Opencryptoki, Lvm2, Bootc, SOS, MySQL, Nginx updates for Oracle Linux

Oracle Linux 6464 Published by

Oracle Linux 9 administrators must apply several updates that address security vulnerabilities in critical packages like opencryptoki and nginx. These advisories also cover bug fixes for lvm2, bootc, and the sos utility to ensure better stability across different hardware platforms while resolving specific errors on s390x architectures. The latest mysql release includes multiple patches for database integrity and compatibility issues found in earlier versions. All revised software components are now available through the Unbreakable Linux Network for both x86_64 and aarch64 architectures.

ELSA-2026-5603 Moderate: Oracle Linux 9 opencryptoki security update
ELBA-2026-5605 Oracle Linux 9 lvm2 bug fix and enhancement update
ELBA-2026-5601 Oracle Linux 9 bootc bug fix and enhancement update
ELBA-2026-5235 Oracle Linux 9 sos bug fix and enhancement update
ELSA-2026-5640 Moderate: Oracle Linux 9 mysql:8.4 security update
ELSA-2026-5599 Moderate: Oracle Linux 9 nginx security update




ELSA-2026-5603 Moderate: Oracle Linux 9 opencryptoki security update


Oracle Linux Security Advisory ELSA-2026-5603

http://linux.oracle.com/errata/ELSA-2026-5603.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
opencryptoki-3.25.0-4.el9_7.2.x86_64.rpm
opencryptoki-ccatok-3.25.0-4.el9_7.2.x86_64.rpm
opencryptoki-devel-3.25.0-4.el9_7.2.i686.rpm
opencryptoki-devel-3.25.0-4.el9_7.2.x86_64.rpm
opencryptoki-icsftok-3.25.0-4.el9_7.2.x86_64.rpm
opencryptoki-libs-3.25.0-4.el9_7.2.i686.rpm
opencryptoki-libs-3.25.0-4.el9_7.2.x86_64.rpm
opencryptoki-swtok-3.25.0-4.el9_7.2.x86_64.rpm

aarch64:
opencryptoki-3.25.0-4.el9_7.2.aarch64.rpm
opencryptoki-devel-3.25.0-4.el9_7.2.aarch64.rpm
opencryptoki-icsftok-3.25.0-4.el9_7.2.aarch64.rpm
opencryptoki-libs-3.25.0-4.el9_7.2.aarch64.rpm
opencryptoki-swtok-3.25.0-4.el9_7.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/opencryptoki-3.25.0-4.el9_7.2.src.rpm

Related CVEs:

CVE-2026-23893

Description of changes:

[3.25.0-4.2]
- Resolves: RHEL-144820, Privilege Escalation or Data Exposure via Symlink Following



ELBA-2026-5605 Oracle Linux 9 lvm2 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-5605

http://linux.oracle.com/errata/ELBA-2026-5605.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
device-mapper-1.02.206-2.el9_7.2.x86_64.rpm
device-mapper-devel-1.02.206-2.el9_7.2.i686.rpm
device-mapper-devel-1.02.206-2.el9_7.2.x86_64.rpm
device-mapper-event-1.02.206-2.el9_7.2.x86_64.rpm
device-mapper-event-devel-1.02.206-2.el9_7.2.i686.rpm
device-mapper-event-devel-1.02.206-2.el9_7.2.x86_64.rpm
device-mapper-event-libs-1.02.206-2.el9_7.2.i686.rpm
device-mapper-event-libs-1.02.206-2.el9_7.2.x86_64.rpm
device-mapper-libs-1.02.206-2.el9_7.2.i686.rpm
device-mapper-libs-1.02.206-2.el9_7.2.x86_64.rpm
lvm2-2.03.32-2.el9_7.2.x86_64.rpm
lvm2-dbusd-2.03.32-2.el9_7.2.noarch.rpm
lvm2-devel-2.03.32-2.el9_7.2.i686.rpm
lvm2-devel-2.03.32-2.el9_7.2.x86_64.rpm
lvm2-libs-2.03.32-2.el9_7.2.i686.rpm
lvm2-libs-2.03.32-2.el9_7.2.x86_64.rpm
lvm2-lockd-2.03.32-2.el9_7.2.x86_64.rpm

aarch64:
device-mapper-1.02.206-2.el9_7.2.aarch64.rpm
device-mapper-devel-1.02.206-2.el9_7.2.aarch64.rpm
device-mapper-event-1.02.206-2.el9_7.2.aarch64.rpm
device-mapper-event-devel-1.02.206-2.el9_7.2.aarch64.rpm
device-mapper-event-libs-1.02.206-2.el9_7.2.aarch64.rpm
device-mapper-libs-1.02.206-2.el9_7.2.aarch64.rpm
lvm2-2.03.32-2.el9_7.2.aarch64.rpm
lvm2-dbusd-2.03.32-2.el9_7.2.noarch.rpm
lvm2-devel-2.03.32-2.el9_7.2.aarch64.rpm
lvm2-libs-2.03.32-2.el9_7.2.aarch64.rpm
lvm2-lockd-2.03.32-2.el9_7.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/lvm2-2.03.32-2.el9_7.2.src.rpm

Description of changes:

[2.03.32-2.el9_7.2]
- Fix false positive warnings about stray FDs on s390x.



ELBA-2026-5601 Oracle Linux 9 bootc bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-5601

http://linux.oracle.com/errata/ELBA-2026-5601.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bootc-1.8.0-4.0.1.el9_7.x86_64.rpm
system-reinstall-bootc-1.8.0-4.0.1.el9_7.x86_64.rpm

aarch64:
bootc-1.8.0-4.0.1.el9_7.aarch64.rpm
system-reinstall-bootc-1.8.0-4.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/bootc-1.8.0-4.0.1.el9_7.src.rpm

Description of changes:

[1.8.0-4.0.1]
- Update bootc-oraclelinux-configs and image-builder scripts
- Also add image-builder helper scripts and configs
- Add bootc-oraclelinux-configs

[1.8.0-4]
- Backport https://github.com/bootc-dev/bootc/pull/1752
Resolves: #RHEL-143203



ELBA-2026-5235 Oracle Linux 9 sos bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-5235

http://linux.oracle.com/errata/ELBA-2026-5235.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
sos-4.10.2-2.0.1.el9_7.noarch.rpm
sos-audit-4.10.2-2.0.1.el9_7.noarch.rpm

aarch64:
sos-4.10.2-2.0.1.el9_7.noarch.rpm
sos-audit-4.10.2-2.0.1.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/sos-4.10.2-2.0.1.el9_7.src.rpm

Description of changes:

[4.10.2-2.0.1]
- Add kvm debugfs to sosreport [Orabug: 39073001]
- Add qtree,pci,numa command to virsh-qemu-monitor command [Orabug: 38608068]
- Disable all upload options [Orabug: 37845593]
- Add Keyboard exception handler to collector [Orabug: 37854316]
- Print stack of all un-interrupted process [Orabug: 37713383]
- Update the enabled and skipped plugins lists to match ExaData's
requirements. [Orabug: 37440321]
- os detect string [Orabug: 28674897]
- Disable upload options [Orabug: 31969352]
- Disable upload-option to sos report collector [Orabug: 36068606]
- Add irq debugfs to sosreport [Orabug: 36511145]
- Adding socket statistics command output [Orabug: 36594481]
- Remove file type check and append string to file name [Orabug: 37241057]
- Remove rpc_clnt directory from sunrpc debugfs [Orabug: 37129232]
- Disable ethtool EEPROM dump for link down interfaces [Orabug: 37129428]
- Modify sos.spec to make python3-file-magic as dependency for sos package [Orabug: 36834417]
- Append .txt extension to files rejected by MOS policy [Orabug: 36727763]
- Collecting last 50k lines of ftrace file trace [Orabug: 36590767]
- Adding socket statistics command output [Orabug: 36594481]
- Add IO queue depth of all the devices on node [Orabug: 36594679]
- Disable upload option to sos report collector [Orabug: 36068606]
- Add irq debugfs to sosreport [Orabug: 36511145]
- Collect all rsyslogs files for all-logs option [Orabug: 36402382]
- Set SIGPIPE to default action for Broken Pipe Error [Orabug: 35969973]
- Modifying dnf history info transaction index [Orabug: 35497720]
- Adding virsh guest cgroup configuration [Orabug: 35145501]
- Adding virsh qemu-monitor info tree command [Orabug: 35148435]
- Adding Plugin option support for ksplice and btrfs [Orabug: 35115193]
- append .txt to .com domain named files [Orabug: 34527958]
- Adding dmesg -T to show timestamp for syslog comparison [Orabug: 34250313]
- Adding uptrack-uname to show effective ksplice kernel version [Orabug: 33553351]
- Added sos-oraclelinux-vendor-vendorurl.patch
- Fix patch for Orabug 31969352 [Orabug: 32822570]
- [ovn_central] call podman exec without a timeout
Resolves: bz1767359
- Adjusted ksplice plugin patches for path change [Orabug: 32881277]
- Fix os detect string for Oracle Linux [Orabug: 28674897]
- Add ksplice plugin [Orabug: 30273666] (Philippe Vanhaesendonck)
- Disable upload options for OracleLinux [Orabug: 31969352]
- Replace RH_FTP_HOST and RH_API_HOST with "_none_" [Orabug: 31975601]
- Allow a journal log size to be smaller than 100M [Orabug: 32454362]
- Do not exit on unknown plugin [Orabug: 32556170]
- Add in some btrfs commands [Orabug: 32727607]
- Add /var/run/ksplice/debug to sos ksplice plugin [Orabug: 32618933]
- Fix ksplice plugin does not show description [Orabug: 32886513]

[= 4.10.2-2]
- Update to 4.10.2-2
Resolves: RHEL-142634

[= 4.10.2-1]
- Update to 4.10.2-1
Resolves: RHEL-142635



ELSA-2026-5640 Moderate: Oracle Linux 9 mysql:8.4 security update


Oracle Linux Security Advisory ELSA-2026-5640

http://linux.oracle.com/errata/ELSA-2026-5640.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mecab-0.996-3.module+el9.7.0+90850+a687c04f.4.x86_64.rpm
mecab-devel-0.996-3.module+el9.7.0+90850+a687c04f.4.x86_64.rpm
mecab-ipadic-2.7.0.20070801-24.0.1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-24.0.1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mysql-8.4.8-1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mysql-common-8.4.8-1.module+el9.7.0+90850+a687c04f.noarch.rpm
mysql-devel-8.4.8-1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mysql-errmsg-8.4.8-1.module+el9.7.0+90850+a687c04f.noarch.rpm
mysql-libs-8.4.8-1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mysql-server-8.4.8-1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mysql-test-8.4.8-1.module+el9.7.0+90850+a687c04f.x86_64.rpm
mysql-test-data-8.4.8-1.module+el9.7.0+90850+a687c04f.noarch.rpm
rapidjson-devel-1.1.0-19.module+el9.7.0+90850+a687c04f.x86_64.rpm
rapidjson-doc-1.1.0-19.module+el9.7.0+90850+a687c04f.noarch.rpm

aarch64:
mecab-0.996-3.module+el9.7.0+90850+a687c04f.4.aarch64.rpm
mecab-devel-0.996-3.module+el9.7.0+90850+a687c04f.4.aarch64.rpm
mecab-ipadic-2.7.0.20070801-24.0.1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-24.0.1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mysql-8.4.8-1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mysql-common-8.4.8-1.module+el9.7.0+90850+a687c04f.noarch.rpm
mysql-devel-8.4.8-1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mysql-errmsg-8.4.8-1.module+el9.7.0+90850+a687c04f.noarch.rpm
mysql-libs-8.4.8-1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mysql-server-8.4.8-1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mysql-test-8.4.8-1.module+el9.7.0+90850+a687c04f.aarch64.rpm
mysql-test-data-8.4.8-1.module+el9.7.0+90850+a687c04f.noarch.rpm
rapidjson-devel-1.1.0-19.module+el9.7.0+90850+a687c04f.aarch64.rpm
rapidjson-doc-1.1.0-19.module+el9.7.0+90850+a687c04f.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/mecab-0.996-3.module+el9.7.0+90850+a687c04f.4.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/mecab-ipadic-2.7.0.20070801-24.0.1.module+el9.7.0+90850+a687c04f.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/mysql-8.4.8-1.module+el9.7.0+90850+a687c04f.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rapidjson-1.1.0-19.module+el9.7.0+90850+a687c04f.src.rpm

Related CVEs:

CVE-2026-21936
CVE-2026-21937
CVE-2026-21941
CVE-2026-21948
CVE-2026-21964
CVE-2026-21968

Description of changes:

mecab
[0.996-3.4]
- Bump version for package rebuild
We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'CRB' repo
- Resolves: #2182069

[0.996-3.3]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

[0.996-3.2]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

mecab-ipadic
[2.7.0.20070801-24.0.1]
- Rename the LICENSE.Fedora to LICENSE.oracle

[2.7.0.20070801-24]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

[2.7.0.20070801-23]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

[2.7.0.20070801-22]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[2.7.0.20070801-21]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[2.7.0.20070801-20]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

mysql
[8.4.8-1]
- Rebase to 8.4.8

rapidjson
[1.1.0-19]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

[1.1.0-18]
- Remove gtest dependency and turn off tests
Resolves: #1977656

[1.1.0-17]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

[1.1.0-16]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[1.1.0-15]
- Add patch for C++20 support

[1.1.0-14]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[1.1.0-13]
- Install pkg-config and cmake files to arched location
- Build documentation as noarch

[1.1.0-12]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild



ELSA-2026-5599 Moderate: Oracle Linux 9 nginx security update


Oracle Linux Security Advisory ELSA-2026-5599

http://linux.oracle.com/errata/ELSA-2026-5599.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nginx-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-all-modules-1.20.1-24.0.1.el9_7.1.noarch.rpm
nginx-core-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-filesystem-1.20.1-24.0.1.el9_7.1.noarch.rpm
nginx-mod-devel-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-mod-http-perl-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-mod-mail-1.20.1-24.0.1.el9_7.1.x86_64.rpm
nginx-mod-stream-1.20.1-24.0.1.el9_7.1.x86_64.rpm

aarch64:
nginx-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-all-modules-1.20.1-24.0.1.el9_7.1.noarch.rpm
nginx-core-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-filesystem-1.20.1-24.0.1.el9_7.1.noarch.rpm
nginx-mod-devel-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-mod-http-perl-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-mod-mail-1.20.1-24.0.1.el9_7.1.aarch64.rpm
nginx-mod-stream-1.20.1-24.0.1.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.20.1-24.0.1.el9_7.1.src.rpm

Related CVEs:

CVE-2026-1642

Description of changes:

[1.20.1-24.0.1.el9_7.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle
attack on TLS proxied connections (CVE-2026-1642)

[2:1.20.1-24]
- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)
- Resolves: RHEL-85556 - nginx: Memory disclosure in the
ngx_http_mp4_module (CVE-2022-41742)
- Resolves: RHEL-91446 - nginx: Memory corruption in the
ngx_http_mp4_module (CVE-2022-41741)

[2:1.20.1-23]
- Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER
at nginx with reverse-proxy


Chromium, .NET, Wireshark, FreeRDP updates for Fedora

Udisks2, JBoss, Kernel, OSBuild-Composer updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...