resolves: #1924571 - Ensure that libwbclient has been updated before restarting services [4.13.3-2] - resolves: #1909647 - Fix winbind ... oval:org.secpod.oval:def:1506754 [0.9.6-10] - Add missing ci.fmf file - Related: rhbz#2182251, rhbz#2189742 [0.9.6-9] - Fix covscan errors found at gating - Related: rhbz#2182251, rhbz#2189742 [0.9.6-8] - Backport test fixing commits to make the build pass - Related: rhbz#2182251, rhbz#2189742 [0.9.6-7] - Fix NULL dereference durin ... oval:org.secpod.oval:def:1505309 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505225 bind-dyndb-ldap [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 ipa [4.9.2-3.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.2-3] - ipa-client-install displays false message "sudo binary does not ... oval:org.secpod.oval:def:1505291 [0.10.10-4.0.1] - Replace HAM-logo.png with a generic one [0.10.10-4] - Fixed unfencing in - Resolves: rhbz#bz1991654 [0.10.10-3] - Added add/remove syntax for command - Resolves: rhbz#1992668 [0.10.10-2] - Fixed create resources with depth operation attribute - Resolves: rhbz#1998454 [0.10.10-1] - ... oval:org.secpod.oval:def:1504916 httpd [2.4.37-39.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-39] - prevent htcacheclean from while break when first file processed [2.4.37-38] - Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files cre ... oval:org.secpod.oval:def:1506778 [0.10.15-4.0.1.el8_8.1] - Replace HAM-logo.png with a generic one [0.10.15-4.el8_8.1] - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was broken since Pacemaker-2.1.5-rc1 - Updated bundled rubyge ... oval:org.secpod.oval:def:1507368 buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-26] - rebuild with golang 1.20.12 for CVE-2023-39326 python-podman runc [1:1.1.12-1.0.1] - rebuild with golang 1.20.12 for CVE-2023-393 ... oval:org.secpod.oval:def:1506726 cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New up ... oval:org.secpod.oval:def:1506787 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506579 delve [1.9.1-1.0.1] - Disable DWARF compression which has issues [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204473 go-toolset [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204473 oval:org.secpod.oval:def:1506766 [3.2.0-2] - Rebuild with Golang-1.19.4 - Resolves: #2163744 [3.2.0-1] - Update to version 3.2.0 - Resolves: #2139382 [2.13.3-2] - Define %gobuild macro with proper ldflags - Related: rhbz#2021549 [2.13.3-1] - Update to version 2.13.3 - Fixed round brackets in Provides - Moved manpages.tgz to look-a- ... oval:org.secpod.oval:def:1506777 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506590 delve [1.9.1-1.0.1] - Disable DWARF compression which has issues [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.6-1] - Rebase to Go 1.19.6 - Resolves: rhbz#2174430 [1.19.4-2] - Fix memory leaks in EVP_{sign,verify}_raw - Resolves: rhbz#2132767 go-toolset [1.19.6-1] - Rebase to Go ... oval:org.secpod.oval:def:1507145 [5.4.17-2136.325.5.el8uek] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer when access dtc object sharing the sa ... oval:org.secpod.oval:def:1506518 [5.4.17-2136.318.7.1.el8] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time [Orabug: 33312587] - KVM: arm64: Don"t zero the cycle count register when PMCR_EL0.P is set oval:org.secpod.oval:def:1506515 [5.4.17-2136.318.7.1.el8uek] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time [Orabug: 33312587] - KVM: arm64: Don"t zero the cycle count register when PMCR_EL0.P is set oval:org.secpod.oval:def:1505817 [2.02-123.0.7.el8_6.8] - Enable back btrfs module by default [Orabug: 34377188] [2.02-123.0.6.el8_6.8] - Backport upstream SNP protocol fixes [Orabug: 34195100] [2.02-123.0.5.el8_6.8] - Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232] [2.02-123.0.4.el8_ ... oval:org.secpod.oval:def:1506392 [2.02-142.0.3.el8_7.1] - Fix CVE-2022-3775, CVE-2022-2601 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don"t try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set [Orabug: 34375996] - Enable back btrfs module by default [Orabug: ... oval:org.secpod.oval:def:1505998 [4.18.0-372.26.1.0.1.el8_6.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15-11.0.5 debug: lock ... oval:org.secpod.oval:def:1507366 [4.18.0-513.18.0.2.el8_9] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade "rt" to "sc" when it becomes a inner curve {CVE-2023-4623} - x86/sev: Check for user-space IOIO pointing to kernel space {CVE-2023-46813} - x86/sev: Check IOBM for IOIO ... oval:org.secpod.oval:def:1507377 [4.18.0-513.18.1.el8_9.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 = 15.3-1.0.3 - Remove ups ... oval:org.secpod.oval:def:1505818 [4.18.0-372.16.1.0.1.el8_6.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less than or equal 15 ... oval:org.secpod.oval:def:1505839 [4.18.0-372.9.1.0.2.el8.OL8] - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.9.1.0.1.el8.OL8] - mei: me: disable driver on the ign firmware [Orabug: 34176425] oval:org.secpod.oval:def:1506178 [4.18.0-425.3.1.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Remove upstream reference duri ... oval:org.secpod.oval:def:1507232 [1.13.1-2.4] - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty - xorg-x11-server: Use-after-free bug in DestroyWindow - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions - xorg-x11-server: out-of-bounds memory read in RRChangeOutputProp ... oval:org.secpod.oval:def:1506589 [4.9-2.0.1.2] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2.2] - Update libreswan-4.9-2176248-authby-rsasig.patch [4.9-2.1] - Resolves: rhbz#2187647 authby=rsasig fails in FIPS policy [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector lengt ... oval:org.secpod.oval:def:1506583 [4.9-3.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-3] - Fix CVE-2023-30570: Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz#2187179 oval:org.secpod.oval:def:1507405 delve [1.20.2-1.0.1] - Disable DWARF compression which has issues [1.20.2-1] - Rebase to 1.20.2 - Resolves: rhbz#2186495 golang [1.20.12-3] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-2] - Fix sources file - Related: RHEL-19231 go-toolset oval:org.secpod.oval:def:1507412 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 oval:org.secpod.oval:def:1507140 libecap squid [4.15-6.0.1] - Improve HTTP chunked encoding compliance - Fix stack buffer overflow when parsing Digest Authorization oval:org.secpod.oval:def:1505298 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505687 [1.8.7-1] - Rebase to 1.8.7 [1.8.6-1] - Rebase to 1.8.6 [1.8.5-6] - Fix CVE-2021-41133 oval:org.secpod.oval:def:1507361 [1.16.2-5.2] - bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator - bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources oval:org.secpod.oval:def:1507391 [2.79-31.2] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25628 - Resolves: RHEL-25666 [2.79-31.1] - Do not crash on invalid domain in --synth-domain option [2.79-31] - Do not create and search --local and --address=/x/# domains [2.79-30] - Make create logfile writeable by root [2.79-2 ... oval:org.secpod.oval:def:1507407 [115.9.1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.9.1] - Add debranding patches - Add OpenELA default preferences [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-5242 ... oval:org.secpod.oval:def:1506763 ruby [2.7.8-139] - Upgrade to Ruby 2.7.8. Resolves: rhbz#2149262 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in Time. Resolves: CVE-2023-28756 rubygem-abrt [0.4.0-1] - Update to abrt 0.4.0. Resolv ... oval:org.secpod.oval:def:1506773 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.1.1-6-el8] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: do not byteswap padding [Orabug: 35304723] - ... oval:org.secpod.oval:def:1506441 [3.6.8-48.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-48.1] - Security fixes for CVE-2020-10735, CVE-2021-28861 and CVE-2022-45061 Resolves: rhbz#1834423, rhbz#2120642, rhbz#2144072 oval:org.secpod.oval:def:1506756 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506769 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506723 hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-40] - build: change dependency to allow post install erasing of /usr/bin/nc [Orabug: 35289777] - util: Make virFileClose quiet on success [Orabug: 35090886] [5.7.0-39] - exadata: update maxvcpus for vNUMA only [Orabug: 34863357 ... oval:org.secpod.oval:def:1506007 galera [25.3.35-1] - Rebase to 25.3.35 mariadb [3:10.3.35-1] - Rebase to 10.3.35 [3:10.3.34-1] - Rebase to 10.3.34 oval:org.secpod.oval:def:1505665 [2.34.6-1] - Update to 2.34.6 Related: #1985042 [2.34.5-1] - Update to 2.34.5 - Related: #1985042 [2.34.4-1] - Update to 2.34.4 - Resolves: #1985042 [2.32.4-1] - Update to 2.32.4 - Related: #1985042 - Resolves: #2006429 oval:org.secpod.oval:def:1505721 nodejs [1:16.14.0-4] - Apply lock file validation fixes - Resolves CVE-2021-43616 - Resolves: RHBZ#2070012 oval:org.secpod.oval:def:1505312 clang [12.0.1-4.0.1] - Use all available CPU cores for build - Recognize Oracle Linux distros [OraBug: 29422714] [12.0.1-4] - Trojan source clang-tidy patchset fix [12.0.1-3] - Trojan source clang-tidy patchset oval:org.secpod.oval:def:1505325 rust [1.54.0-3] - Lint against Unicode control codepoints. rust-toolset [1.54.0-1] - Update to Rust and Cargo 1.54.0. [1.53.0-1] - Update to Rust and Cargo 1.53.0. oval:org.secpod.oval:def:1505220 [2.36.1-1.0.1.1] - Forward port Oracle patches from 2.36.1-1.0.1 - Reviewed-by: Jose E. Marchesi [2.36.1-1.1] - Add ability to control the display of unicode characters oval:org.secpod.oval:def:1505202 [2.30-108.0.2.1] - Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1 - Reviewed-by: Jose E. Marchesi [2.30-108.0.2] - Forward-port the following update: * Thu Oct 07 2021 Nick Alcock - 2.30-93.0.4 - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps - Backport test r ... oval:org.secpod.oval:def:1505207 [2.35-8.6] - Add ability to control the display of unicode characters oval:org.secpod.oval:def:1505293 [8.5.0-4.0.1] - Merge oracle patches to security errata 8.5.0-4. Reviewed-by: Jose E. Marchesi [8.5.0-4] - add -Wbidirectional patch oval:org.secpod.oval:def:1505299 [10.3.1-1.2.0.1] - Fix Orabug 32423691- gcc10 SEGV for every test in sregress: ORA-7445_ksmplru_add_batchksm same bug as PR tree-optimization/100053: gcc11-pr100053.patch - Fix Orabug 31197798 same bug as PR gcov-profile/95348: gcc11-pr95348.patch - Introduce "oracle_release" into .spec file. Echo ... oval:org.secpod.oval:def:1505276 [9.29-1.2] - Bump and rebuild for new gcc. [9.29-1.1] - Annocheck: Add test for multibyte characters in symbol names oval:org.secpod.oval:def:1505278 [9.72-1.2] - Bump NVR and rebuild to use the new gcc. [9.72-1.1] - Annocheck: Add test for multibyte characters in symbol names. [9.72-1] - Rebase to 9.72. - annocheck: Accept 0 as a valid number for gcc minor versions and release numbers. - gcc-plugin: Add support for ARM and RISCV targets. - ti ... oval:org.secpod.oval:def:1505283 [11.2.1-1.2.0.1] - Add -ftrivial-auto-var-init support from GCC12 Reviewed-by: Jose E. Marchesi - Add CTF/BTF support Reviewed-by: Qing Zhao [11.2.1-1.2] - add -Wbidirectional patch oval:org.secpod.oval:def:1505282 [9.85-1.1] - Annocheck: Add test for multibyte characters in symbol names oval:org.secpod.oval:def:1505266 accountsservice [0.6.55-2] - Add support for user templates so user can specify default session Resolves: #1812788 gdm [40.0-14] - Fix XDMCP Resolves: #2004170 - Fix crash at shutdown Related: #2004170 [40.0-13] - Disable Wayland on HyperV - Fix Xorg fallback Related: #1998989 [40.0-12] - Redisable ... oval:org.secpod.oval:def:1506442 [2.36.7-1.2] - Add patch for CVE-2023-23529 Resolves: #2170007 oval:org.secpod.oval:def:1506792 [2.38.5-1] - Update to 2.38.5 Related: #2127468 [2.38.4-1] - Update to 2.38.4 Related: #2127468 [2.38.3-1] - Update to 2.38.3 Related: #2127468 [2.38.2-1] - Update to 2.38.2 Related: #2127468 [2.38.1-2] - Fix crashes on aarch64 Enable WPE renderer Related: #2127468 [2.38.1-1] - Update to 2.38.1 Rela ... oval:org.secpod.oval:def:1506578 [2.38.5-1.3] - Restore libwpe and wpebackend-fdo dependencies Related: #2185741 [2.38.5-1.2] - Disable libwpe and wpebackend-fdo dependencies Related: #2185741 [2.38.5-1.1] - Add patch for CVE-2023-28205 Resolves: #2185741 [2.38.5-1] - Update to 2.38.5 Related: #2127468 [2.38.4-1] - Update to 2.38 ... oval:org.secpod.oval:def:1506744 [4.0.9-27] - Fix various CVEs - Resolves: CVE-2022-3627 CVE-2022-3970 oval:org.secpod.oval:def:1506528 [2.36.7-1.3] - Add patch for CVE-2023-28205 Resolves: #2185740 oval:org.secpod.oval:def:1504899 [1.7.3-15] - Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key - Resolves: rhbz#1714175 - Use system-wide crypto policy setting instead of custom setting - Resolves: rhbz#1842837 - Enable additional logging in unbound - Resolves: rhbz#1850460 - security hardening from x41 r ... oval:org.secpod.oval:def:1505191 bind-dyndb-ldap [11.3-1] - New upstream release - Resolves: rhbz#1845211 ipa [4.8.7-12.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.8.7-12] - Require selinux sub package in the proper version Related: RHBZ#1868432 - SELinux: do not double-define node_t and pki_tomcat_ ... oval:org.secpod.oval:def:1505301 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505300 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504540 createrepo_c [0.11.0-3] - Backport patch to switch off timestamps on documentation in order to remove file conflicts [0.11.0-2] - Consistently produce valid URLs by prepending protocol. - modifyrepo_c: Prevent doubling of compression - Correct pkg count in headers if there were invalid pkgs - A ... oval:org.secpod.oval:def:1502706 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502705 The advisory is missing the security advisory description. For more information please visit the reference link |