ELSA-2026-36318 Moderate: Oracle Linux 9 aardvark-dns security update
ELSA-2026-36187 Important: Oracle Linux 9 perl-HTTP-Daemon security update
ELSA-2026-36210 Moderate: Oracle Linux 9 freeipmi security update
ELSA-2026-36317 Important: Oracle Linux 9 skopeo security update
ELSA-2026-36195 Important: Oracle Linux 9 389-ds-base security update
ELSA-2026-36315 Important: Oracle Linux 9 python3.14-pip security update
ELSA-2026-33285 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
ELSA-2026-30848 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
ELSA-2026-25051 Important: Oracle Linux 9 libyang security update
ELSA-2026-35833 Important: Oracle Linux 8 container-tools:ol8 security update
ELSA-2026-36307 Moderate: Oracle Linux 8 freeipmi security update
ELSA-2026-36215 Important: Oracle Linux 8 compat-openssl10 security update
ELSA-2026-36188 Important: Oracle Linux 8 perl-HTTP-Daemon security update
ELSA-2026-36318 Moderate: Oracle Linux 9 aardvark-dns security update
Oracle Linux Security Advisory ELSA-2026-36318
http://linux.oracle.com/errata/ELSA-2026-36318.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
aardvark-dns-1.17.1-1.el9_8.x86_64.rpm
aarch64:
aardvark-dns-1.17.1-1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/aardvark-dns-1.17.1-1.el9_8.src.rpm
Related CVEs:
CVE-2026-35406
Description of changes:
[2:1.17.1-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.17.1
- Resolves: RHEL-170152
ELSA-2026-36187 Important: Oracle Linux 9 perl-HTTP-Daemon security update
Oracle Linux Security Advisory ELSA-2026-36187
http://linux.oracle.com/errata/ELSA-2026-36187.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
perl-HTTP-Daemon-6.12-6.el9_8.1.noarch.rpm
aarch64:
perl-HTTP-Daemon-6.12-6.el9_8.1.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/perl-HTTP-Daemon-6.12-6.el9_8.1.src.rpm
Related CVEs:
CVE-2026-8450
Description of changes:
[6.12-6.1]
- Fix CVE-2026-8450: send_file() shell-magic injection via 2-arg open()
- Resolves: RHEL-184829
ELSA-2026-36210 Moderate: Oracle Linux 9 freeipmi security update
Oracle Linux Security Advisory ELSA-2026-36210
http://linux.oracle.com/errata/ELSA-2026-36210.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
freeipmi-1.6.18-1.el9_8.i686.rpm
freeipmi-1.6.18-1.el9_8.x86_64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el9_8.x86_64.rpm
freeipmi-devel-1.6.18-1.el9_8.i686.rpm
freeipmi-devel-1.6.18-1.el9_8.x86_64.rpm
freeipmi-ipmidetectd-1.6.18-1.el9_8.x86_64.rpm
freeipmi-ipmiseld-1.6.18-1.el9_8.x86_64.rpm
aarch64:
freeipmi-1.6.18-1.el9_8.aarch64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el9_8.aarch64.rpm
freeipmi-devel-1.6.18-1.el9_8.aarch64.rpm
freeipmi-ipmidetectd-1.6.18-1.el9_8.aarch64.rpm
freeipmi-ipmiseld-1.6.18-1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freeipmi-1.6.18-1.el9_8.src.rpm
Related CVEs:
CVE-2026-50031
Description of changes:
[1.6.18-1]
- Update to 1.6.18, fixes CVE-2026-50031
ELSA-2026-36317 Important: Oracle Linux 9 skopeo security update
Oracle Linux Security Advisory ELSA-2026-36317
http://linux.oracle.com/errata/ELSA-2026-36317.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
skopeo-1.22.2-7.el9_8.x86_64.rpm
skopeo-tests-1.22.2-7.el9_8.x86_64.rpm
aarch64:
skopeo-1.22.2-7.el9_8.aarch64.rpm
skopeo-tests-1.22.2-7.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/skopeo-1.22.2-7.el9_8.src.rpm
Related CVEs:
CVE-2026-25679
CVE-2026-27145
Description of changes:
[1:1.22.2-7]
- Rebuild for golang >= 1.26.4 to fix CVE-2026-27145
- Resolves: RHEL-189898
ELSA-2026-36195 Important: Oracle Linux 9 389-ds-base security update
Oracle Linux Security Advisory ELSA-2026-36195
http://linux.oracle.com/errata/ELSA-2026-36195.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
389-ds-base-2.8.0-8.el9_8.x86_64.rpm
389-ds-base-devel-2.8.0-8.el9_8.x86_64.rpm
389-ds-base-libs-2.8.0-8.el9_8.x86_64.rpm
389-ds-base-snmp-2.8.0-8.el9_8.x86_64.rpm
python3-lib389-2.8.0-8.el9_8.noarch.rpm
aarch64:
389-ds-base-2.8.0-8.el9_8.aarch64.rpm
389-ds-base-devel-2.8.0-8.el9_8.aarch64.rpm
389-ds-base-libs-2.8.0-8.el9_8.aarch64.rpm
389-ds-base-snmp-2.8.0-8.el9_8.aarch64.rpm
python3-lib389-2.8.0-8.el9_8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/389-ds-base-2.8.0-8.el9_8.src.rpm
Related CVEs:
CVE-2026-11610
CVE-2026-11774
Description of changes:
[2.8.0-8]
- Resolves: RHEL-182159 - CVE-2026-11610 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND [rhel-9.8.z]
- Resolves: RHEL-183103 - CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow [rhel-9.8.z]
ELSA-2026-36315 Important: Oracle Linux 9 python3.14-pip security update
Oracle Linux Security Advisory ELSA-2026-36315
http://linux.oracle.com/errata/ELSA-2026-36315.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3.14-pip-25.2-3.el9_8.5.noarch.rpm
python3.14-pip-wheel-25.2-3.el9_8.5.noarch.rpm
aarch64:
python3.14-pip-25.2-3.el9_8.5.noarch.rpm
python3.14-pip-wheel-25.2-3.el9_8.5.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/python3.14-pip-25.2-3.el9_8.5.src.rpm
Related CVEs:
CVE-2026-8643
Description of changes:
[25.2-5]
- Fix gating plan
- removed unnecessary older VERSION= tests
- removed bootstrap test
- fix pip_install_upgrade to run pip-3.14
- fix bash completion + remove unused metadata file
[25.2-4]
- Security fix for CVE-2026-8643: path traversal in wheel entry points
ELSA-2026-33285 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-33285
http://linux.oracle.com/errata/ELSA-2026-33285.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-abi-stablelists-5.14.0-687.20.1.el9_8.noarch.rpm
kernel-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-cross-headers-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-devel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-devel-matched-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-modules-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-modules-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-modules-extra-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-uki-virt-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-devel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-devel-matched-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-doc-5.14.0-687.20.1.el9_8.noarch.rpm
kernel-headers-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-modules-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-modules-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-modules-extra-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-tools-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-tools-libs-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-tools-libs-devel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-uki-virt-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-uki-virt-addons-5.14.0-687.20.1.el9_8.x86_64.rpm
libperf-5.14.0-687.20.1.el9_8.x86_64.rpm
perf-5.14.0-687.20.1.el9_8.x86_64.rpm
python3-perf-5.14.0-687.20.1.el9_8.x86_64.rpm
rtla-5.14.0-687.20.1.el9_8.x86_64.rpm
rv-5.14.0-687.20.1.el9_8.x86_64.rpm
aarch64:
kernel-cross-headers-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-headers-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-tools-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-tools-libs-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-tools-libs-devel-5.14.0-687.20.1.el9_8.aarch64.rpm
libperf-5.14.0-687.20.1.el9_8.aarch64.rpm
perf-5.14.0-687.20.1.el9_8.aarch64.rpm
python3-perf-5.14.0-687.20.1.el9_8.aarch64.rpm
rtla-5.14.0-687.20.1.el9_8.aarch64.rpm
rv-5.14.0-687.20.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-687.20.1.el9_8.src.rpm
Related CVEs:
CVE-2026-31411
CVE-2026-43198
Description of changes:
[5.14.0-687.20.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 "disabling" (Kamal Heib) [RHEL-169057]
- net/mlx5: Add HWS as secondary steering mode (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Shrink empty matchers (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Rearrange to prevent forward declaration (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Track matcher sizes individually (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Decouple matcher RX and TX sizes (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Create STEs directly from matcher (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Refactor rule skip logic (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Export rule skip logic (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, remove incorrect comment (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, remove unused create_dest_array parameter (Kamal Heib) [RHEL-169057]
- net/mlx5: Manage TC arbiter nodes and implement full support for tc-bw (Kamal Heib) [RHEL-169057]
- net/mlx5: Add traffic class scheduling support for vport QoS (Kamal Heib) [RHEL-169057]
- net/mlx5: Add support for setting tc-bw on nodes (Kamal Heib) [RHEL-169057]
- net/mlx5: Add no-op implementation for setting tc-bw on rate objects (Kamal Heib) [RHEL-169057]
- net/mlx5: Check device memory pointer before usage (Kamal Heib) [RHEL-169057]
- net/mlx5: fs, fix RDMA TRANSPORT init cleanup flow (Kamal Heib) [RHEL-169057]
- net/mlx5e: Fix error handling in RQ memory model registration (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Allocate IB device with net namespace supplied from core dev (Kamal Heib) [RHEL-169057]
- net/mlx5: Add IFC bits for PCIe Congestion Event object (Kamal Heib) [RHEL-169057]
- net/mlx5: Small refactor for general object capabilities (Kamal Heib) [RHEL-169057]
- net/mlx5: fs, add multiple prios to RDMA TRANSPORT steering domain (Kamal Heib) [RHEL-169057]
- net/mlx5e: Support ethtool tcp-data-split settings (Kamal Heib) [RHEL-169057]
- net/mlx5e: Implement queue mgmt ops and single channel swap (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Separate pool for headers (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Improve hw gro capability checking (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Remove redundant params (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Reorganize mlx5_rq_shampo_alloc (Kamal Heib) [RHEL-169057]
- net/mlx5: Expose serial numbers in devlink info (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix vport loopback for MPV device (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix CC counters query for MPV (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix HW counters query for non-representor devices (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Avoid flexible array warning (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Add support for 200Gbps per lane speeds (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Remove the redundant MLX5_IB_STAGE_UAR stage (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: convert timeouts to secs_to_jiffies() (Kamal Heib) [RHEL-169057]
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (Kamal Heib) [RHEL-169057]
- net/mlx5: Fix memory leak in cmd_exec() (Kamal Heib) [RHEL-169057]
- net/mlx5: Correctly set gso_size when LRO is used (Kamal Heib) [RHEL-169057]
- net/mlx5e: Add new prio for promiscuous mode (Kamal Heib) [RHEL-169057]
- net/mlx5e: Fix race between DIM disable and net_dim() (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Add error checking to hws_bwc_rule_complex_hash_node_get() (Kamal Heib) [RHEL-169057]
- net/mlx5e: Fix leak of Geneve TLV option object (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, make sure the uplink is the last destination (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix missing ip_version handling in definer (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Init mutex on the correct path (Kamal Heib) [RHEL-169057]
- net/mlx5: Fix return value when searching for existing flow group (Kamal Heib) [RHEL-169057]
- net/mlx5: Ensure fw pages are always allocated on same NUMA (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix an error code in mlx5hws_bwc_rule_create_complex() (Kamal Heib) [RHEL-169057]
- net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (Kamal Heib) [RHEL-169057]
- net/mlx5e: Allow setting MAC address of representors (Kamal Heib) [RHEL-169057]
- net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, handle modify header actions dependency (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix typo - 'nope' to 'nop' (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, register reformat actions with fw (Kamal Heib) [RHEL-169057]
- net/mlx5: SWS, fix reformat id error handling (Kamal Heib) [RHEL-169057]
- net/mlx5: Use to_delayed_work() (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, dump bad completion details (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, rework rehash loop (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix redundant extension of action templates (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix counting of rules in the matcher (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, force rehash when rule insertion failed (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, support complex matchers (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, introduce isolated matchers (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, expose polling function in header file (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, add definer function to get field name str (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, expose function mlx5hws_table_ft_set_next_ft in header (Kamal Heib) [RHEL-169057]
- net/mlx5: support software TX timestamp (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Disallow matcher IP version mixing (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Harden IP version definer checks (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix IP version decision (Kamal Heib) [RHEL-169057]
- net/mlx5: Fix spelling mistakes in mlx5_core_dbg message and comments (Kamal Heib) [RHEL-169057]
- net/mlx5e: ethtool: Fix formatting of ptp_rq0_csum_complete_tail_slow (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Export action STE tables to debugfs (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Free unused action STE tables (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Cleanup matcher action STE table (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Use the new action STE pool (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Implement action STE pool (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix pool size optimization (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Add fullness tracking to pool (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Cleanup after pool refactoring (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Refactor pool implementation (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Make pool single resource (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Remove unused element array (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix matcher action template attach (Kamal Heib) [RHEL-169057]
- selinux: RHEL-only hotfix for execmem regression (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- selinux: fix overlayfs mmap() and mprotect() access checks (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- lsm: add backing_file LSM hooks (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: prepare for adding LSM blob to backing_file (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- perf/core: Fix MMAP event path names with backing files (Ondrej Mosnacek) [RHEL-179444]
- ovl: remove redundant IOCB_DIO_CALLER_COMP clearing (Ondrej Mosnacek) [RHEL-179444]
- ovl: remove unneeded non-const conversion (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: constify file ptr in backing_file accessor helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- ovl: Fix nested backing file paths (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- lsm: add helper for blob allocations (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: factor out backing_file_mmap() helper (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: factor out backing_file_splice_{read,write}() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: factor out backing_file_{read,write}_iter() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: prepare for stackable filesystems backing file helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: store real path instead of fake path in backing file f_path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: create helper file_user_path() for user displayed mapped file path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: get mnt_writers count for an open backing file's real path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: rename __mnt_{want,drop}_write*() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: Fix kernel-doc warnings (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- cachefiles: use kiocb_{start,end}_write() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- lsm: constify the 'file' parameter in security_binder_transfer_file() (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: move cleanup from init_file() into its callers (Ondrej Mosnacek) [RHEL-179444]
- ovl: enable fsnotify events on underlying real files (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: use backing_file container for internal files with "fake" f_path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: move kmem_cache_zalloc() into alloc_empty_file*() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: use a helper for opening kernel internal files (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- locks: fix TOCTOU race when granting write lease (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- binder: use cred instead of task for selinux checks (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- RDMA/iwcm: Fix workqueue list corruption by removing work_list (CKI Backport Bot) [RHEL-179664] {CVE-2026-45898}
- ALSA: aloop: Fix peer runtime UAF during format-change stop (CKI Backport Bot) [RHEL-179310] {CVE-2026-46090}
- ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Guillaume Nault) [RHEL-172670] {CVE-2026-43038}
- drm/amd/display: Do not skip unrelated mode changes in DSC validation (CKI Backport Bot) [RHEL-178836] {CVE-2026-31488}
- netfilter: flowtable: strictly check for maximum number of actions (CKI Backport Bot) [RHEL-176927] {CVE-2026-43329}
ELSA-2026-25051 Important: Oracle Linux 9 libyang security update
Oracle Linux Security Advisory ELSA-2026-25051
http://linux.oracle.com/errata/ELSA-2026-25051.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
libyang-2.1.148-1.el9_8.1.i686.rpm
libyang-2.1.148-1.el9_8.1.x86_64.rpm
libyang-devel-2.1.148-1.el9_8.1.i686.rpm
libyang-devel-2.1.148-1.el9_8.1.x86_64.rpm
libyang-devel-doc-2.1.148-1.el9_8.1.x86_64.rpm
aarch64:
libyang-2.1.148-1.el9_8.1.aarch64.rpm
libyang-devel-2.1.148-1.el9_8.1.aarch64.rpm
libyang-devel-doc-2.1.148-1.el9_8.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/libyang-2.1.148-1.el9_8.1.src.rpm
Related CVEs:
CVE-2026-44673
Description of changes:
[2.1.148-1.1]
- Fix integer overflow and OOM in LYB parser string/value reading
- Resolves: RHEL-177019
ELSA-2026-35833 Important: Oracle Linux 8 container-tools:ol8 security update
Oracle Linux Security Advisory ELSA-2026-35833
http://linux.oracle.com/errata/ELSA-2026-35833.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
aardvark-dns-1.10.1-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
buildah-1.33.14-4.module+el8.10.0+90948+3b47585b.x86_64.rpm
buildah-tests-1.33.14-4.module+el8.10.0+90948+3b47585b.x86_64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90948+3b47585b.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
containernetworking-plugins-1.4.0-8.module+el8.10.0+90948+3b47585b.x86_64.rpm
containers-common-1-82.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
container-selinux-2.229.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
crit-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
criu-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
criu-devel-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
criu-libs-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
crun-1.14.3-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
libslirp-4.4.0-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
netavark-1.10.3-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-catatonit-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-docker-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.noarch.rpm
podman-gvproxy-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-plugins-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-remote-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-tests-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
python3-criu-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
runc-1.2.9-4.module+el8.10.0+90948+3b47585b.x86_64.rpm
skopeo-1.14.6-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
skopeo-tests-1.14.6-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
udica-0.2.6-21.module+el8.10.0+90948+3b47585b.noarch.rpm
aarch64:
aardvark-dns-1.10.1-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
buildah-1.33.14-4.module+el8.10.0+90948+3b47585b.aarch64.rpm
buildah-tests-1.33.14-4.module+el8.10.0+90948+3b47585b.aarch64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90948+3b47585b.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
containernetworking-plugins-1.4.0-8.module+el8.10.0+90948+3b47585b.aarch64.rpm
containers-common-1-82.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
container-selinux-2.229.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
crit-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
criu-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
criu-devel-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
criu-libs-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
crun-1.14.3-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
libslirp-4.4.0-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
netavark-1.10.3-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-catatonit-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-docker-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.noarch.rpm
podman-gvproxy-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-plugins-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-remote-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-tests-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
python3-criu-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
runc-1.2.9-4.module+el8.10.0+90948+3b47585b.aarch64.rpm
skopeo-1.14.6-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
skopeo-tests-1.14.6-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
udica-0.2.6-21.module+el8.10.0+90948+3b47585b.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/aardvark-dns-1.10.1-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/buildah-1.33.14-4.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/cockpit-podman-84.1-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.1.10-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containernetworking-plugins-1.4.0-8.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containers-common-1-82.0.1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/container-selinux-2.229.0-3.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/criu-3.18-5.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/crun-1.14.3-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/fuse-overlayfs-1.13-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/libslirp-4.4.0-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/netavark-1.10.3-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/podman-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/python-podman-4.9.0-3.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/runc-1.2.9-4.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/skopeo-1.14.6-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/slirp4netns-1.2.3-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/udica-0.2.6-21.module+el8.10.0+90948+3b47585b.src.rpm
Related CVEs:
CVE-2026-34986
CVE-2026-39829
CVE-2026-39830
CVE-2026-39832
CVE-2026-42508
Description of changes:
aardvark-dns
[2:1.10.1-2]
- build off the RHEL maintenance branch
- Resolves: RHEL-59129
[2:1.10.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0
- Related: Jira:RHEL-2110
[2:1.9.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0
- Related: Jira:RHEL-2110
[2:1.8.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0
- Related: Jira:RHEL-2110
[2:1.7.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.7.0
- Related: #2176055
[2:1.6.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.6.0
- Related: #2176055
[2:1.5.0-2]
- always stay offline during build
- Related: #2123641
[2:1.5.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.5.0
- Related: #2123641
[2:1.4.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.4.0
- Related: #2123641
[2:1.3.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.3.0
- Related: #2123641
buildah
[2:1.33.14-4]
- switch source URL from GitHub to the internal GitLab sustaining-engineering repo
- update to the latest content of release-1.33 (commit 2cbee78)
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832
[2:1.33.14-3]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149262
[2:1.33.14-2]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140529
[2:1.33.14-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/a7f8179)
- fixes "CVE-2025-47913 container-tools:rhel8/buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-8.10.z]"
- Resolves: RHEL-130974
[2:1.33.13-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/65707d0)
- fixes "[Minor Incident] CVE-2025-52881 container-tools:rhel8/buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-8.10.z]"
- Resolves: RHEL-126916
[2:1.33.12-3]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125644
[2:1.33.12-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/cf49e7c)
- fixes "CVE-2025-22871 container-tools:rhel8/buildah: Request smuggling due to acceptance of invalid chunked data in net/http [rhel-8.10.z]"
- Resolves: RHEL-89239
[2:1.33.12-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/58af1cd)
- Resolves: RHEL-67612
[2:1.33.11-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/fe85f0d)
- Resolves: RHEL-61853
[2:1.33.10-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/bd85c17)
- Resolves: RHEL-61835
cockpit-podman
[84.1-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1
- Related: Jira:RHEL-25557
[84-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84
- Related: Jira:RHEL-2110
[83-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/83
- Related: Jira:RHEL-2110
[82-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/82
- Related: Jira:RHEL-2110
[81-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/81
- Related: Jira:RHEL-2110
[80-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/80
- Related: Jira:RHEL-2110
[79-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/79
- Related: Jira:RHEL-2110
[78-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/78
- Related: Jira:RHEL-2110
[77-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/77
- Related: Jira:RHEL-2110
[75-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/75
- Related: #2176055
conmon
[3:2.1.10-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.10
- Related: Jira:RHEL-2110
[3:2.1.8-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.8
- Related: #2176055
[3:2.1.7-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.7
- Related: #2176055
[3:2.1.6-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.6
- Related: #2176055
[3:2.1.5-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.5
- Related: #2123641
[3:2.1.4-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.4
- Related: #2061390
[3:2.1.2-2]
- revert conmon to 2.1.2
- Related: #2061390
[2:2.1.3-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.3
- Related: #2061390
[2:2.1.2-2]
- update to latest content of https://github.com/containers/conmon/releases/tag/2.1.2
( https://github.com/containers/conmon/commit/2bc95ee697e87d5f7b77063cf83fc32739addafe)
- Related: #2061390
[2:2.1.2-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.2
- Related: #2061390
containernetworking-plugins
[1:1.4.0-8]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149265
[1:1.4.0-7]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140529
[1:1.4.0-6]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89244
[1:1.4.0-5]
- rebuild for golang fixes
- Related: RHEL-28452
[1:1.4.0-4]
- rebuild for golang fixes
- Related: RHEL-28452
[1:1.4.0-3]
- rebuild for CVE-2024-1394
- Resolves: RHEL-24294
[1:1.4.0-2]
- rebuild
- Resolves: RHEL-18390
[1:1.4.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0
- Related: Jira:RHEL-2110
[1:1.3.0-5]
- fix path to dhcp service
- Resolves: #RHEL-3789
[1:1.3.0-4]
- add Epoch in Provides
- Related: #2176055
containers-common
[1-82.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)
[2:1-82]
- update vendored components
- Resolves: RHEL-40801
[2:1-81]
- Update shortnames from Pyxis
- Related: Jira:RHEL-2110
[2:1-80]
- bump release to preserve upgrade path
- Resolves: Jira:RHEL-12277
[2:1-59]
- update vendored components
- Related: Jira:RHEL-2110
[2:1-58]
- update vendored components
- Related: Jira:RHEL-2110
[2:1-57]
- fix shortnames for rhel-minimal
- Related: Jira:RHEL-2110
[2:1-56]
- implement GPG auto updating mechanism from redhat-release
- Resolves: #RHEL-2110
[2:1-55]
- update GPG keys to the current content of redhat-release
- Resolves: #RHEL-3164
[2:1-54]
- update vendored components and shortnames
- Related: #2176055
container-selinux
[2:2.229.0-3]
- add user_t confined user container support (cherry-pick of upstream PR #443)
- Resolves: RHEL-135342
[2:2.229.0-2]
- remove watch statements properly for RHEL8 and lower
- Related: Jira:RHEL-2110
[2:2.229.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0
- Related: Jira:RHEL-2110
[2:2.228.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1
- Related: Jira:RHEL-2110
[2:2.228.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0
- Related: Jira:RHEL-2110
[2:2.227.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0
- Related: Jira:RHEL-2110
[2:2.226.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0
- remove dependency on policycoreutils-python-utils as it pulls in python
- Related: Jira:RHEL-2110
[2:2.224.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0
- Related: Jira:RHEL-2110
[2:2.222.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0
- Related: Jira:RHEL-2110
[2:2.221.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1
- Related: Jira:RHEL-2110
criu
[3.18-5]
- rebuild to preserve upgrade path
- Related: RHEL-32671
[3.18-4]
- switch to egg-info on 8.9
- Related: #2176055
[3.18-3]
- remove --progress-bar option
- Related: #2176055
[3.18-2]
- update to 3.18
- Related: #2176055
[3.17-1]
- update to 3.17
- Resolves: #2175794
[3.15-2]
- add gating tests
- Related: #1971718
[3.15-1]
- add -devel and -libs subpackages
- Resolves: #1971718
[3.12-9]
- Added additional fixup patches for the socket labelling
[3.12-8]
- Patch for socket labelling has changed upstream
[3.12-4]
- Applied patch to correctly restore socket()s
crun
[1.14.3-2]
- remove BR libgcrypt-devel, no longer needed
- Related: Jira:RHEL-2110
[1.14.3-1]
- update to https://github.com/containers/crun/releases/tag/1.14.3
- Related: Jira:RHEL-2110
[1.14.1-1]
- update to https://github.com/containers/crun/releases/tag/1.14.1
- Related: Jira:RHEL-2110
[1.14-1]
- update to https://github.com/containers/crun/releases/tag/1.14
- Related: Jira:RHEL-2110
[1.13-1]
- update to https://github.com/containers/crun/releases/tag/1.13
- Related: Jira:RHEL-2110
[1.12-1]
- update to https://github.com/containers/crun/releases/tag/1.12
- Related: Jira:RHEL-2110
[1.11.2-1]
- update to https://github.com/containers/crun/releases/tag/1.11.2
- Related: Jira:RHEL-2110
[1.11.1-1]
- update to https://github.com/containers/crun/releases/tag/1.11.1
- Related: Jira:RHEL-2110
[1.11-1]
- update to https://github.com/containers/crun/releases/tag/1.11
- Related: Jira:RHEL-2110
[1.9.2-1]
- update to https://github.com/containers/crun/releases/tag/1.9.2
- Related: Jira:RHEL-2110
fuse-overlayfs
[1.13-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13
- Related: Jira:RHEL-2110
[1.12-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.12
- Related: #2176055
[1.11-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.11
- Related: #2176055
[1.10-2]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.10
- Related: #2176055
[1.10-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.10
- Related: #2123641
[1.9-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.9
- Related: #2061390
[1.8.2-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390
[1.8.2-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.2
- Related: #2001445
[1.8.1-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.1
- Related: #2001445
[1.8-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8
- Related: #2001445
libslirp
[4.4.0-2]
- rebuild to preserve upgrade path 8.9 -> 8.10
- Related: RHEL-32671
[4.4.0-1]
- Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
- Related: #1934415
[4.3.1-1]
- update to https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.3.1
- Related: #1821193
[4.3.0-5]
- replace patch for CVE-2020-10756 with dedicated upstream one
- Related: #1821193
[4.3.0-4]
- fix "CVE-2020-10756 QEMU: slirp: networking out-of-bounds read information disclosure vulnerability"
- Related: #1821193
[4.3.0-3]
- fix static analysis issues merged upstream
( https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41)
- Related: #1821193
[4.3.0-2]
- initial libslirp build for container-tools 8.3.0 module
- Resolves: #1821193
[4.3.0-1]
- New v4.3.0 release
[4.2.0-2]
- CVE-2020-1983 fix
[4.2.0-1]
- New v4.2.0 release
netavark
[2:1.10.3-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.3
- Related: Jira:RHEL-2110
[2:1.10.2-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.2
- Related: Jira:RHEL-2110
[2:1.10.1-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.1
- Related: Jira:RHEL-2110
[2:1.10.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.0
- Related: Jira:RHEL-2110
[2:1.9.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.9.0
- Related: Jira:RHEL-2110
[2:1.8.0-2]
- fix directory for systemd units
- Related: Jira:RHEL-2110
[2:1.8.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.8.0
- Related: Jira:RHEL-2110
[2:1.7.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.7.0
- Related: #2176055
[2:1.6.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.6.0
- Related: #2176055
[2:1.5.0-5]
- fix --dns-add command is not functioning
- Resolves: #2182897
oci-seccomp-bpf-hook
[1.2.10-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10
- Related: Jira:RHEL-2110
[1.2.9-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.9
- Related: #2176055
[1.2.8-2]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.8
- Related: #2176055
[1.2.8-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.8
- Related: #2123641
[1.2.7-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.7
- Related: #2123641
[1.2.6-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.6
- Related: #2061390
[1.2.5-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390
[1.2.5-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.5
- Related: #2061390
[1.2.3-3]
- change runc dependency to conflict
- Related: #1934415
[1.2.3-2]
- remove unneeded patch
- Related: #1934415
podman
[4.9.4-32.0.1]
- Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813]
- Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36756665]
[4:4.9.4-32]
- switch source URL from GitHub to the internal GitLab sustaining-engineering repo
- update to the latest content of v4.9-rhel (commit 48ede9e)
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832, CVE-2026-42508
[4:4.9.4-31]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/11de97d)
- Resolves: RHEL-173978
[4:4.9.4-30]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/79517c7)
- fixes "When using a volume mount that is RO in podman it throws error because runc automatically appends RW to it which throws an error [rhel-8.10.z]"
- Resolves: RHEL-152630
[4:4.9.4-29]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149265
[4:4.9.4-28]
- rebuild
- Resolves: RHEL-140532
[4:4.9.4-27]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/702415d)
- fixes "CVE-2025-47913 container-tools:rhel8/podman: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-8.10.z]"
- Resolves: RHEL-130976
[4:4.9.4-26]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/837a65c)
- fixes "do not pass volume options as bind mounts options to runtime"
- Resolves: RHEL-132859
[4:4.9.4-25]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/638f1d2)
- fixes "[Minor Incident] CVE-2025-52881 container-tools:rhel8/podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-8.10.z]"
- Resolves: RHEL-126904
[4:4.9.4-24]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125654
python-podman
[4.9.0-3]
- sync with release-4.9 branch
- Resolves: RHEL-31069
[4.9.0-2]
- depend directly on urllib3
- Resolves: RHEL-43567
[4.9.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.9.0
- Related: Jira:RHEL-2110
[4.8.2-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.8.2
- Related: Jira:RHEL-2110
[4.8.0.post1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.8.0.post1
- Related: Jira:RHEL-2110
[4.7.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.7.0
- Related: Jira:RHEL-2110
[4.6.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.6.0
- Related: #2176055
[4.5.1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.5.1
- Related: #2176055
[4.5.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.5.0
- Related: #2176055
[4.4.1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.4.1
- Related: #2176055
runc
[4:1.2.9-4]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149266
[4:1.2.9-3]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140533
[4:1.2.9-2]
- update to https://github.com/opencontainers/runc/releases/tag/v1.2.9
- Resolves: RHEL-132818
[4:1.2.5-2]
- fix permission regression
- Related: RHEL-122384
[4:1.2.5-1]
- fix CVE-2025-31133 CVE-2025-52565 CVE-2025-52881
- Resolves: RHEL-122384
[1:1.1.12-6]
- Add CPU affinity feature from Kir Kolishkin
- Resolves: RHEL-74865
[1:1.1.12-5]
- bump golang buildrequires
- add no_openssl build tag
- Resolves RHEL-55757
[1:1.1.12-4]
- rebuild for golang fixes
- Related: RHEL-28452
[1:1.1.12-3]
- rebuild for golang fixes
- Related: RHEL-28452
[1:1.1.12-2]
- rebuild for CVE-2024-1394
- Resolves: RHEL-24297
skopeo
[2:1.14.6-2]
- Rebuild for CVE-2026-32281
- Resolves: RHEL-177067
[2:1.14.6-1]
- update to 1.14.6 to fix CVE-2026-34986
- Resolves: RHEL-164976
[2:1.14.5-9]
- rebuild for CVE-2026-34986
- Resolves: RHEL-164976
[2:1.14.5-8]
- rebuild for CVE-2026-25679
- Resolves: RHEL-156633
[2:1.14.5-7]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149267
[2:1.14.5-6]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140534
[2:1.14.5-5]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125659
[2:1.14.5-4]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89254
[2:1.14.5-3]
- rebuild for golang fixes
- Related: RHEL-28452
[2:1.14.5-2]
- rebuild for golang fixes
- Related: RHEL-28452
slirp4netns
[1.2.3-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3
- Related: Jira:RHEL-2110
[1.2.2-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2
- Related: Jira:RHEL-2110
[1.2.1-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.1
- Related: #2176055
[1.2.0-3]
- BuildRequires: /usr/bin/go-md2man
- Related: #2176055
[1.2.0-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390
[1.2.0-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.0
- Related: #2061390
[1.1.8-2]
- fix gating - don't use insecure functions - thanks to Marc-André Lureau
- Related: #2001445
[1.1.8-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
- Related: #1883490
[1.1.7-2]
- exclude i686 because of build failures
- Related: #1883490
[1.1.7-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.7
- Related: #1883490
udica
[0.2.6-21]
- bump release to preserve update path
- Resolves: RHEL-32671
[0.2.6-20]
- bump release to preserve update path
- Related: #2139052
[0.2.6-4]
- Bump release to match latest release available in rhel-8.6.1
- Resolves: #2139052
[0.2.6-3]
- Make sure each section of the inspect exists before accessing (#2027662)
[0.2.6-2]
- Require container-selinux shipping policy templates (#2005866)
[0.2.6-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.6
- Related: #2001445
[0.2.5-2]
- New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041)
- Replace capability dictionary with str.lower()
- Enable udica to generate policies with fifo class
- Sort container inspect data before processing
- Update templates to work properly with new cil parser
- Related: #1934415
[0.2.5-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.5
- Related: #1934415
[0.2.4-2]
- remove %check again and all related BRs
- Related: #1934415
[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490
ELSA-2026-36307 Moderate: Oracle Linux 8 freeipmi security update
Oracle Linux Security Advisory ELSA-2026-36307
http://linux.oracle.com/errata/ELSA-2026-36307.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
freeipmi-1.6.18-1.el8_10.i686.rpm
freeipmi-1.6.18-1.el8_10.x86_64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el8_10.x86_64.rpm
freeipmi-devel-1.6.18-1.el8_10.i686.rpm
freeipmi-devel-1.6.18-1.el8_10.x86_64.rpm
freeipmi-ipmidetectd-1.6.18-1.el8_10.x86_64.rpm
freeipmi-ipmiseld-1.6.18-1.el8_10.x86_64.rpm
aarch64:
freeipmi-1.6.18-1.el8_10.aarch64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el8_10.aarch64.rpm
freeipmi-devel-1.6.18-1.el8_10.aarch64.rpm
freeipmi-ipmidetectd-1.6.18-1.el8_10.aarch64.rpm
freeipmi-ipmiseld-1.6.18-1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/freeipmi-1.6.18-1.el8_10.src.rpm
Related CVEs:
CVE-2026-50031
Description of changes:
[1.6.18-1]
- Update to 1.6.18, fixes CVE-2026-50031
ELSA-2026-36215 Important: Oracle Linux 8 compat-openssl10 security update
Oracle Linux Security Advisory ELSA-2026-36215
http://linux.oracle.com/errata/ELSA-2026-36215.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
compat-openssl10-1.0.2o-4.el8_10.3.i686.rpm
compat-openssl10-1.0.2o-4.el8_10.3.x86_64.rpm
aarch64:
compat-openssl10-1.0.2o-4.el8_10.3.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/compat-openssl10-1.0.2o-4.el8_10.3.src.rpm
Related CVEs:
CVE-2026-45447
Description of changes:
[1.1.0-2o-4.3]
- Fix CVE-2026-45447: Fix double-free of caller-owned BIO in PKCS7_verify
ELSA-2026-36188 Important: Oracle Linux 8 perl-HTTP-Daemon security update
Oracle Linux Security Advisory ELSA-2026-36188
http://linux.oracle.com/errata/ELSA-2026-36188.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
perl-HTTP-Daemon-6.01-24.el8_10.noarch.rpm
aarch64:
perl-HTTP-Daemon-6.01-24.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/perl-HTTP-Daemon-6.01-24.el8_10.src.rpm
Related CVEs:
CVE-2026-8450
Description of changes:
[6.01-24]
- Fix CVE-2026-8450: send_file() shell-magic injection via 2-arg open()
- Resolves: RHEL-184825