ySQL, FreeRDP, Thunderbird, Xwayland, Cockpit, Opencryptoki, and SOS updates for Oracle Linux

Oracle Linux 6505 Published by

Oracle Linux 9 administrators can now apply a batch of security and bug fix advisories that address vulnerabilities across multiple system packages. The security updates target MySQL, FreeRDP, Thunderbird, and Xwayland with patches for dozens of assigned CVE identifiers. System management and diagnostic tools receive corresponding bug fix advisories to resolve reference duplicates, enable Btrfs storage support, and improve data deduplication.

ELSA-2026-23332 Moderate: Oracle Linux 9 mysql security update
ELSA-2026-19349 Important: Oracle Linux 9 freerdp security update
ELSA-2026-19348 Important: Oracle Linux 9 thunderbird security update
ELSA-2026-19344 Important: Oracle Linux 9 xorg-x11-server-Xwayland security update
ELBA-2026-19347 Oracle Linux 9 opencryptoki bug fix and enhancement update
ELBA-2026-21387 Oracle Linux 9 cockpit bug fix and enhancement update
ELBA-2026-50344 Oracle Linux 9 sos bug fix update




ELSA-2026-23332 Moderate: Oracle Linux 9 mysql security update


Oracle Linux Security Advisory ELSA-2026-23332

http://linux.oracle.com/errata/ELSA-2026-23332.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mysql-8.0.46-1.el9_8.x86_64.rpm
mysql-common-8.0.46-1.el9_8.x86_64.rpm
mysql-devel-8.0.46-1.el9_8.x86_64.rpm
mysql-errmsg-8.0.46-1.el9_8.x86_64.rpm
mysql-libs-8.0.46-1.el9_8.x86_64.rpm
mysql-server-8.0.46-1.el9_8.x86_64.rpm
mysql-test-8.0.46-1.el9_8.x86_64.rpm

aarch64:
mysql-8.0.46-1.el9_8.aarch64.rpm
mysql-common-8.0.46-1.el9_8.aarch64.rpm
mysql-devel-8.0.46-1.el9_8.aarch64.rpm
mysql-errmsg-8.0.46-1.el9_8.aarch64.rpm
mysql-libs-8.0.46-1.el9_8.aarch64.rpm
mysql-server-8.0.46-1.el9_8.aarch64.rpm
mysql-test-8.0.46-1.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/mysql-8.0.46-1.el9_8.src.rpm

Related CVEs:

CVE-2026-21998
CVE-2026-22001
CVE-2026-22002
CVE-2026-22004
CVE-2026-22005
CVE-2026-22009
CVE-2026-22015
CVE-2026-22017
CVE-2026-34267
CVE-2026-34270
CVE-2026-34271
CVE-2026-34276
CVE-2026-34278
CVE-2026-34293
CVE-2026-34303
CVE-2026-34304
CVE-2026-34308
CVE-2026-35236
CVE-2026-35237
CVE-2026-35238
CVE-2026-35239
CVE-2026-35240

Description of changes:

[8.0.46-1]
- Rebase to 8.0.46

[8.0.45-2]
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files



ELSA-2026-19349 Important: Oracle Linux 9 freerdp security update


Oracle Linux Security Advisory ELSA-2026-19349

http://linux.oracle.com/errata/ELSA-2026-19349.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
freerdp-2.11.7-7.el9_8.3.x86_64.rpm
freerdp-devel-2.11.7-7.el9_8.3.i686.rpm
freerdp-devel-2.11.7-7.el9_8.3.x86_64.rpm
freerdp-libs-2.11.7-7.el9_8.3.i686.rpm
freerdp-libs-2.11.7-7.el9_8.3.x86_64.rpm
libwinpr-2.11.7-7.el9_8.3.i686.rpm
libwinpr-2.11.7-7.el9_8.3.x86_64.rpm
libwinpr-devel-2.11.7-7.el9_8.3.i686.rpm
libwinpr-devel-2.11.7-7.el9_8.3.x86_64.rpm

aarch64:
freerdp-2.11.7-7.el9_8.3.aarch64.rpm
freerdp-devel-2.11.7-7.el9_8.3.aarch64.rpm
freerdp-libs-2.11.7-7.el9_8.3.aarch64.rpm
libwinpr-2.11.7-7.el9_8.3.aarch64.rpm
libwinpr-devel-2.11.7-7.el9_8.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-7.el9_8.3.src.rpm

Related CVEs:

CVE-2026-33983
CVE-2026-33984

Description of changes:

[2:2.11.7-7.3]
- Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952)
Resolves: RHEL-159860

[2:2.11.7-7.2]
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix growth of preallocated buffers (CVE-2026-27951)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
Resolves: RHEL-159816, RHEL-155478, RHEL-161047, RHEL-161482
Resolves: RHEL-161519, RHEL-161085, RHEL-168463

[2:2.11.7-7.1]
- Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984)
- Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983)
Resolves: RHEL-163097, RHEL-163113



ELSA-2026-19348 Important: Oracle Linux 9 thunderbird security update


Oracle Linux Security Advisory ELSA-2026-19348

http://linux.oracle.com/errata/ELSA-2026-19348.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.11.0-1.0.1.el9_8.x86_64.rpm

aarch64:
thunderbird-140.11.0-1.0.1.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/thunderbird-140.11.0-1.0.1.el9_8.src.rpm

Related CVEs:

CVE-2026-6746
CVE-2026-6747
CVE-2026-6748
CVE-2026-6749
CVE-2026-6750
CVE-2026-6751
CVE-2026-6752
CVE-2026-6753
CVE-2026-6754
CVE-2026-6757
CVE-2026-6759
CVE-2026-6761
CVE-2026-6762
CVE-2026-6763
CVE-2026-6764
CVE-2026-6765
CVE-2026-6766
CVE-2026-6767
CVE-2026-6769
CVE-2026-6770
CVE-2026-6771
CVE-2026-6772
CVE-2026-6776
CVE-2026-6785
CVE-2026-6786
CVE-2026-7320
CVE-2026-7321
CVE-2026-7322
CVE-2026-7323

Description of changes:

[140.11.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079813]
- Add Oracle prefs

[140.11.0]
- Add OpenELA debranding

[140.11.0-1]
- Update to 140.11.0 ESR

[140.10.1-1]
- Update to 140.10.1 ESR



ELSA-2026-19344 Important: Oracle Linux 9 xorg-x11-server-Xwayland security update


Oracle Linux Security Advisory ELSA-2026-19344

http://linux.oracle.com/errata/ELSA-2026-19344.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xwayland-24.1.9-4.el9_8.2.i686.rpm
xorg-x11-server-Xwayland-24.1.9-4.el9_8.2.x86_64.rpm
xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.2.i686.rpm
xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.2.x86_64.rpm

aarch64:
xorg-x11-server-Xwayland-24.1.9-4.el9_8.2.aarch64.rpm
xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/xorg-x11-server-Xwayland-24.1.9-4.el9_8.2.src.rpm

Related CVEs:

CVE-2026-33999
CVE-2026-34001
CVE-2026-34003

Description of changes:

[24.1.9-4.2]
- Other security related fixes
Resolves: https://redhat.atlassian.net/browse/RHEL-184292

[24.1.9-4.1]
- CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258,
CVE-2026-50259, CVE-2026-50260, CVE-2026-50261,
CVE-2026-50262, CVE-2026-50263
Resolves: https://redhat.atlassian.net/browse/RHEL-182426

[24.1.9-4]
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001
CVE-2026-34002, CVE-2026-34003
Resolves: https://redhat.atlassian.net/browse/RHEL-163199
Resolves: https://redhat.atlassian.net/browse/RHEL-163295
Resolves: https://redhat.atlassian.net/browse/RHEL-163253

[24.1.9-3]
- Fix a regression in Xwayland 24.1.9 with XTS test Xlib10
Resolves: https://redhat.atlassian.net/browse/RHEL-170368



ELBA-2026-19347 Oracle Linux 9 opencryptoki bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-19347

http://linux.oracle.com/errata/ELBA-2026-19347.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
opencryptoki-3.26.0-2.el9_8.1.x86_64.rpm
opencryptoki-ccatok-3.26.0-2.el9_8.1.x86_64.rpm
opencryptoki-devel-3.26.0-2.el9_8.1.i686.rpm
opencryptoki-devel-3.26.0-2.el9_8.1.x86_64.rpm
opencryptoki-icsftok-3.26.0-2.el9_8.1.x86_64.rpm
opencryptoki-libs-3.26.0-2.el9_8.1.i686.rpm
opencryptoki-libs-3.26.0-2.el9_8.1.x86_64.rpm
opencryptoki-swtok-3.26.0-2.el9_8.1.x86_64.rpm

aarch64:
opencryptoki-3.26.0-2.el9_8.1.aarch64.rpm
opencryptoki-devel-3.26.0-2.el9_8.1.aarch64.rpm
opencryptoki-icsftok-3.26.0-2.el9_8.1.aarch64.rpm
opencryptoki-libs-3.26.0-2.el9_8.1.aarch64.rpm
opencryptoki-swtok-3.26.0-2.el9_8.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/opencryptoki-3.26.0-2.el9_8.1.src.rpm

Description of changes:

[3.26.0-2.1]
- Resolves: RHEL-169586, Fix syslog message printing about different CPs



ELBA-2026-21387 Oracle Linux 9 cockpit bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-21387

http://linux.oracle.com/errata/ELBA-2026-21387.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-356.2-1.0.1.el9_8.x86_64.rpm
cockpit-bridge-356.2-1.0.1.el9_8.noarch.rpm
cockpit-doc-356.2-1.0.1.el9_8.noarch.rpm
cockpit-packagekit-356.2-1.0.1.el9_8.noarch.rpm
cockpit-storaged-356.2-1.0.1.el9_8.noarch.rpm
cockpit-system-356.2-1.0.1.el9_8.noarch.rpm
cockpit-ws-356.2-1.0.1.el9_8.x86_64.rpm
cockpit-ws-selinux-356.2-1.0.1.el9_8.x86_64.rpm

aarch64:
cockpit-356.2-1.0.1.el9_8.aarch64.rpm
cockpit-bridge-356.2-1.0.1.el9_8.noarch.rpm
cockpit-doc-356.2-1.0.1.el9_8.noarch.rpm
cockpit-packagekit-356.2-1.0.1.el9_8.noarch.rpm
cockpit-storaged-356.2-1.0.1.el9_8.noarch.rpm
cockpit-system-356.2-1.0.1.el9_8.noarch.rpm
cockpit-ws-356.2-1.0.1.el9_8.aarch64.rpm
cockpit-ws-selinux-356.2-1.0.1.el9_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/cockpit-356.2-1.0.1.el9_8.src.rpm

Description of changes:

[356.2-1.0.1]
- Apply the patch for duplicate reference [Orabug: 39250109]
- Storage: Enable btrfs support [Orabug: 37464632]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095],
[Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876], [Orabug: 37253273]
- Update spec file for new release

[356.2]
- Remove recommends on subscription-manager-cockpit if applicable

[356.1-1]
- ws: Prevent remote code execution with SSH argument injection (RHEL-158310)
- node: update lodash dependency (RHEL-164196)



ELBA-2026-50344 Oracle Linux 9 sos bug fix update


Oracle Linux Bug Fix Advisory ELBA-2026-50344

http://linux.oracle.com/errata/ELBA-2026-50344.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
sos-4.10.2-2.0.2.el9_8.noarch.rpm
sos-audit-4.10.2-2.0.2.el9_8.noarch.rpm

aarch64:
sos-4.10.2-2.0.2.el9_8.noarch.rpm
sos-audit-4.10.2-2.0.2.el9_8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/sos-4.10.2-2.0.2.el9_8.src.rpm

Description of changes:

[4.10.2-2.0.2]
- Add optional proc/ and sys/ regular file de-duplication step and reduplication binary [Orabug: 38765115]


Perl-DBI and Perl-Socket updates for Fedora

Kernel, glibc, gnutls, PostgreSQL, JBoss, and Git LFS updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...