Gnupg2, Firefox, IPA, and more updates for Oracle Linux

Oracle Linux 6436 Published by

Oracle has released several security updates for its Linux operating system. The updates address various vulnerabilities, including those affecting Firefox, gnupg2, libpq, and the Unbreakable Enterprise kernel. Multiple versions of Oracle Linux are affected, including 7, 8, and 9, with some updates marked as "Important" while others are considered "Moderate." The security updates can be found by following the links provided for each affected package.

ELSA-2026-0728 Important: Oracle Linux 8 gnupg2 security update
ELSA-2026-0694 Important: Oracle Linux 9 firefox security update
ELSA-2026-0695 Moderate: Oracle Linux 8 libpq security update
ELSA-2026-0667 Important: Oracle Linux 8 firefox security update
ELSA-2026-0007 Important: Oracle Linux 7 firefox security update
ELBA-2025-23155 Oracle Linux 7 ipa bug fix and enhancement update
ELSA-2026-50060 Important: Unbreakable Enterprise kernel security update
ELSA-2026-50060 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-0771 Important: Oracle Linux 9 gpsd-minimal security update
ELSA-2026-0752 Important: Oracle Linux 9 jmc security update
ELSA-2026-50061 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-0753 Important: Oracle Linux 8 container-tools:rhel8 security update
ELSA-2026-0750 Important: Oracle Linux 8 net-snmp security update
ELSA-2026-50061 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-50061 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELBA-2025-19219 Oracle Linux 7 gnome-keyring bug fix and enhancement update




ELSA-2026-0728 Important: Oracle Linux 8 gnupg2 security update


Oracle Linux Security Advisory ELSA-2026-0728

http://linux.oracle.com/errata/ELSA-2026-0728.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnupg2-2.2.20-4.el8_10.x86_64.rpm
gnupg2-smime-2.2.20-4.el8_10.x86_64.rpm

aarch64:
gnupg2-2.2.20-4.el8_10.aarch64.rpm
gnupg2-smime-2.2.20-4.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gnupg2-2.2.20-4.el8_10.src.rpm

Related CVEs:

CVE-2025-68973

Description of changes:

[2.2.20-4]
- Fix CVE-2025-68973 (gpg.fail/memcpy)



ELSA-2026-0694 Important: Oracle Linux 9 firefox security update


Oracle Linux Security Advisory ELSA-2026-0694

http://linux.oracle.com/errata/ELSA-2026-0694.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.7.0-1.0.1.el9_7.x86_64.rpm
firefox-x11-140.7.0-1.0.1.el9_7.x86_64.rpm

aarch64:
firefox-140.7.0-1.0.1.el9_7.aarch64.rpm
firefox-x11-140.7.0-1.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/firefox-140.7.0-1.0.1.el9_7.src.rpm

Related CVEs:

CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0890
CVE-2026-0891

Description of changes:

[140.7.0-1.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[140.7.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[140.7.0-1]
- Update to 140.7.0 ESR



ELSA-2026-0695 Moderate: Oracle Linux 8 libpq security update


Oracle Linux Security Advisory ELSA-2026-0695

http://linux.oracle.com/errata/ELSA-2026-0695.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libpq-13.23-1.el8_10.i686.rpm
libpq-13.23-1.el8_10.x86_64.rpm
libpq-devel-13.23-1.el8_10.i686.rpm
libpq-devel-13.23-1.el8_10.x86_64.rpm

aarch64:
libpq-13.23-1.el8_10.aarch64.rpm
libpq-devel-13.23-1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libpq-13.23-1.el8_10.src.rpm

Related CVEs:

CVE-2025-12818

Description of changes:

[13.23-1]
- Rebase to upstream release 13.23
- Resolves: RHEL-131269 (CVE-2025-12818)



ELSA-2026-0667 Important: Oracle Linux 8 firefox security update


Oracle Linux Security Advisory ELSA-2026-0667

http://linux.oracle.com/errata/ELSA-2026-0667.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.7.0-1.0.1.el8_10.x86_64.rpm

aarch64:
firefox-140.7.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/firefox-140.7.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0890
CVE-2026-0891

Description of changes:

[140.7.0-1.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789]

[140.7.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[140.7.0-1]
- Update to 140.7.0 ESR



ELSA-2026-0007 Important: Oracle Linux 7 firefox security update


Oracle Linux Security Advisory ELSA-2026-0007

http://linux.oracle.com/errata/ELSA-2026-0007.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.6.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-140.6.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2025-14321
CVE-2025-14322
CVE-2025-14323
CVE-2025-14324
CVE-2025-14325
CVE-2025-14328
CVE-2025-14329
CVE-2025-14330
CVE-2025-14331
CVE-2025-14333

Description of changes:

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]

[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]

[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]

[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]

[128.13.0-1.0.1]
- Update to 128.13.0 [Orabug: 38256809][CVE-2025-8027][CVE-2025-8028]
[CVE-2025-8029][CVE-2025-8030][CVE-2025-8031][CVE-2025-8032][CVE-2025-8033]
[CVE-2025-8034][CVE-2025-8035]

[128.12.0-1.0.1]
- Update to 128.12.0 [Orabug: 38141310][CVE-2025-6424][CVE-2025-6425]
[CVE-2025-6429][CVE-2025-6430]

[128.11.0-1.0.1]
- Update to 128.11.0 [Orabug: 38077559][CVE-2025-5263][CVE-2025-5264]
[CVE-2025-5266][CVE-2025-5267][CVE-2025-5268][CVE-2025-5269]

[128.10.1-1.0.1]
- Update to 128.10.1 [Orabug: 38028280][CVE-2025-4918][CVE-2025-4919]

[128.10.0-1.0.1]
- Updated to 128.10.0 build [Orabug: 37924620]
- Fixes CVE-2025-2817 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 and
- CVE-2025-4093



ELBA-2025-23155 Oracle Linux 7 ipa bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-23155

http://linux.oracle.com/errata/ELBA-2025-23155.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipa-client-4.6.8-5.0.7.el7_9.17.x86_64.rpm
ipa-client-common-4.6.8-5.0.7.el7_9.17.noarch.rpm
ipa-common-4.6.8-5.0.7.el7_9.17.noarch.rpm
ipa-python-compat-4.6.8-5.0.7.el7_9.17.noarch.rpm
ipa-server-4.6.8-5.0.7.el7_9.17.x86_64.rpm
ipa-server-common-4.6.8-5.0.7.el7_9.17.noarch.rpm
ipa-server-dns-4.6.8-5.0.7.el7_9.17.noarch.rpm
ipa-server-trust-ad-4.6.8-5.0.7.el7_9.17.x86_64.rpm
python2-ipaclient-4.6.8-5.0.7.el7_9.17.noarch.rpm
python2-ipalib-4.6.8-5.0.7.el7_9.17.noarch.rpm
python2-ipaserver-4.6.8-5.0.7.el7_9.17.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ipa-4.6.8-5.0.7.el7_9.17.src.rpm

Description of changes:

[4.6.8-5.0.7.el7_9.17]
- Fixes ELBA-2025-23155 kdb: do not fail if canonical principal is missing [Orabug: 38761213]

[4.6.8-5.0.5.el7_9.17]
- Fixes CVE-2025-7493 Enforce uniqueness across krbprincipalname
- and krbcanonicalname [Orabug: 38520120]

[4.6.8-5.0.3.el7_9.17]
- Fix privilege escalation from host to domain vulnerability
- CVE-2025-4404 [Orabug: 38085890]



ELSA-2026-50060 Important: Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2026-50060

http://linux.oracle.com/errata/ELSA-2026-50060.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-107.59.3.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.3.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-107.59.3.3.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-107.59.3.3.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-107.59.3.3.el10uek.src.rpm

Related CVEs:

CVE-2025-40248

Description of changes:

[6.12.0-107.59.3.3]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38858283] {CVE-2025-40248}



ELSA-2026-50060 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2026-50060

http://linux.oracle.com/errata/ELSA-2026-50060.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-107.59.3.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.3.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-107.59.3.3.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-107.59.3.3.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-107.59.3.3.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-107.59.3.3.el9uek.src.rpm

Related CVEs:

CVE-2025-40248

Description of changes:

[6.12.0-107.59.3.3]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38858283] {CVE-2025-40248}



ELSA-2026-0771 Important: Oracle Linux 9 gpsd-minimal security update


Oracle Linux Security Advisory ELSA-2026-0771

http://linux.oracle.com/errata/ELSA-2026-0771.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
gpsd-minimal-3.26.1-1.0.1.el9_7.1.x86_64.rpm
gpsd-minimal-clients-3.26.1-1.0.1.el9_7.1.x86_64.rpm

aarch64:
gpsd-minimal-3.26.1-1.0.1.el9_7.1.aarch64.rpm
gpsd-minimal-clients-3.26.1-1.0.1.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gpsd-minimal-3.26.1-1.0.1.el9_7.1.src.rpm

Related CVEs:

CVE-2025-67268
CVE-2025-67269

Description of changes:

[1:3.26.1-1.0.1.el9_7.1]
- Replaced upstream reference [Orabug: 35865525]



ELSA-2026-0752 Important: Oracle Linux 9 jmc security update


Oracle Linux Security Advisory ELSA-2026-0752

http://linux.oracle.com/errata/ELSA-2026-0752.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
jmc-8.2.0-18.el9_7.2.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/jmc-8.2.0-18.el9_7.2.src.rpm

Related CVEs:

CVE-2025-66566

Description of changes:

[8.2.0-4]
- Bump LZ4 Version to 1.10.2. Related: RHEL-135478



ELSA-2026-50061 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2026-50061

http://linux.oracle.com/errata/ELSA-2026-50061.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.351.3.2.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.351.3.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.351.3.2.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.351.3.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.351.3.2.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.351.3.2.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.351.3.2.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.351.3.2.el8uek.src.rpm

Related CVEs:

CVE-2025-39964
CVE-2025-40248
CVE-2025-40280

Description of changes:

[5.4.17-2136.351.3.2]
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38855323] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long) [Orabug: 38855323]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38855319] {CVE-2025-40248}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38855313] {CVE-2025-39964}



ELSA-2026-0753 Important: Oracle Linux 8 container-tools:rhel8 security update


Oracle Linux Security Advisory ELSA-2026-0753

http://linux.oracle.com/errata/ELSA-2026-0753.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aardvark-dns-1.10.1-2.module+el8.10.0+90770+75f7d03c.x86_64.rpm
buildah-1.33.14-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
buildah-tests-1.33.14-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90770+75f7d03c.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
containernetworking-plugins-1.4.0-6.module+el8.10.0+90770+75f7d03c.x86_64.rpm
containers-common-1-82.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
container-selinux-2.229.0-2.module+el8.10.0+90770+75f7d03c.noarch.rpm
crit-3.18-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
criu-3.18-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
criu-devel-3.18-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
criu-libs-3.18-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
crun-1.14.3-2.module+el8.10.0+90770+75f7d03c.x86_64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
libslirp-4.4.0-2.module+el8.10.0+90770+75f7d03c.x86_64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90770+75f7d03c.x86_64.rpm
netavark-1.10.3-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
podman-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
podman-catatonit-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
podman-docker-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.noarch.rpm
podman-gvproxy-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
podman-plugins-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
podman-remote-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
podman-tests-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
python3-criu-3.18-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90770+75f7d03c.noarch.rpm
runc-1.2.9-2.module+el8.10.0+90770+75f7d03c.x86_64.rpm
skopeo-1.14.5-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
skopeo-tests-1.14.5-5.module+el8.10.0+90770+75f7d03c.x86_64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90770+75f7d03c.x86_64.rpm
udica-0.2.6-21.module+el8.10.0+90770+75f7d03c.noarch.rpm

aarch64:
aardvark-dns-1.10.1-2.module+el8.10.0+90770+75f7d03c.aarch64.rpm
buildah-1.33.14-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
buildah-tests-1.33.14-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90770+75f7d03c.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
containernetworking-plugins-1.4.0-6.module+el8.10.0+90770+75f7d03c.aarch64.rpm
containers-common-1-82.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
container-selinux-2.229.0-2.module+el8.10.0+90770+75f7d03c.noarch.rpm
crit-3.18-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
criu-3.18-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
criu-devel-3.18-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
criu-libs-3.18-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
crun-1.14.3-2.module+el8.10.0+90770+75f7d03c.aarch64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
libslirp-4.4.0-2.module+el8.10.0+90770+75f7d03c.aarch64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90770+75f7d03c.aarch64.rpm
netavark-1.10.3-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
podman-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
podman-catatonit-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
podman-docker-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.noarch.rpm
podman-gvproxy-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
podman-plugins-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
podman-remote-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
podman-tests-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
python3-criu-3.18-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90770+75f7d03c.noarch.rpm
runc-1.2.9-2.module+el8.10.0+90770+75f7d03c.aarch64.rpm
skopeo-1.14.5-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
skopeo-tests-1.14.5-5.module+el8.10.0+90770+75f7d03c.aarch64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90770+75f7d03c.aarch64.rpm
udica-0.2.6-21.module+el8.10.0+90770+75f7d03c.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/aardvark-dns-1.10.1-2.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/buildah-1.33.14-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/cockpit-podman-84.1-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.1.10-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containernetworking-plugins-1.4.0-6.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containers-common-1-82.0.1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/container-selinux-2.229.0-2.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/criu-3.18-5.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/crun-1.14.3-2.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/fuse-overlayfs-1.13-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/libslirp-4.4.0-2.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/netavark-1.10.3-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/podman-4.9.4-27.0.1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/python-podman-4.9.0-3.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/runc-1.2.9-2.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/skopeo-1.14.5-5.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/slirp4netns-1.2.3-1.module+el8.10.0+90770+75f7d03c.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/udica-0.2.6-21.module+el8.10.0+90770+75f7d03c.src.rpm

Related CVEs:

CVE-2025-47913

Description of changes:

aardvark-dns
[2:1.10.1-2]
- build off the RHEL maintenance branch
- Resolves: RHEL-59129

buildah
[2:1.33.14-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/a7f8179)
- fixes 'CVE-2025-47913 container-tools:rhel8/buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-8.10.z]'
- Resolves: RHEL-130974

cockpit-podman
[84.1-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1
- Related: Jira:RHEL-25557

conmon
[3:2.1.10-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.10
- Related: Jira:RHEL-2110

containernetworking-plugins
[1:1.4.0-6]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89244

containers-common
[1-82.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)

container-selinux
[2:2.229.0-2]
- remove watch statements properly for RHEL8 and lower
- Related: Jira:RHEL-2110

criu
[3.18-5]
- rebuild to preserve upgrade path
- Related: RHEL-32671

crun
[1.14.3-2]
- remove BR libgcrypt-devel, no longer needed
- Related: Jira:RHEL-2110

fuse-overlayfs
[1.13-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13
- Related: Jira:RHEL-2110

libslirp
[4.4.0-2]
- rebuild to preserve upgrade path 8.9 -> 8.10
- Related: RHEL-32671

netavark
[2:1.10.3-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.3
- Related: Jira:RHEL-2110

oci-seccomp-bpf-hook
[1.2.10-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10
- Related: Jira:RHEL-2110

podman
[4.9.4-27.0.1]
- Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813]
- Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36756665]

python-podman
[4.9.0-3]
- sync with release-4.9 branch
- Resolves: RHEL-31069

runc
[4:1.2.9-2]
- update to https://github.com/opencontainers/runc/releases/tag/v1.2.9
- Resolves: RHEL-132818

skopeo
[2:1.14.5-5]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125659

slirp4netns
[1.2.3-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3
- Related: Jira:RHEL-2110

udica
[0.2.6-21]
- bump release to preserve update path
- Resolves: RHEL-32671



ELSA-2026-0750 Important: Oracle Linux 8 net-snmp security update


Oracle Linux Security Advisory ELSA-2026-0750

http://linux.oracle.com/errata/ELSA-2026-0750.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
net-snmp-5.8-33.0.1.el8_10.x86_64.rpm
net-snmp-agent-libs-5.8-33.0.1.el8_10.i686.rpm
net-snmp-agent-libs-5.8-33.0.1.el8_10.x86_64.rpm
net-snmp-devel-5.8-33.0.1.el8_10.i686.rpm
net-snmp-devel-5.8-33.0.1.el8_10.x86_64.rpm
net-snmp-libs-5.8-33.0.1.el8_10.i686.rpm
net-snmp-libs-5.8-33.0.1.el8_10.x86_64.rpm
net-snmp-perl-5.8-33.0.1.el8_10.x86_64.rpm
net-snmp-utils-5.8-33.0.1.el8_10.x86_64.rpm

aarch64:
net-snmp-5.8-33.0.1.el8_10.aarch64.rpm
net-snmp-agent-libs-5.8-33.0.1.el8_10.aarch64.rpm
net-snmp-devel-5.8-33.0.1.el8_10.aarch64.rpm
net-snmp-libs-5.8-33.0.1.el8_10.aarch64.rpm
net-snmp-perl-5.8-33.0.1.el8_10.aarch64.rpm
net-snmp-utils-5.8-33.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/net-snmp-5.8-33.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-68615

Description of changes:

[5.8-33.0.1]
- fix error index value when snmpget is used a proxy pass [Orabug: 34905643]

[1:5.8-33]
- fix out of bound access (RHEL-137501)
- perl modern auth enablement (RHEL-137310)



ELSA-2026-50061 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2026-50061

http://linux.oracle.com/errata/ELSA-2026-50061.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.351.3.2.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.351.3.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.351.3.2.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.351.3.2.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.351.3.2.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.351.3.2.el8uek.src.rpm

Related CVEs:

CVE-2025-39964
CVE-2025-40248
CVE-2025-40280

Description of changes:

[5.4.17-2136.351.3.2]
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38855323] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long) [Orabug: 38855323]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38855319] {CVE-2025-40248}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38855313] {CVE-2025-39964}



ELSA-2026-50061 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2026-50061

http://linux.oracle.com/errata/ELSA-2026-50061.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.351.3.2.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.351.3.2.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.351.3.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.351.3.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.351.3.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.351.3.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.351.3.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.351.3.2.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.351.3.2.el7uek.src.rpm

Related CVEs:

CVE-2025-39964
CVE-2025-40248
CVE-2025-40280

Description of changes:

[5.4.17-2136.351.3.2]
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38855323] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long) [Orabug: 38855323]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38855319] {CVE-2025-40248}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38855313] {CVE-2025-39964}

[5.4.17-2136.351.3.1]
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38787139] {CVE-2025-40271}

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

[5.4.17-2136.350.2]
- LTS tag: v5.4.301 (Alok Tiwari)
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412] {CVE-2025-40198}
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski)
- arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: add ndo_fdb_del_bulk (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- net: rtnetlink: remove redundant assignment to variable err (Colin Ian King)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- exec: Fix incorrect type for ret (Xichao Zhao)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- sched/fair: Trivial correction of the newidle_balance() comment (Barry Song)
- sched: Make newidle_balance() static again (Chen Yu)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026}
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219}
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
- serial: max310x: Add error checking in probe() (Dan Carpenter)
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
- media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa)
- media: imon: reorganize serialization (Tetsuo Handa)
- media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995}
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998}
- LTS tag: v5.4.300 (Alok Tiwari)
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero)
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883}
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923}
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- genirq: Provide new interfaces for affinity hints (Thomas Gleixner)
- genirq: Export affinity setter for modules (Thomas Gleixner)
- genirq/affinity: Add irq_update_affinity_desc() (John Garry)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143}

[5.4.17-2136.350.1]
- device-dax: correct pgoff align in dax_set_mapping() (Kun(Llfl)) [Orabug: 37206404] {CVE-2024-50022}

[5.4.17-2136.349.3]
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]



ELBA-2025-19219 Oracle Linux 7 gnome-keyring bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-19219

http://linux.oracle.com/errata/ELBA-2025-19219.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnome-keyring-3.28.2-1.0.1.el7.i686.rpm
gnome-keyring-3.28.2-1.0.1.el7.x86_64.rpm
gnome-keyring-pam-3.28.2-1.0.1.el7.i686.rpm
gnome-keyring-pam-3.28.2-1.0.1.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gnome-keyring-3.28.2-1.0.1.el7.src.rpm

Description of changes:

[3.28.2-1.0.1]
- Avoid deadlock connecting to ssh agent [Orabug: 38589565]


PostgreSQL, Libsoup, BuildAH, and more updates for AlmaLinux

Govulncheck-vulndb, Chromium, Go, and more updates for SUSE

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...