ELSA-2026-26562 Important: Oracle Linux 8 xorg-x11-server-Xwayland security, bug fix, and enhancement update
ELBA-2026-26350 Oracle Linux 8 gnome-shell-extensions bug fix and enhancement update
ELSA-2026-26275 Important: Oracle Linux 8 openssl security update
ELBA-2026-26349 Oracle Linux 8 gnuplot bug fix and enhancement update
ELSA-2026-50318 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-50318 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-50318 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-26347 Moderate: Oracle Linux 8 libpng15 security update
ELSA-2026-7850 Important: Oracle Linux 7 gstreamer-plugins-base and gstreamer-plugins-good security update
ELSA-2026-26408 Important: Oracle Linux 8 rsync security update
ELBA-2026-23258-1 Oracle Linux 8 kernel bug fix update
ELSA-2026-22708 Important: Oracle Linux 7 firefox security update
ELSA-2026-25932 Important: Oracle Linux 8 postfix security update
ELSA-2026-25918 Important: Oracle Linux 8 webkit2gtk3 security update
ELBA-2026-25121-1 Oracle Linux 8 kernel bug fix update
ELBA-2026-26351 Oracle Linux 8 mutter bug fix and enhancement update
ELSA-2026-26355 Moderate: Oracle Linux 8 libxslt security update
ELBA-2026-26346 Oracle Linux 8 valgrind bug fix and enhancement update
ELSA-2026-26709 Important: Oracle Linux 8 xorg-x11-server security, bug fix, and enhancement update
ELSA-2026-25121 Critical: Oracle Linux 8 kernel security update
ELSA-2026-25090 Important: Oracle Linux 8 httpd:2.4 security update
ELSA-2026-26354 Low: Oracle Linux 8 libxml2 security update
ELSA-2026-26352 Moderate: Oracle Linux 8 opencryptoki security update
ELSA-2026-26348 Moderate: Oracle Linux 8 libpng12 security update
ELSA-2026-19704 Important: Oracle Linux 7 firefox security update
ELBA-2026-50320 Oracle Linux 8 sysstat bug fix update
ELBA-2026-26353 Oracle Linux 8 systemd bug fix and enhancement update
ELBA-2026-50317 Oracle Linux 7 kernel bug fix update
ELSA-2026-26562 Important: Oracle Linux 8 xorg-x11-server-Xwayland security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-26562
http://linux.oracle.com/errata/ELSA-2026-26562.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
xorg-x11-server-Xwayland-21.1.3-20.el8_10.2.x86_64.rpm
aarch64:
xorg-x11-server-Xwayland-21.1.3-20.el8_10.2.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/xorg-x11-server-Xwayland-21.1.3-20.el8_10.2.src.rpm
Related CVEs:
CVE-2026-50256
CVE-2026-50257
CVE-2026-50258
CVE-2026-50259
CVE-2026-50260
CVE-2026-50261
CVE-2026-50262
CVE-2026-50263
CVE-2026-50264
Description of changes:
[21.1.3-20.2]
- Other security related fixes
Resolves: https://redhat.atlassian.net/browse/RHEL-184293
[21.1.3-20.1]
- CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258,
CVE-2026-50259, CVE-2026-50260, CVE-2026-50261,
CVE-2026-50262, CVE-2026-50263
Resolves: https://redhat.atlassian.net/browse/RHEL-182445
ELBA-2026-26350 Oracle Linux 8 gnome-shell-extensions bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-26350
http://linux.oracle.com/errata/ELBA-2026-26350.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
gnome-classic-session-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-classification-banner-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-common-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-custom-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-dash-to-panel-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-heads-up-display-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-window-list-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-53.el8_10.noarch.rpm
aarch64:
gnome-classic-session-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-classification-banner-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-common-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-custom-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-dash-to-panel-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-heads-up-display-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-window-list-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-53.el8_10.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-53.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gnome-shell-extensions-3.32.1-53.el8_10.src.rpm
Description of changes:
[3.32.1-53]
- Fix scrollable workspace menu
Resolves: RHEL-171972
ELSA-2026-26275 Important: Oracle Linux 8 openssl security update
Oracle Linux Security Advisory ELSA-2026-26275
http://linux.oracle.com/errata/ELSA-2026-26275.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
openssl-1.1.1k-16.el8_6.x86_64.rpm
openssl-devel-1.1.1k-16.el8_6.i686.rpm
openssl-devel-1.1.1k-16.el8_6.x86_64.rpm
openssl-libs-1.1.1k-16.el8_6.i686.rpm
openssl-libs-1.1.1k-16.el8_6.x86_64.rpm
openssl-perl-1.1.1k-16.el8_6.x86_64.rpm
aarch64:
openssl-1.1.1k-16.el8_6.aarch64.rpm
openssl-devel-1.1.1k-16.el8_6.aarch64.rpm
openssl-libs-1.1.1k-16.el8_6.aarch64.rpm
openssl-perl-1.1.1k-16.el8_6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/openssl-1.1.1k-16.el8_6.src.rpm
Related CVEs:
CVE-2024-4741
CVE-2026-45447
Description of changes:
[1:1.1.1k-16]
- Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify()
Resolves: RHEL-180978
- Fix CVE-2024-4741: Use After Free with SSL_free_buffers
Resolves: RHEL-180983
ELBA-2026-26349 Oracle Linux 8 gnuplot bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-26349
http://linux.oracle.com/errata/ELBA-2026-26349.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
gnuplot-5.2.4-4.el8_10.x86_64.rpm
gnuplot-common-5.2.4-4.el8_10.x86_64.rpm
gnuplot-doc-5.2.4-4.el8_10.noarch.rpm
aarch64:
gnuplot-5.2.4-4.el8_10.aarch64.rpm
gnuplot-common-5.2.4-4.el8_10.aarch64.rpm
gnuplot-doc-5.2.4-4.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gnuplot-5.2.4-4.el8_10.src.rpm
Description of changes:
[5.2.4-4]
- Fix Qlist error message (Fedora bug #1970658)
ELSA-2026-50318 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50318
http://linux.oracle.com/errata/ELSA-2026-50318.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-321.202.5.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-321.202.5.2.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.2.el9uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-321.202.5.2.el9uek.src.rpm
Related CVEs:
CVE-2022-50073
CVE-2026-31504
CVE-2026-31533
CVE-2026-31657
CVE-2026-31669
Description of changes:
[5.15.0-321.202.5.2]
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan) [Orabug: 39543209] {CVE-2026-31533}
- net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39543208] {CVE-2026-31504}
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (Cezar Bulinaru) [Orabug: 39543201] {CVE-2022-50073}
- mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) [Orabug: 39543200] {CVE-2026-31669}
- batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39543197] {CVE-2026-31657}
- arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39543196]
ELSA-2026-50318 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50318
http://linux.oracle.com/errata/ELSA-2026-50318.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-321.202.5.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-321.202.5.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.2.el8uek.x86_64.rpm
aarch64:
bpftool-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-321.202.5.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-321.202.5.2.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.2.el8uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-321.202.5.2.el8uek.src.rpm
Related CVEs:
CVE-2022-50073
CVE-2026-31504
CVE-2026-31533
CVE-2026-31657
CVE-2026-31669
Description of changes:
[5.15.0-321.202.5.2]
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan) [Orabug: 39543209] {CVE-2026-31533}
- net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39543208] {CVE-2026-31504}
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (Cezar Bulinaru) [Orabug: 39543201] {CVE-2022-50073}
- mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) [Orabug: 39543200] {CVE-2026-31669}
- batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39543197] {CVE-2026-31657}
- arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39543196]
ELSA-2026-50318 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50318
http://linux.oracle.com/errata/ELSA-2026-50318.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
aarch64:
bpftool-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-321.202.5.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-321.202.5.2.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-321.202.5.2.el9uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-321.202.5.2.el9uek.src.rpm
Related CVEs:
CVE-2022-50073
CVE-2026-31504
CVE-2026-31533
CVE-2026-31657
CVE-2026-31669
Description of changes:
[5.15.0-321.202.5.2]
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan) [Orabug: 39543209] {CVE-2026-31533}
- net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39543208] {CVE-2026-31504}
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (Cezar Bulinaru) [Orabug: 39543201] {CVE-2022-50073}
- mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) [Orabug: 39543200] {CVE-2026-31669}
- batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39543197] {CVE-2026-31657}
- arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39543196]
[5.15.0-321.202.5.1]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017590] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017590]
- ARM: uek: Disable CONFIG_NVIDIA_CARMEL_CNP_ERRATUM (Boris Ostrovsky) [Orabug: 39017590]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017590]
[5.15.0-321.202.5]
- Revert "ip6_tunnel: Fix usage of skb_vlan_inet_prepare()" (Harshit Mogalapalli) [Orabug: 39476647]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463672]
[5.15.0-321.202.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429143]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429143]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429143]
[5.15.0-321.202.3]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368827] {CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368827]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384274] {CVE-2026-46333}
- mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- Revert "mm/hugetlb: add option to allows disabling CVE-2025-38085 mitigation" (Samasth Norway Ananda) [Orabug: 38474901]
- mm/rmap: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- mm/hugetlb: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- mm/hugetlb: fix hugetlb_pmd_shared() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
[5.15.0-321.202.2]
- dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler (Guenter Roeck)
- Revert "arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on" (Sasha Levin)
- ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Ben Hutchings)
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (Gui-Dong Han)
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (Guenter Roeck)
- sched: idle: Make skipping governor callbacks more consistent (Rafael J. Wysocki)
- nvmet-tcp: fix use-before-check of sg in bounds validation (Cengiz Can)
- remoteproc: mediatek: Unprepare SCP clock during system suspend (Tzung-Bi Shih)
- net: openvswitch: Avoid releasing netdev before teardown completes (Toke Høiland-Jørgensen)
- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (Rafael J. Wysocki)
- net: hsr: fix VLAN add unwind on slave errors (Luka Gejak)
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39327141] {CVE-2025-54518}
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284}
- KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (Maxim Levitsky) [Orabug: 39334996]
- KVM: Don't block+unblock when halt-polling is successful (Sean Christopherson) [Orabug: 39334996]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167616] {CVE-2026-31402}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39103230] {CVE-2026-23270}
- exadata: tools: perf: update column to comm_nodigit (Stephen Brennan) [Orabug: 39327019]
- perf report: Add comm_nodigit sort key (Stephen Brennan) [Orabug: 39327019]
- Revert "tools: perf: add comm_ignore_digit column" (Stephen Brennan) [Orabug: 39327019]
[5.15.0-321.202.1]
- virtio-net: add cond_resched() to the command waiting loop (Jason Wang) [Orabug: 39291988]
- virtio-net: convert rx mode setting to use workqueue (Jason Wang) [Orabug: 39291988]
- x86: KVM: Add common feature flag for AMD's PSFD (Sean Christopherson) [Orabug: 35586248]
- KVM: x86: Insert "AMD" in KVM_X86_FEATURE_PSFD (Jim Mattson) [Orabug: 35586248]
- KVM: x86: Expose Predictive Store Forwarding Disable (Babu Moger) [Orabug: 35586248]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174661]
[5.15.0-320.202.8]
- iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39186453]
- iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39186453]
- iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39186453]
- iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39186453]
- iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39186453]
- iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39186453]
[5.15.0-320.202.7]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250686,39331104] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250686,39331109] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250686]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250686,39300910] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250686]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250686,39283867,39291961] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250686]
- uek-rpm: Enable FWCTL for aarch64 (Dave Kleikamp) [Orabug: 39252913]
[5.15.0-320.202.6]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39277795]
- uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39109819]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39109819]
- iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39109819]
- iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39109819]
- iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39209012]
- iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39209012]
- iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39209012]
- x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov) [Orabug: 39241228,39273722] {CVE-2026-31628}
ELSA-2026-26347 Moderate: Oracle Linux 8 libpng15 security update
Oracle Linux Security Advisory ELSA-2026-26347
http://linux.oracle.com/errata/ELSA-2026-26347.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libpng15-1.5.30-9.el8_10.i686.rpm
libpng15-1.5.30-9.el8_10.x86_64.rpm
aarch64:
libpng15-1.5.30-9.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libpng15-1.5.30-9.el8_10.src.rpm
Related CVEs:
CVE-2026-33416
Description of changes:
[1.5.30-9]
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161346)
ELSA-2026-7850 Important: Oracle Linux 7 gstreamer-plugins-base and gstreamer-plugins-good security update
Oracle Linux Security Advisory ELSA-2026-7850
http://linux.oracle.com/errata/ELSA-2026-7850.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
gstreamer-plugins-base-0.10.36-10.0.1.el7.i686.rpm
gstreamer-plugins-base-0.10.36-10.0.1.el7.x86_64.rpm
gstreamer-plugins-base-devel-0.10.36-10.0.1.el7.i686.rpm
gstreamer-plugins-base-devel-0.10.36-10.0.1.el7.x86_64.rpm
gstreamer-plugins-base-devel-docs-0.10.36-10.0.1.el7.noarch.rpm
gstreamer-plugins-base-tools-0.10.36-10.0.1.el7.x86_64.rpm
gstreamer-plugins-good-0.10.31-13.0.1.el7.i686.rpm
gstreamer-plugins-good-0.10.31-13.0.1.el7.x86_64.rpm
gstreamer-plugins-good-devel-docs-0.10.31-13.0.1.el7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gstreamer-plugins-base-0.10.36-10.0.1.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/gstreamer-plugins-good-0.10.31-13.0.1.el7.src.rpm
Related CVEs:
CVE-2026-2921
CVE-2026-3083
CVE-2026-3085
Description of changes:
gstreamer-plugins-base
[0.10.36-10.0.1]
- Security update CVE-2026-2921 [Orabug: 39201593]
gstreamer-plugins-good
[0.10.31-13.0.1]
- Security update for CVE-2026-3083 CVE-2026-3085 [Orabug: 39199326]
ELSA-2026-26408 Important: Oracle Linux 8 rsync security update
Oracle Linux Security Advisory ELSA-2026-26408
http://linux.oracle.com/errata/ELSA-2026-26408.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
rsync-3.1.3-27.el8_10.x86_64.rpm
rsync-daemon-3.1.3-27.el8_10.noarch.rpm
aarch64:
rsync-3.1.3-27.el8_10.aarch64.rpm
rsync-daemon-3.1.3-27.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/rsync-3.1.3-27.el8_10.src.rpm
Related CVEs:
CVE-2026-29518
CVE-2026-43618
Description of changes:
[3.1.3-27]
- Integer overflow in compressed-token decoding (CVE-2026-43618)
- Resolves: RHEL-174951
[3.1.3-26]
- Resolves: RHEL-174950 - CVE-2026-29518 - TOCTOU symlink race in
non-chrooted daemon modules
ELBA-2026-23258-1 Oracle Linux 8 kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-23258-1
http://linux.oracle.com/errata/ELBA-2026-23258-1.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.129.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.129.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.129.1.0.1.el8_10.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.129.1.0.1.el8_10.src.rpm
Description of changes:
[4.18.0-553.129.1.0.1]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]
[4.18.0-553.129.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-178447]
- ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Guillaume Nault) [RHEL-172664] {CVE-2026-43038}
- ALSA: 6fire: Fix leftover global pointers after probe failures (Jaroslav Kysela) [RHEL-172963]
- ALSA: 6fire: Cover the whole probe and disconnect calls with register_mutex (Jaroslav Kysela) [RHEL-172963]
- ALSA: 6fire: fix use-after-free on disconnect (Jaroslav Kysela) [RHEL-172963] {CVE-2026-31581}
- ALSA: 6fire: Release resources at card release (Jaroslav Kysela) [RHEL-172963] {CVE-2024-53239}
[4.18.0-553.130.1]
- RDMA/rxe: Fix double free in rxe_srq_from_init (Kamal Heib) [RHEL-179702] {CVE-2026-45852}
- md: uninitialized start_time in md_clone_bio() causes bogus IO accounting (Nigel Croxon) [RHEL-170384]
ELBA-2026-26351 Oracle Linux 8 mutter bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-26351
http://linux.oracle.com/errata/ELBA-2026-26351.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
mutter-3.32.2-75.el8_10.i686.rpm
mutter-3.32.2-75.el8_10.x86_64.rpm
mutter-devel-3.32.2-75.el8_10.i686.rpm
mutter-devel-3.32.2-75.el8_10.x86_64.rpm
aarch64:
mutter-3.32.2-75.el8_10.aarch64.rpm
mutter-devel-3.32.2-75.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/mutter-3.32.2-75.el8_10.src.rpm
Description of changes:
[3.32.2-75]
- Don't unminimize mapped windows
Resolves: RHEL-177609
ELSA-2026-26355 Moderate: Oracle Linux 8 libxslt security update
Oracle Linux Security Advisory ELSA-2026-26355
http://linux.oracle.com/errata/ELSA-2026-26355.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libxslt-1.1.32-6.4.0.1.el8_10.i686.rpm
libxslt-1.1.32-6.4.0.1.el8_10.x86_64.rpm
libxslt-devel-1.1.32-6.4.0.1.el8_10.i686.rpm
libxslt-devel-1.1.32-6.4.0.1.el8_10.x86_64.rpm
aarch64:
libxslt-1.1.32-6.4.0.1.el8_10.aarch64.rpm
libxslt-devel-1.1.32-6.4.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libxslt-1.1.32-6.4.0.1.el8_10.src.rpm
Related CVEs:
CVE-2025-10911
Description of changes:
[1.1.32-6.4.0.1]
- Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball
[1.1.32-6.4]
- Fix CVE-2025-10911 (RHEL-171739)
ELBA-2026-26346 Oracle Linux 8 valgrind bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-26346
http://linux.oracle.com/errata/ELBA-2026-26346.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
valgrind-3.22.0-4.el8_10.i686.rpm
valgrind-3.22.0-4.el8_10.x86_64.rpm
valgrind-devel-3.22.0-4.el8_10.i686.rpm
valgrind-devel-3.22.0-4.el8_10.x86_64.rpm
valgrind-docs-3.22.0-4.el8_10.i686.rpm
valgrind-docs-3.22.0-4.el8_10.x86_64.rpm
valgrind-gdb-3.22.0-4.el8_10.i686.rpm
valgrind-gdb-3.22.0-4.el8_10.x86_64.rpm
valgrind-scripts-3.22.0-4.el8_10.i686.rpm
valgrind-scripts-3.22.0-4.el8_10.x86_64.rpm
aarch64:
valgrind-3.22.0-4.el8_10.aarch64.rpm
valgrind-devel-3.22.0-4.el8_10.aarch64.rpm
valgrind-docs-3.22.0-4.el8_10.aarch64.rpm
valgrind-gdb-3.22.0-4.el8_10.aarch64.rpm
valgrind-scripts-3.22.0-4.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/valgrind-3.22.0-4.el8_10.src.rpm
Description of changes:
[3.22.0-4]
- RHEL-166036: valgrind-scripts depends on python3.11 which reaches EOL
ELSA-2026-26709 Important: Oracle Linux 8 xorg-x11-server security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-26709
http://linux.oracle.com/errata/ELSA-2026-26709.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
xorg-x11-server-Xdmx-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-Xephyr-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-Xnest-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-Xorg-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-Xvfb-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-common-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-devel-1.20.11-28.el8_10.2.i686.rpm
xorg-x11-server-devel-1.20.11-28.el8_10.2.x86_64.rpm
xorg-x11-server-source-1.20.11-28.el8_10.2.noarch.rpm
aarch64:
xorg-x11-server-Xdmx-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-Xephyr-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-Xnest-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-Xorg-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-Xvfb-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-common-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-devel-1.20.11-28.el8_10.2.aarch64.rpm
xorg-x11-server-source-1.20.11-28.el8_10.2.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/xorg-x11-server-1.20.11-28.el8_10.2.src.rpm
Related CVEs:
CVE-2026-50256
CVE-2026-50257
CVE-2026-50258
CVE-2026-50259
CVE-2026-50260
CVE-2026-50261
CVE-2026-50262
CVE-2026-50263
CVE-2026-50264
Description of changes:
[1.20.11-28.2]
- Other security related fixes
Resolves: https://redhat.atlassian.net/browse/RHEL-184289
[1.20.11-28.1]
- CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258,
CVE-2026-50259, CVE-2026-50260, CVE-2026-50261,
CVE-2026-50262, CVE-2026-50263, CVE-2026-50264
Resolves: https://redhat.atlassian.net/browse/RHEL-182442
ELSA-2026-25121 Critical: Oracle Linux 8 kernel security update
Oracle Linux Security Advisory ELSA-2026-25121
http://linux.oracle.com/errata/ELSA-2026-25121.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.132.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.132.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.132.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.132.1.el8_10.x86_64.rpm
perf-4.18.0-553.132.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.132.1.el8_10.x86_64.rpm
aarch64:
bpftool-4.18.0-553.132.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.132.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.132.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.132.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.132.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.132.1.el8_10.aarch64.rpm
perf-4.18.0-553.132.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.132.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.132.1.el8_10.src.rpm
Related CVEs:
CVE-2023-53781
CVE-2025-21858
CVE-2025-68366
CVE-2026-22984
CVE-2026-22990
CVE-2026-23392
CVE-2026-31581
CVE-2026-31613
CVE-2026-43037
CVE-2026-43038
CVE-2026-43125
CVE-2026-45852
CVE-2026-46181
Description of changes:
[4.18.0-553.132.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 cb[] in ip4ip6_err() (Guillaume Nault) [RHEL-172640] {CVE-2026-43037}
- dlm: fix buffer overflow from negative len in dlm_search_rsb_tree (Alexander Aring) [RHEL-173986] {CVE-2026-43125}
- dlm: validate length in dlm_search_rsb_tree (Alexander Aring) [RHEL-173986] {CVE-2026-43125}
[4.18.0-553.131.1]
- RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (Kamal Heib) [RHEL-179982] {CVE-2026-46181}
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-178447]
- ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Guillaume Nault) [RHEL-172664] {CVE-2026-43038}
- ALSA: 6fire: Fix leftover global pointers after probe failures (Jaroslav Kysela) [RHEL-172963]
- ALSA: 6fire: Cover the whole probe and disconnect calls with register_mutex (Jaroslav Kysela) [RHEL-172963]
- ALSA: 6fire: fix use-after-free on disconnect (Jaroslav Kysela) [RHEL-172963] {CVE-2026-31581}
- ALSA: 6fire: Release resources at card release (Jaroslav Kysela) [RHEL-172963] {CVE-2024-53239}
[4.18.0-553.130.1]
- RDMA/rxe: Fix double free in rxe_srq_from_init (Kamal Heib) [RHEL-179702] {CVE-2026-45852}
- md: uninitialized start_time in md_clone_bio() causes bogus IO accounting (Nigel Croxon) [RHEL-170384]
ELSA-2026-25090 Important: Oracle Linux 8 httpd:2.4 security update
Oracle Linux Security Advisory ELSA-2026-25090
http://linux.oracle.com/errata/ELSA-2026-25090.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
httpd-devel-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm
httpd-manual-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm
httpd-tools-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.x86_64.rpm
mod_ldap-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.x86_64.rpm
mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
mod_session-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
mod_ssl-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm
aarch64:
httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
httpd-devel-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm
httpd-manual-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm
httpd-tools-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.aarch64.rpm
mod_ldap-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.aarch64.rpm
mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
mod_session-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
mod_ssl-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.src.rpm
Related CVEs:
CVE-2026-49975
Description of changes:
httpd
[2.4.37-65.0.1.8]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-65.8]
- Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server mod_proxy_ajp:
Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)
- Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointer dereference can
cause a child process crash (CVE-2026-33007)
- Resolves: RHEL-175088 - httpd:2.4/httpd: off-by-one out-of-bounds reads
in AJP getter functions (CVE-2026-33857)
- Resolves: RHEL-175620 - httpd:2.4/httpd: NULL pointer dereference via
specially crafted request (CVE-2026-29169)
- Resolves: RHEL-175055 - httpd: heap-based buffer over-read and memory
disclosure in ajp_parse_data() (CVE-2026-34059)
[2.4.37-65.7]
- Resolves: RHEL-135054 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable
override (CVE-2025-65082)
- Resolves: RHEL-134471 - httpd: Apache HTTP Server: Server Side Includes adds
query string to #exec cmd=... (CVE-2025-58098)
[2.4.37-65.6]
- Resolves: RHEL-127073 - mod_ssl: allow more fine grained SSL SNI vhost check
to avoid unnecessary 421 errors after CVE-2025-23048 fix
- mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default
[2.4.37-65.5]
- Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade
- Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of
user-supplied data in mod_ssl
- Resolves: RHEL-99961 - CVE-2025-23048 httpd: access control bypass by trusted
clients is possible using TLS 1.3 session resumption
[2.4.37-65.4]
- Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests
[2.4.37-65.3]
- Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with
unicode characters in the name
[2.4.37-65.2]
- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix
[2.4.37-65.1]
- Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue
in mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in
mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output
in mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference
in mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF
in mod_rewrite (CVE-2024-39573)
[2.4.37-65]
- Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response
splitting (CVE-2023-38709)
mod_http2
[1.15.7-10.6]
- Resolves: RHEL-182418 - mod_http2: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack (CVE-2026-49975)
[1.15.7-10.5]
- Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by
Memory Increase (CVE-2025-53020)
[1.15.7-10.4]
- Resolves: RHEL-105186 - httpd:2.4/httpd: untrusted input from a client causes
an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)
[1.15.7-10.3]
- Resolves: RHEL-58454 - mod_proxy_http2 failures after CVE-2024-38477 fix
- Resolves: RHEL-59017 - random failures in other requests on http/2 stream
when client resets one request
[1.15.7-10.2]
- Resolves: RHEL-71575: Wrong Content-Type when proxying using H2 protocol
[1.15.7-10.1]
- Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431
occurs using http/2 on RHEL8
[1.15.7-10]
- Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames
DoS (CVE-2024-27316)
[1.15.7-9.3]
- Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory
(incomplete fix of CVE-2023-44487)(CVE-2023-45802)
[1.15.7-8.3]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy
[1.15.7-7]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken
mod_md
[1:2.0.8-8.2]
- Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME),
unintended retry intervals (CVE-2025-55753)
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources
[1:2.0.8-7]
- Resolves: #1747912 - add a2md(1) documentation
[1:2.0.8-6]
- Resolves: #1781263 - mod_md ACMEv1 crash
[1:2.0.8-5]
- Resolves: #1747898 - add mod_md package
[1:2.0.8-4]
- require mod_ssl, update package description
[1:2.0.8-3]
- rebuild against 2.4.41
[1:2.0.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
[1:2.0.8-1]
- update to 2.0.8
[2.0.3-1]
- Initial import (#1719248).
ELSA-2026-26354 Low: Oracle Linux 8 libxml2 security update
Oracle Linux Security Advisory ELSA-2026-26354
http://linux.oracle.com/errata/ELSA-2026-26354.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libxml2-2.9.7-21.el8_10.5.i686.rpm
libxml2-2.9.7-21.el8_10.5.x86_64.rpm
libxml2-devel-2.9.7-21.el8_10.5.i686.rpm
libxml2-devel-2.9.7-21.el8_10.5.x86_64.rpm
python3-libxml2-2.9.7-21.el8_10.5.x86_64.rpm
aarch64:
libxml2-2.9.7-21.el8_10.5.aarch64.rpm
libxml2-devel-2.9.7-21.el8_10.5.aarch64.rpm
python3-libxml2-2.9.7-21.el8_10.5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libxml2-2.9.7-21.el8_10.5.src.rpm
Related CVEs:
CVE-2024-34459
Description of changes:
[2.9.7-21.5]
- Fix CVE-2024-34459 (RHEL-36405)
ELSA-2026-26352 Moderate: Oracle Linux 8 opencryptoki security update
Oracle Linux Security Advisory ELSA-2026-26352
http://linux.oracle.com/errata/ELSA-2026-26352.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
opencryptoki-3.22.0-3.el8_10.3.x86_64.rpm
opencryptoki-devel-3.22.0-3.el8_10.3.i686.rpm
opencryptoki-devel-3.22.0-3.el8_10.3.x86_64.rpm
opencryptoki-icsftok-3.22.0-3.el8_10.3.x86_64.rpm
opencryptoki-libs-3.22.0-3.el8_10.3.i686.rpm
opencryptoki-libs-3.22.0-3.el8_10.3.x86_64.rpm
opencryptoki-swtok-3.22.0-3.el8_10.3.x86_64.rpm
opencryptoki-tpmtok-3.22.0-3.el8_10.3.x86_64.rpm
aarch64:
opencryptoki-3.22.0-3.el8_10.3.aarch64.rpm
opencryptoki-devel-3.22.0-3.el8_10.3.aarch64.rpm
opencryptoki-icsftok-3.22.0-3.el8_10.3.aarch64.rpm
opencryptoki-libs-3.22.0-3.el8_10.3.aarch64.rpm
opencryptoki-swtok-3.22.0-3.el8_10.3.aarch64.rpm
opencryptoki-tpmtok-3.22.0-3.el8_10.3.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/opencryptoki-3.22.0-3.el8_10.3.src.rpm
Related CVEs:
CVE-2026-40253
Description of changes:
[3.22.0-3.3]
- Resolves: RHEL-171558, Fix possible out-of-bounds access in BER decode functions
ELSA-2026-26348 Moderate: Oracle Linux 8 libpng12 security update
Oracle Linux Security Advisory ELSA-2026-26348
http://linux.oracle.com/errata/ELSA-2026-26348.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libpng12-1.2.57-7.el8_10.i686.rpm
libpng12-1.2.57-7.el8_10.x86_64.rpm
aarch64:
libpng12-1.2.57-7.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libpng12-1.2.57-7.el8_10.src.rpm
Related CVEs:
CVE-2026-33416
Description of changes:
[1.2.57-7]
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161345)
ELSA-2026-19704 Important: Oracle Linux 7 firefox security update
Oracle Linux Security Advisory ELSA-2026-19704
http://linux.oracle.com/errata/ELSA-2026-19704.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
firefox-140.10.0-1.0.1.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-140.10.0-1.0.1.el7_9.src.rpm
Related CVEs:
CVE-2026-6746
CVE-2026-6747
CVE-2026-6748
CVE-2026-6749
CVE-2026-6750
CVE-2026-6751
CVE-2026-6752
CVE-2026-6753
CVE-2026-6754
CVE-2026-6757
CVE-2026-6759
CVE-2026-6761
CVE-2026-6762
CVE-2026-6763
CVE-2026-6764
CVE-2026-6765
CVE-2026-6766
CVE-2026-6767
CVE-2026-6769
CVE-2026-6770
CVE-2026-6771
CVE-2026-6772
CVE-2026-6776
CVE-2026-6785
CVE-2026-6786
Description of changes:
[140.10.0-1.0.1]
- Update to 140.10.0 ESR [Orabug: 39499844][CVE-2026-6746][CVE-2026-6747]
[CVE-2026-6748][CVE-2026-6749][CVE-2026-6750][CVE-2026-6751][CVE-2026-6752]
[CVE-2026-6753][CVE-2026-6754][CVE-2026-6757][CVE-2026-6759][CVE-2026-6761]
[CVE-2026-6762][CVE-2026-6763][CVE-2026-6764][CVE-2026-6765][CVE-2026-6766]
[CVE-2026-6767][CVE-2026-6769][CVE-2026-6770][CVE-2026-6771][CVE-2026-6772]
[CVE-2026-6776][CVE-2026-6785][CVE-2026-6786]
[140.9.1-1.0.1]
- Update to 140.9.1 ESR [Orabug: 39324689][CVE-2026-5731][CVE-2026-5732]
[CVE-2026-5734][CVE-2026-33416][CVE-2026-33636]
[140.9.0-1.0.1]
- Update to 140.9.0 ESR [Orabug: 39361657][CVE-2026-4684][CVE-2026-4685]
[CVE-2026-4686][CVE-2026-4687][CVE-2026-4688][CVE-2026-4689][CVE-2026-4690]
[CVE-2026-4691][CVE-2026-4692][CVE-2026-4693][CVE-2026-4694][CVE-2026-4695]
[CVE-2026-4696][CVE-2026-4697][CVE-2026-4698][CVE-2026-4699][CVE-2026-4700]
[CVE-2026-4701][CVE-2026-4702][CVE-2026-4704][CVE-2026-4705][CVE-2026-4706]
[CVE-2026-4707][CVE-2026-4708][CVE-2026-4709][CVE-2026-4710][CVE-2026-4711]
[CVE-2026-4712][CVE-2026-4713][CVE-2026-4714][CVE-2026-4715][CVE-2026-4716]
[CVE-2026-4717][CVE-2026-4718][CVE-2026-4719][CVE-2026-4720][CVE-2026-4721]
[140.8.0-2.0.1]
- Update to 140.8.0 ESR [Orabug: 39361647][CVE-2026-2447][CVE-2026-2757]
[CVE-2026-2758][CVE-2026-2759][CVE-2026-2760][CVE-2026-2761][CVE-2026-2762]
[CVE-2026-2763][CVE-2026-2764][CVE-2026-2765][CVE-2026-2766][CVE-2026-2767]
[CVE-2026-2768][CVE-2026-2769][CVE-2026-2770][CVE-2026-2771][CVE-2026-2772]
[CVE-2026-2773][CVE-2026-2774][CVE-2026-2775][CVE-2026-2776][CVE-2026-2777]
[CVE-2026-2778][CVE-2026-2779][CVE-2026-2780][CVE-2026-2781][CVE-2026-2782]
[CVE-2026-2783][CVE-2026-2784][CVE-2026-2785][CVE-2026-2786][CVE-2026-2787]
[CVE-2026-2788][CVE-2026-2789][CVE-2026-2790][CVE-2026-2791][CVE-2026-2792]
[CVE-2026-2793]
[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
[CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
[CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
[CVE-2026-0891]
[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]
[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]
[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]
[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]
[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]
ELBA-2026-50320 Oracle Linux 8 sysstat bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50320
http://linux.oracle.com/errata/ELBA-2026-50320.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
sysstat-11.7.3-13.0.3.el8_10.x86_64.rpm
aarch64:
sysstat-11.7.3-13.0.3.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/sysstat-11.7.3-13.0.3.el8_10.src.rpm
Description of changes:
[11.7.3-13.0.3]
- Fixed issue where all row for sar shows zero [Orabug: 38855312]
ELBA-2026-26353 Oracle Linux 8 systemd bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-26353
http://linux.oracle.com/errata/ELBA-2026-26353.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
systemd-239-82.0.12.el8_10.17.i686.rpm
systemd-239-82.0.12.el8_10.17.x86_64.rpm
systemd-container-239-82.0.12.el8_10.17.i686.rpm
systemd-container-239-82.0.12.el8_10.17.x86_64.rpm
systemd-devel-239-82.0.12.el8_10.17.i686.rpm
systemd-devel-239-82.0.12.el8_10.17.x86_64.rpm
systemd-journal-remote-239-82.0.12.el8_10.17.x86_64.rpm
systemd-libs-239-82.0.12.el8_10.17.i686.rpm
systemd-libs-239-82.0.12.el8_10.17.x86_64.rpm
systemd-pam-239-82.0.12.el8_10.17.x86_64.rpm
systemd-tests-239-82.0.12.el8_10.17.x86_64.rpm
systemd-udev-239-82.0.12.el8_10.17.x86_64.rpm
aarch64:
systemd-239-82.0.12.el8_10.17.aarch64.rpm
systemd-container-239-82.0.12.el8_10.17.aarch64.rpm
systemd-devel-239-82.0.12.el8_10.17.aarch64.rpm
systemd-journal-remote-239-82.0.12.el8_10.17.aarch64.rpm
systemd-libs-239-82.0.12.el8_10.17.aarch64.rpm
systemd-pam-239-82.0.12.el8_10.17.aarch64.rpm
systemd-tests-239-82.0.12.el8_10.17.aarch64.rpm
systemd-udev-239-82.0.12.el8_10.17.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/systemd-239-82.0.12.el8_10.17.src.rpm
Description of changes:
[239-82.0.12.el8_10.17]
- Reapply fix for leaking devlinks [Orabug: 39126811]
- Do not infer BindsTo dependency for mount units [Orabug: 39126811]
- Revert fix of leaking devlinks [Orabug: 39109827]
- Return to newest device wins for competing symlink claims [Orabug: 38718322]
- Fix collection of device units with conflicting devlinks [Orabug: 38599776]
- Re-apply fix for devlink device units on lvm rename [Orabug: 38491067]
- Removed fix for devlink device units on lvm rename [Orabug: 38659832]
- Fix leak of old devlink device units on lvm rename [Orabug: 38491067]
- Stash the dbus subscriber list when we disconnect from the bus [Orabug: 38028720]
- Drop systemd-nspawn delay on failing to reset loginuid [Orabug: 37782633]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Fixes podman quadlet doesn't work in rootless mode [Orabug: 36076771]
- Drastically simplify caching of cgroups members mask
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432]
- Udevd: add an extra configurable timeout before udevd kills workers [Orabug: 36424686]
- Fixed deletion issue for symlink when device is opened [Orabug: 36228608]
- Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376]
- 1A) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 35871376]
- 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376]
- 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]
- Backport upstream pstore dmesg fix [Orabug: 34850699]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273]
- Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629
- Detect podman as separate container type [Orabug: 31922204]
- improve container detection logic [Orabug: 31922204]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]
- Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
- Removed unneeded patches (Already provided upstream or not required)
- 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486]
- 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167)
- 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167)
- 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769)
- systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769)
- Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
- systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
[239-82.17]
- job: update job_free() to follow our usual return-NULL style (RHEL-168671)
- core: don't track jobs-finishing-during-reload explicitly (RHEL-168671)
- job: be more careful when removing job object from jobs hash table (RHEL-168671)
- core: rework how we deserialize jobs (RHEL-168671)
- core: when a unit state changes only propagate to jobs after reloading is complete (RHEL-168671)
- core: extend comments regarding coldplug() vs. catchup() (RHEL-168671)
[239-82.16]
- core: validate input cgroup path more prudently (RHEL-152085)
- nspawn: normalize pivot_root paths (RHEL-163868)
- udev: check for invalid chars in various fields received from the kernel (RHEL-163874)
- udev: fix review mixup (RHEL-163874)
- udev/scsi-id: check for invalid chars in various fields received from the kernel (RHEL-163874)
- core/manager: fix memory leak (RHEL-163867)
[239-82.15]
- resolved: add dns_query_candidate_freep() (RHEL-93425)
- resolved: fix use-after-free with queries hitting the cache (RHEL-93425)
- resolve: exit from loop for transactions when transactions has been regenerated (RHEL-93425)
- locale-util: do not call setlocale() when multi-threaded (RHEL-93425)
[239-82.14]
- core: only activate transaction that contain useful jobs (RHEL-138710)
[239-82.13]
- logind: fix crash in logind on user-specified message string (RHEL-132317)
[239-82.12]
- Revert "run: update checks to allow running with a user's bus" (RHEL-118835)
[239-82.11]
- run: update checks to allow running with a user's bus (RHEL-118835)
[239-82.10]
- hwdb: add ACCEL_LOCATION property to parse_hwdb.py (RHEL-130979)
- hwdb: update ACCEL_LOCATION property to use Or instead of QuotedString (RHEL-130979)
- test: support general properties in hwdb files (RHEL-130979)
- hwdb: Relax parsing script to allow 0 and 1 for all ID_* properties (RHEL-130979)
- hwdb: allow spaces in usb: matches and similar patterns (RHEL-130979)
- test: fix parsing of 60-seat.hwdb and 60-keyboard.hwdb (RHEL-130979)
- parse_hwdb: fix compatibility with pyparsing 2.4.* (RHEL-130979)
- login: use parse_uid() when unmounting user runtime directory (RHEL-132175)
- pid1: do not use generated strings as format strings (#19098) (RHEL-132317)
- core/transaction: make merge_unit_ids() always return NUL-terminated string (RHEL-132317)
- core/transaction: make merge_unit_ids() return non-NULL on success (RHEL-132317)
- core/transaction: do not log "(null)" (RHEL-132317)
[239-82.9]
- cryptsetup-generator: refactor add_crypttab_devices() (RHEL-38859)
- cryptsetup-generator: continue parsing after error (RHEL-38859)
ELBA-2026-50317 Oracle Linux 7 kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50317
http://linux.oracle.com/errata/ELBA-2026-50317.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.21.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.21.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.21.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1160.119.1.0.21.el7.src.rpm
Description of changes:
[3.10.0-1160.119.1.0.21]
- nfsd: do not double-init nfsd proc stats [Orabug: 39056973]
[3.10.0-1160.119.1.0.19]
- ext4: fix use-after-free in ext4_orphan_cleanup {CVE-2022-50673} [Orabug: 39036029]
- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} [Orabug: 39036029]
- atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} [Orabug: 39036029]
- usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} [Orabug: 39036029]
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} [Orabug: 39036029]
- media: imon: reorganize serialization [Orabug: 39036029]
- media: rc: fix races with imon_disconnect() {CVE-2025-39993} [Orabug: 39036029]
- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} [Orabug: 39036029]
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} [Orabug: 39036029]
- net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074} [Orabug: 39036029]
[3.10.0-1160.119.1.0.18]
- e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} [Orabug: 38904071]
- i40e: fix idx validation in config queues msg {CVE-2025-39971} [Orabug: 38904071]
- vsock: track pkt owner vsock [Orabug: 38904071]
- vhost-vsock: add pkt cancel capability [Orabug: 38904071]
- vsock: cancel packets when failing to connect [Orabug: 38904071]
- vsock: notify server to shutdown when client has pending
signal [Orabug: 38904071]
- vsock: remove vsock from connected table when connect is
interrupted by a signal [Orabug: 38904071]
- vsock: Ignore signal/timeout on connect() if already
established {CVE-2025-40248} [Orabug: 38904071]
[3.10.0-1160.119.1.0.17]
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} [Orabug: 38860426]
- ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-53705} [Orabug: 38860426]
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} [Orabug: 38860426]
- libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} [Orabug: 38860426]
[3.10.0-1160.119.1.0.16]
- net: sched: sfb: fix null pointer access issue when sfb_init() fails {CVE-2022-50356} [Orabug: 38790244]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-50367} [Orabug: 38790244]
- iomap: iomap: fix memory corruption when recording {CVE-2022-50406} [Orabug: 38790244]
- mm: fix zswap writeback race condition {CVE-2023-53178} [Orabug: 38790244]
- Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} [Orabug: 38790244]
- scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} [Orabug: 38790244]
- tcp: fix potential double free issue for fastopen_req [Orabug: 38790244]
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() {CVE-2025-39955} [Orabug: 38790244]
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-50410} [Orabug: 38790244]
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} [Orabug: 38790244]
[3.10.0-1160.119.1.0.15]
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() {CVE-2022-3640} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put [Orabug: 38742878]
- Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} [Orabug: 38742878]
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} [Orabug: 38742878]
- ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} [Orabug: 38742878]
- sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} [Orabug: 38742878]
[3.10.0-1160.119.1.0.14]
- HID: core: fix shift-out-of-bounds in hid_report_raw_event {CVE-2022-48978} [Orabug: 38644370]
- crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} [Orabug: 38644370]
- nfsd: don't ignore the return code of svc_proc_register() {CVE-2025-22026} [Orabug: 38644370]
- net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} [Orabug: 38644370]
- HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} [Orabug: 38644370]
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} [Orabug: 38644370]
[3.10.0-1160.119.1.0.13]
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701} [Orabug: 38493400]
- md-raid10: fix KASAN warning {CVE-2022-50211} [Orabug: 38493400]
- ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} [Orabug: 38493400]
- net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} [Orabug: 38493400]
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} [Orabug: 38493400]
- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} [Orabug: 38493400]
[3.10.0-1160.119.1.0.12]
- scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332) [Orabug: 38414589]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) [Orabug: 38414589]
[3.10.0-1160.119.1.0.11]
- kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
- kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
- kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
- kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
- kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
- kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
- kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
- kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
- kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
- crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)
