Oracle has released a series of critical security advisories for Oracle Linux versions 8, 9, and 10. These updates primarily target essential development tools like OpenJDK 17 and 25, alongside core utilities such as systemd, Grafana, Go, and Buildah. Each advisory addresses multiple common vulnerability exposures while patching specific bugs that affect system stability and container management workflows. Administrators can download the corrected packages for both x86_64 and aarch64 architectures directly from Oracle's Unbreakable Linux Network repository.

ELSA-2026-9686 Important: Oracle Linux 8 java-17-openjdk security update
ELBA-2026-9743 Oracle Linux 8 systemd bug fix and enhancement update
ELSA-2026-9686 Important: Oracle Linux 9 java-17-openjdk security update
ELSA-2026-9693 Important: Oracle Linux 9 java-25-openjdk security update
ELSA-2026-10223 Important: Oracle Linux 10 grafana security update
ELSA-2026-10226 Important: Oracle Linux 9 grafana security update
ELSA-2026-9693 Important: Oracle Linux 10 java-25-openjdk security update
ELSA-2026-10219 Important: Oracle Linux 9 golang security update
ELSA-2026-10135 Important: Oracle Linux 9 buildah security update
ELSA-2026-10217 Important: Oracle Linux 10 golang security update

ELSA-2026-9686 Important: Oracle Linux 8 java-17-openjdk security update

Oracle Linux Security Advisory ELSA-2026-9686

http://linux.oracle.com/errata/ELSA-2026-9686.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-demo-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-devel-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-headless-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-src-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.19.0.10-1.0.1.el8.x86_64.rpm

aarch64:
java-17-openjdk-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-demo-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-devel-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-headless-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-src-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.19.0.10-1.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/java-17-openjdk-17.0.19.0.10-1.0.1.el8.src.rpm

Related CVEs:

CVE-2026-22007
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-23865
CVE-2026-34268
CVE-2026-34282

Description of changes:

[1:17.0.19.0.10-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.19.0.10-1]
- Update to jdk-17.0.19+10 (GA)
- Add to .gitignore openjdk-17.0.19+10.tar.xz
- Set updatever to 19
- Set buildver to 10
- Set rpmrelease to 1
- Update sources to openjdk-17.0.19+10.tar.xz
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Set tzdata requires and build requires to 2026a
- Set bundled freetype library version to 2.14.2
- Set bundled giflib library version to 6.1.2
- Set bundled harfbuzz library version to 12.3.2
- Set bundled libpng library version to 1.6.57
- Set bundled zlib library version to 1.3.2
- Set fipsver to e1780dd5d39
- Set fipsver to 62c0f885e30
- Sync NEWS from openjdk-portable-rhel-8
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
- Resolves: RHEL-133224
- Resolves: RHEL-146657
- Resolves: RHEL-148336
- Resolves: RHEL-148850
- Resolves: RHEL-161226
- Resolves: RHEL-161342
- Resolves: RHEL-157099
- Resolves: RHEL-157153
- Resolves: RHEL-157160

ELBA-2026-9743 Oracle Linux 8 systemd bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-9743

http://linux.oracle.com/errata/ELBA-2026-9743.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
systemd-239-82.0.11.el8_10.16.i686.rpm
systemd-239-82.0.11.el8_10.16.x86_64.rpm
systemd-container-239-82.0.11.el8_10.16.i686.rpm
systemd-container-239-82.0.11.el8_10.16.x86_64.rpm
systemd-devel-239-82.0.11.el8_10.16.i686.rpm
systemd-devel-239-82.0.11.el8_10.16.x86_64.rpm
systemd-journal-remote-239-82.0.11.el8_10.16.x86_64.rpm
systemd-libs-239-82.0.11.el8_10.16.i686.rpm
systemd-libs-239-82.0.11.el8_10.16.x86_64.rpm
systemd-pam-239-82.0.11.el8_10.16.x86_64.rpm
systemd-tests-239-82.0.11.el8_10.16.x86_64.rpm
systemd-udev-239-82.0.11.el8_10.16.x86_64.rpm

aarch64:
systemd-239-82.0.11.el8_10.16.aarch64.rpm
systemd-container-239-82.0.11.el8_10.16.aarch64.rpm
systemd-devel-239-82.0.11.el8_10.16.aarch64.rpm
systemd-journal-remote-239-82.0.11.el8_10.16.aarch64.rpm
systemd-libs-239-82.0.11.el8_10.16.aarch64.rpm
systemd-pam-239-82.0.11.el8_10.16.aarch64.rpm
systemd-tests-239-82.0.11.el8_10.16.aarch64.rpm
systemd-udev-239-82.0.11.el8_10.16.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/systemd-239-82.0.11.el8_10.16.src.rpm

Description of changes:

[239-82.0.11.el8_10.16]
- Revert fix of leaking devlinks [Orabug: 39109827]
- Return to newest device wins for competing symlink claims [Orabug: 38718322]
- Fix collection of device units with conflicting devlinks [Orabug: 38599776]
- Re-apply fix for devlink device units on lvm rename [Orabug: 38491067]
- Removed fix for devlink device units on lvm rename [Orabug: 38659832]
- Fix leak of old devlink device units on lvm rename [Orabug: 38491067]
- Stash the dbus subscriber list when we disconnect from the bus [Orabug: 38028720]
- Drop systemd-nspawn delay on failing to reset loginuid [Orabug: 37782633]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Fixes podman quadlet doesn't work in rootless mode [Orabug: 36076771]
- Drastically simplify caching of cgroups members mask
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432]
- Udevd: add an extra configurable timeout before udevd kills workers [Orabug: 36424686]
- Fixed deletion issue for symlink when device is opened [Orabug: 36228608]
- Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376]
- 1A) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 35871376]
- 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376]
- 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]
- Backport upstream pstore dmesg fix [Orabug: 34850699]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273]
- Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629
- Detect podman as separate container type [Orabug: 31922204]
- improve container detection logic [Orabug: 31922204]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]
- Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
- Removed unneeded patches (Already provided upstream or not required)
- 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486]
- 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167)
- 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167)
- 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769)
- systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769)
- Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
- systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)

[239-82.16]
- core: validate input cgroup path more prudently (RHEL-152085)
- nspawn: normalize pivot_root paths (RHEL-163868)
- udev: check for invalid chars in various fields received from the kernel (RHEL-163874)
- udev: fix review mixup (RHEL-163874)
- udev/scsi-id: check for invalid chars in various fields received from the kernel (RHEL-163874)
- core/manager: fix memory leak (RHEL-163867)

[239-82.15]
- resolved: add dns_query_candidate_freep() (RHEL-93425)
- resolved: fix use-after-free with queries hitting the cache (RHEL-93425)
- resolve: exit from loop for transactions when transactions has been regenerated (RHEL-93425)
- locale-util: do not call setlocale() when multi-threaded (RHEL-93425)

[239-82.14]
- core: only activate transaction that contain useful jobs (RHEL-138710)

[239-82.13]
- logind: fix crash in logind on user-specified message string (RHEL-132317)

[239-82.12]
- Revert "run: update checks to allow running with a user's bus" (RHEL-118835)

[239-82.11]
- run: update checks to allow running with a user's bus (RHEL-118835)

[239-82.10]
- hwdb: add ACCEL_LOCATION property to parse_hwdb.py (RHEL-130979)
- hwdb: update ACCEL_LOCATION property to use Or instead of QuotedString (RHEL-130979)
- test: support general properties in hwdb files (RHEL-130979)
- hwdb: Relax parsing script to allow 0 and 1 for all ID_* properties (RHEL-130979)
- hwdb: allow spaces in usb: matches and similar patterns (RHEL-130979)
- test: fix parsing of 60-seat.hwdb and 60-keyboard.hwdb (RHEL-130979)
- parse_hwdb: fix compatibility with pyparsing 2.4.* (RHEL-130979)
- login: use parse_uid() when unmounting user runtime directory (RHEL-132175)
- pid1: do not use generated strings as format strings (#19098) (RHEL-132317)
- core/transaction: make merge_unit_ids() always return NUL-terminated string (RHEL-132317)
- core/transaction: make merge_unit_ids() return non-NULL on success (RHEL-132317)
- core/transaction: do not log "(null)" (RHEL-132317)

[239-82.9]
- cryptsetup-generator: refactor add_crypttab_devices() (RHEL-38859)
- cryptsetup-generator: continue parsing after error (RHEL-38859)

[239-82.8]
- test-execute: let's ignore the difference between CLD_KILLED and CLD_DUMPED (RHEL-108744)
- test-execute: turn off coredump generation in test services (RHEL-108744)
- test: introduce TEST-53-TIMER (RHEL-108744)
- test: restarting elapsed timer shouldn't trigger the corresponding service (RHEL-108744)
- test: check the next elapse timer timestamp after deserialization (RHEL-108744)
- timer: don't run service immediately after restart of a timer (RHEL-108744)
- Revert "test: extend testcase to ensure controller membership doesn't regress" (RHEL-9322)

ELSA-2026-9686 Important: Oracle Linux 9 java-17-openjdk security update

Oracle Linux Security Advisory ELSA-2026-9686

http://linux.oracle.com/errata/ELSA-2026-9686.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-demo-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-devel-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-headless-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-javadoc-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-src-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.19.0.10-2.0.1.el9.x86_64.rpm

aarch64:
java-17-openjdk-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-demo-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-devel-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-headless-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-javadoc-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-src-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.19.0.10-2.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/java-17-openjdk-17.0.19.0.10-2.0.1.el9.src.rpm

Related CVEs:

CVE-2026-22007
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-23865
CVE-2026-34268
CVE-2026-34282

Description of changes:

[1:17.0.19.0.10-2.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.19.0.10-2]
- Set rpmrelease to 2 for PQC signing

[1:17.0.19.0.10-1]
- Update to jdk-17.0.19+10 (GA)
- Add to .gitignore openjdk-17.0.19+10.tar.xz
- Set updatever to 19
- Set buildver to 10
- Set rpmrelease to 1
- Update sources to openjdk-17.0.19+10.tar.xz
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Set tzdata requires and build requires to 2026a
- Set bundled freetype library version to 2.14.2
- Set bundled giflib library version to 6.1.2
- Set bundled harfbuzz library version to 12.3.2
- Set bundled libpng library version to 1.6.57
- Set bundled zlib library version to 1.3.2
- Set fipsver to 62c0f885e30
- Sync NEWS from openjdk-portable-rhel-8
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
- Set portablerelease to 1
- Resolves: RHEL-133292
- Resolves: RHEL-147350
- Resolves: RHEL-148408
- Resolves: RHEL-148987
- Resolves: RHEL-161296
- Resolves: RHEL-161445
- Resolves: RHEL-157135

[1:17.0.18.0.8-2]
- Set portablerelease to 2
- Remove test to ensure blocked.certs is valid, done in portable
- Related: RHEL-122136
- Related: RHEL-131590
- Related: RHEL-131601
- Related: RHEL-139552
- Related: RHEL-149327

[1:17.0.18.0.8-2]
- Add test to ensure blocked.certs is valid (OPENJDK-4362)
- Restore NEWS file so portable can be rebuilt
- Resolves: RHEL-149327

[1:17.0.18.0.8-2]
- Set rpmrelease to 2
- Sync java-17-openjdk-portable.specfile from openjdk-portable-centos-9
- Set fipsver to e1780dd5d39
- Resolves: RHEL-122136

ELSA-2026-9693 Important: Oracle Linux 9 java-25-openjdk security update

Oracle Linux Security Advisory ELSA-2026-9693

http://linux.oracle.com/errata/ELSA-2026-9693.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-25-openjdk-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-crypto-adapter-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-crypto-adapter-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-crypto-adapter-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-demo-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-demo-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-demo-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-devel-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-devel-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-devel-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-headless-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-headless-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-headless-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-javadoc-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-javadoc-zip-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-jmods-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-jmods-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-jmods-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-src-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-src-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-src-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-static-libs-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-static-libs-fastdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm
java-25-openjdk-static-libs-slowdebug-25.0.3.0.9-1.0.1.el9.x86_64.rpm

aarch64:
java-25-openjdk-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-crypto-adapter-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-crypto-adapter-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-crypto-adapter-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-demo-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-demo-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-demo-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-devel-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-devel-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-devel-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-headless-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-headless-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-headless-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-javadoc-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-javadoc-zip-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-jmods-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-jmods-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-jmods-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-src-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-src-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-src-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-static-libs-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-static-libs-fastdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm
java-25-openjdk-static-libs-slowdebug-25.0.3.0.9-1.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/java-25-openjdk-25.0.3.0.9-1.0.1.el9.src.rpm

Related CVEs:

CVE-2026-22007
CVE-2026-22008
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-23865
CVE-2026-26740
CVE-2026-33416
CVE-2026-33636
CVE-2026-34268
CVE-2026-34282

Description of changes:

[1:25.0.3.0.9-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:25.0.3.0.9-1]
- Update to jdk-25.0.3+9 (GA)
- Update release notes to 25.0.3+9
- Update FIPS patch to 57722aab802 version synced with 25.0.3+8
- Drop local libpng patches now JDK-8372534, JDK-8375063 & JDK-8377526 are included upstream
- Drop local HarfBuzz patch now JDK-8375057 is included upstream
- Bump freetype version to 2.14.2 following JDK-8373290 & JDK-8379158
- Bump giflib version to 6.1.2 following JDK-8379256 & JDK-8380078
- Bump libpng version to 1.6.57 following JDK-8380959 & JDK-8382047
- Bump zlib version to 1.3.2 following JDK-8378631
- Add JDK-8375294 EOPNOTSUPP patch ahead of 25.0.4
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Resolves: RHEL-169619
- Resolves: RHEL-157142
- Resolves: RHEL-157154
- Resolves: RHEL-161306
- Resolves: RHEL-161455
- Resolves: RHEL-169615

ELSA-2026-10223 Important: Oracle Linux 10 grafana security update

Oracle Linux Security Advisory ELSA-2026-10223

http://linux.oracle.com/errata/ELSA-2026-10223.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-10.2.6-24.el10_1.x86_64.rpm
grafana-selinux-10.2.6-24.el10_1.x86_64.rpm

aarch64:
grafana-10.2.6-24.el10_1.aarch64.rpm
grafana-selinux-10.2.6-24.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/grafana-10.2.6-24.el10_1.src.rpm

Related CVEs:

CVE-2026-27877

Description of changes:

[10.2.6-24]
- Resolves RHEL-161790: CVE-2026-27877

ELSA-2026-10226 Important: Oracle Linux 9 grafana security update

Oracle Linux Security Advisory ELSA-2026-10226

http://linux.oracle.com/errata/ELSA-2026-10226.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-10.2.6-20.el9_7.x86_64.rpm
grafana-selinux-10.2.6-20.el9_7.x86_64.rpm

aarch64:
grafana-10.2.6-20.el9_7.aarch64.rpm
grafana-selinux-10.2.6-20.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/grafana-10.2.6-20.el9_7.src.rpm

Related CVEs:

CVE-2026-27877

Description of changes:

[10.2.6-20]
- Resolves RHEL-161802: CVE-2026-27877

ELSA-2026-9693 Important: Oracle Linux 10 java-25-openjdk security update

Oracle Linux Security Advisory ELSA-2026-9693

http://linux.oracle.com/errata/ELSA-2026-9693.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-25-openjdk-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-crypto-adapter-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-crypto-adapter-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-crypto-adapter-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-demo-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-demo-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-demo-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-devel-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-devel-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-devel-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-headless-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-headless-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-headless-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-javadoc-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-javadoc-zip-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-jmods-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-jmods-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-jmods-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-src-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-src-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-src-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-static-libs-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-static-libs-fastdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm
java-25-openjdk-static-libs-slowdebug-25.0.3.0.9-1.0.1.el10_2.x86_64.rpm

aarch64:
java-25-openjdk-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-crypto-adapter-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-crypto-adapter-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-crypto-adapter-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-demo-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-demo-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-demo-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-devel-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-devel-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-devel-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-headless-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-headless-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-headless-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-javadoc-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-javadoc-zip-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-jmods-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-jmods-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-jmods-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-src-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-src-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-src-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-static-libs-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-static-libs-fastdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm
java-25-openjdk-static-libs-slowdebug-25.0.3.0.9-1.0.1.el10_2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/java-25-openjdk-25.0.3.0.9-1.0.1.el10_2.src.rpm

Related CVEs:

CVE-2026-22007
CVE-2026-22008
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-23865
CVE-2026-26740
CVE-2026-33416
CVE-2026-33636
CVE-2026-34268
CVE-2026-34282

Description of changes:

[1:25.0.3.0.9-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:25.0.3.0.9-1]
- Update to jdk-25.0.3+9 (GA)
- Update release notes to 25.0.3+9
- Update FIPS patch to 57722aab802 version synced with 25.0.3+8
- Drop local libpng patches now JDK-8372534, JDK-8375063 & JDK-8377526 are included upstream
- Drop local HarfBuzz patch now JDK-8375057 is included upstream
- Bump freetype version to 2.14.2 following JDK-8373290 & JDK-8379158
- Bump giflib version to 6.1.2 following JDK-8379256 & JDK-8380078
- Bump libpng version to 1.6.57 following JDK-8380959 & JDK-8382047
- Bump zlib version to 1.3.2 following JDK-8378631
- Bump tzdata version to 2026a following JDK-8379035
- Add JDK-8375294 EOPNOTSUPP patch ahead of 25.0.4
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Resolves: RHEL-169620
- Resolves: RHEL-157091
- Resolves: RHEL-161217
- Resolves: RHEL-161333
- Resolves: RHEL-169613

ELSA-2026-10219 Important: Oracle Linux 9 golang security update

Oracle Linux Security Advisory ELSA-2026-10219

http://linux.oracle.com/errata/ELSA-2026-10219.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
go-toolset-1.25.9-1.el9_7.x86_64.rpm
golang-1.25.9-1.el9_7.x86_64.rpm
golang-bin-1.25.9-1.el9_7.x86_64.rpm
golang-docs-1.25.9-1.el9_7.noarch.rpm
golang-misc-1.25.9-1.el9_7.noarch.rpm
golang-race-1.25.9-1.el9_7.x86_64.rpm
golang-src-1.25.9-1.el9_7.noarch.rpm
golang-tests-1.25.9-1.el9_7.noarch.rpm

aarch64:
go-toolset-1.25.9-1.el9_7.aarch64.rpm
golang-1.25.9-1.el9_7.aarch64.rpm
golang-bin-1.25.9-1.el9_7.aarch64.rpm
golang-docs-1.25.9-1.el9_7.noarch.rpm
golang-misc-1.25.9-1.el9_7.noarch.rpm
golang-race-1.25.9-1.el9_7.aarch64.rpm
golang-src-1.25.9-1.el9_7.noarch.rpm
golang-tests-1.25.9-1.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/golang-1.25.9-1.el9_7.src.rpm

Related CVEs:

CVE-2026-27140
CVE-2026-27143
CVE-2026-27144
CVE-2026-32280
CVE-2026-32282
CVE-2026-32283

Description of changes:

[1.25.9-1]
- Update to Go 1.25.9 (fips-2)
- Resolves: RHEL-169931

ELSA-2026-10135 Important: Oracle Linux 9 buildah security update

Oracle Linux Security Advisory ELSA-2026-10135

http://linux.oracle.com/errata/ELSA-2026-10135.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
buildah-1.41.8-3.0.1.el9_7.x86_64.rpm
buildah-tests-1.41.8-3.0.1.el9_7.x86_64.rpm

aarch64:
buildah-1.41.8-3.0.1.el9_7.aarch64.rpm
buildah-tests-1.41.8-3.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/buildah-1.41.8-3.0.1.el9_7.src.rpm

Related CVEs:

CVE-2026-34986

Description of changes:

[1.41.8-3.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.41.8-3]
- rebuild for CVE-2026-34986
- Resolves: RHEL-165027

ELSA-2026-10217 Important: Oracle Linux 10 golang security update

Oracle Linux Security Advisory ELSA-2026-10217

http://linux.oracle.com/errata/ELSA-2026-10217.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
go-toolset-1.25.9-3.el10_1.x86_64.rpm
golang-1.25.9-3.el10_1.x86_64.rpm
golang-bin-1.25.9-3.el10_1.x86_64.rpm
golang-docs-1.25.9-3.el10_1.noarch.rpm
golang-misc-1.25.9-3.el10_1.noarch.rpm
golang-race-1.25.9-3.el10_1.x86_64.rpm
golang-src-1.25.9-3.el10_1.noarch.rpm
golang-tests-1.25.9-3.el10_1.noarch.rpm

aarch64:
go-toolset-1.25.9-3.el10_1.aarch64.rpm
golang-1.25.9-3.el10_1.aarch64.rpm
golang-bin-1.25.9-3.el10_1.aarch64.rpm
golang-docs-1.25.9-3.el10_1.noarch.rpm
golang-misc-1.25.9-3.el10_1.noarch.rpm
golang-race-1.25.9-3.el10_1.aarch64.rpm
golang-src-1.25.9-3.el10_1.noarch.rpm
golang-tests-1.25.9-3.el10_1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/golang-1.25.9-3.el10_1.src.rpm

Related CVEs:

CVE-2026-27140
CVE-2026-27143
CVE-2026-27144
CVE-2026-32280
CVE-2026-32282
CVE-2026-32283

Description of changes:

[1.25.9-3]
- Do not ignore any tests in check

[1.25.9-2]
- Skip terminal test in container

[1.25.9-1]
- Update to Go 1.25.9 (fips-2)