Ruby, Nginx, Cloud-Init, Ovirt, Squid updates for Oracle

Oracle Linux 6485 Published 2026-05-21 08:29 by Philipp Esselbach

News

Oracle has released a series of security advisories spanning versions seven through ten to patch critical vulnerabilities in widely used software packages. The updates primarily target Ruby, Nginx, and Squid by fixing flaws that could allow arbitrary code execution or cause denial of service attacks. Administrators will also find bug fix patches for cloud-init network discovery issues and oVirt release configuration scripts on Oracle Linux eight. These corrected RPMs are now available for download across both x86_64 and aarch64 architectures through the standard Unbreakable Linux Network repository.

ELSA-2026-18030 Important: Oracle Linux 9 ruby:3.3 security update
ELSA-2026-18063 Critical: Oracle Linux 10 nginx security update
ELSA-2026-18039 Important: Oracle Linux 9 ruby security update
ELSA-2026-18029 Critical: Oracle Linux 9 nginx security update
ELSA-2026-18041 Critical: Oracle Linux 8 nginx:1.24 security update
ELBA-2026-50277 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update
ELBA-2026-50276 Oracle Linux 8 cloud-init bug fix update
ELSA-2026-8880 Important: Oracle Linux 7 squid security update

ELSA-2026-18030 Important: Oracle Linux 9 ruby:3.3 security update

Oracle Linux Security Advisory ELSA-2026-18030

http://linux.oracle.com/errata/ELSA-2026-18030.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm
ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
ruby-bundled-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm
ruby-bundled-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
ruby-default-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm
ruby-devel-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm
ruby-devel-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
ruby-doc-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-bigdecimal-3.1.5-6.module+el9.7.0+90894+66578cbb.i686.rpm
rubygem-bigdecimal-3.1.5-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-bundler-2.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-io-console-0.7.1-6.module+el9.7.0+90894+66578cbb.i686.rpm
rubygem-io-console-0.7.1-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-irb-1.13.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-json-2.7.2-6.module+el9.7.0+90894+66578cbb.i686.rpm
rubygem-json-2.7.2-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-minitest-5.20.0-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-mysql2-0.5.5-3.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-mysql2-doc-0.5.5-3.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-pg-1.5.4-2.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-pg-doc-1.5.4-2.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-power_assert-2.0.3-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-psych-5.1.2-6.module+el9.7.0+90894+66578cbb.i686.rpm
rubygem-psych-5.1.2-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-racc-1.7.3-6.module+el9.7.0+90894+66578cbb.i686.rpm
rubygem-racc-1.7.3-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-rake-13.1.0-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-rbs-3.4.0-6.module+el9.7.0+90894+66578cbb.i686.rpm
rubygem-rbs-3.4.0-6.module+el9.7.0+90894+66578cbb.x86_64.rpm
rubygem-rdoc-6.6.3.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-rexml-3.4.4-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-rss-0.3.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygems-3.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygems-devel-3.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-test-unit-3.6.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-typeprof-0.21.9-6.module+el9.7.0+90894+66578cbb.noarch.rpm
ruby-libs-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm
ruby-libs-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm

aarch64:
ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
ruby-bundled-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
ruby-default-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm
ruby-devel-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
ruby-doc-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-bigdecimal-3.1.5-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-bundler-2.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-io-console-0.7.1-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-irb-1.13.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-json-2.7.2-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-minitest-5.20.0-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-mysql2-0.5.5-3.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-mysql2-doc-0.5.5-3.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-pg-1.5.4-2.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-pg-doc-1.5.4-2.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-power_assert-2.0.3-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-psych-5.1.2-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-racc-1.7.3-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-rake-13.1.0-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-rbs-3.4.0-6.module+el9.7.0+90894+66578cbb.aarch64.rpm
rubygem-rdoc-6.6.3.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-rexml-3.4.4-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-rss-0.3.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygems-3.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygems-devel-3.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-test-unit-3.6.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm
rubygem-typeprof-0.21.9-6.module+el9.7.0+90894+66578cbb.noarch.rpm
ruby-libs-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rubygem-mysql2-0.5.5-3.module+el9.7.0+90894+66578cbb.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rubygem-pg-1.5.4-2.module+el9.7.0+90894+66578cbb.src.rpm

Related CVEs:

CVE-2026-41316

Description of changes:

ruby
[3.3.10-6]
- Fix arbitrary code execution via deserialization bypass in ERB. (CVE-2026-41316)
Resolves: RHEL-171255

[3.3.10-5]
- Upgrade to Ruby 3.3.10.
Resolves: RHEL-127912
- Fix possible denial of service in resolv gem (CVE-2025-24294)
- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594)
- Fix REXML denial of service. (CVE-2025-58767)
Resolves: RHEL-122015

[3.3.8-4]
- Upgrade to Ruby 3.3.8.
Resolves: RHEL-68631
- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
Resolves: RHEL-86109
- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)

[3.3.5-3]
- Upgrade to Ruby 3.3.5
Resolves: RHEL-55411
- Fix DoS vulnerability in rexml.
(CVE-2024-39908)
(CVE-2024-41946)
(CVE-2024-43398)
Resolves: RHEL-57575
Resolves: RHEL-57572
Resolves: RHEL-57068
- Fix REXML DoS when parsing an XML having many specific characters such as
whitespace character, >] and ]>.
(CVE-2024-41123)
Resolves: RHEL-57569
- Fix incorrect symlink for rubygem-irb's library.
Resolves: RHEL-42646

[3.3.1-2]
- Upgrade to Ruby 3.3.1.
Resolves: RHEL-33976
- Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Resolves: RHEL-34130
- Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Resolves: RHEL-34122
- Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Resolves: RHEL-33872

rubygem-mysql2
[0.5.5-3]
- Disable tests on the 32bit platforms ix86.
Related: RHEL-80222

[0.5.5-2]
- Adapt tests to openssl 3.2
Resolves: RHEL-80222

[0.5.5-1]
- Upgrade to mysql2 0.5.5.
Related: RHEL-17089

rubygem-pg
[-1.5.4-2]
- Fix encoding issue in spec suite.
Resolves: RHEL-159200

ELSA-2026-18063 Critical: Oracle Linux 10 nginx security update

Oracle Linux Security Advisory ELSA-2026-18063

http://linux.oracle.com/errata/ELSA-2026-18063.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
nginx-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-all-modules-1.26.3-2.0.1.el10_1.2.noarch.rpm
nginx-core-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-filesystem-1.26.3-2.0.1.el10_1.2.noarch.rpm
nginx-mod-devel-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-mod-http-image-filter-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-mod-http-perl-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-mod-http-xslt-filter-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-mod-mail-1.26.3-2.0.1.el10_1.2.x86_64.rpm
nginx-mod-stream-1.26.3-2.0.1.el10_1.2.x86_64.rpm

aarch64:
nginx-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-all-modules-1.26.3-2.0.1.el10_1.2.noarch.rpm
nginx-core-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-filesystem-1.26.3-2.0.1.el10_1.2.noarch.rpm
nginx-mod-devel-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-mod-http-image-filter-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-mod-http-perl-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-mod-http-xslt-filter-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-mod-mail-1.26.3-2.0.1.el10_1.2.aarch64.rpm
nginx-mod-stream-1.26.3-2.0.1.el10_1.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/nginx-1.26.3-2.0.1.el10_1.2.src.rpm

Related CVEs:

CVE-2026-42945

Description of changes:

[2:1.26.3-2.0.1.el10_1.2]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]

[2:1.26.3-8]
- Fix release number

[2:1.26.3-7]
- Resolves: RHEL-176217 - nginx: NGINX: Arbitrary Code

[2:1.26.3-6]
- Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or
Code Execution via specially crafted MP4 files

[2:1.26.3-5]
- Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via
undisclosed requests when ngx_mail_auth_http_module is enabled

[2:1.26.3-4]
- Resolves: RHEL-159525 CVE-2026-27784 nginx: NGINX: Denial of Service due
to memory corruption via crafted MP4 file

[2:1.26.3-3]
- Resolves: RHEL-159546 CVE-2026-27654 nginx: NGINX: Denial of Service or
file modification via buffer overflow in ngx_http_dav_module

ELSA-2026-18039 Important: Oracle Linux 9 ruby security update

Oracle Linux Security Advisory ELSA-2026-18039

http://linux.oracle.com/errata/ELSA-2026-18039.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-3.0.7-166.el9_7.i686.rpm
ruby-3.0.7-166.el9_7.x86_64.rpm
ruby-default-gems-3.0.7-166.el9_7.noarch.rpm
ruby-devel-3.0.7-166.el9_7.i686.rpm
ruby-devel-3.0.7-166.el9_7.x86_64.rpm
ruby-doc-3.0.7-166.el9_7.noarch.rpm
ruby-libs-3.0.7-166.el9_7.i686.rpm
ruby-libs-3.0.7-166.el9_7.x86_64.rpm
rubygem-bigdecimal-3.0.0-166.el9_7.x86_64.rpm
rubygem-bundler-2.2.33-166.el9_7.noarch.rpm
rubygem-io-console-0.5.7-166.el9_7.x86_64.rpm
rubygem-irb-1.3.5-166.el9_7.noarch.rpm
rubygem-json-2.5.1-166.el9_7.x86_64.rpm
rubygem-minitest-5.14.2-166.el9_7.noarch.rpm
rubygem-power_assert-1.2.1-166.el9_7.noarch.rpm
rubygem-psych-3.3.2-166.el9_7.x86_64.rpm
rubygem-rake-13.0.3-166.el9_7.noarch.rpm
rubygem-rbs-1.4.0-166.el9_7.noarch.rpm
rubygem-rdoc-6.3.4.1-166.el9_7.noarch.rpm
rubygem-rexml-3.2.5-166.el9_7.noarch.rpm
rubygem-rss-0.2.9-166.el9_7.noarch.rpm
rubygem-test-unit-3.3.7-166.el9_7.noarch.rpm
rubygem-typeprof-0.15.2-166.el9_7.noarch.rpm
rubygems-3.2.33-166.el9_7.noarch.rpm
rubygems-devel-3.2.33-166.el9_7.noarch.rpm

aarch64:
ruby-3.0.7-166.el9_7.aarch64.rpm
ruby-default-gems-3.0.7-166.el9_7.noarch.rpm
ruby-devel-3.0.7-166.el9_7.aarch64.rpm
ruby-doc-3.0.7-166.el9_7.noarch.rpm
ruby-libs-3.0.7-166.el9_7.aarch64.rpm
rubygem-bigdecimal-3.0.0-166.el9_7.aarch64.rpm
rubygem-bundler-2.2.33-166.el9_7.noarch.rpm
rubygem-io-console-0.5.7-166.el9_7.aarch64.rpm
rubygem-irb-1.3.5-166.el9_7.noarch.rpm
rubygem-json-2.5.1-166.el9_7.aarch64.rpm
rubygem-minitest-5.14.2-166.el9_7.noarch.rpm
rubygem-power_assert-1.2.1-166.el9_7.noarch.rpm
rubygem-psych-3.3.2-166.el9_7.aarch64.rpm
rubygem-rake-13.0.3-166.el9_7.noarch.rpm
rubygem-rbs-1.4.0-166.el9_7.noarch.rpm
rubygem-rdoc-6.3.4.1-166.el9_7.noarch.rpm
rubygem-rexml-3.2.5-166.el9_7.noarch.rpm
rubygem-rss-0.2.9-166.el9_7.noarch.rpm
rubygem-test-unit-3.3.7-166.el9_7.noarch.rpm
rubygem-typeprof-0.15.2-166.el9_7.noarch.rpm
rubygems-3.2.33-166.el9_7.noarch.rpm
rubygems-devel-3.2.33-166.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/ruby-3.0.7-166.el9_7.src.rpm

Related CVEs:

CVE-2026-41316

Description of changes:

[3.0.7-166]
- Fix arbitrary code execution via deserialization bypass in ERB. (CVE-2026-41316)
Resolves: RHEL-171254

ELSA-2026-18029 Critical: Oracle Linux 9 nginx security update

Oracle Linux Security Advisory ELSA-2026-18029

http://linux.oracle.com/errata/ELSA-2026-18029.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nginx-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-all-modules-1.20.1-24.0.1.el9_7.3.noarch.rpm
nginx-core-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-filesystem-1.20.1-24.0.1.el9_7.3.noarch.rpm
nginx-mod-devel-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-mod-http-perl-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-mod-mail-1.20.1-24.0.1.el9_7.3.x86_64.rpm
nginx-mod-stream-1.20.1-24.0.1.el9_7.3.x86_64.rpm

aarch64:
nginx-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-all-modules-1.20.1-24.0.1.el9_7.3.noarch.rpm
nginx-core-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-filesystem-1.20.1-24.0.1.el9_7.3.noarch.rpm
nginx-mod-devel-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-mod-http-perl-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-mod-mail-1.20.1-24.0.1.el9_7.3.aarch64.rpm
nginx-mod-stream-1.20.1-24.0.1.el9_7.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.20.1-24.0.1.el9_7.3.src.rpm

Related CVEs:

CVE-2026-42945

Description of changes:

[2:1.20.1-24.0.1.el9_7.3]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-24.3]
- Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.20.1-24.2]
- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- Resolves: RHEL-159444 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-157885 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle
attack on TLS proxied connections (CVE-2026-1642)

ELSA-2026-18041 Critical: Oracle Linux 8 nginx:1.24 security update

Oracle Linux Security Advisory ELSA-2026-18041

http://linux.oracle.com/errata/ELSA-2026-18041.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm
nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm
nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm
nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm
nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm
nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm
nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm
nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm
nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm

aarch64:
nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm
nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm
nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm
nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm
nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm
nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm
nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm
nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm
nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.src.rpm

Related CVEs:

CVE-2026-42945

Description of changes:

[1.24.0-3.0.1.1]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-3.1]
- Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[1:1.24.0-3]
- Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10

[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)

[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6

[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)

[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)

[1:1.20.0-3]
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa)
Resolves: #1991787

ELBA-2026-50277 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50277

http://linux.oracle.com/errata/ELBA-2026-50277.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
oracle-ovirt-release-45-el8-1.0-40.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/oracle-ovirt-release-45-el8-1.0-40.el8.src.rpm

Description of changes:

[1.0-1.0.40]
- Update nodejs version

[1.0-1.0.39]
- Remove exclude from dnf.conf to allow update

[1.0-1.0.38]
- Add ol8_addons in olvm-pre-check.py script

[1.0-1.0.37]
- Add ol8_addons for PCP, remove slf4j exclusion.

[1.0-1.0.36]
- New checks in olvm-pre-check.py script

[1.0-1.0.35]
- Fix python path in olvm-pre-check.py script

[1.0-1.0.34]
- Install olvm-pre-check.py script to /usr/local/bin

[1.0-1.0.33]
- Removing versionlock for grafana-pcp- rpms

[1.0-1.0.32]
- Latest version of 4.4 release RPM adds lock for qemu-kvm
- So remove it before upgrading.

[1.0-1.0.31]
- The dnf update for slf4j fails due to dependency packages. So, excluding it.
- Fix ansible-core exclusion

ELBA-2026-50276 Oracle Linux 8 cloud-init bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50276

http://linux.oracle.com/errata/ELBA-2026-50276.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cloud-init-23.4-7.0.4.el8_10.12.noarch.rpm

aarch64:
cloud-init-23.4-7.0.4.el8_10.12.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/cloud-init-23.4-7.0.4.el8_10.12.src.rpm

Description of changes:

[23.4-7.0.4.el8_10.12]
- Fix Ephemeral network DHCP discovery issue at boot [Orabug: 39334197]
- Add missed nullcontext error processing code [Orabug: 39356626]

ELSA-2026-8880 Important: Oracle Linux 7 squid security update

Oracle Linux Security Advisory ELSA-2026-8880

http://linux.oracle.com/errata/ELSA-2026-8880.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
squid-3.5.20-17.0.11.el7_9.13.x86_64.rpm
squid-migration-script-3.5.20-17.0.11.el7_9.13.x86_64.rpm
squid-sysvinit-3.5.20-17.0.11.el7_9.13.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-17.0.11.el7_9.13.src.rpm

Related CVEs:

CVE-2026-32748
CVE-2026-33526

Description of changes:

[7:3.5.20-17.0.11.13]
- Security update for CVE-2026-32748 CVE-2026-33526 [Orabug: 39230173]

[7:3.5.20-17.0.9.13]
- Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via
- authentication credential leakage in error handling [Orabug: 38587551]

[7:3.5.20-17.0.7.13]
- Fixes CVE-2025-54574, add URN access disabling config options [Orabug: 38350105]

[7:3.5.20-17.0.5.13]
- Fixed cve 2023-46846 for http and icap request/response smuggling [Orabug: 37326730]

Kernel, MySQL, Evince, and more updates for Fedora

Kernel, Grafana-PCP, FreeRDP, and more updates for RHEL

Ruby, Nginx, Cloud-Init, Ovirt, Squid updates for Oracle

ELSA-2026-18030 Important: Oracle Linux 9 ruby:3.3 security update

ELSA-2026-18063 Critical: Oracle Linux 10 nginx security update

ELSA-2026-18039 Important: Oracle Linux 9 ruby security update

ELSA-2026-18029 Critical: Oracle Linux 9 nginx security update

ELSA-2026-18041 Critical: Oracle Linux 8 nginx:1.24 security update

ELBA-2026-50277 Oracle Linux 8 oracle-ovirt-release-45-el8 bug fix update

ELBA-2026-50276 Oracle Linux 8 cloud-init bug fix update

ELSA-2026-8880 Important: Oracle Linux 7 squid security update

Windows

Linux

macOS

Community