Apache httpd, Linux Kernel, GnuTLS, compat-openssl10, and Podman updates for Oracle Linux

Oracle Linux 6491 Published by

Oracle has published a series of critical security advisories for Linux versions eight and nine that target widespread vulnerabilities across core system libraries and services. The Apache HTTP server receives urgent patches to block memory exhaustion attacks and correct flawed retry logic in its ACME management module. Administrators should prioritize the extensive kernel updates since they resolve dozens of dangerous memory corruption bugs, race conditions, and network protocol flaws impacting Bluetooth drivers and SMB clients. These releases also deliver essential fixes for GnuTLS certificate handling, OpenSSL compatibility crashes, and a container networking adjustment that applies to both x86_64 and aarch64 systems.

ELSA-2026-22140 Important: Oracle Linux 8 httpd:2.4 security update
ELSA-2026-22315 Moderate: Oracle Linux 8 compat-openssl10 security update
ELSA-2026-21706 Important: Oracle Linux 8 kernel security update
ELBA-2026-21706-1 Oracle Linux 8 kernel bug fix update
ELBA-2026-50292 Oracle Linux 9 podman bug fix update
ELSA-2026-20611 Important: Oracle Linux 8 gnutls security update




ELSA-2026-22140 Important: Oracle Linux 8 httpd:2.4 security update


Oracle Linux Security Advisory ELSA-2026-22140

http://linux.oracle.com/errata/ELSA-2026-22140.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm
httpd-devel-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm
httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm
httpd-manual-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm
httpd-tools-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm
mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.x86_64.rpm
mod_ldap-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm
mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.x86_64.rpm
mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm
mod_session-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm
mod_ssl-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm

aarch64:
httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm
httpd-devel-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm
httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm
httpd-manual-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm
httpd-tools-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm
mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.aarch64.rpm
mod_ldap-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm
mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.aarch64.rpm
mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm
mod_session-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm
mod_ssl-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.src.rpm

Related CVEs:

CVE-2025-53020
CVE-2026-28780
CVE-2026-33007
CVE-2026-33857
CVE-2026-34032
CVE-2026-34059

Description of changes:

httpd
[2.4.37-65.0.1.7]
- Replace index.html with Oracle's index page oracle_index.html

mod_http2
[1.15.7-10.5]
- Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by
Memory Increase (CVE-2025-53020)

mod_md
[1:2.0.8-8.2]
- Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME),
unintended retry intervals (CVE-2025-55753)



ELSA-2026-22315 Moderate: Oracle Linux 8 compat-openssl10 security update


Oracle Linux Security Advisory ELSA-2026-22315

http://linux.oracle.com/errata/ELSA-2026-22315.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
compat-openssl10-1.0.2o-4.el8_10.2.i686.rpm
compat-openssl10-1.0.2o-4.el8_10.2.x86_64.rpm

aarch64:
compat-openssl10-1.0.2o-4.el8_10.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/compat-openssl10-1.0.2o-4.el8_10.2.src.rpm

Related CVEs:

CVE-2026-28390

Description of changes:

[1.1.0.2o-4.2]
- Fixes CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
Resolves: RHEL-165754



ELSA-2026-21706 Important: Oracle Linux 8 kernel security update


Oracle Linux Security Advisory ELSA-2026-21706

http://linux.oracle.com/errata/ELSA-2026-21706.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.126.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.126.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.126.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.126.1.el8_10.x86_64.rpm
perf-4.18.0-553.126.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.126.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.126.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.126.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.126.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.126.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.126.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.126.1.el8_10.aarch64.rpm
perf-4.18.0-553.126.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.126.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.126.1.el8_10.src.rpm

Related CVEs:

CVE-2025-39981
CVE-2025-68183
CVE-2025-68347
CVE-2025-71116
CVE-2026-23243
CVE-2026-23270
CVE-2026-23455
CVE-2026-31408
CVE-2026-31532
CVE-2026-31684
CVE-2026-31685
CVE-2026-31709
CVE-2026-43020
CVE-2026-43027
CVE-2026-43051
CVE-2026-43158
CVE-2026-43163
CVE-2026-43190

Description of changes:

[4.18.0-553.126.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 init (Thomas Huth) [RHEL-175772]
- crypto: algif_aead - Only wake up when ctx->more is zero (Thomas Huth) [RHEL-175772]
- crypto: algif_aead - Do not set MAY_BACKLOG on the async path (Thomas Huth) [RHEL-175772]
- crypto: null - Remove VLA usage of skcipher (Thomas Huth) [RHEL-175772]
- smb: client: validate dacloffset before building DACL pointers (Paulo Alcantara) [RHEL-172815]
- smb: client: use kzalloc to zero-initialize security descriptor buffer (Paulo Alcantara) [RHEL-172815]
- smb: client: scope end_of_dacl to CIFS_DEBUG2 use in parse_dacl (Paulo Alcantara) [RHEL-172815]
- smb: client: require a full NFS mode SID before reading mode bits (Paulo Alcantara) [RHEL-172815]
- smb: client: validate the whole DACL before rewriting it in cifsacl (Paulo Alcantara) [RHEL-172815] {CVE-2026-31709}
- smb: client: Return a status code only as a constant in sid_to_id() (Paulo Alcantara) [RHEL-172815]
- cifs: add validation check for the fields in smb_aces (Paulo Alcantara) [RHEL-172815]
- cifs: fix incorrect validation for num_aces field of smb_acl (Paulo Alcantara) [RHEL-172815]
- smb: common: change the data type of num_aces to le16 (Paulo Alcantara) [RHEL-172815]
- netfilter: xt_tcpmss: check remaining length before reading optlen (CKI Backport Bot) [RHEL-174212] {CVE-2026-43190}
- md/bitmap: fix GPF in write_page caused by resize race (CKI Backport Bot) [RHEL-174088] {CVE-2026-43163}
- xfs: fix freemap adjustments when adding xattrs to leaf blocks (CKI Backport Bot) [RHEL-174045] {CVE-2026-43158}
- xfs: delete attr leaf freemap entries when empty (CKI Backport Bot) [RHEL-174045] {CVE-2026-43158}
- can: raw: fix ro->uniq use-after-free in raw_rcv() (Davide Caratti) [RHEL-170753] {CVE-2026-31532}
- can: af_can: export can_sock_destruct() (Davide Caratti) [RHEL-170753] {CVE-2026-31532}
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CKI Backport Bot) [RHEL-172734] {CVE-2026-43051}
- netfilter: nf_conntrack_helper: pass helper to expect cleanup (CKI Backport Bot) [RHEL-172614] {CVE-2026-43027}
- Bluetooth: MGMT: validate LTK enc_size on load (CKI Backport Bot) [RHEL-172566] {CVE-2026-43020}
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Init sk_peer_* on bt_sock_alloc (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Consolidate code around sk_alloc into a helper function (David Marlin) [RHEL-165057] {CVE-2026-31408}
- netfilter: ip6t_eui64: reject invalid MAC header for all packets (CKI Backport Bot) [RHEL-171149] {CVE-2026-31685}
- net: sched: act_csum: validate nested VLAN headers (CKI Backport Bot) [RHEL-171132] {CVE-2026-31684}
- smb: client: fix mid_q_entry memleak leak with per-mid locking (Paulo Alcantara) [RHEL-164032]
- smb: client: smb: client: eliminate mid_flags field (Paulo Alcantara) [RHEL-164032]
- smb: client: add mid_counter_lock to protect the mid counter counter (Paulo Alcantara) [RHEL-164032]
- smb: client: rename server mid_lock to mid_queue_lock (Paulo Alcantara) [RHEL-164032]
- smb3: fix lock ordering potential deadlock in cifs_sync_mid_result (Paulo Alcantara) [RHEL-164032]
- smb: client: remove redundant lstrp update in negotiate protocol (Paulo Alcantara) [RHEL-164032]
- smb: client: fix race condition in negotiate timeout by using more precise timing (Paulo Alcantara) [RHEL-164032]
- smb: client: fix first command failure during re-negotiation (Paulo Alcantara) [RHEL-164032]
- smb: client: fix hang in wait_for_response() for negproto (Paulo Alcantara) [RHEL-164032]
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (Bruno Meneguele) [RHEL-166886] {CVE-2025-68183}
- selftests/bpf: Test outer map update operations in syscall program (Viktor Malik) [RHEL-152219]
- selftests/bpf: Add test cases for inner map (Viktor Malik) [RHEL-152219]
- bpf: prepare for more bpf syscall to be used from kernel and user space. (Viktor Malik) [RHEL-152219]
- bpf: Optimize the free of inner map (Viktor Malik) [RHEL-152219]
- bpf: Defer the free of inner map when necessary (Viktor Malik) [RHEL-152219]
- bpf: Set need_defer as false when clearing fd array during map free (Viktor Malik) [RHEL-152219]
- bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Viktor Malik) [RHEL-152219]
- bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (Viktor Malik) [RHEL-152219]
- netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CKI Backport Bot) [RHEL-166981] {CVE-2026-23455}
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CKI Backport Bot) [RHEL-166960] {CVE-2025-68347}
- RDMA/umad: Reject negative data_len in ib_umad_write (Kamal Heib) [RHEL-156872] {CVE-2026-23243}
- Bluetooth: mgmt: remove NULL check in add_ext_adv_params_complete() (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (David Marlin) [RHEL-122890]
- Bluetooth: ISO: don't try to remove CIG if there are bound CIS left (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Don't double print name in add/remove adv_monitor (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (David Marlin) [RHEL-122890]
- Bluetooth: hci_event: Fix Invalid wait context (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (David Marlin) [RHEL-122890]
- Bluetooth: hci_conn: Fix crash on hci_create_cis_sync (David Marlin) [RHEL-122890]
- Bluetooth: hci_conn: Fix not restoring ISO buffer count on disconnect (David Marlin) [RHEL-122890]
- Bluetooth: Fix HCIGETDEVINFO regression (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Fix hci_read_buffer_size_sync (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: fix double mgmt_pending_free() in remove_adv_monitor() (David Marlin) [RHEL-122890]
- Bluetooth: hci_conn: Fix updating ISO QoS PHY (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix possible UAFs (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: fix set_local_name race condition (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (David Marlin) [RHEL-122890]
- Bluetooth: Fix race condition in hci_cmd_sync_clear (David Marlin) [RHEL-122890]
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix sparse errors (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (David Marlin) [RHEL-122890]
- Bluetooth: Add initial implementation of CIS connections (David Marlin) [RHEL-122890]
- Bluetooth: hci_core: Fix possible buffer overflow (David Marlin) [RHEL-122890]
- Bluetooth: Keep MGMT pending queue ordered FIFO (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Remove unused mgmt_pending_find_data (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix possible deadlocks (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: mgmt: remove NULL check in mgmt_set_connectable_complete() (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Refactor remove Adv Monitor (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Refactor add Adv Monitor (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: msft: Move code snippet to correct location (David Marlin) [RHEL-122890]
- Bluetooth: msft: Clear tracked devices on resume (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: mgmt: Add MGMT Adv Monitor Device Found/Lost events (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: msft: Handle MSFT Monitor Device Event (David Marlin) [RHEL-122890] {CVE-2025-39981}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CKI Backport Bot) [RHEL-157322] {CVE-2026-23270}
- libceph: make decode_pool() more resilient against corrupted osdmaps (CKI Backport Bot) [RHEL-142093] {CVE-2025-71116}



ELBA-2026-21706-1 Oracle Linux 8 kernel bug fix update


Oracle Linux Bug Fix Advisory ELBA-2026-21706-1

http://linux.oracle.com/errata/ELBA-2026-21706-1.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.126.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.126.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.126.1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.126.1.0.1.el8_10.src.rpm

Description of changes:

[4.18.0-553.126.1.0.1]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

[4.18.0-553.126.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 init (Thomas Huth) [RHEL-175772]
- crypto: algif_aead - Only wake up when ctx->more is zero (Thomas Huth) [RHEL-175772]
- crypto: algif_aead - Do not set MAY_BACKLOG on the async path (Thomas Huth) [RHEL-175772]
- crypto: null - Remove VLA usage of skcipher (Thomas Huth) [RHEL-175772]
- smb: client: validate dacloffset before building DACL pointers (Paulo Alcantara) [RHEL-172815]
- smb: client: use kzalloc to zero-initialize security descriptor buffer (Paulo Alcantara) [RHEL-172815]
- smb: client: scope end_of_dacl to CIFS_DEBUG2 use in parse_dacl (Paulo Alcantara) [RHEL-172815]
- smb: client: require a full NFS mode SID before reading mode bits (Paulo Alcantara) [RHEL-172815]
- smb: client: validate the whole DACL before rewriting it in cifsacl (Paulo Alcantara) [RHEL-172815] {CVE-2026-31709}
- smb: client: Return a status code only as a constant in sid_to_id() (Paulo Alcantara) [RHEL-172815]
- cifs: add validation check for the fields in smb_aces (Paulo Alcantara) [RHEL-172815]
- cifs: fix incorrect validation for num_aces field of smb_acl (Paulo Alcantara) [RHEL-172815]
- smb: common: change the data type of num_aces to le16 (Paulo Alcantara) [RHEL-172815]
- netfilter: xt_tcpmss: check remaining length before reading optlen (CKI Backport Bot) [RHEL-174212] {CVE-2026-43190}
- md/bitmap: fix GPF in write_page caused by resize race (CKI Backport Bot) [RHEL-174088] {CVE-2026-43163}
- xfs: fix freemap adjustments when adding xattrs to leaf blocks (CKI Backport Bot) [RHEL-174045] {CVE-2026-43158}
- xfs: delete attr leaf freemap entries when empty (CKI Backport Bot) [RHEL-174045] {CVE-2026-43158}
- can: raw: fix ro->uniq use-after-free in raw_rcv() (Davide Caratti) [RHEL-170753] {CVE-2026-31532}
- can: af_can: export can_sock_destruct() (Davide Caratti) [RHEL-170753] {CVE-2026-31532}
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CKI Backport Bot) [RHEL-172734] {CVE-2026-43051}
- netfilter: nf_conntrack_helper: pass helper to expect cleanup (CKI Backport Bot) [RHEL-172614] {CVE-2026-43027}
- Bluetooth: MGMT: validate LTK enc_size on load (CKI Backport Bot) [RHEL-172566] {CVE-2026-43020}
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Init sk_peer_* on bt_sock_alloc (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Consolidate code around sk_alloc into a helper function (David Marlin) [RHEL-165057] {CVE-2026-31408}
- netfilter: ip6t_eui64: reject invalid MAC header for all packets (CKI Backport Bot) [RHEL-171149] {CVE-2026-31685}
- net: sched: act_csum: validate nested VLAN headers (CKI Backport Bot) [RHEL-171132] {CVE-2026-31684}
- smb: client: fix mid_q_entry memleak leak with per-mid locking (Paulo Alcantara) [RHEL-164032]
- smb: client: smb: client: eliminate mid_flags field (Paulo Alcantara) [RHEL-164032]
- smb: client: add mid_counter_lock to protect the mid counter counter (Paulo Alcantara) [RHEL-164032]
- smb: client: rename server mid_lock to mid_queue_lock (Paulo Alcantara) [RHEL-164032]
- smb3: fix lock ordering potential deadlock in cifs_sync_mid_result (Paulo Alcantara) [RHEL-164032]
- smb: client: remove redundant lstrp update in negotiate protocol (Paulo Alcantara) [RHEL-164032]
- smb: client: fix race condition in negotiate timeout by using more precise timing (Paulo Alcantara) [RHEL-164032]
- smb: client: fix first command failure during re-negotiation (Paulo Alcantara) [RHEL-164032]
- smb: client: fix hang in wait_for_response() for negproto (Paulo Alcantara) [RHEL-164032]
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (Bruno Meneguele) [RHEL-166886] {CVE-2025-68183}
- selftests/bpf: Test outer map update operations in syscall program (Viktor Malik) [RHEL-152219]
- selftests/bpf: Add test cases for inner map (Viktor Malik) [RHEL-152219]
- bpf: prepare for more bpf syscall to be used from kernel and user space. (Viktor Malik) [RHEL-152219]
- bpf: Optimize the free of inner map (Viktor Malik) [RHEL-152219]
- bpf: Defer the free of inner map when necessary (Viktor Malik) [RHEL-152219]
- bpf: Set need_defer as false when clearing fd array during map free (Viktor Malik) [RHEL-152219]
- bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Viktor Malik) [RHEL-152219]
- bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (Viktor Malik) [RHEL-152219]
- netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CKI Backport Bot) [RHEL-166981] {CVE-2026-23455}
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CKI Backport Bot) [RHEL-166960] {CVE-2025-68347}
- RDMA/umad: Reject negative data_len in ib_umad_write (Kamal Heib) [RHEL-156872] {CVE-2026-23243}
- Bluetooth: mgmt: remove NULL check in add_ext_adv_params_complete() (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (David Marlin) [RHEL-122890]
- Bluetooth: ISO: don't try to remove CIG if there are bound CIS left (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Don't double print name in add/remove adv_monitor (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (David Marlin) [RHEL-122890]
- Bluetooth: hci_event: Fix Invalid wait context (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (David Marlin) [RHEL-122890]
- Bluetooth: hci_conn: Fix crash on hci_create_cis_sync (David Marlin) [RHEL-122890]
- Bluetooth: hci_conn: Fix not restoring ISO buffer count on disconnect (David Marlin) [RHEL-122890]
- Bluetooth: Fix HCIGETDEVINFO regression (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Fix hci_read_buffer_size_sync (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: fix double mgmt_pending_free() in remove_adv_monitor() (David Marlin) [RHEL-122890]
- Bluetooth: hci_conn: Fix updating ISO QoS PHY (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix possible UAFs (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: fix set_local_name race condition (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (David Marlin) [RHEL-122890]
- Bluetooth: Fix race condition in hci_cmd_sync_clear (David Marlin) [RHEL-122890]
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix sparse errors (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (David Marlin) [RHEL-122890]
- Bluetooth: Add initial implementation of CIS connections (David Marlin) [RHEL-122890]
- Bluetooth: hci_core: Fix possible buffer overflow (David Marlin) [RHEL-122890]
- Bluetooth: Keep MGMT pending queue ordered FIFO (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Remove unused mgmt_pending_find_data (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (David Marlin) [RHEL-122890]
- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor (David Marlin) [RHEL-122890]
- Bluetooth: MGMT: Fix possible deadlocks (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: mgmt: remove NULL check in mgmt_set_connectable_complete() (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Refactor remove Adv Monitor (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Refactor add Adv Monitor (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: msft: Move code snippet to correct location (David Marlin) [RHEL-122890]
- Bluetooth: msft: Clear tracked devices on resume (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: mgmt: Add MGMT Adv Monitor Device Found/Lost events (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: msft: Handle MSFT Monitor Device Event (David Marlin) [RHEL-122890] {CVE-2025-39981}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CKI Backport Bot) [RHEL-157322] {CVE-2026-23270}
- libceph: make decode_pool() more resilient against corrupted osdmaps (CKI Backport Bot) [RHEL-142093] {CVE-2025-71116}



ELBA-2026-50292 Oracle Linux 9 podman bug fix update


Oracle Linux Bug Fix Advisory ELBA-2026-50292

http://linux.oracle.com/errata/ELBA-2026-50292.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
podman-5.6.0-14.0.3.el9_7.x86_64.rpm
podman-docker-5.6.0-14.0.3.el9_7.noarch.rpm
podman-plugins-5.6.0-14.0.3.el9_7.x86_64.rpm
podman-remote-5.6.0-14.0.3.el9_7.x86_64.rpm
podman-tests-5.6.0-14.0.3.el9_7.x86_64.rpm

aarch64:
podman-5.6.0-14.0.3.el9_7.aarch64.rpm
podman-docker-5.6.0-14.0.3.el9_7.noarch.rpm
podman-plugins-5.6.0-14.0.3.el9_7.aarch64.rpm
podman-remote-5.6.0-14.0.3.el9_7.aarch64.rpm
podman-tests-5.6.0-14.0.3.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/podman-5.6.0-14.0.3.el9_7.src.rpm

Description of changes:

[5.6.0-14.0.3]
- Rework CNI/Netavark detection logic [JIRA: EVG-3769]



ELSA-2026-20611 Important: Oracle Linux 8 gnutls security update


Oracle Linux Security Advisory ELSA-2026-20611

http://linux.oracle.com/errata/ELSA-2026-20611.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnutls-3.6.16-8.el8_10.6.i686.rpm
gnutls-3.6.16-8.el8_10.6.x86_64.rpm
gnutls-c++-3.6.16-8.el8_10.6.i686.rpm
gnutls-c++-3.6.16-8.el8_10.6.x86_64.rpm
gnutls-dane-3.6.16-8.el8_10.6.i686.rpm
gnutls-dane-3.6.16-8.el8_10.6.x86_64.rpm
gnutls-devel-3.6.16-8.el8_10.6.i686.rpm
gnutls-devel-3.6.16-8.el8_10.6.x86_64.rpm
gnutls-utils-3.6.16-8.el8_10.6.x86_64.rpm

aarch64:
gnutls-3.6.16-8.el8_10.6.aarch64.rpm
gnutls-c++-3.6.16-8.el8_10.6.aarch64.rpm
gnutls-dane-3.6.16-8.el8_10.6.aarch64.rpm
gnutls-devel-3.6.16-8.el8_10.6.aarch64.rpm
gnutls-utils-3.6.16-8.el8_10.6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gnutls-3.6.16-8.el8_10.6.src.rpm

Related CVEs:

CVE-2026-3833
CVE-2026-5260
CVE-2026-33845
CVE-2026-33846
CVE-2026-42009
CVE-2026-42010
CVE-2026-42011
CVE-2026-42012
CVE-2026-42013
CVE-2026-42014
CVE-2026-42015

Description of changes:

[3.6.16-8.6]
- Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite)
- Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour)
- Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread)
- Fix CVE-2026-42010 (PSK authentication, High, authentication bypass)
- Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free)
- Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread)
- Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite)
- Fix upstream security issue #1808 (PSK rehandshake)
- Fix upstream security issue #1810 (EKU OID prefix match)
- Fix upstream security issue #1818 (RSA correctness, OpenSSL format import)
- Fix upstream security issue #1819 (PKCS#11 trust removal error path)
- Fix upstream security issue #1817 (session parameter loading robustness)


Xwayland, PIE, RoundcubeMail, and Libsoup3 updates for Fedora

Firefox, Samba, Kernel, and OpenShift updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...