Kernel, KRB5, Libsndfile, and more updates for Oracle Linux

Oracle Linux 6486 Published 2026-05-23 07:25 by Philipp Esselbach

News

ELSA-2026-50279 Important: Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50279

http://linux.oracle.com/errata/ELSA-2026-50279.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-202.76.4.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-202.76.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-202.76.4.3.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-doc-6.12.0-202.76.4.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-202.76.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-202.76.4.3.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-202.76.4.3.el10uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[6.12.0-202.76.4.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391434] {CVE-2026-46333}

ELBA-2026-9321 Oracle Linux 10 krb5 bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-9321

http://linux.oracle.com/errata/ELBA-2026-9321.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
krb5-devel-1.21.3-9.0.1.el10_1.x86_64.rpm
krb5-libs-1.21.3-9.0.1.el10_1.x86_64.rpm
krb5-pkinit-1.21.3-9.0.1.el10_1.x86_64.rpm
krb5-server-1.21.3-9.0.1.el10_1.x86_64.rpm
krb5-server-ldap-1.21.3-9.0.1.el10_1.x86_64.rpm
krb5-workstation-1.21.3-9.0.1.el10_1.x86_64.rpm
libkadm5-1.21.3-9.0.1.el10_1.x86_64.rpm

aarch64:
krb5-devel-1.21.3-9.0.1.el10_1.aarch64.rpm
krb5-libs-1.21.3-9.0.1.el10_1.aarch64.rpm
krb5-pkinit-1.21.3-9.0.1.el10_1.aarch64.rpm
krb5-server-1.21.3-9.0.1.el10_1.aarch64.rpm
krb5-server-ldap-1.21.3-9.0.1.el10_1.aarch64.rpm
krb5-workstation-1.21.3-9.0.1.el10_1.aarch64.rpm
libkadm5-1.21.3-9.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/krb5-1.21.3-9.0.1.el10_1.src.rpm

Description of changes:

[1.21.3-9.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]

ELSA-2026-50280 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50280

http://linux.oracle.com/errata/ELSA-2026-50280.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-320.202.8.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-320.202.8.4.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-320.202.8.4.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-320.202.8.4.el9uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[5.15.0-320.202.8.4]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391447] {CVE-2026-46333}

[5.15.0-320.202.8.3]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39362036] {CVE-2026-31402}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39362005] {CVE-2026-23270}
- KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (Maxim Levitsky) [Orabug: 39362018]
- KVM: Don't block+unblock when halt-polling is successful (Sean Christopherson) [Orabug: 39362018]

[5.15.0-320.202.8.2]
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39344515] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39344515] {CVE-2026-43284}

[5.15.0-320.202.8.1]
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39327141] {CVE-2025-54518}

[5.15.0-320.202.8]
- iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39186453]
- iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39186453]
- iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39186453]
- iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39186453]
- iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39186453]
- iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39186453]

[5.15.0-320.202.7]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250686]
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250686]
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250686]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250686]
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250686]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250686] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686]
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250686]
- uek-rpm: Enable FWCTL for aarch64 (Dave Kleikamp) [Orabug: 39252913]

[5.15.0-320.202.6]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39277795]
- uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39109819]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39109819]
- iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39109819]
- iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39109819]
- iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39209012]
- iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39209012]
- iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39209012]
- x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov) [Orabug: 39241228,39273722] {CVE-2026-31628}

[5.15.0-320.202.5]
- Revert "PCI: Enable ACS after configuring IOMMU for OF platforms" (Manivannan Sadhasivam) [Orabug: 39187371]
- net/handshake: duplicate handshake cancellations leak socket (Scott Mayhew) [Orabug: 38847720] {CVE-2025-68775}
- ext4: show 'shutdown' hint when ext4 is forced to shutdown (Baokun Li) [Orabug: 39002346]
- ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set (Baokun Li) [Orabug: 39002346]
- ext4: correct behavior under errors=remount-ro mode (Baokun Li) [Orabug: 39002346]
- ext4: add more ext4_emergency_state() checks around sb_rdonly() (Baokun Li) [Orabug: 39002346]
- ext4: add ext4_emergency_state() helper function (Baokun Li) [Orabug: 39002346]
- ext4: add EXT4_FLAGS_EMERGENCY_RO bit (Baokun Li) [Orabug: 39002346]
- ext4: convert EXT4_FLAGS_* defines to enum (Baokun Li) [Orabug: 39002346]
- ext4: make ext4_forced_shutdown() take struct super_block (Jan Kara) [Orabug: 39002346]
- ipv6: use RCU in ip6_xmit() (Eric Dumazet) [Orabug: 38649062] {CVE-2025-40135}
- memfd: move MFD_MF_KEEP_UE_MAPPED flag to higher bit (William Roche) [Orabug: 39109773]
- scsi: qla2xxx: Sanitize payload size to prevent member overflow (Jiasheng Jiang) [Orabug: 38930868] {CVE-2026-23059}
- bpf: Fix reference count leak in bpf_prog_test_run_xdp() (Tetsuo Handa) [Orabug: 38887702] {CVE-2026-22994}
- nfsd: check that server is running in unlock_filesystem (Olga Kornievskaia) [Orabug: 38887682] {CVE-2026-22989}
- net/mlx5e: TC, delete flows only for existing peers (Mark Bloch) [Orabug: 38970398] {CVE-2026-23173}
- net/handshake: restore destructor on submit failure (Caoping) [Orabug: 38887601] {CVE-2025-71148}
- scsi: qla2xxx: Fix improper freeing of purex item (Zilin Guan) [Orabug: 38798929] {CVE-2025-68741}
- bnxt_en: Fix XDP_TX path (Michael Chan) [Orabug: 38847684] {CVE-2025-68770}
- perf/x86/amd: Check event before enable to avoid GPF (George Kennedy) [Orabug: 38847849] {CVE-2025-68798}
- scsi: smartpqi: Fix device resources accessed after device removal (Mike Mcgowen) [Orabug: 38798848] {CVE-2025-68371}
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (Omar Sandoval) [Orabug: 38773579] {CVE-2025-68259}
- x86/fpu: Ensure XFD state on signal delivery (Chang S. Bae) [Orabug: 38773165] {CVE-2025-68171}
- virtio-net: fix received length check in big packets (Bui Quang Minh) [Orabug: 38737152] {CVE-2025-40292}
- ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (Yunhui Cui) [Orabug: 38641284] {CVE-2025-38113}
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (Qiuxu Zhuo) [Orabug: 38649173] {CVE-2025-40157}
- sunrpc: fix null pointer dereference on zero-length checksum (Lei Lu) [Orabug: 38649042] {CVE-2025-40129}
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (Jinjie Ruan) [Orabug: 38641275] {CVE-2024-53230}
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (Jinjie Ruan) [Orabug: 38641272] {CVE-2024-53231}
- vhost: vringh: Fix copy_to_iter return value check (Michael S. Tsirkin) [Orabug: 38592117] {CVE-2025-40056}
- crypto: qat - flush misc workqueue during device shutdown (Giovanni Cabiddu) [Orabug: 38401717] {CVE-2025-39721}
- vhost: vringh: Modify the return value check (Zhang Jiao) [Orabug: 38592085] {CVE-2025-40051}
- virtio-net: fix recursived rtnl_lock() during probe() (Zigit Zo) [Orabug: 38324330] {CVE-2025-38551}
- gve: prevent ethtool ops after shutdown (Jordan Rhee) [Orabug: 38401492] {CVE-2025-38735}
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Sean Christopherson) [Orabug: 38254140] {CVE-2025-38455}
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (Oleksij Rempel) [Orabug: 38253871] {CVE-2025-38385}
- net/mlx5e: Disable MACsec offload for uplink representor profile (Carolina Jubran) [Orabug: 38094809] {CVE-2025-38020}
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (Shuai Xue) [Orabug: 38094794] {CVE-2025-38015}
- net/mlx5: Fix ECVF vports unload on shutdown flow (Amir Tzin) [Orabug: 38152903] {CVE-2025-38109}
- bnxt: properly flush XDP redirect lists (Yan Zhai) [Orabug: 38175054] {CVE-2025-38246}
- eth: bnxt: fix missing ring index trim on error path (Jakub Kicinski) [Orabug: 37937451] {CVE-2025-37873}
- net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (Henry Martin) [Orabug: 37938078] {CVE-2025-37888}
- nfsd: fix possible badness in FREE_STATEID (Olga Kornievskaia) [Orabug: 37989102] {CVE-2024-50043}
- devlink: fix xa_alloc_cyclic() error handling (Michal Swiatkowski) [Orabug: 37828271] {CVE-2025-22017}

[5.15.0-320.202.4]
- xsk: fix an integer overflow in xp_create_and_assign_umem() (Gavrilov Ilia) [Orabug: 37828202] {CVE-2025-21997}
- RDMA/mlx5: Fix the recovery flow of the UMR QP (Yishai Hadas) [Orabug: 37766306] {CVE-2025-21892}
- misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (Vimal Agrawal) [Orabug: 37678552] {CVE-2024-58078}
- net/sched: cls_api: fix error handling causing NULL dereference (Pierre Riteau) [Orabug: 37702083] {CVE-2025-21857}
- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (Shigeru Yoshida) [Orabug: 37766220] {CVE-2025-21867}
- net: xdp: Disallow attaching device-bound programs in generic mode (Toke Høiland-Jørgensen) [Orabug: 37650238] {CVE-2025-21808}
- iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (Qasim Ijaz) [Orabug: 37649891] {CVE-2025-21724}
- xfrm: delete intermediate secpath entry in packet offload mode (Alexandre Cassen) [Orabug: 37649866] {CVE-2025-21720}
- gpiolib: Fix crash on error in gpiochip_get_ngpios() (Andy Shevchenko) [Orabug: 37650154] {CVE-2025-21783}
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (Guixin Liu) [Orabug: 37649886] {CVE-2025-21723}
- uek-rpm: Enable CONFIG_NET_VRF in container kernel (Boris Ostrovsky) [Orabug: 38932706]
- Documentation: add documentation for MFD_MF_KEEP_UE_MAPPED (William Roche) [Orabug: 38768951]
- selftests/mm: test userspace MFR for HugeTLB hugepage (William Roche) [Orabug: 38768951]
- mm: memfd/hugetlb: introduce memfd-based userspace MFR policy (William Roche) [Orabug: 38768951]

[5.15.0-320.202.3]
- net/mlx5: poll mlx5 eq during irq migration (Praveen Kumar Kannoju) [Orabug: 38915250]
- ipv4: icmp: convert to dev_net_rcu() (Eric Dumazet) [Orabug: 38807392]
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Eric Dumazet) [Orabug: 38807392]
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean Christopherson) [Orabug: 39151165,39159089] {CVE-2026-23401}

OLAMSA-2026-0012 Critical: Oracle Linux 8 ol-automation-manager security update

Oracle Linux Security Advisory OLAMSA-2026-0012

http://linux.oracle.com/errata/OLAMSA-2026-0012.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ol-automation-manager-2.3.1-11.el8.x86_64.rpm
ol-automation-manager-cli-2.3.1-11.el8.noarch.rpm
python311-olamkit-2.3.1-11.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/ol-automation-manager-2.3.1-11.el8.src.rpm

Related CVEs:

CVE-2026-41676
CVE-2026-41677
CVE-2026-41678
CVE-2026-41681

Description of changes:

[2.3.1-11.el8]
- OLAM-922 Update rust-openssl to fix CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681

ELSA-2026-50280 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50280

http://linux.oracle.com/errata/ELSA-2026-50280.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-320.202.8.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-320.202.8.4.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-320.202.8.4.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-320.202.8.4.el9uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[5.15.0-320.202.8.4]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391447] {CVE-2026-46333}

OLAMSA-2026-0013 Critical: Oracle Linux 9 ol-automation-manager security update

Oracle Linux Security Advisory OLAMSA-2026-0013

http://linux.oracle.com/errata/OLAMSA-2026-0013.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ol-automation-manager-2.3.1-10.el9.x86_64.rpm
ol-automation-manager-cli-2.3.1-10.el9.noarch.rpm
python311-olamkit-2.3.1-10.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/ol-automation-manager-2.3.1-10.el9.src.rpm

Related CVEs:

CVE-2026-41676
CVE-2026-41677
CVE-2026-41678
CVE-2026-41681

Description of changes:

[2.3.1-10.el9]
- OLAM-922 Update rust-openssl to fix CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681

ELSA-2026-50279 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50279

http://linux.oracle.com/errata/ELSA-2026-50279.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-202.76.4.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-202.76.4.3.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-202.76.4.3.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-doc-6.12.0-202.76.4.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-202.76.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-202.76.4.3.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-202.76.4.3.el9uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[6.12.0-202.76.4.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391434] {CVE-2026-46333}

ELSA-2026-50280 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50280

http://linux.oracle.com/errata/ELSA-2026-50280.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-320.202.8.4.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-320.202.8.4.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-320.202.8.4.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-320.202.8.4.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-320.202.8.4.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-320.202.8.4.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-320.202.8.4.el8uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[5.15.0-320.202.8.4]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391447] {CVE-2026-46333}

ELSA-2026-50281 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50281

http://linux.oracle.com/errata/ELSA-2026-50281.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.355.3.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.355.3.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.355.3.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.355.3.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.355.3.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.355.3.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.355.3.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.355.3.3.el8uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[5.4.17-2136.355.3.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391459] {CVE-2026-46333}

[5.4.17-2136.355.3.2]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 39368774] {CVE-2026-23193}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 39368732] {CVE-2026-23216}
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39368718] {CVE-2026-31402}

ELSA-2026-19559 Important: Oracle Linux 8 libsndfile security update

Oracle Linux Security Advisory ELSA-2026-19559

http://linux.oracle.com/errata/ELSA-2026-19559.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libsndfile-1.0.28-17.el8_10.i686.rpm
libsndfile-1.0.28-17.el8_10.x86_64.rpm
libsndfile-devel-1.0.28-17.el8_10.i686.rpm
libsndfile-devel-1.0.28-17.el8_10.x86_64.rpm
libsndfile-utils-1.0.28-17.el8_10.x86_64.rpm

aarch64:
libsndfile-1.0.28-17.el8_10.aarch64.rpm
libsndfile-devel-1.0.28-17.el8_10.aarch64.rpm
libsndfile-utils-1.0.28-17.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libsndfile-1.0.28-17.el8_10.src.rpm

Related CVEs:

CVE-2026-37555

Description of changes:

[1.0.28-17]
- apply patch for CVE-2026-37555
Resolves: RHEL-174533

ELSA-2026-50281 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50281

http://linux.oracle.com/errata/ELSA-2026-50281.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.355.3.3.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.355.3.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.355.3.3.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.355.3.3.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.355.3.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.355.3.3.el8uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[5.4.17-2136.355.3.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391459] {CVE-2026-46333}

[5.4.17-2136.355.3.2]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 39368774] {CVE-2026-23193}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 39368732] {CVE-2026-23216}
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39368718] {CVE-2026-31402}

[5.4.17-2136.355.3.1]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39344527] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39344576] {CVE-2025-54518}

[5.4.17-2136.355.3]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]

[5.4.17-2136.355.2]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}

[5.4.17-2136.355.1]
- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}

[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe Jaillet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510,39188399] {CVE-2026-23209,CVE-2026-23273}
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}

[5.4.17-2136.354.3]
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 39064937] {CVE-2025-68814}
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39045035]

[5.4.17-2136.354.2]
- ext4/jbd2: skip sb flush when EIO happened (Wengang Wang) [Orabug: 38916908]
- jbd2: store more accurate errno in superblock (Wengang Wang) [Orabug: 38916908]
- ext4: save the error code which triggered an (Wengang Wang) [Orabug: 38916908]

[5.4.17-2136.354.1]
- genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask (Imran Khan) [Orabug: 39001911]
- rds: Add state field to RDS trace logs. (Rohit Nair) [Orabug: 38870347]

ELSA-2026-50281 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50281

http://linux.oracle.com/errata/ELSA-2026-50281.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.355.3.3.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.355.3.3.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.355.3.3.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.355.3.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.355.3.3.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.355.3.3.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.355.3.3.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.355.3.3.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.355.3.3.el7uek.src.rpm

Related CVEs:

CVE-2026-46333

Description of changes:

[5.4.17-2136.355.3.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391459] {CVE-2026-46333}

[5.4.17-2136.355.3.2]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 39368774] {CVE-2026-23193}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 39368732] {CVE-2026-23216}
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39368718] {CVE-2026-31402}

[5.4.17-2136.355.3.1]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39344527] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39344576] {CVE-2025-54518}

[5.4.17-2136.355.3]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]

[5.4.17-2136.355.2]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}

[5.4.17-2136.355.1]
- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}

[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe Jaillet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510,39188399] {CVE-2026-23209,CVE-2026-23273}
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}

[5.4.17-2136.354.3]
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 39064937] {CVE-2025-68814}
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39045035]

[5.4.17-2136.354.2]
- ext4/jbd2: skip sb flush when EIO happened (Wengang Wang) [Orabug: 38916908]
- jbd2: store more accurate errno in superblock (Wengang Wang) [Orabug: 38916908]
- ext4: save the error code which triggered an (Wengang Wang) [Orabug: 38916908]

[5.4.17-2136.354.1]
- genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask (Imran Khan) [Orabug: 39001911]
- rds: Add state field to RDS trace logs. (Rohit Nair) [Orabug: 38870347]

ELSA-2026-12114 Important: Oracle Linux 7 gdk-pixbuf2 security update

Oracle Linux Security Advisory ELSA-2026-12114

http://linux.oracle.com/errata/ELSA-2026-12114.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
gdk-pixbuf2-2.36.12-3.0.3.el7.i686.rpm
gdk-pixbuf2-2.36.12-3.0.3.el7.x86_64.rpm
gdk-pixbuf2-devel-2.36.12-3.0.3.el7.i686.rpm
gdk-pixbuf2-devel-2.36.12-3.0.3.el7.x86_64.rpm
gdk-pixbuf2-tests-2.36.12-3.0.3.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gdk-pixbuf2-2.36.12-3.0.3.el7.src.rpm

Related CVEs:

CVE-2026-5201

Description of changes:

[2.36.12-3.0.3]
- Backport fixes for CVE-2026-5201 [Orabug: 39288631]

[2.36.12-3.0.1]
- jpeg: Be more careful with chunked icc data [Orabug: 38359772][CVE-2025-7345]

Chromium, .NET, PIE, and more updates for Fedora 44

Chromium, Rekor, Cockpit, and more updates for SUSE

Kernel, KRB5, Libsndfile, and more updates for Oracle Linux

ELSA-2026-50279 Important: Unbreakable Enterprise kernel security update

ELBA-2026-9321 Oracle Linux 10 krb5 bug fix and enhancement update

ELSA-2026-50280 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

OLAMSA-2026-0012 Critical: Oracle Linux 8 ol-automation-manager security update

ELSA-2026-50280 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

OLAMSA-2026-0013 Critical: Oracle Linux 9 ol-automation-manager security update

ELSA-2026-50279 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2026-50280 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2026-50281 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2026-19559 Important: Oracle Linux 8 libsndfile security update

ELSA-2026-50281 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2026-50281 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELSA-2026-12114 Important: Oracle Linux 7 gdk-pixbuf2 security update

Windows

Linux

macOS

Community