Go-RPM-Macros, Thunderbird, Delve, and more updates for Oracle Linux

Oracle Linux 6456 Published by

Oracle has released several security updates for its Linux operating system. These updates affect various versions of Oracle Linux, including versions 7, 8, 9, and 10. Some notable updates include a security fix for the Unbreakable Enterprise kernel on version 8, as well as bug fixes and enhancements for the 389-ds-base package on version 9. Additionally, several other packages have received security updates across different Oracle Linux versions.

ELSA-2026-3669 Important: Oracle Linux 10 go-rpm-macros security update
ELSA-2026-3898 Important: Oracle Linux 8 osbuild-composer security update
ELSA-2026-3752 Important: Oracle Linux 10 osbuild-composer security update
ELSA-2026-3517 Important: Oracle Linux 10 thunderbird security update
ELBA-2026-4025 Oracle Linux 9 389-ds-base bug fix and enhancement update
ELSA-2026-3864 Important: Oracle Linux 10 delve security update
ELSA-2026-50142 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-3840 Important: Oracle Linux 10 image-builder security update
ELSA-2026-3551 Important: Oracle Linux 10 libpng security update
ELSA-2026-3896 Important: Oracle Linux 9 postgresql:15 security update
ELSA-2026-3963 Moderate: Oracle Linux 8 kernel security update
ELSA-2026-3887 Important: Oracle Linux 10 postgresql16 security update
ELSA-2026-3939 Moderate: Oracle Linux 10 nfs-utils security update
ELSA-2026-2713 Moderate: Oracle Linux 7 python3 security update
ELSA-2026-4110 Important: Oracle Linux 9 postgresql:16 security update




ELSA-2026-3669 Important: Oracle Linux 10 go-rpm-macros security update


Oracle Linux Security Advisory ELSA-2026-3669

http://linux.oracle.com/errata/ELSA-2026-3669.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
go-filesystem-3.6.0-7.el10_1.x86_64.rpm
go-rpm-macros-3.6.0-7.el10_1.x86_64.rpm
go-rpm-templates-3.6.0-7.el10_1.x86_64.rpm
go-srpm-macros-3.6.0-7.el10_1.noarch.rpm

aarch64:
go-filesystem-3.6.0-7.el10_1.aarch64.rpm
go-rpm-macros-3.6.0-7.el10_1.aarch64.rpm
go-rpm-templates-3.6.0-7.el10_1.aarch64.rpm
go-srpm-macros-3.6.0-7.el10_1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/go-rpm-macros-3.6.0-7.el10_1.src.rpm

Related CVEs:

CVE-2025-61726

Description of changes:

[3.6.0-7]
- Rebuild with latest Go

[3.6.0-6]
- Update CI support

[3.6.0-5]
- Add riscv64 to golang_arches for RHEL 10+



ELSA-2026-3898 Important: Oracle Linux 8 osbuild-composer security update


Oracle Linux Security Advisory ELSA-2026-3898

http://linux.oracle.com/errata/ELSA-2026-3898.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-101.4-4.0.1.el8_10.x86_64.rpm
osbuild-composer-core-101.4-4.0.1.el8_10.x86_64.rpm
osbuild-composer-worker-101.4-4.0.1.el8_10.x86_64.rpm

aarch64:
osbuild-composer-101.4-4.0.1.el8_10.aarch64.rpm
osbuild-composer-core-101.4-4.0.1.el8_10.aarch64.rpm
osbuild-composer-worker-101.4-4.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/osbuild-composer-101.4-4.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-68121

Description of changes:

[101.4-4.0.1]
- Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
- Update repositories to contain OCI variables
- Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
- Increase default /boot size to 1GB [Orabug: 36827079]
- support for building OL8/9 images on Oracle Linux 8 [Orabug: 36400619]

[101.4-4]
- Rebuilt to fix:
- CVE-2025-61726
- CVE-2025-68121
- RHEL-146097
- RHEL-149273



ELSA-2026-3752 Important: Oracle Linux 10 osbuild-composer security update


Oracle Linux Security Advisory ELSA-2026-3752

http://linux.oracle.com/errata/ELSA-2026-3752.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-149-5.0.1.el10_1.x86_64.rpm
osbuild-composer-core-149-5.0.1.el10_1.x86_64.rpm
osbuild-composer-worker-149-5.0.1.el10_1.x86_64.rpm

aarch64:
osbuild-composer-149-5.0.1.el10_1.aarch64.rpm
osbuild-composer-core-149-5.0.1.el10_1.aarch64.rpm
osbuild-composer-worker-149-5.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/osbuild-composer-149-5.0.1.el10_1.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61728
CVE-2025-61729
CVE-2025-68121

Description of changes:

[149-5.0.1]
- Add missing dependency over dracut-config-rescue for image-installer [Orabug: 38587453]
- Add OL10 support
- Update repository URLs for baseos, appstream and UERK
- Fix the label for UEKR repository
- Simplify repository names [JIRA: OLDIS-35893]
- Ensure build on latest golang: CVE-2024-34156
- Refactor patches to fix some naming and set a correct kernel for Oracle Linux [Orabug: 37253643]
- Support using OCI variables inside built images [JIRA: OLDIS-35302]
- Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
- Update repositories to contain OCI variables
- Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
- Increase default /boot size to 1GB [Orabug: 36827079]
- Add support for OCI hybrid images [JIRA: OLDIS-33593]
- enable aarch64 OCI image builds [JIRA: OLDIS-33593]
- support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]

[149-5]
- Rebuilt to fix:
- CVE-2025-61726
- CVE-2025-61728
- CVE-2025-61729
- CVE-2025-68121
- RHEL-146726
- RHEL-146931
- RHEL-147353
- RHEL-149232



ELSA-2026-3517 Important: Oracle Linux 10 thunderbird security update


Oracle Linux Security Advisory ELSA-2026-3517

http://linux.oracle.com/errata/ELSA-2026-3517.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.8.0-2.0.1.el10_1.x86_64.rpm

aarch64:
thunderbird-140.8.0-2.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/thunderbird-140.8.0-2.0.1.el10_1.src.rpm

Related CVEs:

CVE-2026-2447
CVE-2026-2757
CVE-2026-2758
CVE-2026-2759
CVE-2026-2760
CVE-2026-2761
CVE-2026-2762
CVE-2026-2763
CVE-2026-2764
CVE-2026-2765
CVE-2026-2766
CVE-2026-2767
CVE-2026-2768
CVE-2026-2769
CVE-2026-2770
CVE-2026-2771
CVE-2026-2772
CVE-2026-2773
CVE-2026-2774
CVE-2026-2775
CVE-2026-2776
CVE-2026-2777
CVE-2026-2778
CVE-2026-2779
CVE-2026-2780
CVE-2026-2781
CVE-2026-2782
CVE-2026-2783
CVE-2026-2784
CVE-2026-2785
CVE-2026-2786
CVE-2026-2787
CVE-2026-2788
CVE-2026-2789
CVE-2026-2790
CVE-2026-2791
CVE-2026-2792
CVE-2026-2793

Description of changes:

[140.8.0-2.0.1]
- Add Oracle prefs

[140.8.0-2]
- Update to 140.8.0 ESR



ELBA-2026-4025 Oracle Linux 9 389-ds-base bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-4025

http://linux.oracle.com/errata/ELBA-2026-4025.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-2.7.0-12.el9_7.x86_64.rpm
389-ds-base-devel-2.7.0-12.el9_7.x86_64.rpm
389-ds-base-libs-2.7.0-12.el9_7.x86_64.rpm
389-ds-base-snmp-2.7.0-12.el9_7.x86_64.rpm
python3-lib389-2.7.0-12.el9_7.noarch.rpm

aarch64:
389-ds-base-2.7.0-12.el9_7.aarch64.rpm
389-ds-base-devel-2.7.0-12.el9_7.aarch64.rpm
389-ds-base-libs-2.7.0-12.el9_7.aarch64.rpm
389-ds-base-snmp-2.7.0-12.el9_7.aarch64.rpm
python3-lib389-2.7.0-12.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/389-ds-base-2.7.0-12.el9_7.src.rpm

Description of changes:

[2.7.0-12]
- Resolves: RHEL-153553 - 389-ds-base-2.7.0-10.el9_7 updates dse.ldif with lowercase DNs causing ipa-healthcheck errors



ELSA-2026-3864 Important: Oracle Linux 10 delve security update


Oracle Linux Security Advisory ELSA-2026-3864

http://linux.oracle.com/errata/ELSA-2026-3864.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
delve-1.25.2-2.0.1.el10_1.x86_64.rpm

aarch64:
delve-1.25.2-2.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/delve-1.25.2-2.0.1.el10_1.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61729
CVE-2025-68121

Description of changes:

[1.25.2-2.0.1]
- Disable DWARF compression which has issues (Alex Burmashev)

[1.25.2-2]
- Rebuild with latest Go



ELSA-2026-50142 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2026-50142

http://linux.oracle.com/errata/ELSA-2026-50142.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.353.3.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.353.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.353.3.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.353.3.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.353.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.353.3.el8uek.src.rpm

Related CVEs:

CVE-2025-40215

Description of changes:

[5.4.17-2136.353.3]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 38934000]
- Revert "IB/mlx5: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "IB/core: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" (Sharath Srinivasan) [Orabug: 38923520]
- fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812]

[5.4.17-2136.353.2]
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa) [Orabug: 38893604]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493] {CVE-2025-40215}

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]



ELSA-2026-3840 Important: Oracle Linux 10 image-builder security update


Oracle Linux Security Advisory ELSA-2026-3840

http://linux.oracle.com/errata/ELSA-2026-3840.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
image-builder-45-1.0.3.el10.x86_64.rpm

aarch64:
image-builder-45-1.0.3.el10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/image-builder-45-1.0.3.el10.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61729
CVE-2025-68121

Description of changes:

[45-1.0.3]
- Rebuilt to fix CVE-2025-61726, CVE-2025-61729, CVE-2025-68121



ELSA-2026-3551 Important: Oracle Linux 10 libpng security update


Oracle Linux Security Advisory ELSA-2026-3551

http://linux.oracle.com/errata/ELSA-2026-3551.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
libpng-1.6.40-8.el10_1.2.x86_64.rpm
libpng-devel-1.6.40-8.el10_1.2.x86_64.rpm

aarch64:
libpng-1.6.40-8.el10_1.2.aarch64.rpm
libpng-devel-1.6.40-8.el10_1.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/libpng-1.6.40-8.el10_1.2.src.rpm

Related CVEs:

CVE-2026-22695
CVE-2026-22801
CVE-2026-25646

Description of changes:

[2:1.6.40-8.2]
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148323)
- fix CVE-2026-22695: heap buffer over-read in png_image_finish_read (RHEL-148818)
- fix CVE-2026-22801: heap buffer over-read in png_image_write_*bit (RHEL-146645)



ELSA-2026-3896 Important: Oracle Linux 9 postgresql:15 security update


Oracle Linux Security Advisory ELSA-2026-3896

http://linux.oracle.com/errata/ELSA-2026-3896.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
pgaudit-1.7.0-1.module+el9.2.0+21134+ceb95ed9.x86_64.rpm
pg_repack-1.4.8-2.module+el9.5.0+90424+300303e9.x86_64.rpm
postgres-decoderbufs-1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9.x86_64.rpm
postgresql-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-contrib-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-docs-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-plperl-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-plpython3-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-pltcl-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-private-devel-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-private-libs-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-server-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-server-devel-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-static-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-test-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-test-rpm-macros-15.17-1.module+el9.7.0+90829+0e33913e.noarch.rpm
postgresql-upgrade-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm
postgresql-upgrade-devel-15.17-1.module+el9.7.0+90829+0e33913e.x86_64.rpm

aarch64:
pgaudit-1.7.0-1.module+el9.2.0+21134+ceb95ed9.aarch64.rpm
pg_repack-1.4.8-2.module+el9.5.0+90424+300303e9.aarch64.rpm
postgres-decoderbufs-1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9.aarch64.rpm
postgresql-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-contrib-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-docs-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-plperl-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-plpython3-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-pltcl-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-private-devel-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-private-libs-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-server-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-server-devel-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-static-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-test-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-test-rpm-macros-15.17-1.module+el9.7.0+90829+0e33913e.noarch.rpm
postgresql-upgrade-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm
postgresql-upgrade-devel-15.17-1.module+el9.7.0+90829+0e33913e.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/pgaudit-1.7.0-1.module+el9.2.0+21134+ceb95ed9.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/pg_repack-1.4.8-2.module+el9.5.0+90424+300303e9.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/postgres-decoderbufs-1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/postgresql-15.17-1.module+el9.7.0+90829+0e33913e.src.rpm

Related CVEs:

CVE-2026-2004
CVE-2026-2005
CVE-2026-2006

Description of changes:

pgaudit
[1.7.0-1]
- Initial import for postgresql 15 module
- Update to 1.7.0
- Support postgresql 15
- Related: #2128410

pg_repack
[1.4.8-2]
- Add new build dependencies to fix build with lz4 enabled
- Related: RHEL-47350

[1.4.8-1]
- Update to version 1.4.8
- Postgresql 15 is supported
- Related: #2128410

postgres-decoderbufs
[1.9.7-1.Final]
- Iitial import for postgresql 15 stream
- Related: #2128410

postgresql
[15.17-1]
- Update to 15.17
- Fixes: CVE-2026-2004 CVE-2026-2005 CVE-2026-2006



ELSA-2026-3963 Moderate: Oracle Linux 8 kernel security update


Oracle Linux Security Advisory ELSA-2026-3963

http://linux.oracle.com/errata/ELSA-2026-3963.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.111.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.111.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.111.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.111.1.el8_10.x86_64.rpm
perf-4.18.0-553.111.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.111.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.111.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.111.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.111.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.111.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.111.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.111.1.el8_10.aarch64.rpm
perf-4.18.0-553.111.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.111.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.111.1.el8_10.src.rpm

Related CVEs:

CVE-2025-71085
CVE-2026-23001

Description of changes:

[4.18.0-553.111.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 pwd references to fs_struct (Waiman Long) [RHEL-146026]
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CKI Backport Bot) [RHEL-143535] {CVE-2025-71085}



ELSA-2026-3887 Important: Oracle Linux 10 postgresql16 security update


Oracle Linux Security Advisory ELSA-2026-3887

http://linux.oracle.com/errata/ELSA-2026-3887.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
postgresql-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-contrib-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-docs-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-plperl-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-plpython3-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-pltcl-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-private-devel-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-private-libs-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-server-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-server-devel-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-static-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-test-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-test-rpm-macros-16.13-1.0.1.el10_1.noarch.rpm
postgresql-upgrade-16.13-1.0.1.el10_1.x86_64.rpm
postgresql-upgrade-devel-16.13-1.0.1.el10_1.x86_64.rpm

aarch64:
postgresql-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-contrib-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-docs-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-plperl-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-plpython3-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-pltcl-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-private-devel-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-private-libs-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-server-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-server-devel-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-static-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-test-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-test-rpm-macros-16.13-1.0.1.el10_1.noarch.rpm
postgresql-upgrade-16.13-1.0.1.el10_1.aarch64.rpm
postgresql-upgrade-devel-16.13-1.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/postgresql16-16.13-1.0.1.el10_1.src.rpm

Related CVEs:

CVE-2026-2004
CVE-2026-2005
CVE-2026-2006

Description of changes:

[16.13-1.0.1]
- Replace upstream reference [Orabug: 37044148]

[16.13-1]
- Update to 16.13
- Fix CVE-2026-2004: PostgreSQL intarray missing validation of type of input
- Fix CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow
- Fix CVE-2026-2006: PostgreSQL missing validation of multibyte character length
- Resolves: RHEL-149364 RHEL-149398 RHEL-149332



ELSA-2026-3939 Moderate: Oracle Linux 10 nfs-utils security update


Oracle Linux Security Advisory ELSA-2026-3939

http://linux.oracle.com/errata/ELSA-2026-3939.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
libnfsidmap-2.8.3-0.0.1.el10_1.3.x86_64.rpm
libnfsidmap-devel-2.8.3-0.0.1.el10_1.3.x86_64.rpm
nfs-utils-2.8.3-0.0.1.el10_1.3.x86_64.rpm
nfs-utils-coreos-2.8.3-0.0.1.el10_1.3.x86_64.rpm
nfsv4-client-utils-2.8.3-0.0.1.el10_1.3.x86_64.rpm

aarch64:
libnfsidmap-2.8.3-0.0.1.el10_1.3.aarch64.rpm
libnfsidmap-devel-2.8.3-0.0.1.el10_1.3.aarch64.rpm
nfs-utils-2.8.3-0.0.1.el10_1.3.aarch64.rpm
nfs-utils-coreos-2.8.3-0.0.1.el10_1.3.aarch64.rpm
nfsv4-client-utils-2.8.3-0.0.1.el10_1.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/nfs-utils-2.8.3-0.0.1.el10_1.3.src.rpm

Related CVEs:

CVE-2025-12801

Description of changes:

[2.8.3-0.0.1.el10_1.3]
- remove multiple warnings when upgrading nfs-utils with gssproxy

[2.8.3-3]
- Add requires for selinux-policy (RHEL-127092)

[2.8.3-2]
- mountd: Minor refactor of get_rootfh() (RHEL-127092)
- mountd: Separate lookup of the exported directory and the mount path (RHEL-127092)
- support: Add a mini-library to extract and apply RPC credentials (RHEL-127092)
- Fix access checks when mounting subdirectories in NFSv3 (RHEL-127092)
Resolves: CVE-2025-12801



ELSA-2026-2713 Moderate: Oracle Linux 7 python3 security update


Oracle Linux Security Advisory ELSA-2026-2713

http://linux.oracle.com/errata/ELSA-2026-2713.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3-3.6.8-21.0.7.el7_9.i686.rpm
python3-3.6.8-21.0.7.el7_9.x86_64.rpm
python3-debug-3.6.8-21.0.7.el7_9.i686.rpm
python3-debug-3.6.8-21.0.7.el7_9.x86_64.rpm
python3-devel-3.6.8-21.0.7.el7_9.i686.rpm
python3-devel-3.6.8-21.0.7.el7_9.x86_64.rpm
python3-idle-3.6.8-21.0.7.el7_9.i686.rpm
python3-idle-3.6.8-21.0.7.el7_9.x86_64.rpm
python3-libs-3.6.8-21.0.7.el7_9.i686.rpm
python3-libs-3.6.8-21.0.7.el7_9.x86_64.rpm
python3-test-3.6.8-21.0.7.el7_9.i686.rpm
python3-test-3.6.8-21.0.7.el7_9.x86_64.rpm
python3-tkinter-3.6.8-21.0.7.el7_9.i686.rpm
python3-tkinter-3.6.8-21.0.7.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python3-3.6.8-21.0.7.el7_9.src.rpm

Related CVEs:

CVE-2025-12084

Description of changes:

[3.6.8-21.0.7]
- Security update CVE-2025-12084 [Orabug: 38971895]

[3.6.8-21.0.5]
- tarfile now validates archives to ensure member offsets are non-negative [Orabug: 38442771][CVE-2025-8194]

[3.6.8-21.0.3]
- Fix DoS parsing crafted tarfile headers [Orabug: 37626372][CVE-2024-6232]
- Disable test_socket in the PGO profile task.



ELSA-2026-4110 Important: Oracle Linux 9 postgresql:16 security update


Oracle Linux Security Advisory ELSA-2026-4110

http://linux.oracle.com/errata/ELSA-2026-4110.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
pgaudit-16.0-1.module+el9.4.0+90394+9e4f3cba.x86_64.rpm
pg_repack-1.5.1-1.module+el9.6.0+90592+523cb846.x86_64.rpm
pgvector-0.6.2-2.module+el9.6.0+90592+523cb846.x86_64.rpm
postgis-3.5.3-3.module+el9.7.0+90669+cd4abef7.x86_64.rpm
postgis-client-3.5.3-3.module+el9.7.0+90669+cd4abef7.x86_64.rpm
postgis-docs-3.5.3-3.module+el9.7.0+90669+cd4abef7.x86_64.rpm
postgis-upgrade-3.5.3-3.module+el9.7.0+90669+cd4abef7.x86_64.rpm
postgis-utils-3.5.3-3.module+el9.7.0+90669+cd4abef7.x86_64.rpm
postgres-decoderbufs-2.4.0-1.Final.module+el9.4.0+90394+9e4f3cba.x86_64.rpm
postgresql-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-contrib-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-docs-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-plperl-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-plpython3-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-pltcl-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-private-devel-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-private-libs-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-server-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-server-devel-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-static-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-test-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-test-rpm-macros-16.13-1.module+el9.7.0+90831+7907f012.noarch.rpm
postgresql-upgrade-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm
postgresql-upgrade-devel-16.13-1.module+el9.7.0+90831+7907f012.x86_64.rpm

aarch64:
pgaudit-16.0-1.module+el9.4.0+90394+9e4f3cba.aarch64.rpm
pg_repack-1.5.1-1.module+el9.6.0+90592+523cb846.aarch64.rpm
pgvector-0.6.2-2.module+el9.6.0+90592+523cb846.aarch64.rpm
postgis-3.5.3-3.module+el9.7.0+90669+cd4abef7.aarch64.rpm
postgis-client-3.5.3-3.module+el9.7.0+90669+cd4abef7.aarch64.rpm
postgis-docs-3.5.3-3.module+el9.7.0+90669+cd4abef7.aarch64.rpm
postgis-upgrade-3.5.3-3.module+el9.7.0+90669+cd4abef7.aarch64.rpm
postgis-utils-3.5.3-3.module+el9.7.0+90669+cd4abef7.aarch64.rpm
postgres-decoderbufs-2.4.0-1.Final.module+el9.4.0+90394+9e4f3cba.aarch64.rpm
postgresql-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-contrib-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-docs-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-plperl-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-plpython3-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-pltcl-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-private-devel-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-private-libs-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-server-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-server-devel-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-static-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-test-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-test-rpm-macros-16.13-1.module+el9.7.0+90831+7907f012.noarch.rpm
postgresql-upgrade-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm
postgresql-upgrade-devel-16.13-1.module+el9.7.0+90831+7907f012.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/pgaudit-16.0-1.module+el9.4.0+90394+9e4f3cba.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/pg_repack-1.5.1-1.module+el9.6.0+90592+523cb846.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/pgvector-0.6.2-2.module+el9.6.0+90592+523cb846.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/postgis-3.5.3-3.module+el9.7.0+90669+cd4abef7.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/postgres-decoderbufs-2.4.0-1.Final.module+el9.4.0+90394+9e4f3cba.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/postgresql-16.13-1.module+el9.7.0+90831+7907f012.src.rpm

Related CVEs:

CVE-2026-2003
CVE-2026-2004
CVE-2026-2005
CVE-2026-2006

Description of changes:

pgaudit
[16.0-1]
- Update to 16.0
- Support postgresql 16
- Initial import for PG 16 module
- Resolves: RHEL-3635

pg_repack
[1.5.1-1]
- Update to v1.5.1

[1.4.8-2]
- Add new build dependencies to fix build with lz4 enabled
- Related: RHEL-47604

[1.4.8-1]
- Resolves: RHEL-3636
- Initial import for PG 16 module

pgvector
[0.6.2-2]
- Enable Portable build
- Resolves: RHEL-84405

[0.6.2-1]
- Initial packaging

postgis
[3.5.3-3]
- Rebuild (gdal)

[3.5.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

[3.5.3-1]
- Update to 3.5.3

[3.5.2-2]
- Rebuild (SFCGAL)

[3.5.2-1]
- Update to 3.5.2

[3.5.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

[3.5.1-1]
- Update to 3.5.1

[3.5.0-3]
- Rebuild (GDAL)

[3.5.0-2]
- Rebuild (gdal)

[3.5.0-1]
- Update to 3.5.0

postgres-decoderbufs
[2.4.0-1.Final]
- Initial import for postgresql 16 stream
- Related: RHEL-3635

postgresql
[16.13-1]
- Update to 16.13
- Fixes: CVE-2026-2004 CVE-2026-2005 CVE-2026-2006


Systemd and perl-Crypt-SysRandom-XS updates for Fedora

Firefox, Python-Pyasn1, GIT-LFS, and more updates for RHEL

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...