Several security updates have been released for Oracle Linux 10, including an update to the curl package that addresses a vulnerability (ELSA-2026-1825) and a kernel security update (ELSA-2026-1690). For Oracle Linux 9, there were multiple updates, including a kernel security update (ELSA-2026-1617), a podman bug fix and enhancement update (ELBA-2026-1622), and a shim bug fix update (ELBA-2026-50074). Additionally, an Oracle Linux 8 kernel security update was released (ELSA-2026-1662) that addresses several vulnerabilities.

ELSA-2026-1825 Moderate: Oracle Linux 10 curl security update
ELSA-2026-1690 Important: Oracle Linux 10 kernel security update
ELSA-2026-1617 Moderate: Oracle Linux 9 kernel security update
ELBA-2026-1622 Oracle Linux 9 podman bug fix and enhancement update
ELBA-2026-1361 Oracle Linux 9 v4l-utils bug fix and enhancement update
ELBA-2026-50074 Oracle Linux 9 shim bug fix update
ELSA-2026-1662 Moderate: Oracle Linux 8 kernel security update

ELSA-2026-1825 Moderate: Oracle Linux 10 curl security update

Oracle Linux Security Advisory ELSA-2026-1825

http://linux.oracle.com/errata/ELSA-2026-1825.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
curl-8.12.1-2.el10_1.2.x86_64.rpm
libcurl-8.12.1-2.el10_1.2.x86_64.rpm
libcurl-devel-8.12.1-2.el10_1.2.x86_64.rpm
libcurl-minimal-8.12.1-2.el10_1.2.x86_64.rpm

aarch64:
curl-8.12.1-2.el10_1.2.aarch64.rpm
libcurl-8.12.1-2.el10_1.2.aarch64.rpm
libcurl-devel-8.12.1-2.el10_1.2.aarch64.rpm
libcurl-minimal-8.12.1-2.el10_1.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/curl-8.12.1-2.el10_1.2.src.rpm

Related CVEs:

CVE-2025-9086

Description of changes:

[8.12.1-2.el10_1.2]
- openssl: respect system crypto policy for TLS max version (RHEL-128923)

[8.12.1-2.el10_1.1]
- cookie: don't treat the leading slash as trailing (CVE-2025-9086)
Resolves: RHEL-122689

ELSA-2026-1690 Important: Oracle Linux 10 kernel security update

Oracle Linux Security Advisory ELSA-2026-1690

http://linux.oracle.com/errata/ELSA-2026-1690.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.31.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.31.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.31.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.31.1.el10_1.x86_64.rpm
libperf-6.12.0-124.31.1.el10_1.x86_64.rpm
perf-6.12.0-124.31.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.31.1.el10_1.x86_64.rpm
rtla-6.12.0-124.31.1.el10_1.x86_64.rpm
rv-6.12.0-124.31.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.31.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.31.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.31.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.31.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.31.1.el10_1.aarch64.rpm
libperf-6.12.0-124.31.1.el10_1.aarch64.rpm
perf-6.12.0-124.31.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.31.1.el10_1.aarch64.rpm
rtla-6.12.0-124.31.1.el10_1.aarch64.rpm
rv-6.12.0-124.31.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.31.1.el10_1.src.rpm

Related CVEs:

CVE-2025-37819
CVE-2025-38022
CVE-2025-38349
CVE-2025-38453
CVE-2025-38568
CVE-2025-38731
CVE-2025-40135
CVE-2025-40154
CVE-2025-40158
CVE-2025-40170
CVE-2025-40248
CVE-2025-40251
CVE-2025-40258
CVE-2025-40271
CVE-2025-40294
CVE-2025-40301
CVE-2025-40318
CVE-2025-68301
CVE-2025-68305

Description of changes:

[6.12.0-124.31.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 dev_rcu (Hangbin Liu) [RHEL-129026]
- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-129026]
- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-129026]
- eventpoll: don't decrement ep refcount while still holding the ep mutex (CKI Backport Bot) [RHEL-138041] {CVE-2025-38349}
- fs/proc: fix uaf in proc_readdir_de() (CKI Backport Bot) [RHEL-137101] {CVE-2025-40271}
- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136972] {CVE-2025-40294}
- Bluetooth: hci_event: validate skb length for unknown CC opcode (CKI Backport Bot) [RHEL-136951] {CVE-2025-40301}
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136836] {CVE-2025-38568}
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136259] {CVE-2025-40318}
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CKI Backport Bot) [RHEL-134926] {CVE-2025-40251}
- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134451] {CVE-2025-40258}
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131989] {CVE-2025-37819}
- drm/xe: Fix vm_bind_ioctl double free bug (Anusha Srivatsa) [RHEL-122312] {CVE-2025-38731}

ELSA-2026-1617 Moderate: Oracle Linux 9 kernel security update

Oracle Linux Security Advisory ELSA-2026-1617

http://linux.oracle.com/errata/ELSA-2026-1617.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-abi-stablelists-5.14.0-611.27.1.el9_7.noarch.rpm
kernel-core-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-cross-headers-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-core-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-devel-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-devel-matched-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-modules-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-modules-core-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-modules-extra-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-debug-uki-virt-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-devel-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-devel-matched-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-doc-5.14.0-611.27.1.el9_7.noarch.rpm
kernel-headers-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-modules-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-modules-core-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-modules-extra-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-tools-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-tools-libs-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-tools-libs-devel-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-uki-virt-5.14.0-611.27.1.el9_7.x86_64.rpm
kernel-uki-virt-addons-5.14.0-611.27.1.el9_7.x86_64.rpm
libperf-5.14.0-611.27.1.el9_7.x86_64.rpm
perf-5.14.0-611.27.1.el9_7.x86_64.rpm
python3-perf-5.14.0-611.27.1.el9_7.x86_64.rpm
rtla-5.14.0-611.27.1.el9_7.x86_64.rpm
rv-5.14.0-611.27.1.el9_7.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-611.27.1.el9_7.aarch64.rpm
kernel-headers-5.14.0-611.27.1.el9_7.aarch64.rpm
kernel-tools-5.14.0-611.27.1.el9_7.aarch64.rpm
kernel-tools-libs-5.14.0-611.27.1.el9_7.aarch64.rpm
kernel-tools-libs-devel-5.14.0-611.27.1.el9_7.aarch64.rpm
libperf-5.14.0-611.27.1.el9_7.aarch64.rpm
perf-5.14.0-611.27.1.el9_7.aarch64.rpm
python3-perf-5.14.0-611.27.1.el9_7.aarch64.rpm
rtla-5.14.0-611.27.1.el9_7.aarch64.rpm
rv-5.14.0-611.27.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.27.1.el9_7.src.rpm

Related CVEs:

CVE-2025-38568
CVE-2025-40154
CVE-2025-40251

Description of changes:

[5.14.0-611.27.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 i_link (Jay Shin) [RHEL-141790]
- fold generic_readlink() into its only caller (Jay Shin) [RHEL-141790]
- fs/proc: fix uaf in proc_readdir_de() (Pavel Reichl) [RHEL-137093] {CVE-2025-40271}
- Backport 'create an empty changelog file when changing its name' (Alexandra Hájková)
- mptcp: fix race condition in mptcp_schedule_work() (Paolo Abeni) [RHEL-134443] {CVE-2025-40258}
- mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) [RHEL-134443]
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
- tcp: minor optimization in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (Kamal Heib) [RHEL-134347] {CVE-2025-38022}