Cockpit, Grafana, BIND, and more updates for Oracle Linux

Oracle Linux 6468 Published 2026-04-17 06:30 by Philipp Esselbach

News

ELSA-2026-7383 Critical: Oracle Linux 10 cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Oracle Linux Security Advisory ELSA-2026-7383

http://linux.oracle.com/errata/ELSA-2026-7383.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-344-3.0.1.el10_1.x86_64.rpm
cockpit-bridge-344-3.0.1.el10_1.noarch.rpm
cockpit-doc-344-3.0.1.el10_1.noarch.rpm
cockpit-packagekit-344-3.0.1.el10_1.noarch.rpm
cockpit-storaged-344-3.0.1.el10_1.noarch.rpm
cockpit-system-344-3.0.1.el10_1.noarch.rpm
cockpit-ws-344-3.0.1.el10_1.x86_64.rpm
cockpit-ws-selinux-344-3.0.1.el10_1.x86_64.rpm

aarch64:
cockpit-344-3.0.1.el10_1.aarch64.rpm
cockpit-bridge-344-3.0.1.el10_1.noarch.rpm
cockpit-doc-344-3.0.1.el10_1.noarch.rpm
cockpit-packagekit-344-3.0.1.el10_1.noarch.rpm
cockpit-storaged-344-3.0.1.el10_1.noarch.rpm
cockpit-system-344-3.0.1.el10_1.noarch.rpm
cockpit-ws-344-3.0.1.el10_1.aarch64.rpm
cockpit-ws-selinux-344-3.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/cockpit-344-3.0.1.el10_1.src.rpm

Related CVEs:

CVE-2026-4631

Description of changes:

[344-3.0.1]
- Storage: Enable btrfs support [Orabug: 37464632]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095],
[Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876], [Orabug: 37253273]
- Update spec file for new release

[344-3]
- correctly apply CVE patches (CVE-2026-4631)

* Wed Mar 25 2026 Jelle van der Waa private_data (Kate Hsuan) [RHEL-128622]
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Use a count variable for meta_formats instead of 0 terminating (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Auto-set UVC_QUIRK_MSXU_META (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Introduce V4L2_META_FMT_UVC_MSXU_1_5 (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Introduce dev->meta_formats (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Do not mark valid metadata as invalid (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: uvc_v4l2_unlocked_ioctl: Invert PM logic (Kate Hsuan) [RHEL-128622]
- media: core: export v4l2_translate_cmd (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Turn on the camera if V4L2_EVENT_SUB_FL_SEND_INITIAL (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Remove stream->is_streaming field (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Split uvc_stop_streaming() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Handle locks in uvc_queue_return_buffers (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Use vb2 ioctl and fop helpers (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Add the missing Raw Bayer pixel formats (Kate Hsuan) [RHEL-128622]
- media: v4l2-subdev: Add debug prints to v4l2_subdev_collect_streams() (Kate Hsuan) [RHEL-128622]
- media: v4l2-subdev: Print early in v4l2_subdev_{enable,disable}_streams() (Kate Hsuan) [RHEL-128622]
- media: v4l2: Add Renesas Camera Receiver Unit pixel formats (Kate Hsuan) [RHEL-128622]
- media: v4l2-subdev: Limit the number of active routes to V4L2_FRAME_DESC_ENTRY_MAX (Kate Hsuan) [RHEL-128622]
- media: v4l2-ctrls: Return the handler's error in v4l2_ctrl_handler_free() (Kate Hsuan) [RHEL-128622]
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (Kate Hsuan) [RHEL-128622]
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (Kate Hsuan) [RHEL-128622]
- media: v4l2-jpeg: Remove unused v4l2_jpeg_parse_* wrappers (Kate Hsuan) [RHEL-128622]
- media: v4l2-core: Replace the check for firmware registered I2C devices (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Kate Hsuan) [RHEL-128622] {CVE-2025-38680}
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Refactor uvc_v4l2_compat_ioctl32 (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Refactor uvc_queue_streamon (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Refactor uvc_ctrl_set_handle() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Populate all errors in uvc_probe() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Use dev_err_probe for devm_gpiod_get_optional (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix deferred probing error (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Rollback non processed entities on error (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Send control events for partial succeeds (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Return the number of processed controls (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Do not turn on the camera for some ioctls (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Make power management granular (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Avoid variable shadowing in uvc_ctrl_cleanup_fh (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Increase/decrease the PM counter per IOCTL (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Create uvc_pm_(get|put) functions (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Keep streaming state in the file handle (Kate Hsuan) [RHEL-128622]
- media: Add C3ISP_PARAMS and C3ISP_STATS meta formats (Kate Hsuan) [RHEL-128622]
- media: v4l: subdev: Fix coverity issue: Logically dead code (Kate Hsuan) [RHEL-128622]
- media: v4l2-dev: fix error handling in __video_register_device() (Kate Hsuan) [RHEL-128622]
- media: common: Add v4l2_find_nearest_size_conditional() (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Add RGBR format info (Kate Hsuan) [RHEL-128622]
- media: v4l2: Add NV15 and NV20 pixel formats (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Add helpers to calculate bytesperline and sizeimage (Kate Hsuan) [RHEL-128622]
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (Kate Hsuan) [RHEL-128622]
- media: v4l2-core: use (t,l)/wxh format for rectangle (Kate Hsuan) [RHEL-128622]
- media: v4l2-core: Introduce v4l2_query_ext_ctrl_to_v4l2_queryctrl (Kate Hsuan) [RHEL-128622]
- media: v4l2: Remove vidioc_s_ctrl callback (Kate Hsuan) [RHEL-128622]
- media: v4l2: Remove vidioc_g_ctrl callback (Kate Hsuan) [RHEL-128622]
- media: v4l2: Remove vidioc_queryctrl callback (Kate Hsuan) [RHEL-128622]
- media: ioctl: Simulate v4l2_queryctrl with v4l2_query_ext_ctrl (Kate Hsuan) [RHEL-128622]
- media: v4l2-dv-timings: add v4l2_num_edid_blocks() helper (Kate Hsuan) [RHEL-128622]
- media: v4l: Memset argument to 0 before calling get_mbus_config pad op (Kate Hsuan) [RHEL-128622]
- media: v4l: Support obtaining link frequency via get_mbus_config (Kate Hsuan) [RHEL-128622]
- media: v4l: Support passing media pad argument to v4l2_get_link_freq() (Kate Hsuan) [RHEL-128622]

ELSA-2026-7342 Important: Oracle Linux 10 kea security update

Oracle Linux Security Advisory ELSA-2026-7342

http://linux.oracle.com/errata/ELSA-2026-7342.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kea-3.0.1-3.el10_1.x86_64.rpm
kea-doc-3.0.1-3.el10_1.noarch.rpm
kea-hooks-3.0.1-3.el10_1.x86_64.rpm
kea-keama-3.0.1-3.el10_1.x86_64.rpm
kea-libs-3.0.1-3.el10_1.x86_64.rpm

aarch64:
kea-3.0.1-3.el10_1.aarch64.rpm
kea-doc-3.0.1-3.el10_1.noarch.rpm
kea-hooks-3.0.1-3.el10_1.aarch64.rpm
kea-keama-3.0.1-3.el10_1.aarch64.rpm
kea-libs-3.0.1-3.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kea-3.0.1-3.el10_1.src.rpm

Related CVEs:

CVE-2026-3608

Description of changes:

[3.0.1-3]
- Fixes CVE-2026-3608

ELSA-2026-7002 Important: Oracle Linux 9 nginx security update

Oracle Linux Security Advisory ELSA-2026-7002

http://linux.oracle.com/errata/ELSA-2026-7002.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nginx-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-all-modules-1.20.1-24.0.1.el9_7.2.noarch.rpm
nginx-core-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-filesystem-1.20.1-24.0.1.el9_7.2.noarch.rpm
nginx-mod-devel-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-mod-http-perl-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-mod-mail-1.20.1-24.0.1.el9_7.2.x86_64.rpm
nginx-mod-stream-1.20.1-24.0.1.el9_7.2.x86_64.rpm

aarch64:
nginx-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-all-modules-1.20.1-24.0.1.el9_7.2.noarch.rpm
nginx-core-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-filesystem-1.20.1-24.0.1.el9_7.2.noarch.rpm
nginx-mod-devel-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-mod-http-perl-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-mod-mail-1.20.1-24.0.1.el9_7.2.aarch64.rpm
nginx-mod-stream-1.20.1-24.0.1.el9_7.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.20.1-24.0.1.el9_7.2.src.rpm

Related CVEs:

CVE-2026-27651
CVE-2026-27654
CVE-2026-27784
CVE-2026-32647

Description of changes:

[1.20.1-24.0.1.el9_7.2]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-24.2]
- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- Resolves: RHEL-159444 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-157885 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle
attack on TLS proxied connections (CVE-2026-1642)

ELBA-2026-8101 Oracle Linux 8 microcode_ctl bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-8101

http://linux.oracle.com/errata/ELBA-2026-8101.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
microcode_ctl-20260227-1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/microcode_ctl-20260227-1.0.1.el8_10.src.rpm

Description of changes:

[4:20260227-1.0.1]
- enable use with ueknext and UEK8 kernels
- don't bother calling dracut if virtualized [Orabug: 35710077]
- ensure UEK also rebuilds initramfs [Orabug: 34280058]
- add support for UEK7 kernels
- enable early update for 06-4f-01
- remove no longer appropriate caveats for 06-2d-07 and 06-55-04
- enable early and late load on RHCK

[4:20260227-1]
- Update Intel CPU microcode to microcode-20260227 release (RHEL-159424)
- Microcode files (/platform_mask shown) with revision updates (in hex):
06-ae-01/97: Granite Rapids-D: 10002f3 to 1000303
Resolves: RHEL-159424

[4:20260210-1]
- Update Intel CPU microcode to microcode-20260210 release (RHEL-151645)
- Microcode files (/platform_mask shown) with revision updates (in hex):
06-6a-06/87: Ice Lake-X: d000410 to d000421
06-6c-01/10: Ice Lake-D: 10002e0 to 10002f1
06-7e-05/80: Ice Lake-L: 00ca to 00cc
06-8c-01/80: Tiger Lake: 00bc to 00be
06-8c-02/c2: Tiger Lake: 003c to 003e
06-8d-01/c2: Tiger Lake-H: 0056 to 0058
06-8f-07/87: Sapphire Rapids: 2b000650 to 2b000661
06-8f-08/10: Sapphire Rapids with HBM: 2c000410 to 2c000421
06-8f-08/87: Sapphire Rapids: 2b000650 to 2b000661
06-97-02/07: Alder Lake: 003d to 003e
06-97-05/07: Alder Lake: 003d to 003e
06-9a-03/80: Alder Lake-L: 043a to 043b
06-9a-04/80: Alder Lake-L: 043a to 043b
06-9a-04/40: Arizona Beach (Atom C11xx): 000b to 000c
06-9a-04/80: Alder Lake-L: 043a to 043b
06-a7-01/02: Rocket Lake: 0064 to 0065
06-aa-04/e6: Meteor Lake-L: 0025 to 0028
06-ad-01/20: Granite Rapids-X: a000124 to a000133
06-ad-01/95: Granite Rapids-X: 10003f0 to 1000405
06-ae-01/97: Granite Rapids-D: 1000273 to 10002f3
06-b5-00/80: Arrow Lake-U: 000a to 000d
06-b7-01/32: Raptor Lake: 0132 to 0133
06-ba-02/e0: Raptor Lake-P: 6133 to 6134
06-ba-03/e0: Raptor Lake-P: 6133 to 6134
06-be-00/19: Gracemont (Alder Lake-N): 001e to 0021
06-bf-02/07: Raptor Lake-S: 003d to 003e
06-bf-05/07: Raptor Lake-S: 003d to 003e
06-c5-02/82: Arrow Lake-H: 011a to 011b
06-c6-02/82: Arrow Lake: 011a to 011b
06-cf-02/87: Emerald Rapids: 210002c0 to 210002d3
Resolves: RHEL-151645

ELSA-2026-7711 Important: Oracle Linux 10 vim security update

Oracle Linux Security Advisory ELSA-2026-7711

http://linux.oracle.com/errata/ELSA-2026-7711.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
vim-X11-9.1.083-6.0.1.el10_1.3.x86_64.rpm
vim-common-9.1.083-6.0.1.el10_1.3.x86_64.rpm
vim-data-9.1.083-6.0.1.el10_1.3.noarch.rpm
vim-enhanced-9.1.083-6.0.1.el10_1.3.x86_64.rpm
vim-filesystem-9.1.083-6.0.1.el10_1.3.noarch.rpm
vim-minimal-9.1.083-6.0.1.el10_1.3.x86_64.rpm
xxd-9.1.083-6.0.1.el10_1.3.x86_64.rpm

aarch64:
vim-X11-9.1.083-6.0.1.el10_1.3.aarch64.rpm
vim-common-9.1.083-6.0.1.el10_1.3.aarch64.rpm
vim-data-9.1.083-6.0.1.el10_1.3.noarch.rpm
vim-enhanced-9.1.083-6.0.1.el10_1.3.aarch64.rpm
vim-filesystem-9.1.083-6.0.1.el10_1.3.noarch.rpm
vim-minimal-9.1.083-6.0.1.el10_1.3.aarch64.rpm
xxd-9.1.083-6.0.1.el10_1.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/vim-9.1.083-6.0.1.el10_1.3.src.rpm

Related CVEs:

CVE-2026-28417
CVE-2026-28421
CVE-2026-33412

Description of changes:

[9.1.083-6.0.1.el10_1.3]
- Remove upstream references [Orabug: 31197557]

[2:9.1.083-6.3]
- RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function

[2:9.1.083-6.2]
- RHEL-155409 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file

[2:9.1.083-6.2]
- RHEL-155425 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

[2:9.1.083-6.1]
- RHEL-147922 CVE-2026-25749 vim: Heap Overflow in Vim

ELBA-2026-6839 Oracle Linux 9 systemd bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-6839

http://linux.oracle.com/errata/ELBA-2026-6839.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
rhel-net-naming-sysattrs-252-55.0.3.el9_7.8.noarch.rpm
systemd-252-55.0.3.el9_7.8.i686.rpm
systemd-252-55.0.3.el9_7.8.x86_64.rpm
systemd-boot-unsigned-252-55.0.3.el9_7.8.x86_64.rpm
systemd-container-252-55.0.3.el9_7.8.i686.rpm
systemd-container-252-55.0.3.el9_7.8.x86_64.rpm
systemd-devel-252-55.0.3.el9_7.8.i686.rpm
systemd-devel-252-55.0.3.el9_7.8.x86_64.rpm
systemd-journal-remote-252-55.0.3.el9_7.8.x86_64.rpm
systemd-libs-252-55.0.3.el9_7.8.i686.rpm
systemd-libs-252-55.0.3.el9_7.8.x86_64.rpm
systemd-oomd-252-55.0.3.el9_7.8.x86_64.rpm
systemd-pam-252-55.0.3.el9_7.8.x86_64.rpm
systemd-resolved-252-55.0.3.el9_7.8.x86_64.rpm
systemd-rpm-macros-252-55.0.3.el9_7.8.noarch.rpm
systemd-udev-252-55.0.3.el9_7.8.x86_64.rpm
systemd-ukify-252-55.0.3.el9_7.8.noarch.rpm

aarch64:
rhel-net-naming-sysattrs-252-55.0.3.el9_7.8.noarch.rpm
systemd-252-55.0.3.el9_7.8.aarch64.rpm
systemd-boot-unsigned-252-55.0.3.el9_7.8.aarch64.rpm
systemd-container-252-55.0.3.el9_7.8.aarch64.rpm
systemd-devel-252-55.0.3.el9_7.8.aarch64.rpm
systemd-journal-remote-252-55.0.3.el9_7.8.aarch64.rpm
systemd-libs-252-55.0.3.el9_7.8.aarch64.rpm
systemd-oomd-252-55.0.3.el9_7.8.aarch64.rpm
systemd-pam-252-55.0.3.el9_7.8.aarch64.rpm
systemd-resolved-252-55.0.3.el9_7.8.aarch64.rpm
systemd-rpm-macros-252-55.0.3.el9_7.8.noarch.rpm
systemd-udev-252-55.0.3.el9_7.8.aarch64.rpm
systemd-ukify-252-55.0.3.el9_7.8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/systemd-252-55.0.3.el9_7.8.src.rpm

Description of changes:

[252-55.0.3.el9_7.8]
- serialize: don't allocate 1M on the stack just like that [LINUX-16166]
- Route logs from container mapped uids to the system journal [Orabug: 38135007]
- Drop delay when nspawn fails to reset loginuid [Orabug: 37793135]
- Improve logging for api bus connection and subscribers [Orabug: 38040980]
- Defer processing of timeout events in sd-bus api [Orabug: 38064217]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Add bus description to sd-bus outgoing sockets [Orabug: 37347576]
- Add log messages about daemon-reload requester and duration [Orabug: 37347576]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- 1A) Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 36269319]
- 1B) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319]
- 1C) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 1D) Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]
- Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to
- previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- Backport upstream pstore dmesg fix [Orabug: 34868110]
- Remove upstream references [Orabug: 33995357]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469]
- shutdown: get only active md arrays. [Orabug: 34467234]
- Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407]
- Removed unneeded patches from the systemd.spec
- 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490]
- 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490]
- 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110]
- Removed the following, associated with [Orabug: 36269319]:
- 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch
- 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319]
- 2C) Remove "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319]
- 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]

[252-55.8]
- update specfile and sources after renaming rhel-net-naming-sysattrs to net-naming-sysattrs (RHEL-150628)

[252-55.7]
- core: fix array size in unit_log_resources() (RHEL-132120)

[252-55.6]
- timer: rebase last_trigger timestamp if needed (RHEL-127022)

[252-55.5]
- test: rename TEST-53-ISSUE-16347 to TEST-53-TIMER (RHEL-127022)
- test: restarting elapsed timer shouldn't trigger the corresponding service (RHEL-127022)
- test: check the next elapse timer timestamp after deserialization (RHEL-127022)
- timer: don't run service immediately after restart of a timer (RHEL-127022)
- test: store and compare just the property value (RHEL-127022)
- timer: rebase the next elapse timestamp only if timer didn't already run (RHEL-127022)
- coredump: handle ENOBUFS and EMSGSIZE the same way (RHEL-126114)

[252-55.4]
- cryptsetup: Add optional support for linking volume key in keyring. (RHEL-118294)
- cryptsetup: fix typo (RHEL-118294)
- cryptsetup: HAVE_CRYPT_SET_KEYRING_TO_LINK is always defined (RHEL-118294)
- basic: add PIDFS magic (#31709) (RHEL-118294)
- time-util: make USEC_TIMESTAMP_FORMATTABLE_MAX for 32bit system off by one day (RHEL-118294)
- coredump: make check that all argv[] meta data fields are passed strict (RHEL-104138)
- coredump: restore compatibility with older patterns (RHEL-104138)
- coredump: use %d in kernel core pattern (RHEL-104138)
- pidref: add structure that can reference a pid via both pidfd and pid_t (RHEL-104138)
- fd-util: introduce parse_fd() (RHEL-104138)
- coredump: add support for new %F PIDFD specifier (RHEL-104138)

[252-55.2]
- Revert "test-time-util: disable failing tests" (RHEL-110954)
- test: use get_timezones() to iterate all known timezones (RHEL-110954)
- test-time-util: do not fail on DST change (RHEL-110954)
- test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone (RHEL-110954)
- test-time-util: do more suppression of time zone checks (RHEL-110954)
- test-time-util: fix truncation of usec to sec (RHEL-110954)
- test: unset TZ before timezone-sensitive unit tests are run (RHEL-110954)
- meson: extend timeout for test-time-util (RHEL-110954)
- time-util: use DEFINE_STRING_TABLE_LOOKUP_TO_STRING() macro (RHEL-110954)
- time-util: align string table (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: add assertions (RHEL-110954)
- time-util: drop redundant else (RHEL-110954)
- time-util: do not use strdupa() (RHEL-110954)
- time-util: use result from startswith_no_case() (RHEL-110954)
- time-util: use usec_add() and usec_sub_unsigned() (RHEL-110954)
- time-util: shorten code a bit (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: drop unnecessary assignment of timezone name (RHEL-110954)
- time-util: make parse_timestamp() use the RFC-822/ISO 8601 standard timezone spec (RHEL-110954)
- time-util: fix typo (RHEL-110954)
- ci: bump the tools tree to F42 (RHEL-110954)

[252-55.1]
- meson: /etc/systemd/network is also used by udevd (RHEL-111611)
- test: add tests for format_timestamp() and parse_timestamp() with various timezone (RHEL-110954)
- test-time-util: disable failing tests (RHEL-110954)
- test: test parse_timestamp() in various timezone (RHEL-110954)
- systemctl: logind: add missing asserts (RHEL-110954)
- systemctl: logind: make logind_schedule_shutdown accept action as param (RHEL-110954)
- systemctl: add option --when for scheduled shutdown (RHEL-110954)
- test-time-util: add test cases to invalidate "show" and "cancel" (RHEL-110954)
- sd-bus: make bus_add_match_full accept timeout (RHEL-111630)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service (RHEL-111630)
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (RHEL-111630)
- core,sd-bus: drop empty lines between function call and error check (RHEL-111630)
- core: do not disconnect from bus when failed to install signal match (RHEL-111630)
- dbus: stash the subscriber list when we disconenct from the bus (RHEL-111630)
- manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-111630)
- bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-111630)
- core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-111630)
- core/manager: drop duplicate bus track deserialization (RHEL-111630)
- sd-bus/bus-track: use install_callback in sd_bus_track_add_name() (RHEL-111630)

ELBA-2026-6824 Oracle Linux 10 ipset bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-6824

http://linux.oracle.com/errata/ELBA-2026-6824.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipset-7.22-10.0.1.el10_1.x86_64.rpm
ipset-devel-7.22-10.0.1.el10_1.x86_64.rpm
ipset-libs-7.22-10.0.1.el10_1.x86_64.rpm
ipset-service-7.22-10.0.1.el10_1.noarch.rpm

aarch64:
ipset-7.22-10.0.1.el10_1.aarch64.rpm
ipset-devel-7.22-10.0.1.el10_1.aarch64.rpm
ipset-libs-7.22-10.0.1.el10_1.aarch64.rpm
ipset-service-7.22-10.0.1.el10_1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/ipset-7.22-10.0.1.el10_1.src.rpm

Description of changes:

[7.22-10.0.1]
- Update dependencies for additional UEK kernel flavours [Orabug: 38000003]
- Depend either on kernel-extra or kernel-uek-extra-netfilter [Orabug: 37585869]

[7.22-10]
- Use modules-core for conditional modules-extra dependency

ELBA-2026-6571-1 Oracle Linux 8 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-6571-1

http://linux.oracle.com/errata/ELBA-2026-6571-1.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.117.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.117.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.117.1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.117.1.0.1.el8_10.src.rpm

Description of changes:

[4.18.0-553.117.1.0.1]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

[4.18.0-553.117.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64

Plasma-Workspace-Wallpapers, Cockpit, Spectacle, and more updates for Fedora

OpenShift Container Platform, Firefox, .NET, and more updates for RHEL

Cockpit, Grafana, BIND, and more updates for Oracle Linux

ELSA-2026-7383 Critical: Oracle Linux 10 cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

ELSA-2026-7342 Important: Oracle Linux 10 kea security update

ELSA-2026-7002 Important: Oracle Linux 9 nginx security update

ELBA-2026-8101 Oracle Linux 8 microcode_ctl bug fix and enhancement update

ELSA-2026-7711 Important: Oracle Linux 10 vim security update

ELBA-2026-6839 Oracle Linux 9 systemd bug fix and enhancement update

ELBA-2026-6824 Oracle Linux 10 ipset bug fix and enhancement update

ELBA-2026-6571-1 Oracle Linux 8 kernel bug fix update

Windows

Linux

macOS

Community