Receita

[P0RTW0N]

📝 Description

Please include a summary of the changes.

• Added all 'Receita' endpoints

🧪 Testing

Please describe the tests that you ran to verify your changes.

• Added test to 'Receita' endpoints

✅ Checklist before requesting a review

• The code performs its intended function, the logic is correct etc.
• The code is easy to understand.
• The code is commented, particularly in hard-to-understand areas.
• I have performed a self-review of my own code.
• I have made corresponding changes to the documentation.
• There is no redundant or duplicate code.
• The code follows the defined style guide.
• The code is as modular as possible.
• I have added tests that prove my fix is effective or that my feature works.
• No part of the code can be replaced by library functions.
• No logging or debugging code is left in my code.
• The code passes CI.
• The code is not invoking memory leaks.
• The properties are declared with correct storage semmantics.
• Good names are used for variables, functions, classes, etc.

📦 Type of change

What types of changes does your code introduce? Put an x in all the boxes that apply:

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

🗓️ Milestone

• milestone 1
• milestone 2
• milestone 3

🔗 Linked issues

• issue 1
• issue 2
• issue 3

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[github-actions]

🔍 Vulnerabilities of 1230199/desofs2024_m1b_2-desof-api:latest

📦 Image Reference 1230199/desofs2024_m1b_2-desof-api:latest

digest	sha256:c667143de1d1e7bb6adab30c0cbddc8017f34aea55268e3cb1037fc1c44955f5
vulnerabilities
size	297 MB
packages	228

📦 Base Image openjdk:17

also known as	17-jdk 17-jdk-oracle 17-jdk-oraclelinux8 17-oracle 17-oraclelinux8 17.0 17.0-jdk 17.0-jdk-oracle 17.0-jdk-oraclelinux8 17.0-oracle 17.0-oraclelinux8 17.0.2 17.0.2-jdk 17.0.2-jdk-oracle 17.0.2-jdk-oraclelinux8 17.0.2-oracle 17.0.2-oraclelinux8 jdk jdk-oracle jdk-oraclelinux8 latest oracle oraclelinux8
digest	sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13
vulnerabilities

glibc-common 2.28-164.0.5.el8_5.3 (rpm) pkg:rpm/oraclelinux/glibc-common@2.28-164.0.5.el8_5.3?os_name=oraclelinux&os_version=8 Affected range <0:2.28-236.0.1.el8_9.13 Fixed version 0:2.28-236.0.1.el8_9.13 EPSS Score 0.04% EPSS Percentile 12th percentile Description glibc security update [2.28-236.0.1.13] Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi Affected range <0:2.28-225.0.4.el8 Fixed version 0:2.28-225.0.4.el8 EPSS Score 1.57% EPSS Percentile 87th percentile Description glibc security update [2.28-225.0.4] CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.10% EPSS Percentile 42nd percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.10% EPSS Percentile 40th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.09% EPSS Percentile 38th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com

glibc 2.28-164.0.5.el8_5.3 (rpm) pkg:rpm/oraclelinux/glibc@2.28-164.0.5.el8_5.3?os_name=oraclelinux&os_version=8 Affected range <0:2.28-236.0.1.el8_9.13 Fixed version 0:2.28-236.0.1.el8_9.13 EPSS Score 0.04% EPSS Percentile 12th percentile Description glibc security update [2.28-236.0.1.13] Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 1.57% EPSS Percentile 87th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.10% EPSS Percentile 42nd percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.10% EPSS Percentile 40th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.09% EPSS Percentile 38th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com

glibc-minimal-langpack 2.28-164.0.5.el8_5.3 (rpm) pkg:rpm/oraclelinux/glibc-minimal-langpack@2.28-164.0.5.el8_5.3?os_name=oraclelinux&os_version=8 Affected range <0:2.28-236.0.1.el8_9.13 Fixed version 0:2.28-236.0.1.el8_9.13 EPSS Score 0.04% EPSS Percentile 12th percentile Description glibc security update [2.28-236.0.1.13] Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi Affected range <0:2.28-225.0.4.el8 Fixed version 0:2.28-225.0.4.el8 EPSS Score 1.57% EPSS Percentile 87th percentile Description glibc security update [2.28-225.0.4] CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.10% EPSS Percentile 42nd percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.10% EPSS Percentile 40th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com Affected range <0:2.28-225.0.4.el8_8.6 Fixed version 0:2.28-225.0.4.el8_8.6 EPSS Score 0.09% EPSS Percentile 38th percentile Description glibc security update [2.28-225.0.4.6] CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. CVE-2203-4806: potential use-after-free in getaddrinfo. CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose E. Marchesi jose.marchesi@oracle.com

openssl 1:1.1.1k-6.el8_5 (rpm) pkg:rpm/oraclelinux/openssl@1:1.1.1k-6.el8_5?os_name=oraclelinux&os_version=8 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.21% EPSS Percentile 59th percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.30% EPSS Percentile 69th percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.12% EPSS Percentile 46th percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.16% EPSS Percentile 52nd percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-7.el8_6 Fixed version 1:1.1.1k-7.el8_6 EPSS Score 0.36% EPSS Percentile 72nd percentile Description openssl security update [1:1.1.1k-7] Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 Update expired certificates used in the testsuite Resolves: rhbz#2100554 Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 Affected range <1:1.1.1k-7.el8_6 Fixed version 1:1.1.1k-7.el8_6 EPSS Score 8.51% EPSS Percentile 94th percentile Description openssl security update [1:1.1.1k-7] Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 Update expired certificates used in the testsuite Resolves: rhbz#2100554 Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 Affected range <1:1.1.1k-7.el8_6 Fixed version 1:1.1.1k-7.el8_6 EPSS Score 10.65% EPSS Percentile 95th percentile Description openssl security update [1:1.1.1k-7] Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 Update expired certificates used in the testsuite Resolves: rhbz#2100554 Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 Affected range <1:1.1.1k-12.el8_9 Fixed version 1:1.1.1k-12.el8_9 EPSS Score 0.11% EPSS Percentile 44th percentile Description openssl security update [1:1.1.1k-12] Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 Affected range <1:1.1.1k-12.el8_9 Fixed version 1:1.1.1k-12.el8_9 EPSS Score 0.13% EPSS Percentile 48th percentile Description openssl security update [1:1.1.1k-12] Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 Affected range <1:1.1.1k-12.el8_9 Fixed version 1:1.1.1k-12.el8_9 EPSS Score 0.22% EPSS Percentile 59th percentile Description openssl security update [1:1.1.1k-12] Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239

openssl-libs 1:1.1.1k-6.el8_5 (rpm) pkg:rpm/oraclelinux/openssl-libs@1:1.1.1k-6.el8_5?os_name=oraclelinux&os_version=8 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.21% EPSS Percentile 59th percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.30% EPSS Percentile 69th percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.12% EPSS Percentile 46th percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-9.el8_7 Fixed version 1:1.1.1k-9.el8_7 EPSS Score 0.16% EPSS Percentile 52nd percentile Description openssl security update [1:1.1.1k-9] Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] Fix no-ec build Resolves: rhbz#2071020 Affected range <1:1.1.1k-7.el8_6 Fixed version 1:1.1.1k-7.el8_6 EPSS Score 0.36% EPSS Percentile 72nd percentile Description openssl security update [1:1.1.1k-7] Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 Update expired certificates used in the testsuite Resolves: rhbz#2100554 Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 Affected range <1:1.1.1k-7.el8_6 Fixed version 1:1.1.1k-7.el8_6 EPSS Score 8.51% EPSS Percentile 94th percentile Description openssl security update [1:1.1.1k-7] Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 Update expired certificates used in the testsuite Resolves: rhbz#2100554 Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 Affected range <1:1.1.1k-7.el8_6 Fixed version 1:1.1.1k-7.el8_6 EPSS Score 10.65% EPSS Percentile 95th percentile Description openssl security update [1:1.1.1k-7] Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 Update expired certificates used in the testsuite Resolves: rhbz#2100554 Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 Affected range <1:1.1.1k-12.el8_9 Fixed version 1:1.1.1k-12.el8_9 EPSS Score 0.11% EPSS Percentile 44th percentile Description openssl security update [1:1.1.1k-12] Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 Affected range <1:1.1.1k-12.el8_9 Fixed version 1:1.1.1k-12.el8_9 EPSS Score 0.13% EPSS Percentile 48th percentile Description openssl security update [1:1.1.1k-12] Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 Affected range <1:1.1.1k-12.el8_9 Fixed version 1:1.1.1k-12.el8_9 EPSS Score 0.22% EPSS Percentile 59th percentile Description openssl security update [1:1.1.1k-12] Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239

libksba 1.3.5-7.el8 (rpm) pkg:rpm/oraclelinux/libksba@1.3.5-7.el8?os_name=oraclelinux&os_version=8 Affected range <0:1.3.5-9.el8_7 Fixed version 0:1.3.5-9.el8_7 EPSS Score 0.20% EPSS Percentile 57th percentile Description libksba security update [1.3.5-9] Fix for CVE-2022-47629 (#2161571) Affected range <0:1.3.5-8.el8_6 Fixed version 0:1.3.5-8.el8_6 EPSS Score 0.47% EPSS Percentile 75th percentile Description libksba security update [1.3.5-8] Fix for CVE-2022-3515 (#2135702)

org.springframework/spring-web 6.1.4 (maven) pkg:maven/org.springframework/spring-web@6.1.4 Affected range >=6.1.0 <6.1.6 Fixed version 6.1.6 CVSS Score 8.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N EPSS Score 0.04% EPSS Percentile 8th percentile Description Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. URL Redirection to Untrusted Site ('Open Redirect') Affected range >=6.1.0 <6.1.5 Fixed version 6.1.5 CVSS Score 8.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N EPSS Score 0.04% EPSS Percentile 8th percentile Description Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.

expat 2.2.5-4.0.1.el8_5.3 (rpm) pkg:rpm/oraclelinux/expat@2.2.5-4.0.1.el8_5.3?os_name=oraclelinux&os_version=8 Affected range <0:2.2.5-8.0.1.el8_6.3 Fixed version 0:2.2.5-8.0.1.el8_6.3 EPSS Score 0.56% EPSS Percentile 78th percentile Description expat security update Affected range <0:2.2.5-11.0.1.el8_9.1 Fixed version 0:2.2.5-11.0.1.el8_9.1 EPSS Score 0.06% EPSS Percentile 23rd percentile Description expat security update [2.2.5-11.0.1.1] lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-11.1] CVE-2023-52425 expat: parsing large tokens can trigger a denial of service Resolves: RHEL-29321 Affected range <0:2.2.5-10.0.1.el8_7.1 Fixed version 0:2.2.5-10.0.1.el8_7.1 EPSS Score 0.52% EPSS Percentile 77th percentile Description expat security update [2.2.5-10.0.1] lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-10.1] CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate Resolves: CVE-2022-43680 Affected range <0:2.2.5-8.0.1.el8_6.2 Fixed version 0:2.2.5-8.0.1.el8_6.2 EPSS Score 0.89% EPSS Percentile 83rd percentile Description expat security update [2.2.5-8.0.1.2] lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-8.2] Improve fix for CVE-2022-25313 Related: CVE-2022-25313 [2.2.5-8.1] Fix multiple CVEs Resolves: CVE-2022-25314 Resolves: CVE-2022-25313 Affected range <0:2.2.5-8.0.1.el8_6.2 Fixed version 0:2.2.5-8.0.1.el8_6.2 EPSS Score 0.64% EPSS Percentile 79th percentile Description expat security update [2.2.5-8.0.1.2] lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-8.2] Improve fix for CVE-2022-25313 Related: CVE-2022-25313 [2.2.5-8.1] Fix multiple CVEs Resolves: CVE-2022-25314 Resolves: CVE-2022-25313

systemd 239-51.0.1.el8_5.5 (rpm) pkg:rpm/oraclelinux/systemd@239-51.0.1.el8_5.5?os_name=oraclelinux&os_version=8 Affected range <0:239-58.0.1.el8_6.4 Fixed version 0:239-58.0.1.el8_6.4 EPSS Score 0.21% EPSS Percentile 59th percentile Description systemd security update [239-58.0.1.4] Disable unprivileged BPF by default [Orabug: 32870980] backport upstream pstore tmpfiles patch [Orabug: 31420486] udev rules: fix memory hot add and remove [Orabug: 31310273] fix to enable systemd-pstore.service [Orabug: 30951066] journal: change support URL shown in the catalog entries [Orabug: 30853009] fix to generate systemd-pstore.service file [Orabug: 30230056] fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-58.4] resolved: pin stream while calling callbacks for it (#2110548) Affected range <0:239-74.0.4.el8_8.2 Fixed version 0:239-74.0.4.el8_8.2 EPSS Score 0.05% EPSS Percentile 16th percentile Description systemd security and bug fix update [239-74.0.4.2] Fix CVE-2023-26604 pager: set whenver we invoke a pager (lukas.lipinsky@oracle.com) (#2175624) pager: make pager secure when under euid is changed or explicitly requested (lukas.lipinsky@oracle.com) (#2175624) pager: lets check SYSTEMD_PAGERSECURE with secure_getenv() (lukas.lipinsky@oracle.com) (#2175624) pstore: fix crash and forward dummy arguments instead of NULL (lukas.lipinsky@oracle.com) (#2190151) Affected range <0:239-68.0.2.el8_7.4 Fixed version 0:239-68.0.2.el8_7.4 EPSS Score 0.04% EPSS Percentile 8th percentile Description systemd security and bug fix update [239-68.0.2] Backport upstream pstore dmesg fix [Orabug: 34850699] Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] Disable unprivileged BPF by default [Orabug: 32870980] backport upstream pstore tmpfiles patch [Orabug: 31420486] udev rules: fix memory hot add and remove [Orabug: 31310273] fix to enable systemd-pstore.service [Orabug: 30951066] journal: change support URL shown in the catalog entries [Orabug: 30853009] fix to generate systemd-pstore.service file [Orabug: 30230056] fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-68.4] basic: add STRERROR() wrapper for strerror_r() (#2155519) coredump: put context array into a struct (#2155519) coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155519) [239-68.3] core: bring manager_startup() and manager_reload() more inline (#2164049) Affected range <0:239-68.0.2.el8_7.1 Fixed version 0:239-68.0.2.el8_7.1 EPSS Score 0.04% EPSS Percentile 12th percentile Description systemd security and bug fix update [239-68.0.2.1] Backport upstream pstore dmesg fix [Orabug: 34850699] Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] Disable unprivileged BPF by default [Orabug: 32870980] backport upstream pstore tmpfiles patch [Orabug: 31420486] udev rules: fix memory hot add and remove [Orabug: 31310273] fix to enable systemd-pstore.service [Orabug: 30951066] journal: change support URL shown in the catalog entries [Orabug: 30853009] fix to generate systemd-pstore.service file [Orabug: 30230056] fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-68.1] time-util: fix buffer-over-run (#2139390) core: move reset_arguments() to the end of main's finish (#2127170)

systemd-libs 239-51.0.1.el8_5.5 (rpm) pkg:rpm/oraclelinux/systemd-libs@239-51.0.1.el8_5.5?os_name=oraclelinux&os_version=8 Affected range <0:239-58.0.1.el8_6.4 Fixed version 0:239-58.0.1.el8_6.4 EPSS Score 0.21% EPSS Percentile 59th percentile Description systemd security update [239-58.0.1.4] Disable unprivileged BPF by default [Orabug: 32870980] backport upstream pstore tmpfiles patch [Orabug: 31420486] udev rules: fix memory hot add and remove [Orabug: 31310273] fix to enable systemd-pstore.service [Orabug: 30951066] journal: change support URL shown in the catalog entries [Orabug: 30853009] fix to generate systemd-pstore.service file [Orabug: 30230056] fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-58.4] resolved: pin stream while calling callbacks for it (#2110548) Affected range <0:239-74.0.4.el8_8.2 Fixed version 0:239-74.0.4.el8_8.2 EPSS Score 0.05% EPSS Percentile 16th percentile Description systemd security and bug fix update [239-74.0.4.2] Fix CVE-2023-26604 pager: set whenver we invoke a pager (lukas.lipinsky@oracle.com) (#2175624) pager: make pager secure when under euid is changed or explicitly requested (lukas.lipinsky@oracle.com) (#2175624) pager: lets check SYSTEMD_PAGERSECURE with secure_getenv() (lukas.lipinsky@oracle.com) (#2175624) pstore: fix crash and forward dummy arguments instead of NULL (lukas.lipinsky@oracle.com) (#2190151) Affected range <0:239-68.0.2.el8_7.4 Fixed version 0:239-68.0.2.el8_7.4 EPSS Score 0.04% EPSS Percentile 8th percentile Description systemd security and bug fix update [239-68.0.2] Backport upstream pstore dmesg fix [Orabug: 34850699] Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] Disable unprivileged BPF by default [Orabug: 32870980] backport upstream pstore tmpfiles patch [Orabug: 31420486] udev rules: fix memory hot add and remove [Orabug: 31310273] fix to enable systemd-pstore.service [Orabug: 30951066] journal: change support URL shown in the catalog entries [Orabug: 30853009] fix to generate systemd-pstore.service file [Orabug: 30230056] fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-68.4] basic: add STRERROR() wrapper for strerror_r() (#2155519) coredump: put context array into a struct (#2155519) coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155519) [239-68.3] core: bring manager_startup() and manager_reload() more inline (#2164049) Affected range <0:239-68.0.2.el8_7.1 Fixed version 0:239-68.0.2.el8_7.1 EPSS Score 0.04% EPSS Percentile 12th percentile Description systemd security and bug fix update [239-68.0.2.1] Backport upstream pstore dmesg fix [Orabug: 34850699] Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] Disable unprivileged BPF by default [Orabug: 32870980] backport upstream pstore tmpfiles patch [Orabug: 31420486] udev rules: fix memory hot add and remove [Orabug: 31310273] fix to enable systemd-pstore.service [Orabug: 30951066] journal: change support URL shown in the catalog entries [Orabug: 30853009] fix to generate systemd-pstore.service file [Orabug: 30230056] fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-68.1] time-util: fix buffer-over-run (#2139390) core: move reset_arguments() to the end of main's finish (#2127170)

zlib 1.2.11-17.el8 (rpm) pkg:rpm/oraclelinux/zlib@1.2.11-17.el8?os_name=oraclelinux&os_version=8 Affected range <0:1.2.11-18.el8_5 Fixed version 0:1.2.11-18.el8_5 EPSS Score 0.28% EPSS Percentile 68th percentile Description zlib security update [1.2.11-18] Resolves: CVE-2018-25032 [1.2.11-17] Fixed DFLTCC compression level switching issues (#1875492) Enabled HW compression for compression levels 1 through 6 (#1847438) Fixed inflateSyncPoint() bad return value on z15 (#1888930) Affected range <0:1.2.11-19.el8_6 Fixed version 0:1.2.11-19.el8_6 EPSS Score 0.34% EPSS Percentile 71st percentile Description zlib security update [1.2.11.19] Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c Resolves: CVE-2022-37434

libnghttp2 1.33.0-3.el8_2.1 (rpm) pkg:rpm/oraclelinux/libnghttp2@1.33.0-3.el8_2.1?os_name=oraclelinux&os_version=8 Affected range <0:1.33.0-5.el8_8 Fixed version 0:1.33.0-5.el8_8 EPSS Score 72.01% EPSS Percentile 98th percentile Description nghttp2 security update [1.33.0-5] fix HTTP/2 Rapid Reset (CVE-2023-44487) [1.33.0-4] prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080)

org.springframework.security/spring-security-core 6.2.2 (maven) pkg:maven/org.springframework.security/spring-security-core@6.2.2 Improper Authentication Affected range >=6.2.0 <6.2.3 Fixed version 6.2.3 CVSS Score 8.2 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N EPSS Score 0.04% EPSS Percentile 8th percentile Description In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. Specifically, an application is vulnerable if: The application uses AuthenticatedVoter directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: The application does not use AuthenticatedVoter#vote directly. The application does not pass null to AuthenticatedVoter#vote. Note that AuthenticatedVoter is deprecated since 5.8, use implementations of AuthorizationManager as a replacement.

xz 5.2.4-3.el8 (rpm) pkg:rpm/oraclelinux/xz@5.2.4-3.el8?os_name=oraclelinux&os_version=8 Affected range <0:5.2.4-4.el8_6 Fixed version 0:5.2.4-4.el8_6 EPSS Score 0.71% EPSS Percentile 80th percentile Description xz security update [5.2.4-4] Fix arbitrary file write vulnerability Resolves: CVE-2022-1271

xz-libs 5.2.4-3.el8 (rpm) pkg:rpm/oraclelinux/xz-libs@5.2.4-3.el8?os_name=oraclelinux&os_version=8 Affected range <0:5.2.4-4.el8_6 Fixed version 0:5.2.4-4.el8_6 EPSS Score 0.71% EPSS Percentile 80th percentile Description xz security update [5.2.4-4] Fix arbitrary file write vulnerability Resolves: CVE-2022-1271

nghttp2 1.33.0-3.el8_2.1 (rpm) pkg:rpm/oraclelinux/nghttp2@1.33.0-3.el8_2.1?os_name=oraclelinux&os_version=8 Affected range <0:1.33.0-5.el8_8 Fixed version 0:1.33.0-5.el8_8 EPSS Score 72.01% EPSS Percentile 98th percentile Description nghttp2 security update [1.33.0-5] fix HTTP/2 Rapid Reset (CVE-2023-44487) [1.33.0-4] prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080)

krb5-libs 1.18.2-14.0.1.el8 (rpm) pkg:rpm/oraclelinux/krb5-libs@1.18.2-14.0.1.el8?os_name=oraclelinux&os_version=8 Affected range <0:1.18.2-22.0.1.el8_7 Fixed version 0:1.18.2-22.0.1.el8_7 EPSS Score 0.49% EPSS Percentile 76th percentile Description krb5 security update [1.18.2-22.0.1] Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.] Fix integer overflows in PAC parsing (CVE-2022-42898) Resolves: rhbz#2140967

curl 7.61.1-22.el8 (rpm) pkg:rpm/oraclelinux/curl@7.61.1-22.el8?os_name=oraclelinux&os_version=8 Affected range <0:7.61.1-33.el8_9.5 Fixed version 0:7.61.1-33.el8_9.5 EPSS Score 0.07% EPSS Percentile 30th percentile Description curl security and bug fix update [7.61.1-33.5] cap SFTP packet size sent (RHEL-5485) when keyboard-interactive auth fails, try password (#2229800) unify the upload/method handling (CVE-2023-28322) fix cookie injection with none file (CVE-2023-38546) lowercase the domain names before PSL checks (CVE-2023-46218) Affected range <0:7.61.1-33.el8_9.5 Fixed version 0:7.61.1-33.el8_9.5 EPSS Score 0.08% EPSS Percentile 34th percentile Description curl security and bug fix update [7.61.1-33.5] cap SFTP packet size sent (RHEL-5485) when keyboard-interactive auth fails, try password (#2229800) unify the upload/method handling (CVE-2023-28322) fix cookie injection with none file (CVE-2023-38546) lowercase the domain names before PSL checks (CVE-2023-46218) Affected range <0:7.61.1-33.el8_9.5 Fixed version 0:7.61.1-33.el8_9.5 EPSS Score 0.11% EPSS Percentile 43rd percentile Description curl security and bug fix update [7.61.1-33.5] cap SFTP packet size sent (RHEL-5485) when keyboard-interactive auth fails, try password (#2229800) unify the upload/method handling (CVE-2023-28322) fix cookie injection with none file (CVE-2023-38546) lowercase the domain names before PSL checks (CVE-2023-46218) Affected range <0:7.61.1-30.el8_8.3 Fixed version 0:7.61.1-30.el8_8.3 EPSS Score 0.09% EPSS Percentile 36th percentile Description curl security update [7.61.1-30.el8_8.3] GSS delegation too eager connection re-use (CVE-2023-27536) fix host name wildcard checking (CVE-2023-28321) rebuild certs with 2048-bit RSA keys Affected range <0:7.61.1-30.el8_8.3 Fixed version 0:7.61.1-30.el8_8.3 EPSS Score 0.22% EPSS Percentile 60th percentile Description curl security update [7.61.1-30.el8_8.3] GSS delegation too eager connection re-use (CVE-2023-27536) fix host name wildcard checking (CVE-2023-28321) rebuild certs with 2048-bit RSA keys Affected range <0:7.61.1-30.el8_8.2 Fixed version 0:7.61.1-30.el8_8.2 EPSS Score 0.15% EPSS Percentile 51st percentile Description curl security and bug fix update [7.61.1-30.el8_8.2] sftp: do not specify O_APPEND when not in append mode (#2187717) [7.61.1-30.el8_8.1] fix FTP too eager connection reuse (CVE-2023-27535) Affected range <0:7.61.1-25.el8_7.3 Fixed version 0:7.61.1-25.el8_7.3 EPSS Score 0.09% EPSS Percentile 39th percentile Description curl security update [7.61.1-25.el8_7.3] fix HTTP multi-header compression denial of service (CVE-2023-23916) Affected range <0:7.61.1-22.el8_6.4 Fixed version 0:7.61.1-22.el8_6.4 EPSS Score 0.30% EPSS Percentile 69th percentile Description curl security update [7.61.1-22.el8_6.4] fix HTTP compression denial of service (CVE-2022-32206) fix FTP-KRB bad message verification (CVE-2022-32208) Affected range <0:7.61.1-22.el8_6.4 Fixed version 0:7.61.1-22.el8_6.4 EPSS Score 0.21% EPSS Percentile 59th percentile Description curl security update [7.61.1-22.el8_6.4] fix HTTP compression denial of service (CVE-2022-32206) fix FTP-KRB bad message verification (CVE-2022-32208) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.19% EPSS Percentile 56th percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.29% EPSS Percentile 69th percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.20% EPSS Percentile 58th percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.24% EPSS Percentile 62nd percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-30.el8 Fixed version 0:7.61.1-30.el8 EPSS Score 0.09% EPSS Percentile 38th percentile Description curl security and bug fix update [7.61.1-30] fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.61.1-29] h2: lower initial window size to 32 MiB (#2166254) [7.61.1-28] smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.61.1-27] upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337) [7.61.1-26] control code in cookie denial of service (CVE-2022-35252) Affected range <0:7.61.1-30.el8 Fixed version 0:7.61.1-30.el8 EPSS Score 0.15% EPSS Percentile 50th percentile Description curl security and bug fix update [7.61.1-30] fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.61.1-29] h2: lower initial window size to 32 MiB (#2166254) [7.61.1-28] smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.61.1-27] upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337) [7.61.1-26] control code in cookie denial of service (CVE-2022-35252)

libcurl 7.61.1-22.el8 (rpm) pkg:rpm/oraclelinux/libcurl@7.61.1-22.el8?os_name=oraclelinux&os_version=8 Affected range <0:7.61.1-33.el8_9.5 Fixed version 0:7.61.1-33.el8_9.5 EPSS Score 0.07% EPSS Percentile 30th percentile Description curl security and bug fix update [7.61.1-33.5] cap SFTP packet size sent (RHEL-5485) when keyboard-interactive auth fails, try password (#2229800) unify the upload/method handling (CVE-2023-28322) fix cookie injection with none file (CVE-2023-38546) lowercase the domain names before PSL checks (CVE-2023-46218) Affected range <0:7.61.1-33.el8_9.5 Fixed version 0:7.61.1-33.el8_9.5 EPSS Score 0.08% EPSS Percentile 34th percentile Description curl security and bug fix update [7.61.1-33.5] cap SFTP packet size sent (RHEL-5485) when keyboard-interactive auth fails, try password (#2229800) unify the upload/method handling (CVE-2023-28322) fix cookie injection with none file (CVE-2023-38546) lowercase the domain names before PSL checks (CVE-2023-46218) Affected range <0:7.61.1-33.el8_9.5 Fixed version 0:7.61.1-33.el8_9.5 EPSS Score 0.11% EPSS Percentile 43rd percentile Description curl security and bug fix update [7.61.1-33.5] cap SFTP packet size sent (RHEL-5485) when keyboard-interactive auth fails, try password (#2229800) unify the upload/method handling (CVE-2023-28322) fix cookie injection with none file (CVE-2023-38546) lowercase the domain names before PSL checks (CVE-2023-46218) Affected range <0:7.61.1-30.el8_8.3 Fixed version 0:7.61.1-30.el8_8.3 EPSS Score 0.09% EPSS Percentile 36th percentile Description curl security update [7.61.1-30.el8_8.3] GSS delegation too eager connection re-use (CVE-2023-27536) fix host name wildcard checking (CVE-2023-28321) rebuild certs with 2048-bit RSA keys Affected range <0:7.61.1-30.el8_8.3 Fixed version 0:7.61.1-30.el8_8.3 EPSS Score 0.22% EPSS Percentile 60th percentile Description curl security update [7.61.1-30.el8_8.3] GSS delegation too eager connection re-use (CVE-2023-27536) fix host name wildcard checking (CVE-2023-28321) rebuild certs with 2048-bit RSA keys Affected range <0:7.61.1-30.el8_8.2 Fixed version 0:7.61.1-30.el8_8.2 EPSS Score 0.15% EPSS Percentile 51st percentile Description curl security and bug fix update [7.61.1-30.el8_8.2] sftp: do not specify O_APPEND when not in append mode (#2187717) [7.61.1-30.el8_8.1] fix FTP too eager connection reuse (CVE-2023-27535) Affected range <0:7.61.1-25.el8_7.3 Fixed version 0:7.61.1-25.el8_7.3 EPSS Score 0.09% EPSS Percentile 39th percentile Description curl security update [7.61.1-25.el8_7.3] fix HTTP multi-header compression denial of service (CVE-2023-23916) Affected range <0:7.61.1-22.el8_6.4 Fixed version 0:7.61.1-22.el8_6.4 EPSS Score 0.30% EPSS Percentile 69th percentile Description curl security update [7.61.1-22.el8_6.4] fix HTTP compression denial of service (CVE-2022-32206) fix FTP-KRB bad message verification (CVE-2022-32208) Affected range <0:7.61.1-22.el8_6.4 Fixed version 0:7.61.1-22.el8_6.4 EPSS Score 0.21% EPSS Percentile 59th percentile Description curl security update [7.61.1-22.el8_6.4] fix HTTP compression denial of service (CVE-2022-32206) fix FTP-KRB bad message verification (CVE-2022-32208) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.19% EPSS Percentile 56th percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.29% EPSS Percentile 69th percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.20% EPSS Percentile 58th percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-22.el8_6.3 Fixed version 0:7.61.1-22.el8_6.3 EPSS Score 0.24% EPSS Percentile 62nd percentile Description curl security update [7.61.1-22.el8_6.3] fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] fix credential leak on redirect (CVE-2022-27774) fix auth/cookie leak on redirect (CVE-2022-27776) fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Affected range <0:7.61.1-30.el8 Fixed version 0:7.61.1-30.el8 EPSS Score 0.09% EPSS Percentile 38th percentile Description curl security and bug fix update [7.61.1-30] fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.61.1-29] h2: lower initial window size to 32 MiB (#2166254) [7.61.1-28] smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.61.1-27] upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337) [7.61.1-26] control code in cookie denial of service (CVE-2022-35252) Affected range <0:7.61.1-30.el8 Fixed version 0:7.61.1-30.el8 EPSS Score 0.15% EPSS Percentile 50th percentile Description curl security and bug fix update [7.61.1-30] fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.61.1-29] h2: lower initial window size to 32 MiB (#2166254) [7.61.1-28] smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.61.1-27] upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337) [7.61.1-26] control code in cookie denial of service (CVE-2022-35252)

glib2 2.56.4-156.el8 (rpm) pkg:rpm/oraclelinux/glib2@2.56.4-156.el8?os_name=oraclelinux&os_version=8 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.51% EPSS Percentile 76th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.24% EPSS Percentile 64th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.46% EPSS Percentile 75th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.24% EPSS Percentile 64th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.23% EPSS Percentile 61st percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.26% EPSS Percentile 65th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.27% EPSS Percentile 68th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.14% EPSS Percentile 50th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.37% EPSS Percentile 72nd percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.32% EPSS Percentile 70th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3 Affected range <0:2.56.4-159.0.1.el8 Fixed version 0:2.56.4-159.0.1.el8 EPSS Score 0.29% EPSS Percentile 69th percentile Description webkit2gtk3 security and bug fix update glib2 [2.56.4-159.0.1] Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] Add --interface-info-[body|header] modes to gdbus-codegen Related: #2061994 webkit2gtk3

libxml2 2.9.7-12.el8_5 (rpm) pkg:rpm/oraclelinux/libxml2@2.9.7-12.el8_5?os_name=oraclelinux&os_version=8 Affected range <0:2.9.7-18.el8_9 Fixed version 0:2.9.7-18.el8_9 EPSS Score 0.05% EPSS Percentile 16th percentile Description libxml2 security update [2.9.7-18] Fix CVE-2023-39615 (RHEL-5179) [2.9.7-17] Fix CVE-2023-28484 (#2186692) Fix CVE-2023-29469 (#2186692) Affected range <0:2.9.7-16.el8_8.1 Fixed version 0:2.9.7-16.el8_8.1 EPSS Score 0.10% EPSS Percentile 41st percentile Description libxml2 security update [2.9.7-16.1] Fix CVE-2023-28484 (#2185994) Fix CVE-2023-29469 (#2185984) Affected range <0:2.9.7-16.el8_8.1 Fixed version 0:2.9.7-16.el8_8.1 EPSS Score 0.09% EPSS Percentile 40th percentile Description libxml2 security update [2.9.7-16.1] Fix CVE-2023-28484 (#2185994) Fix CVE-2023-29469 (#2185984) Affected range <0:2.9.7-15.el8_7.1 Fixed version 0:2.9.7-15.el8_7.1 EPSS Score 0.09% EPSS Percentile 38th percentile Description libxml2 security update [2.9.7-15.1] Fix CVE-2022-40303 (#2136562) Fix CVE-2022-40304 (#2136567) Affected range <0:2.9.7-15.el8_7.1 Fixed version 0:2.9.7-15.el8_7.1 EPSS Score 0.34% EPSS Percentile 71st percentile Description libxml2 security update [2.9.7-15.1] Fix CVE-2022-40303 (#2136562) Fix CVE-2022-40304 (#2136567) Affected range <0:2.9.7-13.el8_6.1 Fixed version 0:2.9.7-13.el8_6.1 EPSS Score 0.15% EPSS Percentile 51st percentile Description libxml2 security update [2.9.7-13.1] Fix CVE-2022-29824 (#2082297) Affected range <0:2.9.7-15.el8 Fixed version 0:2.9.7-15.el8 EPSS Score 0.08% EPSS Percentile 33rd percentile Description libxml2 security update [2.9.7-15] Fix CVE-2016-3709 (#2120781) [2.9.7-14] Fix CVE-2022-29824 (#2082298)

sqlite-libs 3.26.0-15.el8 (rpm) pkg:rpm/oraclelinux/sqlite-libs@3.26.0-15.el8?os_name=oraclelinux&os_version=8 Affected range <0:3.26.0-19.0.1.el8_9 Fixed version 0:3.26.0-19.0.1.el8_9 EPSS Score 0.13% EPSS Percentile 48th percentile Description sqlite security update [3.26.0-19.0.1] Fixed CVE-2023-7104 Affected range <0:3.26.0-17.el8_7 Fixed version 0:3.26.0-17.el8_7 EPSS Score 0.25% EPSS Percentile 65th percentile Description sqlite security update [3.26.0-17] Fixed CVE-2022-35737 Affected range <0:3.26.0-16.el8_6 Fixed version 0:3.26.0-16.el8_6 EPSS Score 0.22% EPSS Percentile 60th percentile Description sqlite security update [3.26.0-16] Fixed CVE-2020-35527 Fixed CVE-2020-35525 Affected range <0:3.26.0-16.el8_6 Fixed version 0:3.26.0-16.el8_6 EPSS Score 0.08% EPSS Percentile 35th percentile Description sqlite security update [3.26.0-16] Fixed CVE-2020-35527 Fixed CVE-2020-35525 Affected range <0:3.26.0-18.0.1.el8_8 Fixed version 0:3.26.0-18.0.1.el8_8 EPSS Score 0.04% EPSS Percentile 5th percentile Description sqlite security update [3.26.0-18.0.1] Bumped release to add correct changelog entry. Version 3.26.0-18 fixes CVE-2020-24736 [3.26.0-18] Fixed CVE-2022-24736

sqlite 3.26.0-15.el8 (rpm) pkg:rpm/oraclelinux/sqlite@3.26.0-15.el8?os_name=oraclelinux&os_version=8 Affected range <0:3.26.0-19.0.1.el8_9 Fixed version 0:3.26.0-19.0.1.el8_9 EPSS Score 0.13% EPSS Percentile 48th percentile Description sqlite security update [3.26.0-19.0.1] Fixed CVE-2023-7104 Affected range <0:3.26.0-17.el8_7 Fixed version 0:3.26.0-17.el8_7 EPSS Score 0.25% EPSS Percentile 65th percentile Description sqlite security update [3.26.0-17] Fixed CVE-2022-35737 Affected range <0:3.26.0-16.el8_6 Fixed version 0:3.26.0-16.el8_6 EPSS Score 0.22% EPSS Percentile 60th percentile Description sqlite security update [3.26.0-16] Fixed CVE-2020-35527 Fixed CVE-2020-35525 Affected range <0:3.26.0-16.el8_6 Fixed version 0:3.26.0-16.el8_6 EPSS Score 0.08% EPSS Percentile 35th percentile Description sqlite security update [3.26.0-16] Fixed CVE-2020-35527 Fixed CVE-2020-35525 Affected range <0:3.26.0-18.0.1.el8_8 Fixed version 0:3.26.0-18.0.1.el8_8 EPSS Score 0.04% EPSS Percentile 5th percentile Description sqlite security update [3.26.0-18.0.1] Bumped release to add correct changelog entry. Version 3.26.0-18 fixes CVE-2020-24736 [3.26.0-18] Fixed CVE-2022-24736

gnutls 3.6.16-4.el8 (rpm) pkg:rpm/oraclelinux/gnutls@3.6.16-4.el8?os_name=oraclelinux&os_version=8 Affected range <0:3.6.16-8.el8_9.1 Fixed version 0:3.6.16-8.el8_9.1 EPSS Score 0.82% EPSS Percentile 82nd percentile Description gnutls security update [3.6.16-8.1] auth/rsa-psk: minimize branching after decryption (RHEL-21550) Affected range <0:3.6.16-8.el8_9 Fixed version 0:3.6.16-8.el8_9 EPSS Score 0.10% EPSS Percentile 41st percentile Description gnutls security update [3.6.16-8] timing side-channel in the RSA-PSK authentication (CVE-2023-5981) Affected range <0:3.6.16-6.el8_7 Fixed version 0:3.6.16-6.el8_7 EPSS Score 0.15% EPSS Percentile 51st percentile Description gnutls security and bug fix update [3.6.16-6] Fix x86_64 CPU feature detection when AVX is not available (#2131152) Fix timing side-channel in TLS RSA key exchange (#2162598) Affected range <0:3.6.16-5.el8_6 Fixed version 0:3.6.16-5.el8_6 EPSS Score 0.18% EPSS Percentile 55th percentile Description gnutls security update [3.6.16-5] Fix double-free in gnutls_pkcs7_verify (#2109787)

libssh-config 0.9.4-3.el8 (rpm) pkg:rpm/oraclelinux/libssh-config@0.9.4-3.el8?os_name=oraclelinux&os_version=8 Affected range <0:0.9.6-13.el8_9 Fixed version 0:0.9.6-13.el8_9 EPSS Score 96.22% EPSS Percentile 100th percentile Description libssh security update [0.9.6-13] Client and Server side mitigations (CVE-2023-48795) Strip extensions from both kex lists for matching (CVE-2023-48795) tests: Adjust calculation to strict kex (CVE-2023-48795) Affected range <0:0.9.6-10.el8_8 Fixed version 0:0.9.6-10.el8_8 EPSS Score 0.14% EPSS Percentile 49th percentile Description libssh security update [0.9.6-10] Add missing ci.fmf file Related: rhbz#2182251, rhbz#2189742 [0.9.6-9] Fix covscan errors found at gating Related: rhbz#2182251, rhbz#2189742 [0.9.6-8] Backport test fixing commits to make the build pass Related: rhbz#2182251, rhbz#2189742 [0.9.6-7] Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667 Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283 Resolves: rhbz#2182251, rhbz#2189742 Affected range <0:0.9.6-10.el8_8 Fixed version 0:0.9.6-10.el8_8 EPSS Score 0.08% EPSS Percentile 33rd percentile Description libssh security update [0.9.6-10] Add missing ci.fmf file Related: rhbz#2182251, rhbz#2189742 [0.9.6-9] Fix covscan errors found at gating Related: rhbz#2182251, rhbz#2189742 [0.9.6-8] Backport test fixing commits to make the build pass Related: rhbz#2182251, rhbz#2189742 [0.9.6-7] Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667 Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283 Resolves: rhbz#2182251, rhbz#2189742 Affected range <0:0.9.6-3.el8 Fixed version 0:0.9.6-3.el8 EPSS Score 0.61% EPSS Percentile 78th percentile Description libssh security, bug fix, and enhancement update [0.9.6-3] Remove STI tests [0.9.6-2] Remove bad patch causing errors Adding BuildRequires for openssh (SSHD support) [0.9.6-1] Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism Rebase to version 0.9.6 Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c Resolves: rhbz#1896651, rhbz#1994600 [0.9.4-4] Revert previous commit as it is incorrect. [0.9.6-1] Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism (#1978810)

libssh 0.9.4-3.el8 (rpm) pkg:rpm/oraclelinux/libssh@0.9.4-3.el8?os_name=oraclelinux&os_version=8 Affected range <0:0.9.6-13.el8_9 Fixed version 0:0.9.6-13.el8_9 EPSS Score 96.22% EPSS Percentile 100th percentile Description libssh security update [0.9.6-13] Client and Server side mitigations (CVE-2023-48795) Strip extensions from both kex lists for matching (CVE-2023-48795) tests: Adjust calculation to strict kex (CVE-2023-48795) Affected range <0:0.9.6-10.el8_8 Fixed version 0:0.9.6-10.el8_8 EPSS Score 0.14% EPSS Percentile 49th percentile Description libssh security update [0.9.6-10] Add missing ci.fmf file Related: rhbz#2182251, rhbz#2189742 [0.9.6-9] Fix covscan errors found at gating Related: rhbz#2182251, rhbz#2189742 [0.9.6-8] Backport test fixing commits to make the build pass Related: rhbz#2182251, rhbz#2189742 [0.9.6-7] Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667 Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283 Resolves: rhbz#2182251, rhbz#2189742 Affected range <0:0.9.6-10.el8_8 Fixed version 0:0.9.6-10.el8_8 EPSS Score 0.08% EPSS Percentile 33rd percentile Description libssh security update [0.9.6-10] Add missing ci.fmf file Related: rhbz#2182251, rhbz#2189742 [0.9.6-9] Fix covscan errors found at gating Related: rhbz#2182251, rhbz#2189742 [0.9.6-8] Backport test fixing commits to make the build pass Related: rhbz#2182251, rhbz#2189742 [0.9.6-7] Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667 Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283 Resolves: rhbz#2182251, rhbz#2189742 Affected range <0:0.9.6-3.el8 Fixed version 0:0.9.6-3.el8 EPSS Score 0.61% EPSS Percentile 78th percentile Description libssh security, bug fix, and enhancement update [0.9.6-3] Remove STI tests [0.9.6-2] Remove bad patch causing errors Adding BuildRequires for openssh (SSHD support) [0.9.6-1] Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism Rebase to version 0.9.6 Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c Resolves: rhbz#1896651, rhbz#1994600 [0.9.4-4] Revert previous commit as it is incorrect. [0.9.6-1] Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism (#1978810)

rpm-libs 4.14.3-19.el8_5.2 (rpm) pkg:rpm/oraclelinux/rpm-libs@4.14.3-19.el8_5.2?os_name=oraclelinux&os_version=8 Affected range <0:4.14.3-28.0.2.el8_9 Fixed version 0:4.14.3-28.0.1.el8_9 EPSS Score 0.08% EPSS Percentile 32nd percentile Description rpm security update [4.14.3-28.0.2] Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423 Affected range <0:4.14.3-28.0.2.el8_9 Fixed version 0:4.14.3-28.0.1.el8_9 EPSS Score 0.08% EPSS Percentile 32nd percentile Description rpm security update [4.14.3-28.0.2] Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423 Affected range <0:4.14.3-28.0.2.el8_9 Fixed version 0:4.14.3-28.0.1.el8_9 EPSS Score 0.09% EPSS Percentile 36th percentile Description rpm security update [4.14.3-28.0.2] Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423

rpm 4.14.3-19.el8_5.2 (rpm) pkg:rpm/oraclelinux/rpm@4.14.3-19.el8_5.2?os_name=oraclelinux&os_version=8 Affected range <0:4.14.3-28.0.2.el8_9 Fixed version 0:4.14.3-28.0.1.el8_9 EPSS Score 0.08% EPSS Percentile 32nd percentile Description rpm security update [4.14.3-28.0.2] Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423 Affected range <0:4.14.3-28.0.2.el8_9 Fixed version 0:4.14.3-28.0.1.el8_9 EPSS Score 0.08% EPSS Percentile 32nd percentile Description rpm security update [4.14.3-28.0.2] Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423 Affected range <0:4.14.3-28.0.2.el8_9 Fixed version 0:4.14.3-28.0.1.el8_9 EPSS Score 0.09% EPSS Percentile 36th percentile Description rpm security update [4.14.3-28.0.2] Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423

freetype 2.9.1-4.el8_3.1 (rpm) pkg:rpm/oraclelinux/freetype@2.9.1-4.el8_3.1?os_name=oraclelinux&os_version=8 Affected range <0:2.9.1-9.el8 Fixed version 0:2.9.1-9.el8 EPSS Score 0.36% EPSS Percentile 72nd percentile Description freetype security update [2.9.1-9] Guard face->size Resolves: #2079279 [2.9.1-8] Properly guard face_index Resolves: #2079261 [2.9.1-7] Do not search for windres Resolves: #2079270 [2.9.1-6] Avoid invalid face index Resolves: #2079270 [2.9.1-5] Test bitmap size earlier for PNGs Fix memory leak in pngshim.c Resolves: #1891906 Affected range <0:2.9.1-9.el8 Fixed version 0:2.9.1-9.el8 EPSS Score 0.26% EPSS Percentile 66th percentile Description freetype security update [2.9.1-9] Guard face->size Resolves: #2079279 [2.9.1-8] Properly guard face_index Resolves: #2079261 [2.9.1-7] Do not search for windres Resolves: #2079270 [2.9.1-6] Avoid invalid face index Resolves: #2079270 [2.9.1-5] Test bitmap size earlier for PNGs Fix memory leak in pngshim.c Resolves: #1891906 Affected range <0:2.9.1-9.el8 Fixed version 0:2.9.1-9.el8 EPSS Score 0.88% EPSS Percentile 82nd percentile Description freetype security update [2.9.1-9] Guard face->size Resolves: #2079279 [2.9.1-8] Properly guard face_index Resolves: #2079261 [2.9.1-7] Do not search for windres Resolves: #2079270 [2.9.1-6] Avoid invalid face index Resolves: #2079270 [2.9.1-5] Test bitmap size earlier for PNGs Fix memory leak in pngshim.c Resolves: #1891906

libcap 2.26-5.el8 (rpm) pkg:rpm/oraclelinux/libcap@2.26-5.el8?os_name=oraclelinux&os_version=8 Affected range <0:2.48-5.el8_8 Fixed version 0:2.48-5.el8_8 EPSS Score 0.05% EPSS Percentile 19th percentile Description libcap security update [2.48-5] Fix integer overflow in _libcap_strdup() (CVE-2023-2603) Resolves: rhbz#2210637 Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) Resolves: rhbz#2210644 Affected range <0:2.48-5.el8_8 Fixed version 0:2.48-5.el8_8 EPSS Score 0.05% EPSS Percentile 21st percentile Description libcap security update [2.48-5] Fix integer overflow in _libcap_strdup() (CVE-2023-2603) Resolves: rhbz#2210637 Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) Resolves: rhbz#2210644

e2fsprogs 1.45.6-2.el8 (rpm) pkg:rpm/oraclelinux/e2fsprogs@1.45.6-2.el8?os_name=oraclelinux&os_version=8 Affected range <0:1.45.6-5.el8 Fixed version 0:1.45.6-5.el8 EPSS Score 0.06% EPSS Percentile 28th percentile Description e2fsprogs security and bug fix update [1.45.6-5] Update e2fsprogs with upstream fixes and improvements (#2083621) Fix out-of-bounds read/write via crafter filesystem (#2073548)

tar 2:1.30-5.el8 (rpm) pkg:rpm/oraclelinux/tar@2:1.30-5.el8?os_name=oraclelinux&os_version=8 Affected range <2:1.30-6.el8_7.1 Fixed version 2:1.30-6.el8_7.1 EPSS Score 0.05% EPSS Percentile 18th percentile Description tar security update [1.30-6.1] Fix CVE-2022-48303 Resolves: CVE-2022-48303

ncurses-base 6.1-9.20180224.el8 (rpm) pkg:rpm/oraclelinux/ncurses-base@6.1-9.20180224.el8?os_name=oraclelinux&os_version=8 Affected range <0:6.1-9.20180224.el8_8.1 Fixed version 0:6.1-9.20180224.el8_8.1 EPSS Score 0.04% EPSS Percentile 5th percentile Description ncurses security update [6.1-9.20180224.1] fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491)

ncurses-libs 6.1-9.20180224.el8 (rpm) pkg:rpm/oraclelinux/ncurses-libs@6.1-9.20180224.el8?os_name=oraclelinux&os_version=8 Affected range <0:6.1-9.20180224.el8_8.1 Fixed version 0:6.1-9.20180224.el8_8.1 EPSS Score 0.04% EPSS Percentile 5th percentile Description ncurses security update [6.1-9.20180224.1] fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491)

com.nimbusds/nimbus-jose-jwt 9.24.4 (maven) pkg:maven/com.nimbusds/nimbus-jose-jwt@9.24.4 Uncontrolled Resource Consumption Affected range <9.37.2 Fixed version 9.37.2 EPSS Score 0.04% EPSS Percentile 15th percentile Description In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

binutils 2.30-108.0.2.el8_5.1 (rpm) pkg:rpm/oraclelinux/binutils@2.30-108.0.2.el8_5.1?os_name=oraclelinux&os_version=8 Affected range <0:2.30-119.0.2.el8_8.2 Fixed version 0:2.30-119.0.2.el8_8.2 EPSS Score 0.05% EPSS Percentile 19th percentile Description binutils security update [2.30-119.0.2.2] Fix for CVE-2022-4285. Fix illegal memory address when parsing an ELF file contaiing corrupt symbol version information. Upstream commit 5c831a3c7f3ca98d6aba1200353311e1a1f84c70. Partial backport of _bfd_mul_overflow support from upstream commit 1f4361a77b18c5ab32baf2f30fefe5e301e017be Reviewed-by: David Faust david.faust@oracle.com

libcom_err 1.45.6-2.el8 (rpm) pkg:rpm/oraclelinux/libcom_err@1.45.6-2.el8?os_name=oraclelinux&os_version=8 Affected range <0:1.45.6-5.el8 Fixed version 0:1.45.6-5.el8 EPSS Score 0.06% EPSS Percentile 28th percentile Description e2fsprogs security and bug fix update [1.45.6-5] Update e2fsprogs with upstream fixes and improvements (#2083621) Fix out-of-bounds read/write via crafter filesystem (#2073548)

libtasn1 4.13-3.el8 (rpm) pkg:rpm/oraclelinux/libtasn1@4.13-3.el8?os_name=oraclelinux&os_version=8 Affected range <0:4.13-4.el8_7 Fixed version 0:4.13-4.el8_7 EPSS Score 0.37% EPSS Percentile 72nd percentile Description libtasn1 security update [4.13-4] Resolves: rhbz#2140600

gnupg2 2.2.20-2.el8 (rpm) pkg:rpm/oraclelinux/gnupg2@2.2.20-2.el8?os_name=oraclelinux&os_version=8 Affected range <0:2.2.20-3.el8_6 Fixed version 0:2.2.20-3.el8_6 EPSS Score 0.42% EPSS Percentile 74th percentile Description gnupg2 security update [2.2.20-3] Fix CVE-2022-34903 (#2108447)

pcre2 10.32-2.el8 (rpm) pkg:rpm/oraclelinux/pcre2@10.32-2.el8?os_name=oraclelinux&os_version=8 Affected range <0:10.32-3.el8_6 Fixed version 0:10.32-3.el8_6 EPSS Score 0.35% EPSS Percentile 72nd percentile Description pcre2 security update [10.32-3] Resolves: CVE-2022-1586

libgcrypt 1.8.5-6.el8 (rpm) pkg:rpm/oraclelinux/libgcrypt@1.8.5-6.el8?os_name=oraclelinux&os_version=8 Affected range <0:1.8.5-7.el8_6 Fixed version 0:1.8.5-7.el8_6 EPSS Score 0.18% EPSS Percentile 55th percentile Description libgcrypt security update [1.8.5-7] Fix CVE-2021-33560 (#2018525)

ncurses 6.1-9.20180224.el8 (rpm) pkg:rpm/oraclelinux/ncurses@6.1-9.20180224.el8?os_name=oraclelinux&os_version=8 Affected range <0:6.1-9.20180224.el8_8.1 Fixed version 0:6.1-9.20180224.el8_8.1 EPSS Score 0.04% EPSS Percentile 5th percentile Description ncurses security update [6.1-9.20180224.1] fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491)

gcc 8.5.0-4.0.2.el8_5 (rpm) pkg:rpm/oraclelinux/gcc@8.5.0-4.0.2.el8_5?os_name=oraclelinux&os_version=8 Affected range <0:8.5.0-18.0.5.el8 Fixed version 0:8.5.0-18.0.5.el8 EPSS Score 0.05% EPSS Percentile 16th percentile Description gcc security update gcc [el8] [8.5.0-18.0.5] CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc [el9] [11.3.1-4.3.0.4] CVE-2023-4039 GCC mitigation. Orabug 35751837. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] CVE-2023-4039 GCC mitigation. Orabug 35751885. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] CVE-2023-4039 GCC mitigation. Orabug 35751931. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. Affected range <0:8.5.0-18.0.5.el8 Fixed version 0:8.5.0-18.0.5.el8 EPSS Score 0.15% EPSS Percentile 51st percentile Description gcc security update gcc [el8] [8.5.0-18.0.5] CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc [el9] [11.3.1-4.3.0.4] CVE-2023-4039 GCC mitigation. Orabug 35751837. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] CVE-2023-4039 GCC mitigation. Orabug 35751885. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] CVE-2023-4039 GCC mitigation. Orabug 35751931. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE.

libgcc 8.5.0-4.0.2.el8_5 (rpm) pkg:rpm/oraclelinux/libgcc@8.5.0-4.0.2.el8_5?os_name=oraclelinux&os_version=8 Affected range <0:8.5.0-18.0.5.el8 Fixed version 0:8.5.0-18.0.5.el8 EPSS Score 0.05% EPSS Percentile 16th percentile Description gcc security update gcc [el8] [8.5.0-18.0.5] CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc [el9] [11.3.1-4.3.0.4] CVE-2023-4039 GCC mitigation. Orabug 35751837. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] CVE-2023-4039 GCC mitigation. Orabug 35751885. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] CVE-2023-4039 GCC mitigation. Orabug 35751931. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. Affected range <0:8.5.0-18.0.5.el8 Fixed version 0:8.5.0-18.0.5.el8 EPSS Score 0.15% EPSS Percentile 51st percentile Description gcc security update gcc [el8] [8.5.0-18.0.5] CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc [el9] [11.3.1-4.3.0.4] CVE-2023-4039 GCC mitigation. Orabug 35751837. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] CVE-2023-4039 GCC mitigation. Orabug 35751885. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] CVE-2023-4039 GCC mitigation. Orabug 35751931. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE.

libstdc++ 8.5.0-4.0.2.el8_5 (rpm) pkg:rpm/oraclelinux/libstdc%2B%2B@8.5.0-4.0.2.el8_5?os_name=oraclelinux&os_version=8 Affected range <0:8.5.0-18.0.5.el8 Fixed version 0:8.5.0-18.0.5.el8 EPSS Score 0.05% EPSS Percentile 16th percentile Description gcc security update gcc [el8] [8.5.0-18.0.5] CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc [el9] [11.3.1-4.3.0.4] CVE-2023-4039 GCC mitigation. Orabug 35751837. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] CVE-2023-4039 GCC mitigation. Orabug 35751885. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] CVE-2023-4039 GCC mitigation. Orabug 35751931. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. Affected range <0:8.5.0-18.0.5.el8 Fixed version 0:8.5.0-18.0.5.el8 EPSS Score 0.15% EPSS Percentile 51st percentile Description gcc security update gcc [el8] [8.5.0-18.0.5] CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc [el9] [11.3.1-4.3.0.4] CVE-2023-4039 GCC mitigation. Orabug 35751837. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] CVE-2023-4039 GCC mitigation. Orabug 35751885. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] CVE-2023-4039 GCC mitigation. Orabug 35751931. CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE.

shadow-utils 2:4.6-14.el8 (rpm) pkg:rpm/oraclelinux/shadow-utils@2:4.6-14.el8?os_name=oraclelinux&os_version=8 Affected range <2:4.6-19.el8 Fixed version 2:4.6-19.el8 EPSS Score 0.04% EPSS Percentile 10th percentile Description shadow-utils security and bug fix update [2:4.6-19] gpasswd: fix password leak. Resolves: #2215947 [2:4.6-18] Update patch to close label to reset libselinux state. Resolves: #1984740 useradd: check if subid range exists for user. Resolves: #2012929 find_new_[gu]id: Skip over IDs that are reserved for legacy reasons. Resolves: #1994269

libarchive 3.3.3-3.el8_5 (rpm) pkg:rpm/oraclelinux/libarchive@3.3.3-3.el8_5?os_name=oraclelinux&os_version=8 Affected range <0:3.3.3-5.el8 Fixed version 0:3.3.3-5.el8 EPSS Score 0.47% EPSS Percentile 76th percentile Description libarchive security update [3.3.3-5] Fix for CVE-2022-36227

[github-actions]

Recommended fixes for image 1230199/desofs2024_m1b_2-desof-api:latest

Base image is openjdk:17

Name	17.0.2-jdk-oraclelinux8
Digest	sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13
Vulnerabilities
Pushed	2 years ago
Size	243 MB
Packages	112
OS	8
Runtime	17.0.2

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
23-slim Major runtime version update Also known as: 23-jdk-slim 23-ea-slim 23-ea-22-slim 23-ea-jdk-slim 23-ea-22-jdk-slim 23-slim-bookworm 23-ea-slim-bookworm 23-jdk-slim-bookworm 23-ea-22-slim-bookworm 23-ea-jdk-slim-bookworm 23-ea-22-jdk-slim-bookworm	Benefits: Image is smaller by 119 KB Major runtime version update Tag was pushed more recently Tag is using slim variant Image details: Size: 243 MB Runtime: 23	6 days ago
23 Major runtime version update Also known as: 23-oracle 23-jdk 23-jdk-oracle 23-oraclelinux9 23-jdk-oraclelinux9 23-ea 23-ea-22 23-ea-oracle 23-ea-22-oracle 23-ea-jdk 23-ea-22-jdk 23-ea-jdk-oracle 23-ea-22-jdk-oracle 23-ea-oraclelinux9 23-ea-22-oraclelinux9 23-ea-jdk-oraclelinux9 23-ea-22-jdk-oraclelinux9	Benefits: Major runtime version update Tag was pushed more recently Image introduces no new vulnerability but removes 179 Image details: Size: 297 MB OS: 9 Runtime: 23	6 days ago

[github-actions]

Your image	1230199/desofs2024_m1b_2-desof-api:latest
Current base image	openjdk:17
Updated base image	openjdk:23-slim

[SuzukeBount]

[MiguelFerreira18]

e isso já está a guardar no filesystem? @P0RTW0N