Oracle Linux 6511 Published by

Oracle Linux security advisories release updates for versions 8 and 9 addressing multiple vulnerabilities across critical packages. Important severity patches target the kernel, container tools, and Python pip components to resolve code injection flaws and memory safety issues. Moderate updates for aardvark-dns and freeipmi address specific CVEs, while libyang and openssl fixes prevent potential denial of service conditions.

ELSA-2026-36318 Moderate: Oracle Linux 9 aardvark-dns security update
ELSA-2026-36187 Important: Oracle Linux 9 perl-HTTP-Daemon security update
ELSA-2026-36210 Moderate: Oracle Linux 9 freeipmi security update
ELSA-2026-36317 Important: Oracle Linux 9 skopeo security update
ELSA-2026-36195 Important: Oracle Linux 9 389-ds-base security update
ELSA-2026-36315 Important: Oracle Linux 9 python3.14-pip security update
ELSA-2026-33285 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
ELSA-2026-30848 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update
ELSA-2026-25051 Important: Oracle Linux 9 libyang security update
ELSA-2026-35833 Important: Oracle Linux 8 container-tools:ol8 security update
ELSA-2026-36307 Moderate: Oracle Linux 8 freeipmi security update
ELSA-2026-36215 Important: Oracle Linux 8 compat-openssl10 security update
ELSA-2026-36188 Important: Oracle Linux 8 perl-HTTP-Daemon security update




ELSA-2026-36318 Moderate: Oracle Linux 9 aardvark-dns security update


Oracle Linux Security Advisory ELSA-2026-36318

http://linux.oracle.com/errata/ELSA-2026-36318.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
aardvark-dns-1.17.1-1.el9_8.x86_64.rpm

aarch64:
aardvark-dns-1.17.1-1.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/aardvark-dns-1.17.1-1.el9_8.src.rpm

Related CVEs:

CVE-2026-35406

Description of changes:

[2:1.17.1-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.17.1
- Resolves: RHEL-170152



ELSA-2026-36187 Important: Oracle Linux 9 perl-HTTP-Daemon security update


Oracle Linux Security Advisory ELSA-2026-36187

http://linux.oracle.com/errata/ELSA-2026-36187.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
perl-HTTP-Daemon-6.12-6.el9_8.1.noarch.rpm

aarch64:
perl-HTTP-Daemon-6.12-6.el9_8.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/perl-HTTP-Daemon-6.12-6.el9_8.1.src.rpm

Related CVEs:

CVE-2026-8450

Description of changes:

[6.12-6.1]
- Fix CVE-2026-8450: send_file() shell-magic injection via 2-arg open()
- Resolves: RHEL-184829



ELSA-2026-36210 Moderate: Oracle Linux 9 freeipmi security update


Oracle Linux Security Advisory ELSA-2026-36210

http://linux.oracle.com/errata/ELSA-2026-36210.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
freeipmi-1.6.18-1.el9_8.i686.rpm
freeipmi-1.6.18-1.el9_8.x86_64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el9_8.x86_64.rpm
freeipmi-devel-1.6.18-1.el9_8.i686.rpm
freeipmi-devel-1.6.18-1.el9_8.x86_64.rpm
freeipmi-ipmidetectd-1.6.18-1.el9_8.x86_64.rpm
freeipmi-ipmiseld-1.6.18-1.el9_8.x86_64.rpm

aarch64:
freeipmi-1.6.18-1.el9_8.aarch64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el9_8.aarch64.rpm
freeipmi-devel-1.6.18-1.el9_8.aarch64.rpm
freeipmi-ipmidetectd-1.6.18-1.el9_8.aarch64.rpm
freeipmi-ipmiseld-1.6.18-1.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freeipmi-1.6.18-1.el9_8.src.rpm

Related CVEs:

CVE-2026-50031

Description of changes:

[1.6.18-1]
- Update to 1.6.18, fixes CVE-2026-50031



ELSA-2026-36317 Important: Oracle Linux 9 skopeo security update


Oracle Linux Security Advisory ELSA-2026-36317

http://linux.oracle.com/errata/ELSA-2026-36317.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
skopeo-1.22.2-7.el9_8.x86_64.rpm
skopeo-tests-1.22.2-7.el9_8.x86_64.rpm

aarch64:
skopeo-1.22.2-7.el9_8.aarch64.rpm
skopeo-tests-1.22.2-7.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/skopeo-1.22.2-7.el9_8.src.rpm

Related CVEs:

CVE-2026-25679
CVE-2026-27145

Description of changes:

[1:1.22.2-7]
- Rebuild for golang >= 1.26.4 to fix CVE-2026-27145
- Resolves: RHEL-189898



ELSA-2026-36195 Important: Oracle Linux 9 389-ds-base security update


Oracle Linux Security Advisory ELSA-2026-36195

http://linux.oracle.com/errata/ELSA-2026-36195.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-2.8.0-8.el9_8.x86_64.rpm
389-ds-base-devel-2.8.0-8.el9_8.x86_64.rpm
389-ds-base-libs-2.8.0-8.el9_8.x86_64.rpm
389-ds-base-snmp-2.8.0-8.el9_8.x86_64.rpm
python3-lib389-2.8.0-8.el9_8.noarch.rpm

aarch64:
389-ds-base-2.8.0-8.el9_8.aarch64.rpm
389-ds-base-devel-2.8.0-8.el9_8.aarch64.rpm
389-ds-base-libs-2.8.0-8.el9_8.aarch64.rpm
389-ds-base-snmp-2.8.0-8.el9_8.aarch64.rpm
python3-lib389-2.8.0-8.el9_8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/389-ds-base-2.8.0-8.el9_8.src.rpm

Related CVEs:

CVE-2026-11610
CVE-2026-11774

Description of changes:

[2.8.0-8]
- Resolves: RHEL-182159 - CVE-2026-11610 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND [rhel-9.8.z]
- Resolves: RHEL-183103 - CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow [rhel-9.8.z]



ELSA-2026-36315 Important: Oracle Linux 9 python3.14-pip security update


Oracle Linux Security Advisory ELSA-2026-36315

http://linux.oracle.com/errata/ELSA-2026-36315.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3.14-pip-25.2-3.el9_8.5.noarch.rpm
python3.14-pip-wheel-25.2-3.el9_8.5.noarch.rpm

aarch64:
python3.14-pip-25.2-3.el9_8.5.noarch.rpm
python3.14-pip-wheel-25.2-3.el9_8.5.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/python3.14-pip-25.2-3.el9_8.5.src.rpm

Related CVEs:

CVE-2026-8643

Description of changes:

[25.2-5]
- Fix gating plan
- removed unnecessary older VERSION= tests
- removed bootstrap test
- fix pip_install_upgrade to run pip-3.14
- fix bash completion + remove unused metadata file

[25.2-4]
- Security fix for CVE-2026-8643: path traversal in wheel entry points



ELSA-2026-33285 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update


Oracle Linux Security Advisory ELSA-2026-33285

http://linux.oracle.com/errata/ELSA-2026-33285.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-abi-stablelists-5.14.0-687.20.1.el9_8.noarch.rpm
kernel-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-cross-headers-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-devel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-devel-matched-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-modules-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-modules-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-modules-extra-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-debug-uki-virt-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-devel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-devel-matched-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-doc-5.14.0-687.20.1.el9_8.noarch.rpm
kernel-headers-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-modules-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-modules-core-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-modules-extra-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-tools-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-tools-libs-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-tools-libs-devel-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-uki-virt-5.14.0-687.20.1.el9_8.x86_64.rpm
kernel-uki-virt-addons-5.14.0-687.20.1.el9_8.x86_64.rpm
libperf-5.14.0-687.20.1.el9_8.x86_64.rpm
perf-5.14.0-687.20.1.el9_8.x86_64.rpm
python3-perf-5.14.0-687.20.1.el9_8.x86_64.rpm
rtla-5.14.0-687.20.1.el9_8.x86_64.rpm
rv-5.14.0-687.20.1.el9_8.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-headers-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-tools-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-tools-libs-5.14.0-687.20.1.el9_8.aarch64.rpm
kernel-tools-libs-devel-5.14.0-687.20.1.el9_8.aarch64.rpm
libperf-5.14.0-687.20.1.el9_8.aarch64.rpm
perf-5.14.0-687.20.1.el9_8.aarch64.rpm
python3-perf-5.14.0-687.20.1.el9_8.aarch64.rpm
rtla-5.14.0-687.20.1.el9_8.aarch64.rpm
rv-5.14.0-687.20.1.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-687.20.1.el9_8.src.rpm

Related CVEs:

CVE-2026-31411
CVE-2026-43198

Description of changes:

[5.14.0-687.20.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 "disabling" (Kamal Heib) [RHEL-169057]
- net/mlx5: Add HWS as secondary steering mode (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Shrink empty matchers (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Rearrange to prevent forward declaration (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Track matcher sizes individually (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Decouple matcher RX and TX sizes (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Create STEs directly from matcher (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Refactor rule skip logic (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Export rule skip logic (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, remove incorrect comment (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, remove unused create_dest_array parameter (Kamal Heib) [RHEL-169057]
- net/mlx5: Manage TC arbiter nodes and implement full support for tc-bw (Kamal Heib) [RHEL-169057]
- net/mlx5: Add traffic class scheduling support for vport QoS (Kamal Heib) [RHEL-169057]
- net/mlx5: Add support for setting tc-bw on nodes (Kamal Heib) [RHEL-169057]
- net/mlx5: Add no-op implementation for setting tc-bw on rate objects (Kamal Heib) [RHEL-169057]
- net/mlx5: Check device memory pointer before usage (Kamal Heib) [RHEL-169057]
- net/mlx5: fs, fix RDMA TRANSPORT init cleanup flow (Kamal Heib) [RHEL-169057]
- net/mlx5e: Fix error handling in RQ memory model registration (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Allocate IB device with net namespace supplied from core dev (Kamal Heib) [RHEL-169057]
- net/mlx5: Add IFC bits for PCIe Congestion Event object (Kamal Heib) [RHEL-169057]
- net/mlx5: Small refactor for general object capabilities (Kamal Heib) [RHEL-169057]
- net/mlx5: fs, add multiple prios to RDMA TRANSPORT steering domain (Kamal Heib) [RHEL-169057]
- net/mlx5e: Support ethtool tcp-data-split settings (Kamal Heib) [RHEL-169057]
- net/mlx5e: Implement queue mgmt ops and single channel swap (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Separate pool for headers (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Improve hw gro capability checking (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Remove redundant params (Kamal Heib) [RHEL-169057]
- net/mlx5e: SHAMPO: Reorganize mlx5_rq_shampo_alloc (Kamal Heib) [RHEL-169057]
- net/mlx5: Expose serial numbers in devlink info (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix vport loopback for MPV device (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix CC counters query for MPV (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix HW counters query for non-representor devices (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Avoid flexible array warning (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Add support for 200Gbps per lane speeds (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Remove the redundant MLX5_IB_STAGE_UAR stage (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: convert timeouts to secs_to_jiffies() (Kamal Heib) [RHEL-169057]
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (Kamal Heib) [RHEL-169057]
- net/mlx5: Fix memory leak in cmd_exec() (Kamal Heib) [RHEL-169057]
- net/mlx5: Correctly set gso_size when LRO is used (Kamal Heib) [RHEL-169057]
- net/mlx5e: Add new prio for promiscuous mode (Kamal Heib) [RHEL-169057]
- net/mlx5e: Fix race between DIM disable and net_dim() (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Add error checking to hws_bwc_rule_complex_hash_node_get() (Kamal Heib) [RHEL-169057]
- net/mlx5e: Fix leak of Geneve TLV option object (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, make sure the uplink is the last destination (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix missing ip_version handling in definer (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Init mutex on the correct path (Kamal Heib) [RHEL-169057]
- net/mlx5: Fix return value when searching for existing flow group (Kamal Heib) [RHEL-169057]
- net/mlx5: Ensure fw pages are always allocated on same NUMA (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix an error code in mlx5hws_bwc_rule_create_complex() (Kamal Heib) [RHEL-169057]
- net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (Kamal Heib) [RHEL-169057]
- net/mlx5e: Allow setting MAC address of representors (Kamal Heib) [RHEL-169057]
- net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, handle modify header actions dependency (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix typo - 'nope' to 'nop' (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, register reformat actions with fw (Kamal Heib) [RHEL-169057]
- net/mlx5: SWS, fix reformat id error handling (Kamal Heib) [RHEL-169057]
- net/mlx5: Use to_delayed_work() (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, dump bad completion details (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, rework rehash loop (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix redundant extension of action templates (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, fix counting of rules in the matcher (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, force rehash when rule insertion failed (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, support complex matchers (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, introduce isolated matchers (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, expose polling function in header file (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, add definer function to get field name str (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, expose function mlx5hws_table_ft_set_next_ft in header (Kamal Heib) [RHEL-169057]
- net/mlx5: support software TX timestamp (Kamal Heib) [RHEL-169057]
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Disallow matcher IP version mixing (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Harden IP version definer checks (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix IP version decision (Kamal Heib) [RHEL-169057]
- net/mlx5: Fix spelling mistakes in mlx5_core_dbg message and comments (Kamal Heib) [RHEL-169057]
- net/mlx5e: ethtool: Fix formatting of ptp_rq0_csum_complete_tail_slow (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Export action STE tables to debugfs (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Free unused action STE tables (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Cleanup matcher action STE table (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Use the new action STE pool (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Implement action STE pool (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix pool size optimization (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Add fullness tracking to pool (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Cleanup after pool refactoring (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Refactor pool implementation (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Make pool single resource (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Remove unused element array (Kamal Heib) [RHEL-169057]
- net/mlx5: HWS, Fix matcher action template attach (Kamal Heib) [RHEL-169057]
- selinux: RHEL-only hotfix for execmem regression (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- selinux: fix overlayfs mmap() and mprotect() access checks (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- lsm: add backing_file LSM hooks (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: prepare for adding LSM blob to backing_file (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- perf/core: Fix MMAP event path names with backing files (Ondrej Mosnacek) [RHEL-179444]
- ovl: remove redundant IOCB_DIO_CALLER_COMP clearing (Ondrej Mosnacek) [RHEL-179444]
- ovl: remove unneeded non-const conversion (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: constify file ptr in backing_file accessor helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- ovl: Fix nested backing file paths (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- lsm: add helper for blob allocations (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: factor out backing_file_mmap() helper (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: factor out backing_file_splice_{read,write}() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: factor out backing_file_{read,write}_iter() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: prepare for stackable filesystems backing file helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: store real path instead of fake path in backing file f_path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: create helper file_user_path() for user displayed mapped file path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: get mnt_writers count for an open backing file's real path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: rename __mnt_{want,drop}_write*() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: Fix kernel-doc warnings (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- cachefiles: use kiocb_{start,end}_write() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- lsm: constify the 'file' parameter in security_binder_transfer_file() (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: move cleanup from init_file() into its callers (Ondrej Mosnacek) [RHEL-179444]
- ovl: enable fsnotify events on underlying real files (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: use backing_file container for internal files with "fake" f_path (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: move kmem_cache_zalloc() into alloc_empty_file*() helpers (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- fs: use a helper for opening kernel internal files (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- locks: fix TOCTOU race when granting write lease (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- binder: use cred instead of task for selinux checks (Ondrej Mosnacek) [RHEL-179444] {CVE-2026-46054}
- RDMA/iwcm: Fix workqueue list corruption by removing work_list (CKI Backport Bot) [RHEL-179664] {CVE-2026-45898}
- ALSA: aloop: Fix peer runtime UAF during format-change stop (CKI Backport Bot) [RHEL-179310] {CVE-2026-46090}
- ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Guillaume Nault) [RHEL-172670] {CVE-2026-43038}
- drm/amd/display: Do not skip unrelated mode changes in DSC validation (CKI Backport Bot) [RHEL-178836] {CVE-2026-31488}
- netfilter: flowtable: strictly check for maximum number of actions (CKI Backport Bot) [RHEL-176927] {CVE-2026-43329}



ELSA-2026-25051 Important: Oracle Linux 9 libyang security update


Oracle Linux Security Advisory ELSA-2026-25051

http://linux.oracle.com/errata/ELSA-2026-25051.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libyang-2.1.148-1.el9_8.1.i686.rpm
libyang-2.1.148-1.el9_8.1.x86_64.rpm
libyang-devel-2.1.148-1.el9_8.1.i686.rpm
libyang-devel-2.1.148-1.el9_8.1.x86_64.rpm
libyang-devel-doc-2.1.148-1.el9_8.1.x86_64.rpm

aarch64:
libyang-2.1.148-1.el9_8.1.aarch64.rpm
libyang-devel-2.1.148-1.el9_8.1.aarch64.rpm
libyang-devel-doc-2.1.148-1.el9_8.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/libyang-2.1.148-1.el9_8.1.src.rpm

Related CVEs:

CVE-2026-44673

Description of changes:

[2.1.148-1.1]
- Fix integer overflow and OOM in LYB parser string/value reading
- Resolves: RHEL-177019



ELSA-2026-35833 Important: Oracle Linux 8 container-tools:ol8 security update


Oracle Linux Security Advisory ELSA-2026-35833

http://linux.oracle.com/errata/ELSA-2026-35833.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aardvark-dns-1.10.1-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
buildah-1.33.14-4.module+el8.10.0+90948+3b47585b.x86_64.rpm
buildah-tests-1.33.14-4.module+el8.10.0+90948+3b47585b.x86_64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90948+3b47585b.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
containernetworking-plugins-1.4.0-8.module+el8.10.0+90948+3b47585b.x86_64.rpm
containers-common-1-82.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
container-selinux-2.229.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
crit-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
criu-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
criu-devel-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
criu-libs-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
crun-1.14.3-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
libslirp-4.4.0-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
netavark-1.10.3-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-catatonit-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-docker-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.noarch.rpm
podman-gvproxy-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-plugins-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-remote-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
podman-tests-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.x86_64.rpm
python3-criu-3.18-5.module+el8.10.0+90948+3b47585b.x86_64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
runc-1.2.9-4.module+el8.10.0+90948+3b47585b.x86_64.rpm
skopeo-1.14.6-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
skopeo-tests-1.14.6-2.module+el8.10.0+90948+3b47585b.x86_64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90948+3b47585b.x86_64.rpm
udica-0.2.6-21.module+el8.10.0+90948+3b47585b.noarch.rpm

aarch64:
aardvark-dns-1.10.1-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
buildah-1.33.14-4.module+el8.10.0+90948+3b47585b.aarch64.rpm
buildah-tests-1.33.14-4.module+el8.10.0+90948+3b47585b.aarch64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90948+3b47585b.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
containernetworking-plugins-1.4.0-8.module+el8.10.0+90948+3b47585b.aarch64.rpm
containers-common-1-82.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
container-selinux-2.229.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
crit-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
criu-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
criu-devel-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
criu-libs-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
crun-1.14.3-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
libslirp-4.4.0-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
netavark-1.10.3-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-catatonit-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-docker-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.noarch.rpm
podman-gvproxy-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-plugins-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-remote-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
podman-tests-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.aarch64.rpm
python3-criu-3.18-5.module+el8.10.0+90948+3b47585b.aarch64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90948+3b47585b.noarch.rpm
runc-1.2.9-4.module+el8.10.0+90948+3b47585b.aarch64.rpm
skopeo-1.14.6-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
skopeo-tests-1.14.6-2.module+el8.10.0+90948+3b47585b.aarch64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90948+3b47585b.aarch64.rpm
udica-0.2.6-21.module+el8.10.0+90948+3b47585b.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/aardvark-dns-1.10.1-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/buildah-1.33.14-4.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/cockpit-podman-84.1-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.1.10-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containernetworking-plugins-1.4.0-8.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/containers-common-1-82.0.1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/container-selinux-2.229.0-3.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/criu-3.18-5.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/crun-1.14.3-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/fuse-overlayfs-1.13-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/libslirp-4.4.0-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/netavark-1.10.3-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/podman-4.9.4-32.0.1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/python-podman-4.9.0-3.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/runc-1.2.9-4.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/skopeo-1.14.6-2.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/slirp4netns-1.2.3-1.module+el8.10.0+90948+3b47585b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/udica-0.2.6-21.module+el8.10.0+90948+3b47585b.src.rpm

Related CVEs:

CVE-2026-34986
CVE-2026-39829
CVE-2026-39830
CVE-2026-39832
CVE-2026-42508

Description of changes:

aardvark-dns
[2:1.10.1-2]
- build off the RHEL maintenance branch
- Resolves: RHEL-59129

[2:1.10.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0
- Related: Jira:RHEL-2110

[2:1.9.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0
- Related: Jira:RHEL-2110

[2:1.8.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0
- Related: Jira:RHEL-2110

[2:1.7.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.7.0
- Related: #2176055

[2:1.6.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.6.0
- Related: #2176055

[2:1.5.0-2]
- always stay offline during build
- Related: #2123641

[2:1.5.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.5.0
- Related: #2123641

[2:1.4.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.4.0
- Related: #2123641

[2:1.3.0-1]
- update to https://github.com/containers/aardvark-dns/releases/tag/v1.3.0
- Related: #2123641

buildah
[2:1.33.14-4]
- switch source URL from GitHub to the internal GitLab sustaining-engineering repo
- update to the latest content of release-1.33 (commit 2cbee78)
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832

[2:1.33.14-3]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149262

[2:1.33.14-2]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140529

[2:1.33.14-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/a7f8179)
- fixes "CVE-2025-47913 container-tools:rhel8/buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-8.10.z]"
- Resolves: RHEL-130974

[2:1.33.13-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/65707d0)
- fixes "[Minor Incident] CVE-2025-52881 container-tools:rhel8/buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-8.10.z]"
- Resolves: RHEL-126916

[2:1.33.12-3]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125644

[2:1.33.12-2]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/cf49e7c)
- fixes "CVE-2025-22871 container-tools:rhel8/buildah: Request smuggling due to acceptance of invalid chunked data in net/http [rhel-8.10.z]"
- Resolves: RHEL-89239

[2:1.33.12-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/58af1cd)
- Resolves: RHEL-67612

[2:1.33.11-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/fe85f0d)
- Resolves: RHEL-61853

[2:1.33.10-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.33
( https://github.com/containers/buildah/commit/bd85c17)
- Resolves: RHEL-61835

cockpit-podman
[84.1-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1
- Related: Jira:RHEL-25557

[84-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84
- Related: Jira:RHEL-2110

[83-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/83
- Related: Jira:RHEL-2110

[82-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/82
- Related: Jira:RHEL-2110

[81-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/81
- Related: Jira:RHEL-2110

[80-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/80
- Related: Jira:RHEL-2110

[79-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/79
- Related: Jira:RHEL-2110

[78-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/78
- Related: Jira:RHEL-2110

[77-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/77
- Related: Jira:RHEL-2110

[75-1]
- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/75
- Related: #2176055

conmon
[3:2.1.10-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.10
- Related: Jira:RHEL-2110

[3:2.1.8-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.8
- Related: #2176055

[3:2.1.7-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.7
- Related: #2176055

[3:2.1.6-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.6
- Related: #2176055

[3:2.1.5-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.5
- Related: #2123641

[3:2.1.4-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.4
- Related: #2061390

[3:2.1.2-2]
- revert conmon to 2.1.2
- Related: #2061390

[2:2.1.3-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.3
- Related: #2061390

[2:2.1.2-2]
- update to latest content of https://github.com/containers/conmon/releases/tag/2.1.2
( https://github.com/containers/conmon/commit/2bc95ee697e87d5f7b77063cf83fc32739addafe)
- Related: #2061390

[2:2.1.2-1]
- update to https://github.com/containers/conmon/releases/tag/v2.1.2
- Related: #2061390

containernetworking-plugins
[1:1.4.0-8]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149265

[1:1.4.0-7]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140529

[1:1.4.0-6]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89244

[1:1.4.0-5]
- rebuild for golang fixes
- Related: RHEL-28452

[1:1.4.0-4]
- rebuild for golang fixes
- Related: RHEL-28452

[1:1.4.0-3]
- rebuild for CVE-2024-1394
- Resolves: RHEL-24294

[1:1.4.0-2]
- rebuild
- Resolves: RHEL-18390

[1:1.4.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0
- Related: Jira:RHEL-2110

[1:1.3.0-5]
- fix path to dhcp service
- Resolves: #RHEL-3789

[1:1.3.0-4]
- add Epoch in Provides
- Related: #2176055

containers-common
[1-82.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)

[2:1-82]
- update vendored components
- Resolves: RHEL-40801

[2:1-81]
- Update shortnames from Pyxis
- Related: Jira:RHEL-2110

[2:1-80]
- bump release to preserve upgrade path
- Resolves: Jira:RHEL-12277

[2:1-59]
- update vendored components
- Related: Jira:RHEL-2110

[2:1-58]
- update vendored components
- Related: Jira:RHEL-2110

[2:1-57]
- fix shortnames for rhel-minimal
- Related: Jira:RHEL-2110

[2:1-56]
- implement GPG auto updating mechanism from redhat-release
- Resolves: #RHEL-2110

[2:1-55]
- update GPG keys to the current content of redhat-release
- Resolves: #RHEL-3164

[2:1-54]
- update vendored components and shortnames
- Related: #2176055

container-selinux
[2:2.229.0-3]
- add user_t confined user container support (cherry-pick of upstream PR #443)
- Resolves: RHEL-135342

[2:2.229.0-2]
- remove watch statements properly for RHEL8 and lower
- Related: Jira:RHEL-2110

[2:2.229.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0
- Related: Jira:RHEL-2110

[2:2.228.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1
- Related: Jira:RHEL-2110

[2:2.228.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0
- Related: Jira:RHEL-2110

[2:2.227.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0
- Related: Jira:RHEL-2110

[2:2.226.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0
- remove dependency on policycoreutils-python-utils as it pulls in python
- Related: Jira:RHEL-2110

[2:2.224.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0
- Related: Jira:RHEL-2110

[2:2.222.0-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0
- Related: Jira:RHEL-2110

[2:2.221.1-1]
- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1
- Related: Jira:RHEL-2110

criu
[3.18-5]
- rebuild to preserve upgrade path
- Related: RHEL-32671

[3.18-4]
- switch to egg-info on 8.9
- Related: #2176055

[3.18-3]
- remove --progress-bar option
- Related: #2176055

[3.18-2]
- update to 3.18
- Related: #2176055

[3.17-1]
- update to 3.17
- Resolves: #2175794

[3.15-2]
- add gating tests
- Related: #1971718

[3.15-1]
- add -devel and -libs subpackages
- Resolves: #1971718

[3.12-9]
- Added additional fixup patches for the socket labelling

[3.12-8]
- Patch for socket labelling has changed upstream

[3.12-4]
- Applied patch to correctly restore socket()s

crun
[1.14.3-2]
- remove BR libgcrypt-devel, no longer needed
- Related: Jira:RHEL-2110

[1.14.3-1]
- update to https://github.com/containers/crun/releases/tag/1.14.3
- Related: Jira:RHEL-2110

[1.14.1-1]
- update to https://github.com/containers/crun/releases/tag/1.14.1
- Related: Jira:RHEL-2110

[1.14-1]
- update to https://github.com/containers/crun/releases/tag/1.14
- Related: Jira:RHEL-2110

[1.13-1]
- update to https://github.com/containers/crun/releases/tag/1.13
- Related: Jira:RHEL-2110

[1.12-1]
- update to https://github.com/containers/crun/releases/tag/1.12
- Related: Jira:RHEL-2110

[1.11.2-1]
- update to https://github.com/containers/crun/releases/tag/1.11.2
- Related: Jira:RHEL-2110

[1.11.1-1]
- update to https://github.com/containers/crun/releases/tag/1.11.1
- Related: Jira:RHEL-2110

[1.11-1]
- update to https://github.com/containers/crun/releases/tag/1.11
- Related: Jira:RHEL-2110

[1.9.2-1]
- update to https://github.com/containers/crun/releases/tag/1.9.2
- Related: Jira:RHEL-2110

fuse-overlayfs
[1.13-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13
- Related: Jira:RHEL-2110

[1.12-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.12
- Related: #2176055

[1.11-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.11
- Related: #2176055

[1.10-2]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.10
- Related: #2176055

[1.10-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.10
- Related: #2123641

[1.9-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.9
- Related: #2061390

[1.8.2-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390

[1.8.2-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.2
- Related: #2001445

[1.8.1-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.1
- Related: #2001445

[1.8-1]
- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8
- Related: #2001445

libslirp
[4.4.0-2]
- rebuild to preserve upgrade path 8.9 -> 8.10
- Related: RHEL-32671

[4.4.0-1]
- Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
- Related: #1934415

[4.3.1-1]
- update to https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.3.1
- Related: #1821193

[4.3.0-5]
- replace patch for CVE-2020-10756 with dedicated upstream one
- Related: #1821193

[4.3.0-4]
- fix "CVE-2020-10756 QEMU: slirp: networking out-of-bounds read information disclosure vulnerability"
- Related: #1821193

[4.3.0-3]
- fix static analysis issues merged upstream
( https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41)
- Related: #1821193

[4.3.0-2]
- initial libslirp build for container-tools 8.3.0 module
- Resolves: #1821193

[4.3.0-1]
- New v4.3.0 release

[4.2.0-2]
- CVE-2020-1983 fix

[4.2.0-1]
- New v4.2.0 release

netavark
[2:1.10.3-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.3
- Related: Jira:RHEL-2110

[2:1.10.2-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.2
- Related: Jira:RHEL-2110

[2:1.10.1-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.1
- Related: Jira:RHEL-2110

[2:1.10.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.10.0
- Related: Jira:RHEL-2110

[2:1.9.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.9.0
- Related: Jira:RHEL-2110

[2:1.8.0-2]
- fix directory for systemd units
- Related: Jira:RHEL-2110

[2:1.8.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.8.0
- Related: Jira:RHEL-2110

[2:1.7.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.7.0
- Related: #2176055

[2:1.6.0-1]
- update to https://github.com/containers/netavark/releases/tag/v1.6.0
- Related: #2176055

[2:1.5.0-5]
- fix --dns-add command is not functioning
- Resolves: #2182897

oci-seccomp-bpf-hook
[1.2.10-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10
- Related: Jira:RHEL-2110

[1.2.9-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.9
- Related: #2176055

[1.2.8-2]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.8
- Related: #2176055

[1.2.8-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.8
- Related: #2123641

[1.2.7-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.7
- Related: #2123641

[1.2.6-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.6
- Related: #2061390

[1.2.5-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390

[1.2.5-1]
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.5
- Related: #2061390

[1.2.3-3]
- change runc dependency to conflict
- Related: #1934415

[1.2.3-2]
- remove unneeded patch
- Related: #1934415

podman
[4.9.4-32.0.1]
- Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813]
- Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36756665]

[4:4.9.4-32]
- switch source URL from GitHub to the internal GitLab sustaining-engineering repo
- update to the latest content of v4.9-rhel (commit 48ede9e)
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832, CVE-2026-42508

[4:4.9.4-31]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/11de97d)
- Resolves: RHEL-173978

[4:4.9.4-30]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/79517c7)
- fixes "When using a volume mount that is RO in podman it throws error because runc automatically appends RW to it which throws an error [rhel-8.10.z]"
- Resolves: RHEL-152630

[4:4.9.4-29]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149265

[4:4.9.4-28]
- rebuild
- Resolves: RHEL-140532

[4:4.9.4-27]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/702415d)
- fixes "CVE-2025-47913 container-tools:rhel8/podman: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [rhel-8.10.z]"
- Resolves: RHEL-130976

[4:4.9.4-26]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/837a65c)
- fixes "do not pass volume options as bind mounts options to runtime"
- Resolves: RHEL-132859

[4:4.9.4-25]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/638f1d2)
- fixes "[Minor Incident] CVE-2025-52881 container-tools:rhel8/podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-8.10.z]"
- Resolves: RHEL-126904

[4:4.9.4-24]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125654

python-podman
[4.9.0-3]
- sync with release-4.9 branch
- Resolves: RHEL-31069

[4.9.0-2]
- depend directly on urllib3
- Resolves: RHEL-43567

[4.9.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.9.0
- Related: Jira:RHEL-2110

[4.8.2-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.8.2
- Related: Jira:RHEL-2110

[4.8.0.post1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.8.0.post1
- Related: Jira:RHEL-2110

[4.7.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.7.0
- Related: Jira:RHEL-2110

[4.6.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.6.0
- Related: #2176055

[4.5.1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.5.1
- Related: #2176055

[4.5.0-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.5.0
- Related: #2176055

[4.4.1-1]
- update to https://github.com/containers/podman-py/releases/tag/v4.4.1
- Related: #2176055

runc
[4:1.2.9-4]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149266

[4:1.2.9-3]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140533

[4:1.2.9-2]
- update to https://github.com/opencontainers/runc/releases/tag/v1.2.9
- Resolves: RHEL-132818

[4:1.2.5-2]
- fix permission regression
- Related: RHEL-122384

[4:1.2.5-1]
- fix CVE-2025-31133 CVE-2025-52565 CVE-2025-52881
- Resolves: RHEL-122384

[1:1.1.12-6]
- Add CPU affinity feature from Kir Kolishkin
- Resolves: RHEL-74865

[1:1.1.12-5]
- bump golang buildrequires
- add no_openssl build tag
- Resolves RHEL-55757

[1:1.1.12-4]
- rebuild for golang fixes
- Related: RHEL-28452

[1:1.1.12-3]
- rebuild for golang fixes
- Related: RHEL-28452

[1:1.1.12-2]
- rebuild for CVE-2024-1394
- Resolves: RHEL-24297

skopeo
[2:1.14.6-2]
- Rebuild for CVE-2026-32281
- Resolves: RHEL-177067

[2:1.14.6-1]
- update to 1.14.6 to fix CVE-2026-34986
- Resolves: RHEL-164976

[2:1.14.5-9]
- rebuild for CVE-2026-34986
- Resolves: RHEL-164976

[2:1.14.5-8]
- rebuild for CVE-2026-25679
- Resolves: RHEL-156633

[2:1.14.5-7]
- rebuild for CVE-2025-68121
- Resolves: RHEL-149267

[2:1.14.5-6]
- rebuild for CVE-2025-61729
- Resolves: RHEL-140534

[2:1.14.5-5]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125659

[2:1.14.5-4]
- rebuild for CVE-2025-22871
- Resolves: RHEL-89254

[2:1.14.5-3]
- rebuild for golang fixes
- Related: RHEL-28452

[2:1.14.5-2]
- rebuild for golang fixes
- Related: RHEL-28452

slirp4netns
[1.2.3-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3
- Related: Jira:RHEL-2110

[1.2.2-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2
- Related: Jira:RHEL-2110

[1.2.1-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.1
- Related: #2176055

[1.2.0-3]
- BuildRequires: /usr/bin/go-md2man
- Related: #2176055

[1.2.0-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390

[1.2.0-1]
- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.0
- Related: #2061390

[1.1.8-2]
- fix gating - don't use insecure functions - thanks to Marc-André Lureau
- Related: #2001445

[1.1.8-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
- Related: #1883490

[1.1.7-2]
- exclude i686 because of build failures
- Related: #1883490

[1.1.7-1]
- update to
https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.7
- Related: #1883490

udica
[0.2.6-21]
- bump release to preserve update path
- Resolves: RHEL-32671

[0.2.6-20]
- bump release to preserve update path
- Related: #2139052

[0.2.6-4]
- Bump release to match latest release available in rhel-8.6.1
- Resolves: #2139052

[0.2.6-3]
- Make sure each section of the inspect exists before accessing (#2027662)

[0.2.6-2]
- Require container-selinux shipping policy templates (#2005866)

[0.2.6-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.6
- Related: #2001445

[0.2.5-2]
- New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041)
- Replace capability dictionary with str.lower()
- Enable udica to generate policies with fifo class
- Sort container inspect data before processing
- Update templates to work properly with new cil parser
- Related: #1934415

[0.2.5-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.5
- Related: #1934415

[0.2.4-2]
- remove %check again and all related BRs
- Related: #1934415

[0.2.4-1]
- update to https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1883490



ELSA-2026-36307 Moderate: Oracle Linux 8 freeipmi security update


Oracle Linux Security Advisory ELSA-2026-36307

http://linux.oracle.com/errata/ELSA-2026-36307.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
freeipmi-1.6.18-1.el8_10.i686.rpm
freeipmi-1.6.18-1.el8_10.x86_64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el8_10.x86_64.rpm
freeipmi-devel-1.6.18-1.el8_10.i686.rpm
freeipmi-devel-1.6.18-1.el8_10.x86_64.rpm
freeipmi-ipmidetectd-1.6.18-1.el8_10.x86_64.rpm
freeipmi-ipmiseld-1.6.18-1.el8_10.x86_64.rpm

aarch64:
freeipmi-1.6.18-1.el8_10.aarch64.rpm
freeipmi-bmc-watchdog-1.6.18-1.el8_10.aarch64.rpm
freeipmi-devel-1.6.18-1.el8_10.aarch64.rpm
freeipmi-ipmidetectd-1.6.18-1.el8_10.aarch64.rpm
freeipmi-ipmiseld-1.6.18-1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/freeipmi-1.6.18-1.el8_10.src.rpm

Related CVEs:

CVE-2026-50031

Description of changes:

[1.6.18-1]
- Update to 1.6.18, fixes CVE-2026-50031



ELSA-2026-36215 Important: Oracle Linux 8 compat-openssl10 security update


Oracle Linux Security Advisory ELSA-2026-36215

http://linux.oracle.com/errata/ELSA-2026-36215.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
compat-openssl10-1.0.2o-4.el8_10.3.i686.rpm
compat-openssl10-1.0.2o-4.el8_10.3.x86_64.rpm

aarch64:
compat-openssl10-1.0.2o-4.el8_10.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/compat-openssl10-1.0.2o-4.el8_10.3.src.rpm

Related CVEs:

CVE-2026-45447

Description of changes:

[1.1.0-2o-4.3]
- Fix CVE-2026-45447: Fix double-free of caller-owned BIO in PKCS7_verify



ELSA-2026-36188 Important: Oracle Linux 8 perl-HTTP-Daemon security update


Oracle Linux Security Advisory ELSA-2026-36188

http://linux.oracle.com/errata/ELSA-2026-36188.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
perl-HTTP-Daemon-6.01-24.el8_10.noarch.rpm

aarch64:
perl-HTTP-Daemon-6.01-24.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/perl-HTTP-Daemon-6.01-24.el8_10.src.rpm

Related CVEs:

CVE-2026-8450

Description of changes:

[6.01-24]
- Fix CVE-2026-8450: send_file() shell-magic injection via 2-arg open()
- Resolves: RHEL-184825