ELBA-2026-6837 Oracle Linux 9 mdadm bug fix and enhancement update
ELSA-2026-29981 Moderate: Oracle Linux 9 golang security, bug fix, and enhancement update
ELSA-2026-25239 Important: Oracle Linux 9 openssl security update
ELBA-2026-25055 Oracle Linux 9 python3.11 bug fix and enhancement update
ELSA-2026-19372 Critical: Oracle Linux 9 nginx:1.26 security update
ELSA-2026-18722 Important: Oracle Linux 9 podman security update
ELBA-2026-25056 Oracle Linux 9 aide bug fix and enhancement update
ELBA-2026-28242 Oracle Linux 9 gdm bug fix and enhancement update
ELSA-2026-21297 Important: Oracle Linux 9 .NET 10.0 security update
ELSA-2026-22717 Moderate: Oracle Linux 9 vim security update
ELSA-2026-28244 Moderate: Oracle Linux 9 libpng15 security update
ELSA-2026-22304 Important: Oracle Linux 9 postgresql-jdbc security update
ELSA-2026-24370 Important: Oracle Linux 9 frr10 security update
ELBA-2026-6837 Oracle Linux 9 mdadm bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-6837
http://linux.oracle.com/errata/ELBA-2026-6837.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
mdadm-4.4-4.0.2.el9_8.x86_64.rpm
aarch64:
mdadm-4.4-4.0.2.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/mdadm-4.4-4.0.2.el9_8.src.rpm
Description of changes:
[4.4-4.0.2]
- Drop patches incompatible with UEK kernels [Orabug: 39601151]
- Revert "mdadm: Fix IMSM Raid assembly after disk link failure and reboot" [Orabug: 39350609]
[4.4-4.0.1]
- mdadm: Fix IMSM Raid assembly after disk link failure and reboot [Orabug: 37635990]
[4.4-4]
- enable sync del mode and some booting fixes
- Resolves RHEL-106747 RHEL-130808
[4.4-3]
- udev change and don't stop array during assemble
- Resolves RHEL-130808 RHEL-106747
ELSA-2026-29981 Moderate: Oracle Linux 9 golang security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2026-29981
http://linux.oracle.com/errata/ELSA-2026-29981.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
go-toolset-1.26.4-1.0.1.el9_8.x86_64.rpm
golang-1.26.4-1.0.1.el9_8.x86_64.rpm
golang-bin-1.26.4-1.0.1.el9_8.x86_64.rpm
golang-docs-1.26.4-1.0.1.el9_8.noarch.rpm
golang-misc-1.26.4-1.0.1.el9_8.noarch.rpm
golang-race-1.26.4-1.0.1.el9_8.x86_64.rpm
golang-src-1.26.4-1.0.1.el9_8.noarch.rpm
golang-tests-1.26.4-1.0.1.el9_8.noarch.rpm
aarch64:
go-toolset-1.26.4-1.0.1.el9_8.aarch64.rpm
golang-1.26.4-1.0.1.el9_8.aarch64.rpm
golang-bin-1.26.4-1.0.1.el9_8.aarch64.rpm
golang-docs-1.26.4-1.0.1.el9_8.noarch.rpm
golang-misc-1.26.4-1.0.1.el9_8.noarch.rpm
golang-race-1.26.4-1.0.1.el9_8.aarch64.rpm
golang-src-1.26.4-1.0.1.el9_8.noarch.rpm
golang-tests-1.26.4-1.0.1.el9_8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/golang-1.26.4-1.0.1.el9_8.src.rpm
Related CVEs:
CVE-2026-42507
Description of changes:
[1.26.4-1.0.1]
- EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var
[1.26.4-1]
- Update to Go 1.26.4 (fips-1)
- Resolves: RHEL-183349
ELSA-2026-25239 Important: Oracle Linux 9 openssl security update
Oracle Linux Security Advisory ELSA-2026-25239
http://linux.oracle.com/errata/ELSA-2026-25239.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
openssl-3.5.5-4.0.1.el9_8.x86_64.rpm
openssl-devel-3.5.5-4.0.1.el9_8.i686.rpm
openssl-devel-3.5.5-4.0.1.el9_8.x86_64.rpm
openssl-libs-3.5.5-4.0.1.el9_8.i686.rpm
openssl-libs-3.5.5-4.0.1.el9_8.x86_64.rpm
openssl-perl-3.5.5-4.0.1.el9_8.x86_64.rpm
aarch64:
openssl-3.5.5-4.0.1.el9_8.aarch64.rpm
openssl-devel-3.5.5-4.0.1.el9_8.aarch64.rpm
openssl-libs-3.5.5-4.0.1.el9_8.aarch64.rpm
openssl-perl-3.5.5-4.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/openssl-3.5.5-4.0.1.el9_8.src.rpm
Related CVEs:
CVE-2026-7383
CVE-2026-9076
CVE-2026-34180
CVE-2026-34181
CVE-2026-34182
CVE-2026-34183
CVE-2026-42764
CVE-2026-42766
CVE-2026-42767
CVE-2026-42768
CVE-2026-42769
CVE-2026-42770
CVE-2026-45445
CVE-2026-45446
CVE-2026-45447
Description of changes:
[3.5.5-4.0.1]
- Replace upstream references [Orabug: 34340177]
[3.5.5.openela.0.1]
- Add OpenELA specific changes
[1:3.5.5-4]
- Fix CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181,
CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768,
CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447,
CVE-2026-34182.
Resolves: RHEL-179274
Resolves: RHEL-179287
Resolves: RHEL-179539
Resolves: RHEL-179544
Resolves: RHEL-179547
Resolves: RHEL-179552
Resolves: RHEL-179556
Resolves: RHEL-179633
Resolves: RHEL-179661
Resolves: RHEL-179678
Resolves: RHEL-179684
Resolves: RHEL-179688
Resolves: RHEL-179691
Resolves: RHEL-179696
Resolves: RHEL-179699
[1:3.5.5-3]
- Fix CVE-2026-28390
Resolves: RHEL-165870
ELBA-2026-25055 Oracle Linux 9 python3.11 bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-25055
http://linux.oracle.com/errata/ELBA-2026-25055.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3.11-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-3.11.13-10.0.1.el9_8.x86_64.rpm
python3.11-debug-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-debug-3.11.13-10.0.1.el9_8.x86_64.rpm
python3.11-devel-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-devel-3.11.13-10.0.1.el9_8.x86_64.rpm
python3.11-idle-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-idle-3.11.13-10.0.1.el9_8.x86_64.rpm
python3.11-libs-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-libs-3.11.13-10.0.1.el9_8.x86_64.rpm
python3.11-test-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-test-3.11.13-10.0.1.el9_8.x86_64.rpm
python3.11-tkinter-3.11.13-10.0.1.el9_8.i686.rpm
python3.11-tkinter-3.11.13-10.0.1.el9_8.x86_64.rpm
aarch64:
python3.11-3.11.13-10.0.1.el9_8.aarch64.rpm
python3.11-debug-3.11.13-10.0.1.el9_8.aarch64.rpm
python3.11-devel-3.11.13-10.0.1.el9_8.aarch64.rpm
python3.11-idle-3.11.13-10.0.1.el9_8.aarch64.rpm
python3.11-libs-3.11.13-10.0.1.el9_8.aarch64.rpm
python3.11-test-3.11.13-10.0.1.el9_8.aarch64.rpm
python3.11-tkinter-3.11.13-10.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/python3.11-3.11.13-10.0.1.el9_8.src.rpm
Description of changes:
[3.11.13-10.0.1]
- Remove upstream URL reference [Orabug: 36073032]
[3.11.13-10]
- Depend on sqlite-libs with (de)serialize API
Resolves: RHEL-178519
ELSA-2026-19372 Critical: Oracle Linux 9 nginx:1.26 security update
Oracle Linux Security Advisory ELSA-2026-19372
http://linux.oracle.com/errata/ELSA-2026-19372.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm
nginx-core-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm
nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm
aarch64:
nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm
nginx-core-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm
nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.src.rpm
Related CVEs:
CVE-2026-42945
Description of changes:
[1.26.3-9.0.1]
- Require oracle-indexhtml
[2:1.26.3-9]
- Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)
[2:1.26.3-8]
- CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code
Execution via specially crafted MP4 files
[2:1.26.3-7]
- CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed
requests when ngx_mail_auth_http_module is enabled
[2:1.26.3-6]
- CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory
corruption via crafted MP4 file
[2:1.26.3-5]
- CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file
modification via buffer overflow in ngx_http_dav_module
[2:1.26.3-4]
- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
on TLS proxied connections
[2:1.26.3-3]
- Resolves: RHEL-144454 - Clarify binding behavior of -t option
[2:1.26.3-2]
- Add tmpfiles.d rules for /var directories (bootc compatibility)
[2:1.26.3-1]
- New version 1.26.3
ELSA-2026-18722 Important: Oracle Linux 9 podman security update
Oracle Linux Security Advisory ELSA-2026-18722
http://linux.oracle.com/errata/ELSA-2026-18722.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
podman-5.8.2-3.0.1.el9_8.x86_64.rpm
podman-docker-5.8.2-3.0.1.el9_8.noarch.rpm
podman-plugins-5.8.2-3.0.1.el9_8.x86_64.rpm
podman-remote-5.8.2-3.0.1.el9_8.x86_64.rpm
podman-tests-5.8.2-3.0.1.el9_8.x86_64.rpm
aarch64:
podman-5.8.2-3.0.1.el9_8.aarch64.rpm
podman-docker-5.8.2-3.0.1.el9_8.noarch.rpm
podman-plugins-5.8.2-3.0.1.el9_8.aarch64.rpm
podman-remote-5.8.2-3.0.1.el9_8.aarch64.rpm
podman-tests-5.8.2-3.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/podman-5.8.2-3.0.1.el9_8.src.rpm
Related CVEs:
CVE-2025-9566
Description of changes:
[5.8.2-3.0.1]
- Rework CNI/Netavark detection logic [JIRA: EVG-3769]
- Rebuild on new golang to support experimental GODEBUG fipsnoenforceems
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]
[6:5.8.2-3]
- Rebuild for CVE-2026-32283
- Resolves: RHEL-167685
[6:5.8.2-2]
- Rebuild for CVE-2026-25679
- Resolves: RHEL-158781
ELBA-2026-25056 Oracle Linux 9 aide bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-25056
http://linux.oracle.com/errata/ELBA-2026-25056.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
aide-0.19.2-5.el9_8.1.x86_64.rpm
aarch64:
aide-0.19.2-5.el9_8.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/aide-0.19.2-5.el9_8.1.src.rpm
Description of changes:
[0.19.2-5.1]
- Re-add syslog_format config option dropped during rebase to 0.19.2
Resolves: RHEL-178539
- Add aide-migrate-config to automate config migration from pre-0.19 syntax
ELBA-2026-28242 Oracle Linux 9 gdm bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-28242
http://linux.oracle.com/errata/ELBA-2026-28242.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
gdm-40.1-44.0.1.el9_8.i686.rpm
gdm-40.1-44.0.1.el9_8.x86_64.rpm
gdm-devel-40.1-44.0.1.el9_8.i686.rpm
gdm-devel-40.1-44.0.1.el9_8.x86_64.rpm
gdm-pam-extensions-devel-40.1-44.0.1.el9_8.i686.rpm
gdm-pam-extensions-devel-40.1-44.0.1.el9_8.x86_64.rpm
aarch64:
gdm-40.1-44.0.1.el9_8.aarch64.rpm
gdm-devel-40.1-44.0.1.el9_8.aarch64.rpm
gdm-pam-extensions-devel-40.1-44.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gdm-40.1-44.0.1.el9_8.src.rpm
Description of changes:
[40.1-44.0.1]
- Disable Wayland on Matrox [Orabug: 34816116]
[40.1-44]
- Create display in "legacy-xorg" mode checking displays in tty
Resolves: https://redhat.atlassian.net/browse/RHEL-180820
[40.1-43.1]
- retrigger new build in correct target
Resolves: https://redhat.atlassian.net/browse/RHEL-178706
[40.1-43]
- Update how GDM handles Registering session/display
to properly terminate plymouth
Resolves: https://redhat.atlassian.net/browse/RHEL-178706
ELSA-2026-21297 Important: Oracle Linux 9 .NET 10.0 security update
Oracle Linux Security Advisory ELSA-2026-21297
http://linux.oracle.com/errata/ELSA-2026-21297.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
aspnetcore-runtime-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
aspnetcore-runtime-dbg-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
aspnetcore-targeting-pack-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-apphost-pack-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-host-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-hostfxr-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-runtime-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-runtime-dbg-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-sdk-10.0-10.0.109-1.0.1.el9_8.x86_64.rpm
dotnet-sdk-10.0-source-built-artifacts-10.0.109-1.0.1.el9_8.x86_64.rpm
dotnet-sdk-aot-10.0-10.0.109-1.0.1.el9_8.x86_64.rpm
dotnet-sdk-dbg-10.0-10.0.109-1.0.1.el9_8.x86_64.rpm
dotnet-targeting-pack-10.0-10.0.9-1.0.1.el9_8.x86_64.rpm
dotnet-templates-10.0-10.0.109-1.0.1.el9_8.x86_64.rpm
aarch64:
aspnetcore-runtime-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
aspnetcore-runtime-dbg-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
aspnetcore-targeting-pack-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-apphost-pack-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-host-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-hostfxr-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-runtime-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-runtime-dbg-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-sdk-10.0-10.0.109-1.0.1.el9_8.aarch64.rpm
dotnet-sdk-10.0-source-built-artifacts-10.0.109-1.0.1.el9_8.aarch64.rpm
dotnet-sdk-aot-10.0-10.0.109-1.0.1.el9_8.aarch64.rpm
dotnet-sdk-dbg-10.0-10.0.109-1.0.1.el9_8.aarch64.rpm
dotnet-targeting-pack-10.0-10.0.9-1.0.1.el9_8.aarch64.rpm
dotnet-templates-10.0-10.0.109-1.0.1.el9_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/dotnet10.0-10.0.109-1.0.1.el9_8.src.rpm
Related CVEs:
CVE-2026-42899
Description of changes:
[10.0.109-1.0.1]
- Add support for Oracle Linux
[10.0.109-1]
- Update to .NET SDK 10.0.109 and Runtime 10.0.9
- Resolves: RHEL-181558
[10.0.108-1]
- Update to .NET SDK 10.0.108 and Runtime 10.0.8
- Resolves: RHEL-173910
ELSA-2026-22717 Moderate: Oracle Linux 9 vim security update
Oracle Linux Security Advisory ELSA-2026-22717
http://linux.oracle.com/errata/ELSA-2026-22717.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
vim-X11-8.2.2637-26.0.1.el9_8.5.x86_64.rpm
vim-common-8.2.2637-26.0.1.el9_8.5.x86_64.rpm
vim-enhanced-8.2.2637-26.0.1.el9_8.5.x86_64.rpm
vim-filesystem-8.2.2637-26.0.1.el9_8.5.noarch.rpm
vim-minimal-8.2.2637-26.0.1.el9_8.5.x86_64.rpm
aarch64:
vim-X11-8.2.2637-26.0.1.el9_8.5.aarch64.rpm
vim-common-8.2.2637-26.0.1.el9_8.5.aarch64.rpm
vim-enhanced-8.2.2637-26.0.1.el9_8.5.aarch64.rpm
vim-filesystem-8.2.2637-26.0.1.el9_8.5.noarch.rpm
vim-minimal-8.2.2637-26.0.1.el9_8.5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/vim-8.2.2637-26.0.1.el9_8.5.src.rpm
Related CVEs:
CVE-2026-35177
Description of changes:
[8.2.2637-26.0.1.el9_8.5]
- Remove upstream references [Orabug: 31197557]
[2:8.2.2637-26.5]
- RHEL-170136 CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite
via path traversal bypass
[2:8.2.2637-26.4]
- Resolves: RHEL-164966 vim: arbitrary command execution via modeline sandbox bypass
[2:8.2.2637-26.3]
- Related: RHEL-159630 rebuild to build with exception target
[2:8.2.2637-26.2]
- remove -O0 from flags
[2:8.2.2637-26.1]
- RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
ELSA-2026-28244 Moderate: Oracle Linux 9 libpng15 security update
Oracle Linux Security Advisory ELSA-2026-28244
http://linux.oracle.com/errata/ELSA-2026-28244.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
libpng15-1.5.30-15.el9_8.1.i686.rpm
libpng15-1.5.30-15.el9_8.1.x86_64.rpm
aarch64:
libpng15-1.5.30-15.el9_8.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/libpng15-1.5.30-15.el9_8.1.src.rpm
Related CVEs:
CVE-2026-33416
Description of changes:
[1.5.30-15.1]
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161449)
[1.5.30-15]
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148412)
ELSA-2026-22304 Important: Oracle Linux 9 postgresql-jdbc security update
Oracle Linux Security Advisory ELSA-2026-22304
http://linux.oracle.com/errata/ELSA-2026-22304.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
postgresql-jdbc-42.2.28-2.el9_8.2.noarch.rpm
aarch64:
postgresql-jdbc-42.2.28-2.el9_8.2.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/postgresql-jdbc-42.2.28-2.el9_8.2.src.rpm
Related CVEs:
CVE-2026-42198
Description of changes:
[42.2.28-2.2]
- Add tests for CVE-2026-42198
[42.2.28-2.1]
- Fix CVE-2026-42198: limit SCRAM PBKDF2 iterations to prevent DoS
- Resolves: RHEL-173489
ELSA-2026-24370 Important: Oracle Linux 9 frr10 security update
Oracle Linux Security Advisory ELSA-2026-24370
http://linux.oracle.com/errata/ELSA-2026-24370.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
frr10-10.4.3-3.el9_8.x86_64.rpm
frr10-selinux-10.4.3-3.el9_8.noarch.rpm
aarch64:
frr10-10.4.3-3.el9_8.aarch64.rpm
frr10-selinux-10.4.3-3.el9_8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/frr10-10.4.3-3.el9_8.src.rpm
Related CVEs:
CVE-2026-37457
CVE-2026-37459
Description of changes:
[10.4.3-3]
- Resolves: RHEL-174696 - denial of service via crafted BGP UPDATE message
[10.4.3-2]
- Resolves: RHEL-174678 - denial of service via crafted FlowSpec component
