> Software > What's New > HyperScale Platform Versions and Images > HyperScale X > Platform Versions (2.x) > 2.2508

List of RPMs for HyperScale X Platform Version 2.2508

The following RPMs are included in this version:

RPM Issue
aide-0.15.1-13.el7_9.2.x86_64.rpm - Resolves: RHEL-1570
apache-commons-beanutils-1.8.3-15.el7_9.1.noarch.rpm - Fix improper access control vulnerability
- Resolves: CVE-2025-48734
apache-commons-vfs-2.0-11.el7_9.1.noarch.rpm - Fix CVE-2025-27553 (RHEL-98828)
audit-2.8.5-4.el7_9.1.x86_64.rpm - Fix a couple resource leaks so that shutdown is clean
- In auditd, check if log_file is valid before closing handle (RHEL-5184)
audit-libs-2.8.5-4.el7_9.1.x86_64.rpm - Fix a couple resource leaks so that shutdown is clean
- In auditd, check if log_file is valid before closing handle (RHEL-5184)
audit-libs-python-2.8.5-4.el7_9.1.x86_64.rpm - Fix a couple resource leaks so that shutdown is clean
- In auditd, check if log_file is valid before closing handle (RHEL-5184)
bind-export-libs-9.11.4-26.P2.el7_9.18.x86_64.rpm - Resolve CVE-2024-1975
- Resolve CVE-2024-1737
- Add ability to change runtime limits for max types and records per name
- Limit additional section records CPU processing (CVE-2024-11187)
- Correct ANY queries to not have additional data appended
- Switch to a more modern patch syntax
bind-libs-9.11.4-26.P2.el7_9.18.x86_64.rpm - Resolve CVE-2024-1975
- Resolve CVE-2024-1737
- Add ability to change runtime limits for max types and records per name
- Limit additional section records CPU processing (CVE-2024-11187)
- Correct ANY queries to not have additional data appended
- Switch to a more modern patch syntax
bind-libs-lite-9.11.4-26.P2.el7_9.18.x86_64.rpm - Resolve CVE-2024-1975
- Resolve CVE-2024-1737
- Add ability to change runtime limits for max types and records per name
- Limit additional section records CPU processing (CVE-2024-11187)
- Correct ANY queries to not have additional data appended
- Switch to a more modern patch syntax
bind-license-9.11.4-26.P2.el7_9.18.noarch.rpm - Resolve CVE-2024-1975
- Resolve CVE-2024-1737
- Add ability to change runtime limits for max types and records per name
- Limit additional section records CPU processing (CVE-2024-11187)
- Correct ANY queries to not have additional data appended
- Switch to a more modern patch syntax
bind-utils-9.11.4-26.P2.el7_9.18.x86_64.rpm - Resolve CVE-2024-1975
- Resolve CVE-2024-1737
- Add ability to change runtime limits for max types and records per name
- Limit additional section records CPU processing (CVE-2024-11187)
- Correct ANY queries to not have additional data appended
- Switch to a more modern patch syntax
ca-certificates-2024.2.69_v8.0.303-71.el7_9.noarch.rpm - Update to CKBI 2.69_v8.0.303 from NSS 3.101.1
- Removing:
- # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
- # Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
- # Certificate "Security Communication Root CA"
- # Certificate "Camerfirma Chambers of Commerce Root"
- # Certificate "Hongkong Post Root CA 1"
- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
- # Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
- # Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
- # Certificate "TrustCor RootCert CA-1"
- # Certificate "TrustCor RootCert CA-2"
- # Certificate "TrustCor ECA-1"
- Adding:
- # Certificate "LAWtrust Root CA2 (4096)"
- # Certificate "Sectigo Public Email Protection Root E46"
- # Certificate "Sectigo Public Email Protection Root R46"
- # Certificate "Sectigo Public Server Authentication Root E46"
- # Certificate "Sectigo Public Server Authentication Root R46"
- # Certificate "SSL.com TLS RSA Root CA 2022"
- # Certificate "SSL.com TLS ECC Root CA 2022"
- # Certificate "SSL.com Client ECC Root CA 2022"
- # Certificate "SSL.com Client RSA Root CA 2022"
- # Certificate "Atos TrustedRoot Root CA ECC G2 2020"
- # Certificate "Atos TrustedRoot Root CA RSA G2 2020"
- # Certificate "Atos TrustedRoot Root CA ECC TLS 2021"
- # Certificate "Atos TrustedRoot Root CA RSA TLS 2021"
- # Certificate "TrustAsia Global Root CA G3"
- # Certificate "TrustAsia Global Root CA G4"
- # Certificate "CommScope Public Trust ECC Root-01"
- # Certificate "CommScope Public Trust ECC Root-02"
- # Certificate "CommScope Public Trust RSA Root-01"
- # Certificate "CommScope Public Trust RSA Root-02"
- # Certificate "D-Trust SBR Root CA 1 2022"
- # Certificate "D-Trust SBR Root CA 2 2022"
- # Certificate "Telekom Security SMIME ECC Root 2021"
- # Certificate "Telekom Security TLS ECC Root 2020"
- # Certificate "Telekom Security SMIME RSA Root 2023"
- # Certificate "Telekom Security TLS RSA Root 2023"
- # Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
- # Certificate "GlobalSign"
- # Certificate "SECOM Trust.net"
- # Certificate "Chambers of Commerce Root"
- # Certificate "VeriSign Class 2 Public Primary Certification Authority - G3"
- # Certificate "SSL.com Code Signing RSA Root CA 2022"
- # Certificate "SSL.com Code Signing ECC Root CA 2022"
cpp-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
eap7-activemq-artemis-cli-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-commons-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-core-client-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-dto-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-hornetq-protocol-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-hqclient-protocol-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-jdbc-store-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-jms-client-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-jms-server-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-journal-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-ra-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-selector-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-server-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-service-extensions-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-activemq-artemis-tools-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm - Built by CPaaS
- Wrapper build 2.16.0.redhat_00055
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-apache-cxf-rt-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-apache-cxf-services-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-apache-cxf-tools-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-hibernate-validator-cdi-6.0.23-3.SP2_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-common-api-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-common-impl-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-common-spi-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-core-api-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-core-impl-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-deployers-common-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-jdbc-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-ironjacamar-validator-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-jackson-annotations-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jackson-core-2.12.7-2.SP1_redhat_00001.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
- Wrapper build 2.12.7.redhat_00004
eap7-jackson-databind-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jackson-datatype-jdk8-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jackson-datatype-jsr310-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jackson-jaxrs-base-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jackson-jaxrs-json-provider-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jackson-module-jaxb-annotations-2.12.7-2.redhat_00004.1.el7eap.noarch.rpm - Wrapper build 2.12.7.redhat_00004
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el7eap.noarch.rpm - Wrapper build 1.10.0.Final_redhat_00042
- Built by CPaaS
- Wrapper build 1.10.0.Final_redhat_00042
eap7-jboss-server-migration-cli-1.10.0-42.Final_redhat_00042.1.el7eap.noarch.rpm - Wrapper build 1.10.0.Final_redhat_00042
- Built by CPaaS
- Wrapper build 1.10.0.Final_redhat_00042
eap7-jboss-server-migration-core-1.10.0-42.Final_redhat_00042.1.el7eap.noarch.rpm - Wrapper build 1.10.0.Final_redhat_00042
- Built by CPaaS
- Wrapper build 1.10.0.Final_redhat_00042
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-undertow-server-1.9.6-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-wildfly-7.4.23-4.GA_redhat_00003.1.el7eap.noarch.rpm - Wrapper build 7.4.23
- Built by CPaaS
- Built by CPaaS
- Built by CPaaS
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-wildfly-elytron-tool-1.15.26-1.Final_redhat_00001.1.el7eap.noarch.rpm - Built by CPaaS
eap7-wildfly-java-jdk8-7.4.23-4.GA_redhat_00003.1.el7eap.noarch.rpm - Wrapper build 7.4.23
- Built by CPaaS
- Built by CPaaS
- Built by CPaaS
eap7-wildfly-modules-7.4.23-4.GA_redhat_00003.1.el7eap.noarch.rpm - Wrapper build 7.4.23
- Built by CPaaS
- Built by CPaaS
- Built by CPaaS
emacs-filesystem-24.3-23.el7_9.2.noarch.rpm - Fix man.el shell injection vulnerability (CVE-2025-1244)
- Change patches applying to use -P parameter
freetype-2.8-15.el7_9.1.x86_64.rpm - Fix for CVE-2025-27363 out-of-bound write vulnerability
- Patch initially by Marc Deslauriers of Canonical
- https://www.openwall.com/lists/oss-security/2025/03/14/3
- Adjusted for EL9 by Jonathan Wright of AlmaLinux
- and a member of the Meta security team
- Resolves: RHEL-83092
freetype-devel-2.8-15.el7_9.1.x86_64.rpm - Fix for CVE-2025-27363 out-of-bound write vulnerability
- Patch initially by Marc Deslauriers of Canonical
- https://www.openwall.com/lists/oss-security/2025/03/14/3
- Adjusted for EL9 by Jonathan Wright of AlmaLinux
- and a member of the Meta security team
- Resolves: RHEL-83092
gcc-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
git-1.8.3.1-25.el7_9.1.x86_64.rpm - Fixes CVE-2025-48384
- Fix the running of test t/t5815-submodule-protos.sh
- Resolves: RHEL-61651 RHEL-102439
glibc-2.17-326.el7_9.5.x86_64.rpm - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92886)
glibc-common-2.17-326.el7_9.5.x86_64.rpm - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92886)
glibc-devel-2.17-326.el7_9.5.x86_64.rpm - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92886)
glibc-headers-2.17-326.el7_9.5.x86_64.rpm - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92886)
grub2-2.02-0.87.el7_9.15.x86_64.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-common-2.02-0.87.el7_9.15.noarch.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-efi-x64-2.02-0.87.el7_9.15.x86_64.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-pc-2.02-0.87.el7_9.15.x86_64.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-pc-modules-2.02-0.87.el7_9.15.noarch.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-tools-2.02-0.87.el7_9.15.x86_64.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-tools-extra-2.02-0.87.el7_9.15.x86_64.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
grub2-tools-minimal-2.02-0.87.el7_9.15.x86_64.rpm - Fix Out-of-bounds write in grub_net_search_config_file()
- Resolves: CVE-2025-0624
- Resolves: RHEL-81220
gstreamer1-plugins-base-1.10.4-3.el7_9.x86_64.rpm - Fixes for CVE-2024-47538, CVE-2024-47607, CVE-2024-47615
Resolves: RHEL-70973, RHEL-71009, RHEL-70985
httpd-2.4.6-99.el7_9.3.x86_64.rpm - CVE-2024-38476 httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable
- Fix regression introduced by CVE-2024-38474 fix
- Fix CVE-2024-38484 - httpd: Substitution encoding issue in mod_rewrite
- and CVE-2024-38475 - httpd: Improper escaping of output in mod_rewrite
- Fix CVE-2024-38477 - httpd: null pointer dereference in mod_proxy
httpd-tools-2.4.6-99.el7_9.3.x86_64.rpm - CVE-2024-38476 httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable
- Fix regression introduced by CVE-2024-38474 fix
- Fix CVE-2024-38484 - httpd: Substitution encoding issue in mod_rewrite
- and CVE-2024-38475 - httpd: Improper escaping of output in mod_rewrite
- Fix CVE-2024-38477 - httpd: null pointer dereference in mod_proxy
ipa-client-4.6.8-5.el7_9.19.x86_64.rpm - Resolves: RHEL-89894 ipa: Privilege escalation from host to domain admin in FreeIPA
- Rebuild to generate s390 and ppc rpm
Related: RHEL-89894
ipa-client-common-4.6.8-5.el7_9.19.noarch.rpm - Resolves: RHEL-89894 ipa: Privilege escalation from host to domain admin in FreeIPA
- Rebuild to generate s390 and ppc rpm
Related: RHEL-89894
ipa-common-4.6.8-5.el7_9.19.noarch.rpm - Resolves: RHEL-89894 ipa: Privilege escalation from host to domain admin in FreeIPA
- Rebuild to generate s390 and ppc rpm
Related: RHEL-89894
iperf3-3.1.7-3.el7_9.1.x86_64.rpm - Resolves: RHEL-72934 - Denial of Service in iperf Due to Improper JSON Handling
(CVE-2024-53580)
iwl100-firmware-39.31.5.1-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl1000-firmware-39.31.5.1-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl3945-firmware-15.32.2.9-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl4965-firmware-228.61.2.24-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl5000-firmware-8.83.5.1_1-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl5150-firmware-8.24.2.2-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl6000-firmware-9.221.4.1-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl6000g2a-firmware-18.168.6.1-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
iwl6050-firmware-41.28.5.1-84.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
java-1.8.0-openjdk-headless-1.8.0.462.b08-1.el7_9.x86_64.rpm - Update to 8u452-b09 (GA)
- Update release notes for 8u452-b09.
- Remove long option documentation from JDK-8335912/JDK-8337499 as not present in 8u
- Require tzdata 2024a due to upstream inclusion of JDK-8347965
- ** This tarball is embargoed until 2025-04-15 @ 1pm PT. **
- Resolves: RHEL-86968
- Resolves: RHEL-86611
- Update to shenandoah-jdk8u422-b05 (GA)
- Update release notes for shenandoah-8u422-b05.
- Rebase PR2462 patch following patched hunk being removed by JDK-8322106
- Switch to GA mode.
- Limit Java only tests to one architecture using jdk_test_arch
- Remove redundant prefix from remove-intree-libraries.sh to match portable
- Document policy repacking script and rename to correct spelling and style
- Sync README.md with RHEL 8
- Add missing build dependency on zlib-devel
- Add missing bundled Provides for LCMS
- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. **
- Resolves: RHEL-46862
- Resolves: RHEL-47083
- Update to shenandoah-jdk8u422-b01 (EA)
- Update release notes for shenandoah-8u422-b01.
- Switch to EA mode.
- Related: RHEL-46862
- Update to 8u462-b08 (GA)
- Update release notes for 8u462-b08.
- Require tzdata 2025b due to upstream inclusion of JDK-8352716
- Add early backport of JDK-8339414
- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. **
- Resolves: RHEL-101650
- Resolves: RHEL-102300
- Update to shenandoah-jdk8u432-b06 (GA)
- Update release notes for shenandoah-8u432-b06.
- Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration
- Add build dependency on make
- Remove redundant build dependency on gtk2-devel
- Reorganise build dependencies to retain alphabetical order for unconditional deps
- Include backport of JDK-8328999 to update giflib to 5.2.2
- Use bundled giflib as RHEL 7 version is very old (4.1.6)
- Remove lcms2 and giflib removal from remove-intree-libraries.sh as we use bundled
- List version of bundled giflib as 5.2.2 following JDK-8328999
- Add build scripts to repository to ease remembering all CentOS & RHEL targets and options
- Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency.
- fontconfig build requirement should be fontconfig-devel, previously masked by Gtk2+ dependency
- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. **
- Resolves: RHEL-58787
- Resolves: RHEL-62293
- Resolves: RHEL-62274
- Resolves: RHEL-61279
- Update to 8u442-b05 (EA).
- Update release notes for 8u442-b05.
- Switch to EA mode for pre-release.
- Resolves: RHEL-73991
- Update to 8u442-b06 (GA)
- Update release notes for 8u442-b06.
- Switch to GA mode for final release
- Resolves: RHEL-73564
kernel-3.10.0-1160.136.1.el7.x86_64.rpm - netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-89172] {CVE-2024-53141}
- block: initialize flush request via blk_mq_rq_ctx_init() (Ming Lei) [RHEL-86685]
- x86/fpu: Prevent FPU state corruption (Jay Shin) [RHEL-40475]
- x86, fpu: Introduce per-cpu in_kernel_fpu state (Jay Shin) [RHEL-40475]
- namei: ->d_inode of a pinned dentry is stable only for positives (Bill O'Donnell) [RHEL-72505]
- namei: results of d_is_negative() should be checked after dentry revalidation (Bill O'Donnell) [RHEL-72505]
- namei: d_is_negative() should be checked before ->d_seq validation (Bill O'Donnell) [RHEL-72505]
- VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk (Bill O'Donnell) [RHEL-72505]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Gonzalo Siero) [RHEL-86732] {CVE-2024-53150}
- redhat: drop Y issues from changelog (Jan Stancek)
- neighbour: fix data-races around n->output (Ivan Vecera) [RHEL-39432]
- redhat: fix create_distgit_changelog.sh to properly list Jiras on "Resolves:" line (Denys Vlasenko)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78093] {CVE-2024-53104}
- tcp: fix zero cwnd in tcp_cwnd_reduction (Yuchung Cheng) [RHEL-43212]
- epoll: fix use-after-free in eventpoll_release_file (Kenneth Yin) [RHEL-39665]
- net: fix __dst_negative_advice() race (Gonzalo Siero) [RHEL-53473] {CVE-2024-36971}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Kenton Groombridge) [RHEL-56845] {CVE-2024-41071}
- hugetlb, mempolicy: fix the mbind hugetlb migration (Rafael Aquini) [RHEL-47585]
- net: atm: fix use after free in lec_send() (Rishikesh Oak) [RHEL-93113] {CVE-2025-22004}
- net: atlantic: fix aq_vec index out of range error (Gonzalo Siero) [RHEL-100525] {CVE-2022-50066}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP (Waiman Long) [RHEL-28198]
- x86/bugs: Add X86_FEATURE_RETPOLINE (Waiman Long) [RHEL-28198]
- x86/bugs: Extend VMware Retbleed workaround to Nehalem (Waiman Long) [RHEL-46175]
- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-56609]
- cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-56609]
- proc: Use new_inode not new_inode_pseudo (Kenneth Yin) [RHEL-58926]
- lockd: RHEL-only: skip shutdown of rpc clients with outstanding notifications (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNRESET might require a rebind (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNREFUSED should cause a rebind. (Benjamin Coddington) [RHEL-29342]
- HID: core: zero-initialize the report buffer (CKI Backport Bot) [RHEL-81823] {CVE-2024-50302}
- can: bcm: Fix UAF in bcm_proc_show() (Marc Milgram) [RHEL-80731] {CVE-2023-52922}
- ALSA: usb-audio: Fix a DMA to stack memory bug (Gonzalo Siero) [RHEL-81784]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Gonzalo Siero) [RHEL-81784] {CVE-2024-53197}
- gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only do glock put in gfs2_create_inode for free inodes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix use-after-free in gfs2_logd after withdraw (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free in trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Clean up revokes on normal withdraws (Andreas Gruenbacher) [RHEL-8427]
- GFS2: gfs2_free_extlen can return an extent that is too long (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Refactor gfs2_remove_from_journal (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Only set PageChecked for jdata pages (Andreas Gruenbacher) [RHEL-8427]
- gfs2: keep bios separate for each journal (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove active journal side effect from gfs2_write_log_header (Andreas Gruenbacher) [RHEL-8427]
- gfs2: clean_journal improperly set sd_log_flush_head (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Excerpts from "Introduce new gfs2_log_header_v2" (Andreas Gruenbacher) [RHEL-8427]
- gfs2: change from write to read lock for sd_log_flush_lock in journal replay (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Reduce code redundancy writing log headers (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Grab glock reference sooner in gfs2_add_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix glock reference problem in gfs2_trans_remove_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix occasional glock use-after-free (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Make sure we don't miss any delayed withdraws (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix bad comment for trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: add some much needed cleanup for log flushes that fail (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix trans slab error when withdraw occurs inside log_flush (Andreas Gruenbacher) [RHEL-8427]
- gfs2: initialize transaction tr_ailX_lists earlier (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Remove extra "if" in gfs2_log_flush() (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free on transaction ail lists (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Trim the ordered write list in gfs2_ordered_write() (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Clean up releasepage (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only set PageChecked if we have a transaction (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix case in which ail writes are done to jdata holes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: simplify gfs2_block_map (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove unused gfs2_iomap_alloc argument (Andreas Gruenbacher) [RHEL-8427]
- netfilter: ipset: fix ip_set_list allocation failure (Phil Sutter) [RHEL-6204]
- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-37473]
- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-37473]
- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless assignment (Bob Peterson) [RHEL-37473]
- gfs2: simplify slot_get (Bob Peterson) [RHEL-37473]
- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-37473]
- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-37473]
- gfs2: use constant for array size (Bob Peterson) [RHEL-37473]
- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-37473]
- gfs2: Fix "Change inode qa_data to allow multiple users" backport (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless err set (Bob Peterson) [RHEL-37473]
- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-37473]
- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-37473]
- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-37473]
- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-37473]
- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-37473]
- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-37473]
- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-37473]
- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-37473]
- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-37473]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- VFS: Impose ordering on accesses of d_inode and d_flags (Ian Kent) [RHEL-56621]
- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [RHEL-8203]
- scsi: smartpqi: Fix duplicate device nodes for tape changers (Don Brace) [RHEL-8203]
- redhat: kernel.spec: run initramfs generation in %post (not only in %posttrans) (Denys Vlasenko) [RHEL-3292]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2068267] {CVE-2022-1011}
kernel-devel-3.10.0-1160.136.1.el7.x86_64.rpm - netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-89172] {CVE-2024-53141}
- block: initialize flush request via blk_mq_rq_ctx_init() (Ming Lei) [RHEL-86685]
- x86/fpu: Prevent FPU state corruption (Jay Shin) [RHEL-40475]
- x86, fpu: Introduce per-cpu in_kernel_fpu state (Jay Shin) [RHEL-40475]
- namei: ->d_inode of a pinned dentry is stable only for positives (Bill O'Donnell) [RHEL-72505]
- namei: results of d_is_negative() should be checked after dentry revalidation (Bill O'Donnell) [RHEL-72505]
- namei: d_is_negative() should be checked before ->d_seq validation (Bill O'Donnell) [RHEL-72505]
- VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk (Bill O'Donnell) [RHEL-72505]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Gonzalo Siero) [RHEL-86732] {CVE-2024-53150}
- redhat: drop Y issues from changelog (Jan Stancek)
- neighbour: fix data-races around n->output (Ivan Vecera) [RHEL-39432]
- redhat: fix create_distgit_changelog.sh to properly list Jiras on "Resolves:" line (Denys Vlasenko)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78093] {CVE-2024-53104}
- tcp: fix zero cwnd in tcp_cwnd_reduction (Yuchung Cheng) [RHEL-43212]
- epoll: fix use-after-free in eventpoll_release_file (Kenneth Yin) [RHEL-39665]
- net: fix __dst_negative_advice() race (Gonzalo Siero) [RHEL-53473] {CVE-2024-36971}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Kenton Groombridge) [RHEL-56845] {CVE-2024-41071}
- hugetlb, mempolicy: fix the mbind hugetlb migration (Rafael Aquini) [RHEL-47585]
- net: atm: fix use after free in lec_send() (Rishikesh Oak) [RHEL-93113] {CVE-2025-22004}
- net: atlantic: fix aq_vec index out of range error (Gonzalo Siero) [RHEL-100525] {CVE-2022-50066}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP (Waiman Long) [RHEL-28198]
- x86/bugs: Add X86_FEATURE_RETPOLINE (Waiman Long) [RHEL-28198]
- x86/bugs: Extend VMware Retbleed workaround to Nehalem (Waiman Long) [RHEL-46175]
- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-56609]
- cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-56609]
- proc: Use new_inode not new_inode_pseudo (Kenneth Yin) [RHEL-58926]
- lockd: RHEL-only: skip shutdown of rpc clients with outstanding notifications (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNRESET might require a rebind (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNREFUSED should cause a rebind. (Benjamin Coddington) [RHEL-29342]
- HID: core: zero-initialize the report buffer (CKI Backport Bot) [RHEL-81823] {CVE-2024-50302}
- can: bcm: Fix UAF in bcm_proc_show() (Marc Milgram) [RHEL-80731] {CVE-2023-52922}
- ALSA: usb-audio: Fix a DMA to stack memory bug (Gonzalo Siero) [RHEL-81784]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Gonzalo Siero) [RHEL-81784] {CVE-2024-53197}
- gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only do glock put in gfs2_create_inode for free inodes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix use-after-free in gfs2_logd after withdraw (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free in trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Clean up revokes on normal withdraws (Andreas Gruenbacher) [RHEL-8427]
- GFS2: gfs2_free_extlen can return an extent that is too long (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Refactor gfs2_remove_from_journal (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Only set PageChecked for jdata pages (Andreas Gruenbacher) [RHEL-8427]
- gfs2: keep bios separate for each journal (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove active journal side effect from gfs2_write_log_header (Andreas Gruenbacher) [RHEL-8427]
- gfs2: clean_journal improperly set sd_log_flush_head (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Excerpts from "Introduce new gfs2_log_header_v2" (Andreas Gruenbacher) [RHEL-8427]
- gfs2: change from write to read lock for sd_log_flush_lock in journal replay (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Reduce code redundancy writing log headers (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Grab glock reference sooner in gfs2_add_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix glock reference problem in gfs2_trans_remove_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix occasional glock use-after-free (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Make sure we don't miss any delayed withdraws (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix bad comment for trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: add some much needed cleanup for log flushes that fail (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix trans slab error when withdraw occurs inside log_flush (Andreas Gruenbacher) [RHEL-8427]
- gfs2: initialize transaction tr_ailX_lists earlier (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Remove extra "if" in gfs2_log_flush() (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free on transaction ail lists (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Trim the ordered write list in gfs2_ordered_write() (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Clean up releasepage (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only set PageChecked if we have a transaction (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix case in which ail writes are done to jdata holes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: simplify gfs2_block_map (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove unused gfs2_iomap_alloc argument (Andreas Gruenbacher) [RHEL-8427]
- netfilter: ipset: fix ip_set_list allocation failure (Phil Sutter) [RHEL-6204]
- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-37473]
- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-37473]
- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless assignment (Bob Peterson) [RHEL-37473]
- gfs2: simplify slot_get (Bob Peterson) [RHEL-37473]
- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-37473]
- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-37473]
- gfs2: use constant for array size (Bob Peterson) [RHEL-37473]
- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-37473]
- gfs2: Fix "Change inode qa_data to allow multiple users" backport (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless err set (Bob Peterson) [RHEL-37473]
- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-37473]
- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-37473]
- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-37473]
- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-37473]
- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-37473]
- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-37473]
- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-37473]
- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-37473]
- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-37473]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- VFS: Impose ordering on accesses of d_inode and d_flags (Ian Kent) [RHEL-56621]
- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [RHEL-8203]
- scsi: smartpqi: Fix duplicate device nodes for tape changers (Don Brace) [RHEL-8203]
- redhat: kernel.spec: run initramfs generation in %post (not only in %posttrans) (Denys Vlasenko) [RHEL-3292]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2068267] {CVE-2022-1011}
kernel-headers-3.10.0-1160.136.1.el7.x86_64.rpm - netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-89172] {CVE-2024-53141}
- block: initialize flush request via blk_mq_rq_ctx_init() (Ming Lei) [RHEL-86685]
- x86/fpu: Prevent FPU state corruption (Jay Shin) [RHEL-40475]
- x86, fpu: Introduce per-cpu in_kernel_fpu state (Jay Shin) [RHEL-40475]
- namei: ->d_inode of a pinned dentry is stable only for positives (Bill O'Donnell) [RHEL-72505]
- namei: results of d_is_negative() should be checked after dentry revalidation (Bill O'Donnell) [RHEL-72505]
- namei: d_is_negative() should be checked before ->d_seq validation (Bill O'Donnell) [RHEL-72505]
- VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk (Bill O'Donnell) [RHEL-72505]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Gonzalo Siero) [RHEL-86732] {CVE-2024-53150}
- redhat: drop Y issues from changelog (Jan Stancek)
- neighbour: fix data-races around n->output (Ivan Vecera) [RHEL-39432]
- redhat: fix create_distgit_changelog.sh to properly list Jiras on "Resolves:" line (Denys Vlasenko)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78093] {CVE-2024-53104}
- tcp: fix zero cwnd in tcp_cwnd_reduction (Yuchung Cheng) [RHEL-43212]
- epoll: fix use-after-free in eventpoll_release_file (Kenneth Yin) [RHEL-39665]
- net: fix __dst_negative_advice() race (Gonzalo Siero) [RHEL-53473] {CVE-2024-36971}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Kenton Groombridge) [RHEL-56845] {CVE-2024-41071}
- hugetlb, mempolicy: fix the mbind hugetlb migration (Rafael Aquini) [RHEL-47585]
- net: atm: fix use after free in lec_send() (Rishikesh Oak) [RHEL-93113] {CVE-2025-22004}
- net: atlantic: fix aq_vec index out of range error (Gonzalo Siero) [RHEL-100525] {CVE-2022-50066}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP (Waiman Long) [RHEL-28198]
- x86/bugs: Add X86_FEATURE_RETPOLINE (Waiman Long) [RHEL-28198]
- x86/bugs: Extend VMware Retbleed workaround to Nehalem (Waiman Long) [RHEL-46175]
- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-56609]
- cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-56609]
- proc: Use new_inode not new_inode_pseudo (Kenneth Yin) [RHEL-58926]
- lockd: RHEL-only: skip shutdown of rpc clients with outstanding notifications (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNRESET might require a rebind (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNREFUSED should cause a rebind. (Benjamin Coddington) [RHEL-29342]
- HID: core: zero-initialize the report buffer (CKI Backport Bot) [RHEL-81823] {CVE-2024-50302}
- can: bcm: Fix UAF in bcm_proc_show() (Marc Milgram) [RHEL-80731] {CVE-2023-52922}
- ALSA: usb-audio: Fix a DMA to stack memory bug (Gonzalo Siero) [RHEL-81784]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Gonzalo Siero) [RHEL-81784] {CVE-2024-53197}
- gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only do glock put in gfs2_create_inode for free inodes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix use-after-free in gfs2_logd after withdraw (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free in trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Clean up revokes on normal withdraws (Andreas Gruenbacher) [RHEL-8427]
- GFS2: gfs2_free_extlen can return an extent that is too long (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Refactor gfs2_remove_from_journal (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Only set PageChecked for jdata pages (Andreas Gruenbacher) [RHEL-8427]
- gfs2: keep bios separate for each journal (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove active journal side effect from gfs2_write_log_header (Andreas Gruenbacher) [RHEL-8427]
- gfs2: clean_journal improperly set sd_log_flush_head (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Excerpts from "Introduce new gfs2_log_header_v2" (Andreas Gruenbacher) [RHEL-8427]
- gfs2: change from write to read lock for sd_log_flush_lock in journal replay (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Reduce code redundancy writing log headers (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Grab glock reference sooner in gfs2_add_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix glock reference problem in gfs2_trans_remove_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix occasional glock use-after-free (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Make sure we don't miss any delayed withdraws (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix bad comment for trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: add some much needed cleanup for log flushes that fail (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix trans slab error when withdraw occurs inside log_flush (Andreas Gruenbacher) [RHEL-8427]
- gfs2: initialize transaction tr_ailX_lists earlier (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Remove extra "if" in gfs2_log_flush() (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free on transaction ail lists (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Trim the ordered write list in gfs2_ordered_write() (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Clean up releasepage (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only set PageChecked if we have a transaction (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix case in which ail writes are done to jdata holes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: simplify gfs2_block_map (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove unused gfs2_iomap_alloc argument (Andreas Gruenbacher) [RHEL-8427]
- netfilter: ipset: fix ip_set_list allocation failure (Phil Sutter) [RHEL-6204]
- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-37473]
- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-37473]
- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless assignment (Bob Peterson) [RHEL-37473]
- gfs2: simplify slot_get (Bob Peterson) [RHEL-37473]
- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-37473]
- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-37473]
- gfs2: use constant for array size (Bob Peterson) [RHEL-37473]
- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-37473]
- gfs2: Fix "Change inode qa_data to allow multiple users" backport (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless err set (Bob Peterson) [RHEL-37473]
- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-37473]
- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-37473]
- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-37473]
- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-37473]
- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-37473]
- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-37473]
- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-37473]
- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-37473]
- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-37473]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- VFS: Impose ordering on accesses of d_inode and d_flags (Ian Kent) [RHEL-56621]
- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [RHEL-8203]
- scsi: smartpqi: Fix duplicate device nodes for tape changers (Don Brace) [RHEL-8203]
- redhat: kernel.spec: run initramfs generation in %post (not only in %posttrans) (Denys Vlasenko) [RHEL-3292]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2068267] {CVE-2022-1011}
krb5-libs-1.15.1-55.el7_9.4.x86_64.rpm - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: RHEL-55453
- Remove RSA protocol for PKINIT
Resolves: RHEL-56071
- Prevent overflow when calculating ulog block size
- Resolves: RHEL-78247
- CVE-2024-37370 CVE-2024-37371
- Updated the previous commit patches
- Resolves: RHEL-45381 RHEL-45393
- CVE-2024-37370 CVE-2024-37371
- Fix vulnerabilities in GSS message token handling
- Resolves: RHEL-45381 RHEL-45393
krb5-workstation-1.15.1-55.el7_9.4.x86_64.rpm - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: RHEL-55453
- Remove RSA protocol for PKINIT
Resolves: RHEL-56071
- Prevent overflow when calculating ulog block size
- Resolves: RHEL-78247
- CVE-2024-37370 CVE-2024-37371
- Updated the previous commit patches
- Resolves: RHEL-45381 RHEL-45393
- CVE-2024-37370 CVE-2024-37371
- Fix vulnerabilities in GSS message token handling
- Resolves: RHEL-45381 RHEL-45393
libblockdev-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-crypto-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-fs-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-loop-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-lvm-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-mdraid-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-part-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-swap-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libblockdev-utils-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
libgcc-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
libgfortran-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
libgomp-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
libgudev1-219-78.el7_9.11.x86_64.rpm - fstab-generator: Chase symlinks where possible (#6293) (RHEL-17394)
- call chase_symlinks without the /sysroot prefix (#6411) (RHEL-17394)
- fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281) (RHEL-17394)
- Add $SYSTEMD_IN_INITRD=yes|no override for debugging (RHEL-17394)
- escape: call unit_name_is_valid() with correct flags (RHEL-17394)
- fstab-generator: fix ordering of /sysroot/usr mount (RHEL-17394)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-17394)
- pager: set $LESSSECURE whenver we invoke a pager (RHEL-35665)
- pager: make pager secure when under euid is changed or explicitly requested (RHEL-35665)
libkadm5-1.15.1-55.el7_9.4.x86_64.rpm - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: RHEL-55453
- Remove RSA protocol for PKINIT
Resolves: RHEL-56071
- Prevent overflow when calculating ulog block size
- Resolves: RHEL-78247
- CVE-2024-37370 CVE-2024-37371
- Updated the previous commit patches
- Resolves: RHEL-45381 RHEL-45393
- CVE-2024-37370 CVE-2024-37371
- Fix vulnerabilities in GSS message token handling
- Resolves: RHEL-45381 RHEL-45393
libndp-1.2-10.el7_9.x86_64.rpm - libndp: close sockfd after using to avoid handle leak
- Validate route information option length
libquadmath-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
libsoup-2.62.2-7.el7_9.x86_64.rpm - Rebuild to generate s390 and ppc rpm
- Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names
- Resolves: RHEL-67071
- Backport patches for various CVEs, plus test improvements
Resolves: RHEL-93782
Resolves: RHEL-93797
Resolves: RHEL-93799
- Add patches to improve test reliability
- Backport patches for various CVEs
Resolves: RHEL-92276
Resolves: RHEL-95752
Resolves: RHEL-95753
Resolves: RHEL-95755
- Backport upstream patch for CVE-2024-52531 - buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
Resolves: RHEL-76375
libstdc++-4.8.5-45.el7_9.x86_64.rpm - rebuild for CVE-2020-11023 (RHEL-78445)
libxml2-2.9.1-6.el7_9.13.x86_64.rpm - Fix CVE-2025-32415 (RHEL-100175)
- Fix CVE-2025-24928 (RHEL-80136)
- Bump the release version due to wrong revert
- Modification in patch
- Fix CVE-2025-7425 (RHEL-102796)
- Fix CVE-2024-56171 (RHEL-80121)
- Fix CVE-2025-7425 (RHEL-102796)
- Fix CVE-2025-32414 (RHEL-99863)
- Fix CVE-2025-6021 (RHEL-96497)
- Fix CVE-2025-49794 (RHEL-97060)
- Fix CVE-2025-49796 (RHEL-97063)
libxml2-python-2.9.1-6.el7_9.13.x86_64.rpm - Fix CVE-2025-32415 (RHEL-100175)
- Fix CVE-2025-24928 (RHEL-80136)
- Bump the release version due to wrong revert
- Modification in patch
- Fix CVE-2025-7425 (RHEL-102796)
- Fix CVE-2024-56171 (RHEL-80121)
- Fix CVE-2025-7425 (RHEL-102796)
- Fix CVE-2025-32414 (RHEL-99863)
- Fix CVE-2025-6021 (RHEL-96497)
- Fix CVE-2025-49794 (RHEL-97060)
- Fix CVE-2025-49796 (RHEL-97063)
libxslt-1.1.28-9.el7_9.x86_64.rpm - Fix CVE-2024-55549 (RHEL-83505)
- Bump up the release version due to adding patch information in prep (RHEL-87781)
- Fix CVE-2025-24855 (RHEL-83491)
linux-firmware-20200421-84.git78c0348.el7_9.noarch.rpm - AMD: microcode fix for SMM Lock Bypass (RHEL-35552)
Resolves: RHEL-35552
microcode_ctl-2.1-73.24.el7_9.x86_64.rpm - Update Intel CPU microcode to microcode-20241112 release, addresses
CVE-2024-21820, CVE-2024-21853, CVE-2024-23918, CVE-2024-23984,
CVE-2024-24853, CVE-2024-24968, CVE-2024-24980, CVE-2024-25939 (RHEL-67363):
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb6 up to 0xb8;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5003605 up to 0x5003707;
- Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802
up to 0x7002904;
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1
up to 0xd0003e7;
- Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290
up to 0x10002b0;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4
up to 0xc6;
- Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up
to 0x38;
- Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up
to 0x52;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xf4
up to 0xf6;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xf4 up to 0xf6;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xf4 up to 0xf6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xf4 up
to 0xf6;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xfa up to 0xfc;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b0005c0
up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b0005c0
up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision
0x2b0005c0 up to 0x2b000603;
- Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up
to 0x1a;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x35 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x35 up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x37;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x35 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35
up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x37;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x433 up to 0x435;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x433 up to 0x435;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x433 up to 0x435;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433
up to 0x435;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xf6 up to 0xf8;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xf4
up to 0xf6;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xf6 up to 0xf8;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xfc up to 0x100;
- Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up
to 0xfc;
- Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa
up to 0xfc;
- Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa
up to 0xfc;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa
up to 0xfe;
- Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xfa up to 0xfc;
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up
to 0x62;
- Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c
up to 0x20;
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up
to 0x12b;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4121 up to 0x4123;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4121 up to 0x4123;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4121 up to 0x4123;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4121 up to 0x4123;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121
up to 0x4123;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4121 up to 0x4123;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4123;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4123;
- Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4123;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up
to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x35 up to 0x37;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x35 up to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up
to 0x37;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000230
up to 0x21000283;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in
intel-ucode/06-cf-01) from revision 0x21000230 up to 0x21000283;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in
intel-ucode/06-cf-02) from revision 0x21000230 up to 0x21000283;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000230
up to 0x21000283;
- Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up
to 0x1a (old pf 0x11).
- Update Intel CPU microcode to microcode-20250211 release, addresses
CVE-2023-34440, CVE-2023-43758, CVE-2024-24582, CVE-2024-28047,
CVE-2024-28127, CVE-2024-29214, CVE-2024-31068, CVE-2024-31157,
CVE-2024-37020, CVE-2024-39279, CVE-2024-39355, CVE-2024-36293 (RHEL-79190,
RHEL-79192, RHEL-79194, RHEL-79196, RHEL-79207):
- Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) at
revision 0x38;
- Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) at
revision 0x38;
- Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) at
revision 0x38;
- Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) at
revision 0x38;
- Addition of 06-af-03/0x01 (SRF-SP C0) microcode at revision 0x3000330;
- Addition of 06-b7-04/0x32 microcode (in intel-ucode/06-b7-01) at
revision 0x12c;
- Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-02) at
revision 0x38;
- Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-02) at
revision 0x38;
- Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-05) at
revision 0x38;
- Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-05) at
revision 0x38;
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003e7
up to 0xd0003f5;
- Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x10002b0
up to 0x10002c0;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision
0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b000603
up to 0x2b000620;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-05) from revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from
revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-06) from revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-06/0x10 microcode from revision 0x2c000390 up to
0x2c0003e0;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b000603
up to 0x2b000620;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-06) from revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b000603 up to 0x2b000620;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-08) from
revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-08) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-08) from revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-08) from
revision 0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-08) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b000603 up to 0x2b000620;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode from revision
0x2c000390 up to 0x2c0003e0;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision
0x2b000603 up to 0x2b000620;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x37 up to 0x38;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x37 up to 0x38;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x37 up to 0x38;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x37 up to 0x38;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x37 up to 0x38;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x37
up to 0x38;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x37 up to 0x38;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x37 up to 0x38;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x435 up to 0x436;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x435 up to 0x436;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x435 up to 0x436;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x435
up to 0x436;
- Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x7 up
to 0x9;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xf8 up to 0xfa;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0x100 up to 0x102;
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x62 up
to 0x63;
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x12b up
to 0x12c;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4123 up to 0x4124;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4123 up to 0x4124;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4123 up to 0x4124;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4123 up to 0x4124;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4123
up to 0x4124;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4123 up to 0x4124;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4123 up to 0x4124;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4123 up to 0x4124;
- Update of 06-ba-08/0xe0 microcode from revision 0x4123 up to 0x4124;
- Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x1a up
to 0x1c;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x37 up to 0x38;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x37 up to 0x38;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x37 up
to 0x38;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x37 up to 0x38;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x37 up to 0x38;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x37 up to 0x38;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x37 up to 0x38;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x37 up
to 0x38;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000283
up to 0x21000291;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in
intel-ucode/06-cf-01) from revision 0x21000283 up to 0x21000291;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in
intel-ucode/06-cf-02) from revision 0x21000283 up to 0x21000291;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000283
up to 0x21000291.
- Add a caveat to provide ability to persistently disable SPR-EE updates
beyond 0x2b0005c0 on systems where absence of latency spikes
is more important than lack of the latest CVE mitigations.
- Update Intel CPU microcode to microcode-20250512 release, addresses
CVE-2024-28956:
- Addition of 06-8f-04/0x10 microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
- Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
- Addition of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
- Addition of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
- Addition of 06-8f-06/0x10 microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
- Addition of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
- Addition of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
- Addition of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
- Addition of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
- Addition of 06-ad-01/0x20 (GNR-AP/SP H0) microcode at revision
0xa0000d1;
- Addition of 06-ad-01/0x95 (GNR-AP/SP B0) microcode at revision
0x10003a2;
- Addition of 06-b5-00/0x80 (ARL-U A1) microcode at revision 0xa;
- Addition of 06-bd-01/0x80 (LNL B0) microcode at revision 0x11f;
- Addition of 06-c5-02/0x82 (ARL-H A1) microcode at revision 0x118;
- Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode (in
intel-ucode/06-c5-02) at revision 0x118;
- Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c5-02) at
revision 0x118;
- Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c5-02) at
revision 0x118;
- Addition of 06-c5-02/0x82 (ARL-H A1) microcode (in
intel-ucode/06-c6-02) at revision 0x118;
- Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode at revision
0x118;
- Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c6-02) at
revision 0x118;
- Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c6-02) at
revision 0x118;
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb8 up to 0xbc;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
revision 0xfc up to 0x100;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0x102 up
to 0x104;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5003707 up to 0x5003901;
- Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002904
up to 0x7002b01;
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003f5
up to 0xd000404;
- Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x10002c0
up to 0x10002d0;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x24 up
to 0x26;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc6
up to 0xca;
- Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x38 up
to 0x3c;
- Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x52 up
to 0x56;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision
0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b000620
up to 0x2b000639;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from
revision 0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-06/0x10 microcode from revision 0x2c0003e0 up to
0x2c0003f7;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b000620
up to 0x2b000639;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b000620 up to 0x2b000639;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x38 up to 0x3a;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x38 up to 0x3a;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x38 up to 0x3a;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x38 up to 0x3a;
- Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) from
revision 0x38 up to 0x3a;
- Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) from
revision 0x38 up to 0x3a;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x38 up to 0x3a;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x38
up to 0x3a;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x38 up to 0x3a;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x38 up to 0x3a;
- Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) from
revision 0x38 up to 0x3a;
- Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) from
revision 0x38 up to 0x3a;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x436 up to 0x437;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x436 up to 0x437;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x436 up to 0x437;
- Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x9 up
to 0xa;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x436
up to 0x437;
- Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfc up
to 0x100;
- Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfc
up to 0x100;
- Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfc
up to 0x100;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfe
up to 0x102;
- Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xfc up to 0x100;
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x63 up
to 0x64;
- Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x20
up to 0x24;
- Update of 06-af-03/0x01 (SRF-SP C0) microcode from revision 0x3000330
up to 0x3000341;
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x12c up
to 0x12f;
- Update of 06-b7-04/0x32 microcode (in intel-ucode/06-b7-01) from
revision 0x12c up to 0x12f;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4124 up to 0x4128;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4124 up to 0x4128;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4124 up to 0x4128;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4124 up to 0x4128;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4124
up to 0x4128;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4124 up to 0x4128;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128;
- Update of 06-ba-08/0xe0 microcode from revision 0x4124 up to 0x4128;
- Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x1c up
to 0x1d;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x38 up to 0x3a;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x38 up to 0x3a;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x38 up
to 0x3a;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x38 up to 0x3a;
- Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-02) from
revision 0x38 up to 0x3a;
- Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-02) from
revision 0x38 up to 0x3a;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x38 up to 0x3a;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x38 up to 0x3a;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x38 up to 0x3a;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x38 up
to 0x3a;
- Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-05) from
revision 0x38 up to 0x3a;
- Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-05) from
revision 0x38 up to 0x3a;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000291
up to 0x210002a9;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in
intel-ucode/06-cf-01) from revision 0x21000291 up to 0x210002a9;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in
intel-ucode/06-cf-02) from revision 0x21000291 up to 0x210002a9;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000291
up to 0x210002a9;
- Update Intel CPU microcode to microcode-20240531 release, addresses
CVE-2023-22655, CVE-2023-23583. CVE-2023-28746, CVE-2023-38575,
CVE-2023-39368, CVE-2023-42667, CVE-2023-43490, CVE-2023-45733,
CVE-2023-46103, CVE-2023-49141 (RHEL-30837, RHEL-30843, RHEL-30847,
RHEL-30851, RHEL-30854):
- Addition of 06-aa-04/0xe6 (MTL-H/U C0) microcode at revision 0x1c;
- Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) at
revision 0x4121;
- Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) at
revision 0x4121;
- Addition of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) at revision 0x4121;
- Addition of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) at revision 0x4121;
- Addition of 06-ba-08/0xe0 microcode at revision 0x4121;
- Addition of 06-cf-01/0x87 (EMR-SP A0) microcode at revision
0x21000230;
- Addition of 06-cf-02/0x87 (EMR-SP A1) microcode (in
intel-ucode/06-cf-01) at revision 0x21000230;
- Addition of 06-cf-01/0x87 (EMR-SP A0) microcode (in
intel-ucode/06-cf-02) at revision 0x21000230;
- Addition of 06-cf-02/0x87 (EMR-SP A1) microcode at revision
0x21000230;
- Removal of 06-8f-04/0x10 microcode at revision 0x2c000290;
- Removal of 06-8f-04/0x87 (SPR-SP E0/S1) microcode at revision
0x2b0004d0;
- Removal of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-04) at revision 0x2c000290;
- Removal of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-04) at revision 0x2b0004d0;
- Removal of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-04) at
revision 0x2c000290;
- Removal of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-04) at revision 0x2b0004d0;
- Removal of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-04) at revision 0x2b0004d0;
- Removal of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-04) at revision 0x2c000290;
- Removal of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-04) at revision 0x2b0004d0;
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb4 up to 0xb6;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000181
up to 0x1000191;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003604
up to 0x4003605;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5003604 up to 0x5003605;
- Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002703
up to 0x7002802;
- Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision
0xe000014 up to 0xe000015;
- Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x38 up
to 0x3e;
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003b9
up to 0xd0003d1;
- Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000268
up to 0x1000290;
- Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3e up
to 0x42;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x22 up
to 0x24;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc2
up to 0xc4;
- Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x34 up
to 0x36;
- Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x4e up
to 0x50;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xf8 up to 0xfa;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision
0x2c000290 up to 0x2c000390;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b0004d0
up to 0x2b0005c0;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from
revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-05) from revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from
revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-06) from revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-06/0x10 microcode from revision 0x2c000290 up to
0x2c000390;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b0004d0
up to 0x2b0005c0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
intel-ucode/06-8f-06) from revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-08) from
revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
intel-ucode/06-8f-08) from revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-08) from
revision 0x2c000290 up to 0x2c000390;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0004d0 up to 0x2b0005c0;
- Update of 06-8f-08/0x10 (SPR-HBM B3) microcode from revision
0x2c000290 up to 0x2c000390;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision
0x2b0004d0 up to 0x2b0005c0;
- Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x17 up
to 0x19;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x32 up to 0x35;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x32 up to 0x35;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x32 up to 0x35;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x32 up to 0x35;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x32 up to 0x35;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x32
up to 0x35;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x32 up to 0x35;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x32 up to 0x35;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x430 up to 0x433;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x430 up to 0x433;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x430 up to 0x433;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x430
up to 0x433;
- Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x5 up
to 0x7;
- Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x24000024
up to 0x24000026;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xf4 up to 0xf8;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xf4 up to 0xf6;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xf4 up to 0xf6;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xfa up to 0xfc;
- Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xf8 up
to 0xfa;
- Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xf8
up to 0xfa;
- Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xf8
up to 0xfa;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xf8
up to 0xfa;
- Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xf8 up to 0xfa;
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5d up
to 0x5e;
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x11d up
to 0x123;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x411c up to 0x4121;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x411c up to 0x4121;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x411c up to 0x4121;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x411c
up to 0x4121;
- Update of 06-be-00/0x11 (ADL-N A0) microcode from revision 0x12 up
to 0x17;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x32 up to 0x35;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x32 up to 0x35;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x32 up
to 0x35;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x32 up to 0x35;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x32 up to 0x35;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x32 up to 0x35;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x32 up to 0x35;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x32 up
to 0x35.
mod_ssl-2.4.6-99.el7_9.3.x86_64.rpm - CVE-2024-38476 httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable
- Fix regression introduced by CVE-2024-38474 fix
- Fix CVE-2024-38484 - httpd: Substitution encoding issue in mod_rewrite
- and CVE-2024-38475 - httpd: Improper escaping of output in mod_rewrite
- Fix CVE-2024-38477 - httpd: null pointer dereference in mod_proxy
mpfr-3.1.1-4.el7_9.3.x86_64.rpm - Ensure previous 32-bit and current 64-bit binaries cannot coexist
- Rebuild for RHEL-100176
- Fix buffer overflow in mpfr_strtofr (CVE-2014-9474)
nscd-2.17-326.el7_9.5.x86_64.rpm - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92886)
pam-1.1.8-23.el7_9.1.x86_64.rpm - pam_namespace: fix potential privilege escalation.
Resolves: CVE-2025-6020 and RHEL-100405
pcs-0.9.169-3.el7_9.4.x86_64.rpm - Update rubygem rack
- Upgrade jquery in web-ui
- Resolves: rhbz#2099578 rhbz#2093232
- Update rubygem rack
- Upgrade jquery in web-ui
- Resolves: rhbz#2099578 rhbz#2093232
- Explicitly close libcurl connections to prevent stalled TCP connections in CLOSE-WAIT state
- Added support for loading DH keys from a file
- Resolves: rhbz#1870551 rhbz#1888479
- Fixed CVE-2025-46727 by updating bundled rubygem rack
Resolves: RHEL-90156
- Explicitly close libcurl connections to prevent stalled TCP connections in CLOSE-WAIT state
- Added support for loading DH keys from a file
- Resolves: rhbz#1870551 rhbz#1888479
perl-Git-1.8.3.1-25.el7_9.1.noarch.rpm - Fixes CVE-2025-48384
- Fix the running of test t/t5815-submodule-protos.sh
- Resolves: RHEL-61651 RHEL-102439
postgresql-9.2.24-9.el7_9.3.x86_64.rpm - Fix CVE-2021-32027
- Resolves: #1964507
- Backport fix for CVE-2024-7348
- Resolves: RHEL-53917
- Backport fix for CVE-2025-1094
Resolves: RHEL-83395
- Backport fix for CVE-2024-10979
- Resolves: RHEL-67749
- Fix CVE-2021-32027
- Resolves: #1964507
postgresql-libs-9.2.24-9.el7_9.3.x86_64.rpm - Fix CVE-2021-32027
- Resolves: #1964507
- Backport fix for CVE-2024-7348
- Resolves: RHEL-53917
- Backport fix for CVE-2025-1094
Resolves: RHEL-83395
- Backport fix for CVE-2024-10979
- Resolves: RHEL-67749
- Fix CVE-2021-32027
- Resolves: #1964507
postgresql-server-9.2.24-9.el7_9.3.x86_64.rpm - Fix CVE-2021-32027
- Resolves: #1964507
- Backport fix for CVE-2024-7348
- Resolves: RHEL-53917
- Backport fix for CVE-2025-1094
Resolves: RHEL-83395
- Backport fix for CVE-2024-10979
- Resolves: RHEL-67749
- Fix CVE-2021-32027
- Resolves: #1964507
python-jinja2-2.7.2-5.el7_9.noarch.rpm - Security fix for CVE-2024-56326
Resolves: RHEL-74675
python-perf-3.10.0-1160.136.1.el7.x86_64.rpm - netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-89172] {CVE-2024-53141}
- block: initialize flush request via blk_mq_rq_ctx_init() (Ming Lei) [RHEL-86685]
- x86/fpu: Prevent FPU state corruption (Jay Shin) [RHEL-40475]
- x86, fpu: Introduce per-cpu in_kernel_fpu state (Jay Shin) [RHEL-40475]
- namei: ->d_inode of a pinned dentry is stable only for positives (Bill O'Donnell) [RHEL-72505]
- namei: results of d_is_negative() should be checked after dentry revalidation (Bill O'Donnell) [RHEL-72505]
- namei: d_is_negative() should be checked before ->d_seq validation (Bill O'Donnell) [RHEL-72505]
- VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk (Bill O'Donnell) [RHEL-72505]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Gonzalo Siero) [RHEL-86732] {CVE-2024-53150}
- redhat: drop Y issues from changelog (Jan Stancek)
- neighbour: fix data-races around n->output (Ivan Vecera) [RHEL-39432]
- redhat: fix create_distgit_changelog.sh to properly list Jiras on "Resolves:" line (Denys Vlasenko)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78093] {CVE-2024-53104}
- tcp: fix zero cwnd in tcp_cwnd_reduction (Yuchung Cheng) [RHEL-43212]
- epoll: fix use-after-free in eventpoll_release_file (Kenneth Yin) [RHEL-39665]
- net: fix __dst_negative_advice() race (Gonzalo Siero) [RHEL-53473] {CVE-2024-36971}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Kenton Groombridge) [RHEL-56845] {CVE-2024-41071}
- hugetlb, mempolicy: fix the mbind hugetlb migration (Rafael Aquini) [RHEL-47585]
- net: atm: fix use after free in lec_send() (Rishikesh Oak) [RHEL-93113] {CVE-2025-22004}
- net: atlantic: fix aq_vec index out of range error (Gonzalo Siero) [RHEL-100525] {CVE-2022-50066}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28198] {CVE-2024-2201}
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP (Waiman Long) [RHEL-28198]
- x86/bugs: Add X86_FEATURE_RETPOLINE (Waiman Long) [RHEL-28198]
- x86/bugs: Extend VMware Retbleed workaround to Nehalem (Waiman Long) [RHEL-46175]
- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-56609]
- cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-56609]
- proc: Use new_inode not new_inode_pseudo (Kenneth Yin) [RHEL-58926]
- lockd: RHEL-only: skip shutdown of rpc clients with outstanding notifications (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNRESET might require a rebind (Benjamin Coddington) [RHEL-29342]
- SUNRPC: ECONNREFUSED should cause a rebind. (Benjamin Coddington) [RHEL-29342]
- HID: core: zero-initialize the report buffer (CKI Backport Bot) [RHEL-81823] {CVE-2024-50302}
- can: bcm: Fix UAF in bcm_proc_show() (Marc Milgram) [RHEL-80731] {CVE-2023-52922}
- ALSA: usb-audio: Fix a DMA to stack memory bug (Gonzalo Siero) [RHEL-81784]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Gonzalo Siero) [RHEL-81784] {CVE-2024-53197}
- gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only do glock put in gfs2_create_inode for free inodes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix use-after-free in gfs2_logd after withdraw (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free in trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Clean up revokes on normal withdraws (Andreas Gruenbacher) [RHEL-8427]
- GFS2: gfs2_free_extlen can return an extent that is too long (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Refactor gfs2_remove_from_journal (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Only set PageChecked for jdata pages (Andreas Gruenbacher) [RHEL-8427]
- gfs2: keep bios separate for each journal (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove active journal side effect from gfs2_write_log_header (Andreas Gruenbacher) [RHEL-8427]
- gfs2: clean_journal improperly set sd_log_flush_head (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Excerpts from "Introduce new gfs2_log_header_v2" (Andreas Gruenbacher) [RHEL-8427]
- gfs2: change from write to read lock for sd_log_flush_lock in journal replay (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Reduce code redundancy writing log headers (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Grab glock reference sooner in gfs2_add_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix glock reference problem in gfs2_trans_remove_revoke (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix occasional glock use-after-free (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Make sure we don't miss any delayed withdraws (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix bad comment for trans_drain (Andreas Gruenbacher) [RHEL-8427]
- gfs2: add some much needed cleanup for log flushes that fail (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix trans slab error when withdraw occurs inside log_flush (Andreas Gruenbacher) [RHEL-8427]
- gfs2: initialize transaction tr_ailX_lists earlier (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Remove extra "if" in gfs2_log_flush() (Andreas Gruenbacher) [RHEL-8427]
- gfs2: fix use-after-free on transaction ail lists (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Trim the ordered write list in gfs2_ordered_write() (Andreas Gruenbacher) [RHEL-8427]
- GFS2: Clean up releasepage (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Only set PageChecked if we have a transaction (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Fix case in which ail writes are done to jdata holes (Andreas Gruenbacher) [RHEL-8427]
- gfs2: simplify gfs2_block_map (Andreas Gruenbacher) [RHEL-8427]
- gfs2: Remove unused gfs2_iomap_alloc argument (Andreas Gruenbacher) [RHEL-8427]
- netfilter: ipset: fix ip_set_list allocation failure (Phil Sutter) [RHEL-6204]
- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-37473]
- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-37473]
- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-37473]
- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-37473]
- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless assignment (Bob Peterson) [RHEL-37473]
- gfs2: simplify slot_get (Bob Peterson) [RHEL-37473]
- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-37473]
- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-37473]
- gfs2: use constant for array size (Bob Peterson) [RHEL-37473]
- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-37473]
- gfs2: Fix "Change inode qa_data to allow multiple users" backport (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Remove useless err set (Bob Peterson) [RHEL-37473]
- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-37473]
- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-37473]
- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-37473]
- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-37473]
- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-37473]
- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-37473]
- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-37473]
- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-37473]
- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-37473]
- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-37473]
- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-37473]
- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-37473]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- VFS: Impose ordering on accesses of d_inode and d_flags (Ian Kent) [RHEL-56621]
- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [RHEL-8203]
- scsi: smartpqi: Fix duplicate device nodes for tape changers (Don Brace) [RHEL-8203]
- redhat: kernel.spec: run initramfs generation in %post (not only in %posttrans) (Denys Vlasenko) [RHEL-3292]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2068267] {CVE-2022-1011}
python-setuptools-0.9.8-7.el7_9.2.noarch.rpm - Security fix for CVE-2024-6345
Resolves: RHEL-49996
- Security fix for CVE-2025-47273
Resolves: RHEL-96801
python2-blockdev-2.18-5.el7_9.2.x86_64.rpm - Fix - Don't allow suid and dev set on fs resize (CVE-2025-6019)
Resolves: RHEL-97804
- Version bump for s390 and ppc builds
- Resolves: RHEL-104554
python2-ipaclient-4.6.8-5.el7_9.19.noarch.rpm - Resolves: RHEL-89894 ipa: Privilege escalation from host to domain admin in FreeIPA
- Rebuild to generate s390 and ppc rpm
Related: RHEL-89894
python2-ipalib-4.6.8-5.el7_9.19.noarch.rpm - Resolves: RHEL-89894 ipa: Privilege escalation from host to domain admin in FreeIPA
- Rebuild to generate s390 and ppc rpm
Related: RHEL-89894
python3-3.6.8-21.el7_9.1.x86_64.rpm - Security fix for CVE-2024-6232
Resolves: RHEL-67150
python3-libs-3.6.8-21.el7_9.1.x86_64.rpm - Security fix for CVE-2024-6232
Resolves: RHEL-67150
python3-setuptools-39.2.0-10.el7_9.2.noarch.rpm - Fix: CVE-2025-47273
- Resolves: RHEL-96797
- Fix: CVE-2024-6345
- Resolves: RHEL-49977
- Add a workaround for a bug in bytecompilation (rhbz#1691402)
Resolves: rhbz#1660563
rsync-3.1.2-12.el7_9.1.x86_64.rpm - Fix Info Leak via Uninitialized Stack Contents (CVE-2024-12085)
sos-3.9-5.el7_9.13.noarch.rpm - [leapp] Add preupgrade log to the leapp sos plugin
Resolves: RHEL-54537
sqlite-3.7.17-9.el7_9.1.x86_64.rpm - Fixed CVE-2025-6965
- Resolves: RHEL-105172
- Fixes for CVE-2019-13734 (#1786506)
- Fixes for CVE-2019-13734 (#1786505)
sudo-1.8.23-10.el7_9.4.x86_64.rpm RHEL 7.9.Z ERRATUM
- CVE-2025-32462 sudo: LPE via host option
Resolves: RHEL-100010
systemd-219-78.el7_9.11.x86_64.rpm - fstab-generator: Chase symlinks where possible (#6293) (RHEL-17394)
- call chase_symlinks without the /sysroot prefix (#6411) (RHEL-17394)
- fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281) (RHEL-17394)
- Add $SYSTEMD_IN_INITRD=yes|no override for debugging (RHEL-17394)
- escape: call unit_name_is_valid() with correct flags (RHEL-17394)
- fstab-generator: fix ordering of /sysroot/usr mount (RHEL-17394)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-17394)
- pager: set $LESSSECURE whenver we invoke a pager (RHEL-35665)
- pager: make pager secure when under euid is changed or explicitly requested (RHEL-35665)
systemd-libs-219-78.el7_9.11.x86_64.rpm - fstab-generator: Chase symlinks where possible (#6293) (RHEL-17394)
- call chase_symlinks without the /sysroot prefix (#6411) (RHEL-17394)
- fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281) (RHEL-17394)
- Add $SYSTEMD_IN_INITRD=yes|no override for debugging (RHEL-17394)
- escape: call unit_name_is_valid() with correct flags (RHEL-17394)
- fstab-generator: fix ordering of /sysroot/usr mount (RHEL-17394)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-17394)
- pager: set $LESSSECURE whenver we invoke a pager (RHEL-35665)
- pager: make pager secure when under euid is changed or explicitly requested (RHEL-35665)
systemd-python-219-78.el7_9.11.x86_64.rpm - fstab-generator: Chase symlinks where possible (#6293) (RHEL-17394)
- call chase_symlinks without the /sysroot prefix (#6411) (RHEL-17394)
- fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281) (RHEL-17394)
- Add $SYSTEMD_IN_INITRD=yes|no override for debugging (RHEL-17394)
- escape: call unit_name_is_valid() with correct flags (RHEL-17394)
- fstab-generator: fix ordering of /sysroot/usr mount (RHEL-17394)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-17394)
- pager: set $LESSSECURE whenver we invoke a pager (RHEL-35665)
- pager: make pager secure when under euid is changed or explicitly requested (RHEL-35665)
systemd-sysv-219-78.el7_9.11.x86_64.rpm - fstab-generator: Chase symlinks where possible (#6293) (RHEL-17394)
- call chase_symlinks without the /sysroot prefix (#6411) (RHEL-17394)
- fstab-generator: downgrade message when we can't canonicalize fstab entries (#8281) (RHEL-17394)
- Add $SYSTEMD_IN_INITRD=yes|no override for debugging (RHEL-17394)
- escape: call unit_name_is_valid() with correct flags (RHEL-17394)
- fstab-generator: fix ordering of /sysroot/usr mount (RHEL-17394)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-17394)
- pager: set $LESSSECURE whenver we invoke a pager (RHEL-35665)
- pager: make pager secure when under euid is changed or explicitly requested (RHEL-35665)
tuned-2.11.0-13.el7_9.noarch.rpm - Added sanity checks for API methods parameters, (CVE-2024-52337)
Resolves: RHEL-68061
tzdata-2025b-1.el7.noarch.rpm - Update to tzdata-2025a (RHEL-74311)
- Paraguay is now permanently at -03. This impacts timestamps
starting on 2025-03-22.
- Includes improvements to pre-1991 data for the Philippines.
- Etc/Unknown is now reserved.
- Update to tzdata-2025b (RHEL-84755)
- Chile's Aysén Region moves from -04/-03
to -03 year-round, diverging from America/Santiago and
creating a new zone America/Coyhaique.
- Harden against links to removed zones (RHEL-61600)
- Update to tzdata-2024b
- Improve historical data for Mexico, Mongolia, and Portugal.
- System V names are now obsolescent.
- The main data form now uses %z.
- The code now conforms to RFC 8536 for early timestamps.
- Support POSIX.1-2024, which removes asctime_r and ctime_r.
- Assume POSIX.2-1992 or later for shell scripts.
- SUPPORT_C89 now defaults to 1.
- Include two upstream patches for month names as in April vs Apr.
tzdata-java-2025b-1.el7.noarch.rpm - Update to tzdata-2025a (RHEL-74311)
- Paraguay is now permanently at -03. This impacts timestamps
starting on 2025-03-22.
- Includes improvements to pre-1991 data for the Philippines.
- Etc/Unknown is now reserved.
- Update to tzdata-2025b (RHEL-84755)
- Chile's Aysén Region moves from -04/-03
to -03 year-round, diverging from America/Santiago and
creating a new zone America/Coyhaique.
- Harden against links to removed zones (RHEL-61600)
- Update to tzdata-2024b
- Improve historical data for Mexico, Mongolia, and Portugal.
- System V names are now obsolescent.
- The main data form now uses %z.
- The code now conforms to RFC 8536 for early timestamps.
- Support POSIX.1-2024, which removes asctime_r and ctime_r.
- Assume POSIX.2-1992 or later for shell scripts.
- SUPPORT_C89 now defaults to 1.
- Include two upstream patches for month names as in April vs Apr.
unbound-libs-1.6.6-5.el7_9.1.x86_64.rpm - Fix incomplete amplifying-an-incoming-query patch
- Resolves: rhbz#1846424
- Fix incomplete amplifying-an-incoming-query patch
- Resolves: rhbz#1846425
- Fix amplifying an incoming query into a large number of queries directed to a target
- Resolves: rhbz#1839174 (CVE-2020-12662), rhbz#1840259 (CVE-2020-12663)
- Fix amplifying an incoming query into a large number of queries directed to a target
- Resolves: rhbz#1839172 (CVE-2020-12662), rhbz#1840258 (CVE-2020-12663)
- Fix KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
- Fix Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
xorg-x11-server-Xorg-1.20.4-32.el7_9.x86_64.rpm - CVE fix for: CVE-2025-49175 (RHEL-97266), CVE-2025-49176 (RHEL-97292),
CVE-2025-49178 (RHEL-97362), CVE-2025-49179 (RHEL-97394),
CVE-2025-49180 (RHEL-97230)
- CVE fix for: CVE-2025-26594 (RHEL-79124), CVE-2025-26595 (RHEL-79128),
CVE-2025-26596 (RHEL-79132), CVE-2025-26597 (RHEL-79135),
CVE-2025-26598 (RHEL-79136), CVE-2025-26599 (RHEL-79139),
CVE-2025-26600 (RHEL-79152), CVE-2025-26601 (RHEL-79148)
- Version Bump up for CVE fix for: CVE-2025-49175 (RHEL-97266), CVE-2025-49176 (RHEL-97292),
CVE-2025-49178 (RHEL-97362), CVE-2025-49179 (RHEL-97394),
CVE-2025-49180 (RHEL-97230)
xorg-x11-server-common-1.20.4-32.el7_9.x86_64.rpm - CVE fix for: CVE-2025-49175 (RHEL-97266), CVE-2025-49176 (RHEL-97292),
CVE-2025-49178 (RHEL-97362), CVE-2025-49179 (RHEL-97394),
CVE-2025-49180 (RHEL-97230)
- CVE fix for: CVE-2025-26594 (RHEL-79124), CVE-2025-26595 (RHEL-79128),
CVE-2025-26596 (RHEL-79132), CVE-2025-26597 (RHEL-79135),
CVE-2025-26598 (RHEL-79136), CVE-2025-26599 (RHEL-79139),
CVE-2025-26600 (RHEL-79152), CVE-2025-26601 (RHEL-79148)
- Version Bump up for CVE fix for: CVE-2025-49175 (RHEL-97266), CVE-2025-49176 (RHEL-97292),
CVE-2025-49178 (RHEL-97362), CVE-2025-49179 (RHEL-97394),
CVE-2025-49180 (RHEL-97230)
zlib-1.2.7-21.el7_9.1.x86_64.rpm - Removed offset pointer optimization in inftrees.c
- Resolves: CVE-2025-4638
zlib-devel-1.2.7-21.el7_9.1.x86_64.rpm - Removed offset pointer optimization in inftrees.c
- Resolves: CVE-2025-4638
×

Loading...