From el-errata at oss.oracle.com Thu Jun 5 12:38:15 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:38:15 -0700 Subject: [El-errata] ELBA-2025-20355 Oracle Linux 8 oVirt 4.5 ovirt-engine-dwh bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20355 http://linux.oracle.com/errata/ELBA-2025-20355.html The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network: x86_64: olvm-vmcontrol-4.5.5-1.4.el8.noarch.rpm ovirt-engine-dwh-4.5.8-1.6.el8.noarch.rpm ovirt-engine-dwh-setup-4.5.8-1.6.el8.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.8-1.6.el8.noarch.rpm ovirt-engine-extensions-api-1.0.1-4.el8.noarch.rpm ovirt-engine-extensions-api-javadoc-1.0.1-4.el8.noarch.rpm ovirt-engine-extension-aaa-misc-1.1.1-3.el8.noarch.rpm ovirt-engine-extension-aaa-jdbc-1.3.0-2.el8.noarch.rpm ovirt-engine-4.5.5-1.46.el8.noarch.rpm ovirt-engine-backend-4.5.5-1.46.el8.noarch.rpm ovirt-engine-dbscripts-4.5.5-1.46.el8.noarch.rpm ovirt-engine-health-check-bundler-4.5.5-1.46.el8.noarch.rpm ovirt-engine-restapi-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-base-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.5-1.46.el8.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.5-1.46.el8.noarch.rpm ovirt-engine-tools-4.5.5-1.46.el8.noarch.rpm ovirt-engine-tools-backup-4.5.5-1.46.el8.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.5-1.46.el8.noarch.rpm ovirt-engine-webadmin-portal-4.5.5-1.46.el8.noarch.rpm ovirt-engine-websocket-proxy-4.5.5-1.46.el8.noarch.rpm python3-ovirt-engine-lib-4.5.5-1.46.el8.noarch.rpm vdsm-jsonrpc-java-1.7.3-2.el8.noarch.rpm vdsm-jsonrpc-java-javadoc-1.7.3-2.el8.noarch.rpm vdsm-4.50.5.1-7.el8.x86_64.rpm vdsm-api-4.50.5.1-7.el8.noarch.rpm vdsm-client-4.50.5.1-7.el8.noarch.rpm vdsm-common-4.50.5.1-7.el8.noarch.rpm vdsm-gluster-4.50.5.1-7.el8.x86_64.rpm vdsm-hook-allocate_net-4.50.5.1-7.el8.noarch.rpm vdsm-hook-boot_hostdev-4.50.5.1-7.el8.noarch.rpm vdsm-hook-checkimages-4.50.5.1-7.el8.noarch.rpm vdsm-hook-checkips-4.50.5.1-7.el8.x86_64.rpm vdsm-hook-cpuflags-4.50.5.1-7.el8.noarch.rpm vdsm-hook-diskunmap-4.50.5.1-7.el8.noarch.rpm vdsm-hook-ethtool-options-4.50.5.1-7.el8.noarch.rpm vdsm-hook-extnet-4.50.5.1-7.el8.noarch.rpm vdsm-hook-extra-ipv4-addrs-4.50.5.1-7.el8.x86_64.rpm vdsm-hook-fakevmstats-4.50.5.1-7.el8.noarch.rpm vdsm-hook-faqemu-4.50.5.1-7.el8.noarch.rpm vdsm-hook-fcoe-4.50.5.1-7.el8.noarch.rpm vdsm-hook-fileinject-4.50.5.1-7.el8.noarch.rpm vdsm-hook-httpsisoboot-4.50.5.1-7.el8.noarch.rpm vdsm-hook-localdisk-4.50.5.1-7.el8.noarch.rpm vdsm-hook-log-console-4.50.5.1-7.el8.noarch.rpm vdsm-hook-log-firmware-4.50.5.1-7.el8.noarch.rpm vdsm-hook-macbind-4.50.5.1-7.el8.noarch.rpm vdsm-hook-nestedvt-4.50.5.1-7.el8.noarch.rpm vdsm-hook-openstacknet-4.50.5.1-7.el8.noarch.rpm vdsm-hook-qemucmdline-4.50.5.1-7.el8.noarch.rpm vdsm-hook-scratchpad-4.50.5.1-7.el8.noarch.rpm vdsm-hook-smbios-4.50.5.1-7.el8.noarch.rpm vdsm-hook-spiceoptions-4.50.5.1-7.el8.noarch.rpm vdsm-hook-vhostmd-4.50.5.1-7.el8.noarch.rpm vdsm-hook-vmfex-dev-4.50.5.1-7.el8.noarch.rpm vdsm-http-4.50.5.1-7.el8.noarch.rpm vdsm-jsonrpc-4.50.5.1-7.el8.noarch.rpm vdsm-network-4.50.5.1-7.el8.x86_64.rpm vdsm-python-4.50.5.1-7.el8.noarch.rpm vdsm-yajsonrpc-4.50.5.1-7.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-dwh-4.5.8-1.6.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-extensions-api-1.0.1-4.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-extension-aaa-misc-1.1.1-3.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-extension-aaa-jdbc-1.3.0-2.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-4.5.5-1.46.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//vdsm-jsonrpc-java-1.7.3-2.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//vdsm-4.50.5.1-7.el8.src.rpm Description of changes: ovirt-engine-dwh [4.5.8-1.6] - Update java-11-openjdk to java-21-openjdk ovirt-engine-extensions-api [1.0.1-4] - Update java-11-openjdk to java-21-openjdk ovirt-engine-extension-aaa-misc [1.1.1-3] - Update java-11-openjdk to java-21-openjdk ovirt-engine-extension-aaa-jdbc [1.3.0-2] - Update java-11-openjdk to java-21-openjdk ovirt-engine [4.5.5-1.46] - Update java-11-openjdk-headless to java-21-openjdk-headless vdsm-jsonrpc-java [1.7.3-2] - Update java-11-openjdk to java-21-openjdk vdsm [4.50.5.1-7] - Update route destination patch From el-errata at oss.oracle.com Thu Jun 5 12:38:23 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:38:23 -0700 Subject: [El-errata] ELBA-2025-20334 Oracle Linux 8 oVirt 4.5 python-six bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20334 http://linux.oracle.com/errata/ELBA-2025-20334.html The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-six-1.16.0-2.0.2.el8.noarch.rpm python3.12-six-1.16.0-2.0.2.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python-six-1.16.0-2.0.2.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3.12-six-1.16.0-2.0.2.el8.src.rpm Description of changes: python-six [1.16.0-2.0.2] - Rebuild for python 3.11 python3.12-six [1.16.0-2.0.2] - Rebuild for python 3.12 From el-errata at oss.oracle.com Thu Jun 5 12:38:24 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:38:24 -0700 Subject: [El-errata] ELBA-2025-20346 Oracle Linux 8 oVirt 4.5 snmp4j bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20346 http://linux.oracle.com/errata/ELBA-2025-20346.html The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network: x86_64: snmp4j-3.6.4-0.2.el8.noarch.rpm snmp4j-javadoc-3.6.4-0.2.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//snmp4j-3.6.4-0.2.el8.src.rpm Description of changes: [3.6.4-0.2] - Update java-11-openjdk to java-21-openjdk From el-errata at oss.oracle.com Thu Jun 5 12:39:18 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:39:18 -0700 Subject: [El-errata] ELBA-2025-35200 Oracle Linux 8 adaptivemm bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-35200 http://linux.oracle.com/errata/ELBA-2025-35200.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: adaptivemm-2.1.0-3.el8.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//adaptivemm-2.1.0-3.el8.src.rpm Description of changes: [2.1.0-3] - Increase log level in cmp_meminfo() [Orabug: 37768194] From el-errata at oss.oracle.com Thu Jun 5 12:39:25 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:39:25 -0700 Subject: [El-errata] ELBA-2025-35200 Oracle Linux 9 adaptivemm bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-35200 http://linux.oracle.com/errata/ELBA-2025-35200.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: adaptivemm-2.1.0-3.el9.x86_64.rpm aarch64: adaptivemm-2.1.0-3.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//adaptivemm-2.1.0-3.el9.src.rpm Description of changes: [2.1.0-3] - Increase log level in cmp_meminfo() [Orabug: 37768194] From el-errata at oss.oracle.com Thu Jun 5 12:39:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:39:31 -0700 Subject: [El-errata] ELBA-2025-35200 Oracle Linux 8 adaptivemm bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-35200 http://linux.oracle.com/errata/ELBA-2025-35200.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: adaptivemm-2.1.0-3.el8.x86_64.rpm aarch64: adaptivemm-2.1.0-3.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//adaptivemm-2.1.0-3.el8.src.rpm Description of changes: [2.1.0-3] - Increase log level in cmp_meminfo() [Orabug: 37768194] From el-errata at oss.oracle.com Thu Jun 5 12:40:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:40:47 -0700 Subject: [El-errata] ELSA-2025-8333 Moderate: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8333 http://linux.oracle.com/errata/ELSA-2025-8333.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.19.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.19.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.19.1.0.1.el9_6.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm kernel-headers-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.19.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.19.1.0.1.el9_6.src.rpm Related CVEs: CVE-2022-3424 CVE-2025-21764 Description of changes: [5.14.0-570.19.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.19.1.el9_6] - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (David Arcari) [RHEL-87254] {CVE-2022-3424} - ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89546] {CVE-2025-21764} - ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89546] {CVE-2025-21765} - net: add dev_net_rcu() helper (Xin Long) [RHEL-89546] {CVE-2025-21765} - page_pool: Track DMA-mapped pages and unmap them when destroying the pool (Toke H?iland-J?rgensen) [RHEL-84151] - page_pool: Move pp_magic check into helper functions (Toke H?iland-J?rgensen) [RHEL-84151] - ext4: fallback to complex scan if aligned scan doesn't work (Jay Shin) [RHEL-85984] - drm/mgag200: Added support for the new device G200eH5 (Jocelyn Falempe) [RHEL-88907] From el-errata at oss.oracle.com Thu Jun 5 12:40:49 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:40:49 -0700 Subject: [El-errata] ELSA-2025-8337 Important: Oracle Linux 9 varnish security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8337 http://linux.oracle.com/errata/ELSA-2025-8337.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: varnish-6.6.2-6.el9_6.1.i686.rpm varnish-6.6.2-6.el9_6.1.x86_64.rpm varnish-docs-6.6.2-6.el9_6.1.x86_64.rpm varnish-devel-6.6.2-6.el9_6.1.i686.rpm varnish-devel-6.6.2-6.el9_6.1.x86_64.rpm aarch64: varnish-6.6.2-6.el9_6.1.aarch64.rpm varnish-docs-6.6.2-6.el9_6.1.aarch64.rpm varnish-devel-6.6.2-6.el9_6.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//varnish-6.6.2-6.el9_6.1.src.rpm Related CVEs: CVE-2025-47905 Description of changes: [6.6.2-6.1] - Resolves: RHEL-89700 - varnish: request smuggling attacks (CVE-2025-47905) From el-errata at oss.oracle.com Thu Jun 5 12:40:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:40:51 -0700 Subject: [El-errata] ELSA-2025-8467 Important: Oracle Linux 9 nodejs:22 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8467 http://linux.oracle.com/errata/ELSA-2025-8467.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-22.16.0-1.module+el9.6.0+90604+9071ea19.x86_64.rpm nodejs-devel-22.16.0-1.module+el9.6.0+90604+9071ea19.x86_64.rpm nodejs-docs-22.16.0-1.module+el9.6.0+90604+9071ea19.noarch.rpm nodejs-full-i18n-22.16.0-1.module+el9.6.0+90604+9071ea19.x86_64.rpm nodejs-libs-22.16.0-1.module+el9.6.0+90604+9071ea19.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.6.0+90588+1a9ecb62.noarch.rpm nodejs-packaging-2021.06-4.module+el9.6.0+90588+1a9ecb62.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.6.0+90588+1a9ecb62.noarch.rpm npm-10.9.2-1.22.16.0.1.module+el9.6.0+90604+9071ea19.x86_64.rpm v8-12.4-devel-12.4.254.21-1.22.16.0.1.module+el9.6.0+90604+9071ea19.x86_64.rpm aarch64: nodejs-22.16.0-1.module+el9.6.0+90604+9071ea19.aarch64.rpm nodejs-devel-22.16.0-1.module+el9.6.0+90604+9071ea19.aarch64.rpm nodejs-docs-22.16.0-1.module+el9.6.0+90604+9071ea19.noarch.rpm nodejs-full-i18n-22.16.0-1.module+el9.6.0+90604+9071ea19.aarch64.rpm nodejs-libs-22.16.0-1.module+el9.6.0+90604+9071ea19.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.6.0+90588+1a9ecb62.noarch.rpm nodejs-packaging-2021.06-4.module+el9.6.0+90588+1a9ecb62.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.6.0+90588+1a9ecb62.noarch.rpm npm-10.9.2-1.22.16.0.1.module+el9.6.0+90604+9071ea19.aarch64.rpm v8-12.4-devel-12.4.254.21-1.22.16.0.1.module+el9.6.0+90604+9071ea19.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//nodejs-22.16.0-1.module+el9.6.0+90604+9071ea19.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.6.0+90588+1a9ecb62.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.6.0+90588+1a9ecb62.src.rpm Related CVEs: CVE-2025-23166 Description of changes: nodejs [1:22.16.0-1] - Update to 22.16.0 Resolves: RHEL-89600 RHEL-92872 RHEL-92420 [1:22.15.0-1] - Update to 22.15.0 - Drop upstream patches Resolves: RHEL-87319 RHEL-86586 [1:22.13.1-4] - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87319 [1:22.13.1-3] - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86586 [1:22.13.1-2] - Remove obsolete lua pretransaction script from spec file Resolves: RHEL-81119 - Disable npm update notifications for users Resolves: RHEL-81158 [1:22.13.1-1] - Update to version 22.13.1 Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76354 [1:22.11.0-1] - Update to version 22.11.0 [22.4.1-4] - Initial import of nodeJS 22 nodejs-nodemon nodejs-packaging From el-errata at oss.oracle.com Thu Jun 5 12:40:53 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:40:53 -0700 Subject: [El-errata] ELSA-2025-8468 Important: Oracle Linux 9 nodejs:20 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8468 http://linux.oracle.com/errata/ELSA-2025-8468.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm nodejs-devel-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm nodejs-docs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-full-i18n-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm npm-10.8.2-1.20.19.2.1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm aarch64: nodejs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm nodejs-devel-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm nodejs-docs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-full-i18n-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm npm-10.8.2-1.20.19.2.1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//nodejs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.6.0+90603+e4b3d4d2.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.6.0+90603+e4b3d4d2.src.rpm Related CVEs: CVE-2025-23166 Description of changes: nodejs [1:20.19.2-1] - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging From el-errata at oss.oracle.com Thu Jun 5 12:40:54 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:40:54 -0700 Subject: [El-errata] ELSA-2025-8476 Moderate: Oracle Linux 9 golang security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8476 http://linux.oracle.com/errata/ELSA-2025-8476.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: go-toolset-1.23.9-1.el9_6.x86_64.rpm golang-1.23.9-1.el9_6.x86_64.rpm golang-bin-1.23.9-1.el9_6.x86_64.rpm golang-docs-1.23.9-1.el9_6.noarch.rpm golang-misc-1.23.9-1.el9_6.noarch.rpm golang-race-1.23.9-1.el9_6.x86_64.rpm golang-src-1.23.9-1.el9_6.noarch.rpm golang-tests-1.23.9-1.el9_6.noarch.rpm aarch64: go-toolset-1.23.9-1.el9_6.aarch64.rpm golang-1.23.9-1.el9_6.aarch64.rpm golang-bin-1.23.9-1.el9_6.aarch64.rpm golang-docs-1.23.9-1.el9_6.noarch.rpm golang-misc-1.23.9-1.el9_6.noarch.rpm golang-race-1.23.9-1.el9_6.aarch64.rpm golang-src-1.23.9-1.el9_6.noarch.rpm golang-tests-1.23.9-1.el9_6.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//golang-1.23.9-1.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [1.23.9-1] - Update to Go 1.23.9 - Remove runtime-usleep-s390x.patch, already merged - Resolves: RHEL-93212 From el-errata at oss.oracle.com Thu Jun 5 12:41:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:03 -0700 Subject: [El-errata] ELBA-2025-8404 Oracle Linux 8 e2fsprogs bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8404 http://linux.oracle.com/errata/ELBA-2025-8404.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: e2fsprogs-1.45.6-6.el8_10.x86_64.rpm e2fsprogs-devel-1.45.6-6.el8_10.i686.rpm e2fsprogs-devel-1.45.6-6.el8_10.x86_64.rpm e2fsprogs-libs-1.45.6-6.el8_10.i686.rpm e2fsprogs-libs-1.45.6-6.el8_10.x86_64.rpm e2fsprogs-static-1.45.6-6.el8_10.i686.rpm e2fsprogs-static-1.45.6-6.el8_10.x86_64.rpm libcom_err-1.45.6-6.el8_10.i686.rpm libcom_err-1.45.6-6.el8_10.x86_64.rpm libcom_err-devel-1.45.6-6.el8_10.i686.rpm libcom_err-devel-1.45.6-6.el8_10.x86_64.rpm libss-1.45.6-6.el8_10.i686.rpm libss-1.45.6-6.el8_10.x86_64.rpm libss-devel-1.45.6-6.el8_10.i686.rpm libss-devel-1.45.6-6.el8_10.x86_64.rpm aarch64: e2fsprogs-1.45.6-6.el8_10.aarch64.rpm e2fsprogs-devel-1.45.6-6.el8_10.aarch64.rpm e2fsprogs-libs-1.45.6-6.el8_10.aarch64.rpm e2fsprogs-static-1.45.6-6.el8_10.aarch64.rpm libcom_err-1.45.6-6.el8_10.aarch64.rpm libcom_err-devel-1.45.6-6.el8_10.aarch64.rpm libss-1.45.6-6.el8_10.aarch64.rpm libss-devel-1.45.6-6.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//e2fsprogs-1.45.6-6.el8_10.src.rpm Description of changes: [1.45.6-6] - Fix e2fsprogs: online resize fails - Related: RHEL-60512 From el-errata at oss.oracle.com Thu Jun 5 12:41:01 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:01 -0700 Subject: [El-errata] ELBA-2025-35200 Oracle Linux 8 adaptivemm bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-35200 http://linux.oracle.com/errata/ELBA-2025-35200.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: adaptivemm-2.1.0-3.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//adaptivemm-2.1.0-3.el8.src.rpm Description of changes: [2.1.0-3] - Increase log level in cmp_meminfo() [Orabug: 37768194] [2.1.0-2] - Rebuild to v2.1.0 for OL8, OL9, and OL10 - v2.1.0 adds a module to look for possible memory leaks [2.1.0-1] - Add module to look for possible memory leaks [2.0.1-1] - Fix total memory calculation for ARM since it is slightly different from x86 - Remove restriction to not build package on aarch64 From el-errata at oss.oracle.com Thu Jun 5 12:41:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:04 -0700 Subject: [El-errata] ELBA-2025-8405 Oracle Linux 8 unzip bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8405 http://linux.oracle.com/errata/ELBA-2025-8405.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: unzip-6.0-48.0.1.el8_10.x86_64.rpm aarch64: unzip-6.0-48.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//unzip-6.0-48.0.1.el8_10.src.rpm Description of changes: [6.0-48.0.1] - Be more liberal in the acceptance of data descriptor [Orabug: 34495726] [6.0-48] - Allow decompression of some wrongly compressed files Resolves: RHEL-86231 From el-errata at oss.oracle.com Thu Jun 5 12:41:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:06 -0700 Subject: [El-errata] ELBA-2025-8406 Oracle Linux 8 samba bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8406 http://linux.oracle.com/errata/ELBA-2025-8406.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: ctdb-4.19.4-8.0.1.el8_10.x86_64.rpm libnetapi-4.19.4-8.0.1.el8_10.i686.rpm libnetapi-4.19.4-8.0.1.el8_10.x86_64.rpm libsmbclient-4.19.4-8.0.1.el8_10.i686.rpm libsmbclient-4.19.4-8.0.1.el8_10.x86_64.rpm libwbclient-4.19.4-8.0.1.el8_10.i686.rpm libwbclient-4.19.4-8.0.1.el8_10.x86_64.rpm python3-samba-4.19.4-8.0.1.el8_10.i686.rpm python3-samba-4.19.4-8.0.1.el8_10.x86_64.rpm python3-samba-dc-4.19.4-8.0.1.el8_10.x86_64.rpm python3-samba-test-4.19.4-8.0.1.el8_10.x86_64.rpm samba-4.19.4-8.0.1.el8_10.x86_64.rpm samba-client-4.19.4-8.0.1.el8_10.x86_64.rpm samba-client-libs-4.19.4-8.0.1.el8_10.i686.rpm samba-client-libs-4.19.4-8.0.1.el8_10.x86_64.rpm samba-common-4.19.4-8.0.1.el8_10.noarch.rpm samba-common-libs-4.19.4-8.0.1.el8_10.i686.rpm samba-common-libs-4.19.4-8.0.1.el8_10.x86_64.rpm samba-common-tools-4.19.4-8.0.1.el8_10.x86_64.rpm samba-dc-libs-4.19.4-8.0.1.el8_10.i686.rpm samba-dc-libs-4.19.4-8.0.1.el8_10.x86_64.rpm samba-dcerpc-4.19.4-8.0.1.el8_10.x86_64.rpm samba-krb5-printing-4.19.4-8.0.1.el8_10.x86_64.rpm samba-ldb-ldap-modules-4.19.4-8.0.1.el8_10.x86_64.rpm samba-libs-4.19.4-8.0.1.el8_10.i686.rpm samba-libs-4.19.4-8.0.1.el8_10.x86_64.rpm samba-pidl-4.19.4-8.0.1.el8_10.noarch.rpm samba-test-4.19.4-8.0.1.el8_10.x86_64.rpm samba-test-libs-4.19.4-8.0.1.el8_10.x86_64.rpm samba-tools-4.19.4-8.0.1.el8_10.x86_64.rpm samba-usershares-4.19.4-8.0.1.el8_10.x86_64.rpm samba-vfs-iouring-4.19.4-8.0.1.el8_10.x86_64.rpm samba-winbind-4.19.4-8.0.1.el8_10.x86_64.rpm samba-winbind-clients-4.19.4-8.0.1.el8_10.x86_64.rpm samba-winbind-krb5-locator-4.19.4-8.0.1.el8_10.x86_64.rpm samba-winbind-modules-4.19.4-8.0.1.el8_10.i686.rpm samba-winbind-modules-4.19.4-8.0.1.el8_10.x86_64.rpm samba-winexe-4.19.4-8.0.1.el8_10.x86_64.rpm libnetapi-devel-4.19.4-8.0.1.el8_10.i686.rpm libnetapi-devel-4.19.4-8.0.1.el8_10.x86_64.rpm libsmbclient-devel-4.19.4-8.0.1.el8_10.i686.rpm libsmbclient-devel-4.19.4-8.0.1.el8_10.x86_64.rpm libwbclient-devel-4.19.4-8.0.1.el8_10.i686.rpm libwbclient-devel-4.19.4-8.0.1.el8_10.x86_64.rpm python3-samba-devel-4.19.4-8.0.1.el8_10.i686.rpm python3-samba-devel-4.19.4-8.0.1.el8_10.x86_64.rpm samba-devel-4.19.4-8.0.1.el8_10.i686.rpm samba-devel-4.19.4-8.0.1.el8_10.x86_64.rpm samba-vfs-glusterfs-4.19.4-8.0.1.el8_10.x86_64.rpm aarch64: samba-vfs-glusterfs-4.19.4-8.0.1.el8_10.aarch64.rpm ctdb-4.19.4-8.0.1.el8_10.aarch64.rpm libnetapi-4.19.4-8.0.1.el8_10.aarch64.rpm libsmbclient-4.19.4-8.0.1.el8_10.aarch64.rpm libwbclient-4.19.4-8.0.1.el8_10.aarch64.rpm python3-samba-4.19.4-8.0.1.el8_10.aarch64.rpm python3-samba-dc-4.19.4-8.0.1.el8_10.aarch64.rpm python3-samba-test-4.19.4-8.0.1.el8_10.aarch64.rpm samba-4.19.4-8.0.1.el8_10.aarch64.rpm samba-client-4.19.4-8.0.1.el8_10.aarch64.rpm samba-client-libs-4.19.4-8.0.1.el8_10.aarch64.rpm samba-common-4.19.4-8.0.1.el8_10.noarch.rpm samba-common-libs-4.19.4-8.0.1.el8_10.aarch64.rpm samba-common-tools-4.19.4-8.0.1.el8_10.aarch64.rpm samba-dc-libs-4.19.4-8.0.1.el8_10.aarch64.rpm samba-dcerpc-4.19.4-8.0.1.el8_10.aarch64.rpm samba-krb5-printing-4.19.4-8.0.1.el8_10.aarch64.rpm samba-ldb-ldap-modules-4.19.4-8.0.1.el8_10.aarch64.rpm samba-libs-4.19.4-8.0.1.el8_10.aarch64.rpm samba-pidl-4.19.4-8.0.1.el8_10.noarch.rpm samba-test-4.19.4-8.0.1.el8_10.aarch64.rpm samba-test-libs-4.19.4-8.0.1.el8_10.aarch64.rpm samba-tools-4.19.4-8.0.1.el8_10.aarch64.rpm samba-usershares-4.19.4-8.0.1.el8_10.aarch64.rpm samba-vfs-iouring-4.19.4-8.0.1.el8_10.aarch64.rpm samba-winbind-4.19.4-8.0.1.el8_10.aarch64.rpm samba-winbind-clients-4.19.4-8.0.1.el8_10.aarch64.rpm samba-winbind-krb5-locator-4.19.4-8.0.1.el8_10.aarch64.rpm samba-winbind-modules-4.19.4-8.0.1.el8_10.aarch64.rpm libnetapi-devel-4.19.4-8.0.1.el8_10.aarch64.rpm libsmbclient-devel-4.19.4-8.0.1.el8_10.aarch64.rpm libwbclient-devel-4.19.4-8.0.1.el8_10.aarch64.rpm python3-samba-devel-4.19.4-8.0.1.el8_10.aarch64.rpm samba-devel-4.19.4-8.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//samba-4.19.4-8.0.1.el8_10.src.rpm Description of changes: [4.19.4-8.0.1] - s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs [Orabug: 36518285] - s3:passdb: Do not leak memory in pdb_tdb [Orabug: 36371377] - Gluster volumes not accessible via Samba due to missing samba-vfs-glusterfs in OL8 [Orabug: 30205755] [4.19.4-8] - resolves: RHEL-87030 - Fix winbind memory leak From el-errata at oss.oracle.com Thu Jun 5 12:41:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:07 -0700 Subject: [El-errata] ELBA-2025-8407 Oracle Linux 8 libsemanage bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8407 http://linux.oracle.com/errata/ELBA-2025-8407.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libsemanage-2.9-12.el8_10.i686.rpm libsemanage-2.9-12.el8_10.x86_64.rpm python3-libsemanage-2.9-12.el8_10.x86_64.rpm libsemanage-devel-2.9-12.el8_10.i686.rpm libsemanage-devel-2.9-12.el8_10.x86_64.rpm aarch64: libsemanage-2.9-12.el8_10.aarch64.rpm python3-libsemanage-2.9-12.el8_10.aarch64.rpm libsemanage-devel-2.9-12.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libsemanage-2.9-12.el8_10.src.rpm Description of changes: [2.9-12] - improve performance of semanage store rebuild (RHEL-86057) From el-errata at oss.oracle.com Thu Jun 5 12:41:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:08 -0700 Subject: [El-errata] ELBA-2025-8408 Oracle Linux 8 nfs-utils bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8408 http://linux.oracle.com/errata/ELBA-2025-8408.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libnfsidmap-2.3.3-64.0.1.el8_10.i686.rpm libnfsidmap-2.3.3-64.0.1.el8_10.x86_64.rpm nfs-utils-2.3.3-64.0.1.el8_10.x86_64.rpm libnfsidmap-devel-2.3.3-64.0.1.el8_10.i686.rpm libnfsidmap-devel-2.3.3-64.0.1.el8_10.x86_64.rpm aarch64: libnfsidmap-2.3.3-64.0.1.el8_10.aarch64.rpm nfs-utils-2.3.3-64.0.1.el8_10.aarch64.rpm libnfsidmap-devel-2.3.3-64.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//nfs-utils-2.3.3-64.0.1.el8_10.src.rpm Description of changes: [2.3.3-64.0.1] - nfsd: allow more than 64 backlogged connections - spec: remove multiple warnings when upgrading nfs-utils with gssproxy [Orabug: 35173372] [2.3.3-64] - update rdirplus documentation on nfs(5) man page (RHEL-91253) [2.3.3-63] - mountstats fixes (RHEL-90242) [2.3.3-62] - nfsiostat fixes (RHEL-90242) [2.3.3-61] - gssd: unconditionally use krb5_get_init_creds_opt_alloc (RHEL-62422) - gssd: do not use krb5_cc_initialize (RHEL-62422) [2.3.3-60] - gssd.man: add documentation for use-gss-proxy (RHEL-13085) From el-errata at oss.oracle.com Thu Jun 5 12:41:10 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:10 -0700 Subject: [El-errata] ELBA-2025-8410 Oracle Linux 8 sssd bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8410 http://linux.oracle.com/errata/ELBA-2025-8410.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libipa_hbac-2.9.4-5.0.2.el8_10.2.i686.rpm libipa_hbac-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_autofs-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_certmap-2.9.4-5.0.2.el8_10.2.i686.rpm libsss_certmap-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_idmap-2.9.4-5.0.2.el8_10.2.i686.rpm libsss_idmap-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_nss_idmap-2.9.4-5.0.2.el8_10.2.i686.rpm libsss_nss_idmap-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_simpleifp-2.9.4-5.0.2.el8_10.2.i686.rpm libsss_simpleifp-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_sudo-2.9.4-5.0.2.el8_10.2.x86_64.rpm python3-libipa_hbac-2.9.4-5.0.2.el8_10.2.x86_64.rpm python3-libsss_nss_idmap-2.9.4-5.0.2.el8_10.2.x86_64.rpm python3-sss-2.9.4-5.0.2.el8_10.2.x86_64.rpm python3-sss-murmur-2.9.4-5.0.2.el8_10.2.x86_64.rpm python3-sssdconfig-2.9.4-5.0.2.el8_10.2.noarch.rpm sssd-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-ad-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-client-2.9.4-5.0.2.el8_10.2.i686.rpm sssd-client-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-common-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-common-pac-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-dbus-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-idp-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-ipa-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-kcm-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-krb5-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-krb5-common-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-ldap-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-nfs-idmap-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-polkit-rules-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-proxy-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-tools-2.9.4-5.0.2.el8_10.2.x86_64.rpm sssd-winbind-idmap-2.9.4-5.0.2.el8_10.2.x86_64.rpm libsss_nss_idmap-devel-2.9.4-5.0.2.el8_10.2.i686.rpm libsss_nss_idmap-devel-2.9.4-5.0.2.el8_10.2.x86_64.rpm aarch64: libipa_hbac-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_autofs-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_certmap-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_idmap-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_nss_idmap-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_simpleifp-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_sudo-2.9.4-5.0.2.el8_10.2.aarch64.rpm python3-libipa_hbac-2.9.4-5.0.2.el8_10.2.aarch64.rpm python3-libsss_nss_idmap-2.9.4-5.0.2.el8_10.2.aarch64.rpm python3-sss-2.9.4-5.0.2.el8_10.2.aarch64.rpm python3-sss-murmur-2.9.4-5.0.2.el8_10.2.aarch64.rpm python3-sssdconfig-2.9.4-5.0.2.el8_10.2.noarch.rpm sssd-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-ad-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-client-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-common-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-common-pac-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-dbus-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-idp-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-ipa-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-kcm-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-krb5-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-krb5-common-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-ldap-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-nfs-idmap-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-polkit-rules-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-proxy-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-tools-2.9.4-5.0.2.el8_10.2.aarch64.rpm sssd-winbind-idmap-2.9.4-5.0.2.el8_10.2.aarch64.rpm libsss_nss_idmap-devel-2.9.4-5.0.2.el8_10.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//sssd-2.9.4-5.0.2.el8_10.2.src.rpm Description of changes: [2.9.4-5.0.2.2] - Missing ntohs to service port [Orabug: 37389651] - Restore default debug level for sss_cache [Orabug: 32810448] From el-errata at oss.oracle.com Thu Jun 5 12:41:11 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:11 -0700 Subject: [El-errata] ELBA-2025-8413 Oracle Linux 8 squid:4 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8413 http://linux.oracle.com/errata/ELBA-2025-8413.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm squid-4.15-10.module+el8.10.0+90596+ff1dacb8.6.x86_64.rpm aarch64: libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm squid-4.15-10.module+el8.10.0+90596+ff1dacb8.6.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//squid-4.15-10.module+el8.10.0+90596+ff1dacb8.6.src.rpm Description of changes: libecap squid [7:4.15-10.6] - Resolves: RHEL-84420 - A squid child process causes a memory reference error and the squid service terminates abnormally [7:4.15-10.5] - Resolves: RHEL-66120 - squid caches DNS entries despite having TTL set to 0 [7:4.15-10.4] - Resolves: RHEL-67870 - Remove gopher mention from spec file [7:4.15-10.3] - Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to a Denial of Service attack against Cache Manager error responses [7:4.15-10.2] - Disable ESI support - Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service processing ESI response content [7:4.15-10.1] - Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent to the client in its complementary From el-errata at oss.oracle.com Thu Jun 5 12:41:13 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:13 -0700 Subject: [El-errata] ELBA-2025-8415 Oracle Linux 8 qatzip bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8415 http://linux.oracle.com/errata/ELBA-2025-8415.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: qatzip-1.1.2-3.el8_10.x86_64.rpm qatzip-libs-1.1.2-3.el8_10.x86_64.rpm qatzip-devel-1.1.2-3.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//qatzip-1.1.2-3.el8_10.src.rpm Description of changes: [1.1.2-3] - Fix large files decompression bug QATAPP-32528 (RHEL-35325) From el-errata at oss.oracle.com Thu Jun 5 12:41:16 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:16 -0700 Subject: [El-errata] ELBA-2025-8417 Oracle Linux 8 httpd:2.4 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8417 http://linux.oracle.com/errata/ELBA-2025-8417.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90597+64bb2ac6.3.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90597+64bb2ac6.3.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-65.0.1.module+el8.10.0+90597+64bb2ac6.4.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-10.module+el8.10.0+90597+64bb2ac6.3.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm Description of changes: httpd [2.4.37-65.4.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.4] - Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests [2.4.37-65.3] - Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with unicode characters in the name [2.4.37-65.2] - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) - Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) - Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) mod_http2 [1.15.7-10.3] - Resolves: RHEL-58454 - mod_proxy_http2 failures after CVE-2024-38477 fix - Resolves: RHEL-59017 - random failures in other requests on http/2 stream when client resets one request [1.15.7-10.2] - Resolves: RHEL-71575: Wrong Content-Type when proxying using H2 protocol [1.15.7-10.1] - Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431 occurs using http/2 on RHEL8 mod_md From el-errata at oss.oracle.com Thu Jun 5 12:41:14 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:14 -0700 Subject: [El-errata] ELBA-2025-8416 Oracle Linux 8 python3.12 bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8416 http://linux.oracle.com/errata/ELBA-2025-8416.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-3.12.10-1.el8_10.x86_64.rpm python3.12-devel-3.12.10-1.el8_10.i686.rpm python3.12-devel-3.12.10-1.el8_10.x86_64.rpm python3.12-libs-3.12.10-1.el8_10.i686.rpm python3.12-libs-3.12.10-1.el8_10.x86_64.rpm python3.12-rpm-macros-3.12.10-1.el8_10.noarch.rpm python3.12-tkinter-3.12.10-1.el8_10.x86_64.rpm python3.12-3.12.10-1.el8_10.i686.rpm python3.12-debug-3.12.10-1.el8_10.i686.rpm python3.12-debug-3.12.10-1.el8_10.x86_64.rpm python3.12-idle-3.12.10-1.el8_10.i686.rpm python3.12-idle-3.12.10-1.el8_10.x86_64.rpm python3.12-test-3.12.10-1.el8_10.i686.rpm python3.12-test-3.12.10-1.el8_10.x86_64.rpm python3.12-tkinter-3.12.10-1.el8_10.i686.rpm aarch64: python3.12-3.12.10-1.el8_10.aarch64.rpm python3.12-devel-3.12.10-1.el8_10.aarch64.rpm python3.12-libs-3.12.10-1.el8_10.aarch64.rpm python3.12-rpm-macros-3.12.10-1.el8_10.noarch.rpm python3.12-tkinter-3.12.10-1.el8_10.aarch64.rpm python3.12-debug-3.12.10-1.el8_10.aarch64.rpm python3.12-idle-3.12.10-1.el8_10.aarch64.rpm python3.12-test-3.12.10-1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python3.12-3.12.10-1.el8_10.src.rpm Description of changes: [3.12.10-1] - Update to 3.12.10 Resolves: RHEL-86888 [3.12.9-1] - Update to 3.12.9 - Security fix for CVE-2025-0938 Related: RHEL-86888 From el-errata at oss.oracle.com Thu Jun 5 12:41:18 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:18 -0700 Subject: [El-errata] ELBA-2025-8418 Oracle Linux 8 fence-agents bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8418 http://linux.oracle.com/errata/ELBA-2025-8418.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: fence-agents-all-4.2.1-129.el8_10.8.x86_64.rpm fence-agents-amt-ws-4.2.1-129.el8_10.8.noarch.rpm fence-agents-apc-4.2.1-129.el8_10.8.noarch.rpm fence-agents-apc-snmp-4.2.1-129.el8_10.8.noarch.rpm fence-agents-bladecenter-4.2.1-129.el8_10.8.noarch.rpm fence-agents-brocade-4.2.1-129.el8_10.8.noarch.rpm fence-agents-cisco-mds-4.2.1-129.el8_10.8.noarch.rpm fence-agents-cisco-ucs-4.2.1-129.el8_10.8.noarch.rpm fence-agents-common-4.2.1-129.el8_10.8.noarch.rpm fence-agents-compute-4.2.1-129.el8_10.8.noarch.rpm fence-agents-drac5-4.2.1-129.el8_10.8.noarch.rpm fence-agents-eaton-snmp-4.2.1-129.el8_10.8.noarch.rpm fence-agents-emerson-4.2.1-129.el8_10.8.noarch.rpm fence-agents-eps-4.2.1-129.el8_10.8.noarch.rpm fence-agents-heuristics-ping-4.2.1-129.el8_10.8.noarch.rpm fence-agents-hpblade-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ibm-powervs-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ibm-vpc-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ibmblade-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ifmib-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo-moonshot-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo-mp-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo-ssh-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo2-4.2.1-129.el8_10.8.noarch.rpm fence-agents-intelmodular-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ipdu-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ipmilan-4.2.1-129.el8_10.8.noarch.rpm fence-agents-kdump-4.2.1-129.el8_10.8.x86_64.rpm fence-agents-kubevirt-4.2.1-129.el8_10.8.x86_64.rpm fence-agents-lpar-4.2.1-129.el8_10.8.noarch.rpm fence-agents-mpath-4.2.1-129.el8_10.8.noarch.rpm fence-agents-redfish-4.2.1-129.el8_10.8.x86_64.rpm fence-agents-rhevm-4.2.1-129.el8_10.8.noarch.rpm fence-agents-rsa-4.2.1-129.el8_10.8.noarch.rpm fence-agents-rsb-4.2.1-129.el8_10.8.noarch.rpm fence-agents-sbd-4.2.1-129.el8_10.8.noarch.rpm fence-agents-scsi-4.2.1-129.el8_10.8.noarch.rpm fence-agents-virsh-4.2.1-129.el8_10.8.noarch.rpm fence-agents-vmware-rest-4.2.1-129.el8_10.8.noarch.rpm fence-agents-vmware-soap-4.2.1-129.el8_10.8.noarch.rpm fence-agents-wti-4.2.1-129.el8_10.8.noarch.rpm aarch64: fence-agents-all-4.2.1-129.el8_10.8.aarch64.rpm fence-agents-amt-ws-4.2.1-129.el8_10.8.noarch.rpm fence-agents-apc-4.2.1-129.el8_10.8.noarch.rpm fence-agents-apc-snmp-4.2.1-129.el8_10.8.noarch.rpm fence-agents-bladecenter-4.2.1-129.el8_10.8.noarch.rpm fence-agents-brocade-4.2.1-129.el8_10.8.noarch.rpm fence-agents-cisco-mds-4.2.1-129.el8_10.8.noarch.rpm fence-agents-cisco-ucs-4.2.1-129.el8_10.8.noarch.rpm fence-agents-common-4.2.1-129.el8_10.8.noarch.rpm fence-agents-compute-4.2.1-129.el8_10.8.noarch.rpm fence-agents-drac5-4.2.1-129.el8_10.8.noarch.rpm fence-agents-eaton-snmp-4.2.1-129.el8_10.8.noarch.rpm fence-agents-emerson-4.2.1-129.el8_10.8.noarch.rpm fence-agents-eps-4.2.1-129.el8_10.8.noarch.rpm fence-agents-heuristics-ping-4.2.1-129.el8_10.8.noarch.rpm fence-agents-hpblade-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ibm-powervs-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ibm-vpc-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ibmblade-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ifmib-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo-moonshot-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo-mp-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo-ssh-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ilo2-4.2.1-129.el8_10.8.noarch.rpm fence-agents-intelmodular-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ipdu-4.2.1-129.el8_10.8.noarch.rpm fence-agents-ipmilan-4.2.1-129.el8_10.8.noarch.rpm fence-agents-kdump-4.2.1-129.el8_10.8.aarch64.rpm fence-agents-kubevirt-4.2.1-129.el8_10.8.aarch64.rpm fence-agents-mpath-4.2.1-129.el8_10.8.noarch.rpm fence-agents-redfish-4.2.1-129.el8_10.8.aarch64.rpm fence-agents-rhevm-4.2.1-129.el8_10.8.noarch.rpm fence-agents-rsa-4.2.1-129.el8_10.8.noarch.rpm fence-agents-rsb-4.2.1-129.el8_10.8.noarch.rpm fence-agents-sbd-4.2.1-129.el8_10.8.noarch.rpm fence-agents-scsi-4.2.1-129.el8_10.8.noarch.rpm fence-agents-virsh-4.2.1-129.el8_10.8.noarch.rpm fence-agents-vmware-rest-4.2.1-129.el8_10.8.noarch.rpm fence-agents-vmware-soap-4.2.1-129.el8_10.8.noarch.rpm fence-agents-wti-4.2.1-129.el8_10.8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//fence-agents-4.2.1-129.el8_10.8.src.rpm Description of changes: [4.2.1-129.8] - fence_ibm_powervs: add private endpoint and token file support Resolves: RHEL-65025 [4.2.1-129.7] - fence_azure_arm: use azure-identity instead of msrestazure, which has been deprecated Resolves: RHEL-76492 [4.2.1-129.5] - fence_scsi: preempt clears all devices on the mpath device, so only run it for the first device Resolves: RHEL-56840 [4.2.1-129.4] - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50223 [4.2.1-129.3] - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43568 [4.2.1-129.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-7734 - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-35655 From el-errata at oss.oracle.com Thu Jun 5 12:41:19 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:19 -0700 Subject: [El-errata] ELBA-2025-8420 Oracle Linux 8 ibus bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8420 http://linux.oracle.com/errata/ELBA-2025-8420.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: ibus-1.5.19-15.el8_10.x86_64.rpm ibus-gtk2-1.5.19-15.el8_10.i686.rpm ibus-gtk2-1.5.19-15.el8_10.x86_64.rpm ibus-gtk3-1.5.19-15.el8_10.x86_64.rpm ibus-libs-1.5.19-15.el8_10.i686.rpm ibus-libs-1.5.19-15.el8_10.x86_64.rpm ibus-setup-1.5.19-15.el8_10.noarch.rpm ibus-wayland-1.5.19-15.el8_10.x86_64.rpm ibus-devel-1.5.19-15.el8_10.i686.rpm ibus-devel-1.5.19-15.el8_10.x86_64.rpm ibus-devel-docs-1.5.19-15.el8_10.noarch.rpm aarch64: ibus-1.5.19-15.el8_10.aarch64.rpm ibus-gtk2-1.5.19-15.el8_10.aarch64.rpm ibus-gtk3-1.5.19-15.el8_10.aarch64.rpm ibus-libs-1.5.19-15.el8_10.aarch64.rpm ibus-setup-1.5.19-15.el8_10.noarch.rpm ibus-wayland-1.5.19-15.el8_10.aarch64.rpm ibus-devel-1.5.19-15.el8_10.aarch64.rpm ibus-devel-docs-1.5.19-15.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ibus-1.5.19-15.el8_10.src.rpm Description of changes: [1.5.19-15] - Resolves: RHEL-87876 Backport desktop-testing from RHEL 9 From el-errata at oss.oracle.com Thu Jun 5 12:41:20 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:20 -0700 Subject: [El-errata] ELBA-2025-8422 Oracle Linux 8 gnome-shell-extensions bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8422 http://linux.oracle.com/errata/ELBA-2025-8422.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gnome-classic-session-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-classification-banner-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-common-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-custom-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-dash-to-panel-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-heads-up-display-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-places-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-top-icons-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-user-theme-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-window-list-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-41.el8_10.noarch.rpm aarch64: gnome-classic-session-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-classification-banner-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-common-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-custom-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-dash-to-panel-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-heads-up-display-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-places-menu-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-top-icons-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-user-theme-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-window-list-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-41.el8_10.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-41.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gnome-shell-extensions-3.32.1-41.el8_10.src.rpm Description of changes: [3.32.1-41] - Use custom layout manager in apps menu Resolves: RHEL-14936 From el-errata at oss.oracle.com Thu Jun 5 12:41:22 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:22 -0700 Subject: [El-errata] ELBA-2025-8423 Oracle Linux 8 libwebp bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8423 http://linux.oracle.com/errata/ELBA-2025-8423.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libwebp-1.0.0-11.el8_10.i686.rpm libwebp-1.0.0-11.el8_10.x86_64.rpm libwebp-devel-1.0.0-11.el8_10.i686.rpm libwebp-devel-1.0.0-11.el8_10.x86_64.rpm libwebp-tools-1.0.0-11.el8_10.x86_64.rpm aarch64: libwebp-1.0.0-11.el8_10.aarch64.rpm libwebp-devel-1.0.0-11.el8_10.aarch64.rpm libwebp-tools-1.0.0-11.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libwebp-1.0.0-11.el8_10.src.rpm Description of changes: [1.0.0-11] - Rebuild a package for shipping libwebp-tools in CRB - Resolves: RHEL-86884 [1.0.0-10] - Added fix for CVE-2023-4863 From el-errata at oss.oracle.com Thu Jun 5 12:41:23 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:23 -0700 Subject: [El-errata] ELBA-2025-8424 Oracle Linux 8 cups-filters bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8424 http://linux.oracle.com/errata/ELBA-2025-8424.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: cups-filters-1.20.0-36.0.1.el8_10.x86_64.rpm cups-filters-libs-1.20.0-36.0.1.el8_10.i686.rpm cups-filters-libs-1.20.0-36.0.1.el8_10.x86_64.rpm cups-filters-devel-1.20.0-36.0.1.el8_10.i686.rpm cups-filters-devel-1.20.0-36.0.1.el8_10.x86_64.rpm aarch64: cups-filters-1.20.0-36.0.1.el8_10.aarch64.rpm cups-filters-libs-1.20.0-36.0.1.el8_10.aarch64.rpm cups-filters-devel-1.20.0-36.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//cups-filters-1.20.0-36.0.1.el8_10.src.rpm Description of changes: [1.20.0-36.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen at oracle.com) - Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen at oracle.com) [1.20.0-36] - RHEL-77102 Cups images rotate 90 degrees when using browsed for printer sharing From el-errata at oss.oracle.com Thu Jun 5 12:41:25 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:25 -0700 Subject: [El-errata] ELBA-2025-8425 Oracle Linux 8 389-ds:1.4 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8425 http://linux.oracle.com/errata/ELBA-2025-8425.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: 389-ds-base-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.x86_64.rpm 389-ds-base-devel-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.x86_64.rpm 389-ds-base-libs-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.x86_64.rpm 389-ds-base-snmp-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.x86_64.rpm python3-lib389-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.noarch.rpm aarch64: 389-ds-base-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.aarch64.rpm 389-ds-base-devel-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.aarch64.rpm 389-ds-base-legacy-tools-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.aarch64.rpm 389-ds-base-libs-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.aarch64.rpm 389-ds-base-snmp-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.aarch64.rpm python3-lib389-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//389-ds-base-1.4.3.39-13.module+el8.10.0+90595+65ba0c48.src.rpm Description of changes: [1.4.3.39-13] - Resolves: RHEL-89749 - Nested group does not receive memberOf attribute [rhel-8.10.z] - Resolves: RHEL-89758 - dsidm Error: float() argument must be a string or a number, not 'NoneType' [rhel-8.10.z] - Resolves: RHEL-89765 - Crash in __strlen_sse2 when using the nsRole filter rewriter. [rhel-8.10.z] - Resolves: RHEL-89778 - RHDS12.2 NSMMReplicationPlugin - release_replica Unable to parse the response [rhel-8.10.z] From el-errata at oss.oracle.com Thu Jun 5 12:41:26 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:26 -0700 Subject: [El-errata] ELBA-2025-8426 Oracle Linux 8 gnome-shell bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8426 http://linux.oracle.com/errata/ELBA-2025-8426.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gnome-shell-3.32.2-57.el8_10.x86_64.rpm aarch64: gnome-shell-3.32.2-57.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gnome-shell-3.32.2-57.el8_10.src.rpm Description of changes: [3.32.2-57] - Fix refcount issue in stylesheet tracking Resolves: RHEL-91810 From el-errata at oss.oracle.com Thu Jun 5 12:41:28 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:28 -0700 Subject: [El-errata] ELSA-2025-8292 Important: Oracle Linux 8 mingw-freetype and spice-client-win security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8292 http://linux.oracle.com/errata/ELSA-2025-8292.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mingw32-freetype-2.8-3.el8_10.1.noarch.rpm mingw32-freetype-static-2.8-3.el8_10.1.noarch.rpm mingw64-freetype-2.8-3.el8_10.1.noarch.rpm mingw64-freetype-static-2.8-3.el8_10.1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mingw-freetype-2.8-3.el8_10.1.src.rpm Related CVEs: CVE-2025-27363 CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32907 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32913 Description of changes: [2.8-3.1] - Fix CVE-2025-27363 Resolves: RHEL-83101 From el-errata at oss.oracle.com Thu Jun 5 12:41:29 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:29 -0700 Subject: [El-errata] ELSA-2025-8336 Important: Oracle Linux 8 varnish:6 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8336 http://linux.oracle.com/errata/ELSA-2025-8336.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: varnish-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.x86_64.rpm varnish-devel-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.x86_64.rpm varnish-docs-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.x86_64.rpm varnish-modules-0.15.0-6.module+el8.10.0+90594+95ad0b53.x86_64.rpm aarch64: varnish-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.aarch64.rpm varnish-devel-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.aarch64.rpm varnish-docs-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.aarch64.rpm varnish-modules-0.15.0-6.module+el8.10.0+90594+95ad0b53.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//varnish-6.0.13-1.module+el8.10.0+90594+95ad0b53.1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//varnish-modules-0.15.0-6.module+el8.10.0+90594+95ad0b53.src.rpm Related CVEs: CVE-2025-47905 Description of changes: varnish [6.0.13-1.1] - Resolves: RHEL-89695 - varnish: request smuggling attacks (CVE-2025-47905) varnish-modules From el-errata at oss.oracle.com Thu Jun 5 12:41:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:31 -0700 Subject: [El-errata] ELSA-2025-8395 Low: Oracle Linux 8 rsync security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8395 http://linux.oracle.com/errata/ELSA-2025-8395.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: rsync-3.1.3-23.el8_10.x86_64.rpm rsync-daemon-3.1.3-23.el8_10.noarch.rpm aarch64: rsync-3.1.3-23.el8_10.aarch64.rpm rsync-daemon-3.1.3-23.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//rsync-3.1.3-23.el8_10.src.rpm Related CVEs: CVE-2016-9840 Description of changes: [3.1.3-23] - Resolves: RHEL-52004 - Slowness in rsync due to extra validation steps [3.1.3-22] - Resolves: RHEL-91519 - Improper Pointer Arithmetic in pcl From el-errata at oss.oracle.com Thu Jun 5 12:41:32 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:32 -0700 Subject: [El-errata] ELSA-2025-8411 Moderate: Oracle Linux 8 krb5 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8411 http://linux.oracle.com/errata/ELSA-2025-8411.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: krb5-devel-1.18.2-32.0.1.el8_10.i686.rpm krb5-devel-1.18.2-32.0.1.el8_10.x86_64.rpm krb5-libs-1.18.2-32.0.1.el8_10.i686.rpm krb5-libs-1.18.2-32.0.1.el8_10.x86_64.rpm krb5-pkinit-1.18.2-32.0.1.el8_10.i686.rpm krb5-pkinit-1.18.2-32.0.1.el8_10.x86_64.rpm krb5-server-1.18.2-32.0.1.el8_10.i686.rpm krb5-server-1.18.2-32.0.1.el8_10.x86_64.rpm krb5-server-ldap-1.18.2-32.0.1.el8_10.i686.rpm krb5-server-ldap-1.18.2-32.0.1.el8_10.x86_64.rpm krb5-workstation-1.18.2-32.0.1.el8_10.x86_64.rpm libkadm5-1.18.2-32.0.1.el8_10.i686.rpm libkadm5-1.18.2-32.0.1.el8_10.x86_64.rpm aarch64: krb5-devel-1.18.2-32.0.1.el8_10.aarch64.rpm krb5-libs-1.18.2-32.0.1.el8_10.aarch64.rpm krb5-pkinit-1.18.2-32.0.1.el8_10.aarch64.rpm krb5-server-1.18.2-32.0.1.el8_10.aarch64.rpm krb5-server-ldap-1.18.2-32.0.1.el8_10.aarch64.rpm krb5-workstation-1.18.2-32.0.1.el8_10.aarch64.rpm libkadm5-1.18.2-32.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//krb5-1.18.2-32.0.1.el8_10.src.rpm Related CVEs: CVE-2025-3576 Description of changes: [1.18.2-32.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.18.2-32] - Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-86786 - Don't issue RC4 session keys by default (CVE-2025-3576) Resolves: RHEL-88049 - Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-82648 From el-errata at oss.oracle.com Thu Jun 5 12:41:33 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:33 -0700 Subject: [El-errata] ELSA-2025-8414 Moderate: Oracle Linux 8 git security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8414 http://linux.oracle.com/errata/ELSA-2025-8414.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: git-2.43.5-3.el8_10.x86_64.rpm git-all-2.43.5-3.el8_10.noarch.rpm git-core-2.43.5-3.el8_10.x86_64.rpm git-core-doc-2.43.5-3.el8_10.noarch.rpm git-credential-libsecret-2.43.5-3.el8_10.x86_64.rpm git-daemon-2.43.5-3.el8_10.x86_64.rpm git-email-2.43.5-3.el8_10.noarch.rpm git-gui-2.43.5-3.el8_10.noarch.rpm git-instaweb-2.43.5-3.el8_10.noarch.rpm git-subtree-2.43.5-3.el8_10.x86_64.rpm git-svn-2.43.5-3.el8_10.noarch.rpm gitk-2.43.5-3.el8_10.noarch.rpm gitweb-2.43.5-3.el8_10.noarch.rpm perl-Git-2.43.5-3.el8_10.noarch.rpm perl-Git-SVN-2.43.5-3.el8_10.noarch.rpm aarch64: git-2.43.5-3.el8_10.aarch64.rpm git-all-2.43.5-3.el8_10.noarch.rpm git-core-2.43.5-3.el8_10.aarch64.rpm git-core-doc-2.43.5-3.el8_10.noarch.rpm git-credential-libsecret-2.43.5-3.el8_10.aarch64.rpm git-daemon-2.43.5-3.el8_10.aarch64.rpm git-email-2.43.5-3.el8_10.noarch.rpm git-gui-2.43.5-3.el8_10.noarch.rpm git-instaweb-2.43.5-3.el8_10.noarch.rpm git-subtree-2.43.5-3.el8_10.aarch64.rpm git-svn-2.43.5-3.el8_10.noarch.rpm gitk-2.43.5-3.el8_10.noarch.rpm gitweb-2.43.5-3.el8_10.noarch.rpm perl-Git-2.43.5-3.el8_10.noarch.rpm perl-Git-SVN-2.43.5-3.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//git-2.43.5-3.el8_10.src.rpm Related CVEs: CVE-2024-52005 Description of changes: [2.43.5-3] - add the option to sanitize sideband channel messages - Resolves: RHEL-74177 From el-errata at oss.oracle.com Thu Jun 5 12:41:38 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:38 -0700 Subject: [El-errata] ELSA-2025-8419 Low: Oracle Linux 8 python36:3.6 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8419 http://linux.oracle.com/errata/ELSA-2025-8419.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python36-3.6.8-39.module+el8.10.0+90473+c30184f9.x86_64.rpm python36-debug-3.6.8-39.module+el8.10.0+90473+c30184f9.x86_64.rpm python36-devel-3.6.8-39.module+el8.10.0+90473+c30184f9.x86_64.rpm python36-rpm-macros-3.6.8-39.module+el8.10.0+90473+c30184f9.noarch.rpm python3-bson-3.7.0-2.module+el8.10.0+90599+fd4ba14b.x86_64.rpm python3-distro-1.4.0-2.module+el8.10.0+90473+c30184f9.noarch.rpm python3-docs-3.6.7-2.module+el8.10.0+90473+c30184f9.noarch.rpm python3-docutils-0.14-12.module+el8.10.0+90473+c30184f9.noarch.rpm python3-nose-1.3.7-31.module+el8.10.0+90473+c30184f9.noarch.rpm python3-pygments-2.2.0-22.module+el8.10.0+90473+c30184f9.noarch.rpm python3-pymongo-3.7.0-2.module+el8.10.0+90599+fd4ba14b.x86_64.rpm python3-pymongo-gridfs-3.7.0-2.module+el8.10.0+90599+fd4ba14b.x86_64.rpm python3-PyMySQL-0.10.1-2.module+el8.10.0+90473+c30184f9.noarch.rpm python3-scipy-1.0.0-21.module+el8.10.0+90473+c30184f9.x86_64.rpm python3-sqlalchemy-1.3.2-3.module+el8.10.0+90473+c30184f9.x86_64.rpm python3-virtualenv-15.1.0-23.module+el8.10.0+90473+c30184f9.noarch.rpm python3-wheel-0.31.1-3.module+el8.10.0+90473+c30184f9.noarch.rpm python3-wheel-wheel-0.31.1-3.module+el8.10.0+90473+c30184f9.noarch.rpm python-nose-docs-1.3.7-31.module+el8.10.0+90473+c30184f9.noarch.rpm python-pymongo-doc-3.7.0-2.module+el8.10.0+90599+fd4ba14b.noarch.rpm python-sqlalchemy-doc-1.3.2-3.module+el8.10.0+90473+c30184f9.noarch.rpm python-virtualenv-doc-15.1.0-23.module+el8.10.0+90473+c30184f9.noarch.rpm aarch64: python36-3.6.8-39.module+el8.10.0+90473+c30184f9.aarch64.rpm python36-debug-3.6.8-39.module+el8.10.0+90473+c30184f9.aarch64.rpm python36-devel-3.6.8-39.module+el8.10.0+90473+c30184f9.aarch64.rpm python36-rpm-macros-3.6.8-39.module+el8.10.0+90473+c30184f9.noarch.rpm python3-bson-3.7.0-2.module+el8.10.0+90599+fd4ba14b.aarch64.rpm python3-distro-1.4.0-2.module+el8.10.0+90473+c30184f9.noarch.rpm python3-docs-3.6.7-2.module+el8.10.0+90473+c30184f9.noarch.rpm python3-docutils-0.14-12.module+el8.10.0+90473+c30184f9.noarch.rpm python3-nose-1.3.7-31.module+el8.10.0+90473+c30184f9.noarch.rpm python3-pygments-2.2.0-22.module+el8.10.0+90473+c30184f9.noarch.rpm python3-pymongo-3.7.0-2.module+el8.10.0+90599+fd4ba14b.aarch64.rpm python3-pymongo-gridfs-3.7.0-2.module+el8.10.0+90599+fd4ba14b.aarch64.rpm python3-PyMySQL-0.10.1-2.module+el8.10.0+90473+c30184f9.noarch.rpm python3-scipy-1.0.0-21.module+el8.10.0+90473+c30184f9.aarch64.rpm python3-sqlalchemy-1.3.2-3.module+el8.10.0+90473+c30184f9.aarch64.rpm python3-virtualenv-15.1.0-23.module+el8.10.0+90473+c30184f9.noarch.rpm python3-wheel-0.31.1-3.module+el8.10.0+90473+c30184f9.noarch.rpm python3-wheel-wheel-0.31.1-3.module+el8.10.0+90473+c30184f9.noarch.rpm python-nose-docs-1.3.7-31.module+el8.10.0+90473+c30184f9.noarch.rpm python-pymongo-doc-3.7.0-2.module+el8.10.0+90599+fd4ba14b.noarch.rpm python-sqlalchemy-doc-1.3.2-3.module+el8.10.0+90473+c30184f9.noarch.rpm python-virtualenv-doc-15.1.0-23.module+el8.10.0+90473+c30184f9.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python36-3.6.8-39.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-distro-1.4.0-2.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-docs-3.6.7-2.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-docutils-0.14-12.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-nose-1.3.7-31.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pygments-2.2.0-22.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pymongo-3.7.0-2.module+el8.10.0+90599+fd4ba14b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-PyMySQL-0.10.1-2.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-sqlalchemy-1.3.2-3.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-virtualenv-15.1.0-23.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-wheel-0.31.1-3.module+el8.10.0+90473+c30184f9.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//scipy-1.0.0-21.module+el8.10.0+90473+c30184f9.src.rpm Related CVEs: CVE-2024-5629 Description of changes: python36 python-distro python-docs python-docutils python-nose python-pygments python-pymongo [3.7.0-2] - Backport CVE-2024-5629 python-PyMySQL python-sqlalchemy python-virtualenv [15.1.0-23] - Security fix for CVE-2024-53899 Resolves: RHEL-68876 python-wheel scipy From el-errata at oss.oracle.com Thu Jun 5 12:41:39 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:39 -0700 Subject: [El-errata] ELSA-2025-8421 Moderate: Oracle Linux 8 ghostscript security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8421 http://linux.oracle.com/errata/ELSA-2025-8421.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: ghostscript-9.27-17.el8_10.x86_64.rpm ghostscript-x11-9.27-17.el8_10.x86_64.rpm libgs-9.27-17.el8_10.i686.rpm libgs-9.27-17.el8_10.x86_64.rpm ghostscript-doc-9.27-17.el8_10.noarch.rpm ghostscript-tools-dvipdf-9.27-17.el8_10.x86_64.rpm ghostscript-tools-fonts-9.27-17.el8_10.x86_64.rpm ghostscript-tools-printing-9.27-17.el8_10.x86_64.rpm libgs-devel-9.27-17.el8_10.i686.rpm libgs-devel-9.27-17.el8_10.x86_64.rpm aarch64: ghostscript-9.27-17.el8_10.aarch64.rpm ghostscript-x11-9.27-17.el8_10.aarch64.rpm libgs-9.27-17.el8_10.aarch64.rpm ghostscript-doc-9.27-17.el8_10.noarch.rpm ghostscript-tools-dvipdf-9.27-17.el8_10.aarch64.rpm ghostscript-tools-fonts-9.27-17.el8_10.aarch64.rpm ghostscript-tools-printing-9.27-17.el8_10.aarch64.rpm libgs-devel-9.27-17.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ghostscript-9.27-17.el8_10.src.rpm Related CVEs: CVE-2025-27832 Description of changes: [9.27-17] - RHEL-88965 CVE-2025-27832 ghostscript: NPDL device: Compression buffer overflow From el-errata at oss.oracle.com Thu Jun 5 12:41:41 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:41 -0700 Subject: [El-errata] ELSA-2025-8432 Moderate: Oracle Linux 8 perl-CPAN security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8432 http://linux.oracle.com/errata/ELSA-2025-8432.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: perl-CPAN-2.18-402.el8_10.noarch.rpm aarch64: perl-CPAN-2.18-402.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//perl-CPAN-2.18-402.el8_10.src.rpm Related CVEs: CVE-2020-16156 Description of changes: [2.18-402] - Resolves: RHEL-9605 - Add 2022 PAUSE public key. - Change default value for urllist to https://www.cpan.org - Use gpg --verify --output ... to disentangle data and signature From el-errata at oss.oracle.com Thu Jun 5 12:41:43 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:43 -0700 Subject: [El-errata] ELSA-2025-8478 Moderate: Oracle Linux 8 go-toolset:ol8 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8478 http://linux.oracle.com/errata/ELSA-2025-8478.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: delve-1.24.1-1.0.1.module+el8.10.0+90602+3daf471e.x86_64.rpm golang-1.23.9-1.module+el8.10.0+90602+3daf471e.x86_64.rpm golang-bin-1.23.9-1.module+el8.10.0+90602+3daf471e.x86_64.rpm golang-docs-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm golang-misc-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm golang-src-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm golang-tests-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm go-toolset-1.23.9-1.module+el8.10.0+90602+3daf471e.x86_64.rpm aarch64: delve-1.24.1-1.0.1.module+el8.10.0+90602+3daf471e.aarch64.rpm golang-1.23.9-1.module+el8.10.0+90602+3daf471e.aarch64.rpm golang-bin-1.23.9-1.module+el8.10.0+90602+3daf471e.aarch64.rpm golang-docs-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm golang-misc-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm golang-src-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm golang-tests-1.23.9-1.module+el8.10.0+90602+3daf471e.noarch.rpm go-toolset-1.23.9-1.module+el8.10.0+90602+3daf471e.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//delve-1.24.1-1.0.1.module+el8.10.0+90602+3daf471e.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//golang-1.23.9-1.module+el8.10.0+90602+3daf471e.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//go-toolset-1.23.9-1.module+el8.10.0+90602+3daf471e.src.rpm Related CVEs: CVE-2025-22871 Description of changes: delve [1.24.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) golang [1.23.9-1] - Update to Go 1.23.9 - Resolves: RHEL-94636 go-toolset [1.23.9-1] - Update to Go 1.23.9 - Resolves: RHEL-94636 From el-errata at oss.oracle.com Thu Jun 5 12:41:45 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:41:45 -0700 Subject: [El-errata] ELSA-2025-8506 Important: Oracle Linux 8 nodejs:22 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8506 http://linux.oracle.com/errata/ELSA-2025-8506.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-22.16.0-1.module+el8.10.0+90605+76e4d41a.x86_64.rpm nodejs-devel-22.16.0-1.module+el8.10.0+90605+76e4d41a.x86_64.rpm nodejs-docs-22.16.0-1.module+el8.10.0+90605+76e4d41a.noarch.rpm nodejs-full-i18n-22.16.0-1.module+el8.10.0+90605+76e4d41a.x86_64.rpm nodejs-libs-22.16.0-1.module+el8.10.0+90605+76e4d41a.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90605+76e4d41a.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90605+76e4d41a.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90605+76e4d41a.noarch.rpm npm-10.9.2-1.22.16.0.1.module+el8.10.0+90605+76e4d41a.x86_64.rpm v8-12.4-devel-12.4.254.21-1.22.16.0.1.module+el8.10.0+90605+76e4d41a.x86_64.rpm aarch64: nodejs-22.16.0-1.module+el8.10.0+90605+76e4d41a.aarch64.rpm nodejs-devel-22.16.0-1.module+el8.10.0+90605+76e4d41a.aarch64.rpm nodejs-docs-22.16.0-1.module+el8.10.0+90605+76e4d41a.noarch.rpm nodejs-full-i18n-22.16.0-1.module+el8.10.0+90605+76e4d41a.aarch64.rpm nodejs-libs-22.16.0-1.module+el8.10.0+90605+76e4d41a.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90605+76e4d41a.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90605+76e4d41a.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90605+76e4d41a.noarch.rpm npm-10.9.2-1.22.16.0.1.module+el8.10.0+90605+76e4d41a.aarch64.rpm v8-12.4-devel-12.4.254.21-1.22.16.0.1.module+el8.10.0+90605+76e4d41a.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//nodejs-22.16.0-1.module+el8.10.0+90605+76e4d41a.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.10.0+90605+76e4d41a.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.10.0+90605+76e4d41a.src.rpm Related CVEs: CVE-2025-23166 Description of changes: nodejs [1:22.15-1-1] - Update to 22.16.0 Fixes: CVE-2025-23166 - Resolves: RHEL-91596 RHEL-92859 [1:22.15.0-1] - Update to 22.15.0 - Drop upstream patches [1:22.13.1-4] - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 [1:22.13.1-3] - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86581 [1:22.13.1-2] - Remove obsolete lua pretransaction script from spec file Resolves: RHEL-81117 RHEL-71410 - Disable npm update notifications for users Resolves: RHEL-81080 [22.13.1-1] - Upgrade to version 22.13.1 Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76362 RHEL-76897 [22.11.0-1] - Upgrade to nodejs 22.11.0. Resolves: RHEL-35991 [22.4.1-4] - Exclude ix86 arches from building. Related: RHEL-35991 [22.4.1-4] - Initial import of nodeJS 22 Resolves: RHEL-35991 nodejs-nodemon nodejs-packaging From el-errata at oss.oracle.com Thu Jun 5 12:42:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 05 Jun 2025 05:42:07 -0700 Subject: [El-errata] ELSA-2025-4751 Important: Oracle Linux 7 firefox security update Message-ID: Oracle Linux Security Advisory ELSA-2025-4751 http://linux.oracle.com/errata/ELSA-2025-4751.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.10.0-1.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.10.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2025-2817 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 Description of changes: [128.10.0-1.0.1] - Updated to 128.10.0 build [Orabug: 37924620] - Fixes CVE-2025-2817 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 and - CVE-2025-4093 From el-errata at oss.oracle.com Mon Jun 9 15:11:44 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Jun 2025 19:11:44 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-6966) Message-ID: Synopsis: ELSA-2025-6966 can now be patched using Ksplice CVEs: CVE-2022-49014 CVE-2022-49501 CVE-2023-52672 CVE-2024-26886 CVE-2024-26889 CVE-2024-35963 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-40914 CVE-2024-41010 CVE-2024-41035 CVE-2024-42068 CVE-2024-42106 CVE-2024-42145 CVE-2024-42265 CVE-2024-42281 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42304 CVE-2024-42305 CVE-2024-42315 CVE-2024-43828 CVE-2024-43846 CVE-2024-43853 CVE-2024-43873 CVE-2024-43880 CVE-2024-43884 CVE-2024-44934 CVE-2024-44944 CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987 CVE-2024-44989 CVE-2024-45008 CVE-2024-45016 CVE-2024-45017 CVE-2024-45019 CVE-2024-46717 CVE-2024-46719 CVE-2024-46737 CVE-2024-46745 CVE-2024-46755 CVE-2024-46783 CVE-2024-46787 CVE-2024-46800 CVE-2024-46828 CVE-2024-46830 CVE-2024-46834 CVE-2024-46857 CVE-2024-47668 CVE-2024-47674 CVE-2024-47684 CVE-2024-47685 CVE-2024-47687 CVE-2024-47692 CVE-2024-47706 CVE-2024-47707 CVE-2024-47719 CVE-2024-47739 CVE-2024-47745 CVE-2024-49860 CVE-2024-49878 CVE-2024-49882 CVE-2024-49883 CVE-2024-49884 CVE-2024-49944 CVE-2024-49948 CVE-2024-49952 CVE-2024-49983 CVE-2024-49995 CVE-2024-49996 CVE-2024-50033 CVE-2024-50035 CVE-2024-50036 CVE-2024-50039 CVE-2024-50066 CVE-2024-50126 CVE-2024-50127 CVE-2024-50151 CVE-2024-50152 CVE-2024-50158 CVE-2024-50215 CVE-2024-50220 CVE-2024-50256 CVE-2024-50261 CVE-2024-50278 CVE-2024-50279 CVE-2024-53042 CVE-2024-53057 CVE-2024-53082 CVE-2024-53103 CVE-2024-53117 CVE-2024-53118 CVE-2024-53124 CVE-2024-53139 CVE-2024-53141 CVE-2024-53146 CVE-2024-53164 CVE-2024-53166 CVE-2024-53168 CVE-2024-53173 CVE-2024-53174 CVE-2024-53209 CVE-2024-53213 CVE-2024-56590 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56605 CVE-2024-56613 CVE-2024-56637 CVE-2024-56644 CVE-2024-56664 CVE-2024-57933 CVE-2025-21669 CVE-2025-21699 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-6966. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-6966.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-49014: Denial-of-service in Universal TUN/TAP device driver. A logic error when using the Universal TUN/TAP device driver could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service. * CVE-2022-49501: Use-after-free in usbnet driver during device disconnect. Certain sequences of events can lead to a use-after-free in the usbnet device driver. An attacker could exploit this flaw to cause a denial-of-service, or to potentially aid in another type of attack. * CVE-2023-52672: Denial-of-service when using pipes. A logic error when resizing pipes while reading it could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26886: Denial-of-service in Bluetooth subsystem. A race condition when using af_bluetooth could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26889: Out-of-bounds write in core Bluetooth subsystem. When using the HCIGETDEVINFO ioctl command, a buffer overflow is possible if the device name is bigger than expected. A remote attacker can exploit this flaw to cause a denial-of-service or privilege escalation. * CVE-2024-35963, CVE-2024-35965, CVE-2024-35966, CVE-2024-35967: Denial-of-service in Bluetooth subsystem. A missing check in several setsockopt handlers could lead to an out-of-bounds read in the Bluetooth subsystem. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-40914: Denial-of-service in memory management subsystem. A missing check when unpoisoning huge zero pages in the memory management subsystem could lead to a kernel assertion failure. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-41010: Privilege escalation in Ingress/classifier-action Qdisc driver. A race condition when using the Ingress/classifier-action Qdisc driver could lead to a use-after-free. A local attacker could use this flaw to gain root privileges. * CVE-2024-41035: Denial-of-service in core USB subsystem. A logic error when using the core USB subsystem could lead to a kernel oops. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-42068: Memory corruption in BPF subsystem. A missing check when using the bpf() system call could lead to a memmory mapping with incorrect access rights. A local attacker could use this flaw to cause a memory corruption or as a step in another kind of attack. * CVE-2024-42106: Information leak in socket monitoring interface. A missing variable initialization when using the socket monitoring interface could lead to a use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * CVE-2024-42145: Remote denial-of-service in InfiniBand driver. A logic error when using the InfiniBand driver could lead to resource exhaustion (uncontrolled resource consumption) when userspace does not extract MAD packets at the same rate as the attacker is sending. A remote attacker could use this flaw to cause a denial-of-service. * CVE-2024-42265: Information leak in file descriptor driver. A missing check when using the file descriptor driver could lead to speculative execution. A local attacker could use this flaw to extract sensitive information. * CVE-2024-42281: Denial-of-service in core net subsystem. A logic error when using the BPF functionality could lead to a kernel oops. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-42285: Privilege escalation in InfiniBand driver. A missing check when using the InfiniBand driver could lead to a use- after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-42286, CVE-2024-42287, CVE-2024-42289: Denial-of-service in QLogic QLA2XXX Fibre Channel driver. A logic error when using the QLogic QLA2XXX Fibre Channel driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-42288: Memory corruption in QLogic QLA2XXX Fibre Channel driver. There is an incorrect dereference in the firmware handling code of the QLogic QLA2XXX Fibre Channel driver. A local attacker could use this flaw to cause memory corruption. * CVE-2024-42304, CVE-2024-42305: Denial-of-service in ext4 filesystem. Missing checks when using the ext4 filesystem could lead to a kernel oops. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-42315: Denial-of-service in exFAT filesystem driver. A locking error when using the exFAT filesystem driver could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-43828: Denial-of-service in ext4 filesystem driver. A missing variable initialization when using the ext4 filesystem driver could lead to an integer overflow. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-43846: Denial-of-service in object aggregation manager. A missing check when using the objagg driver could lead to a kernel oops. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-43853: Denial-of-service in Cpuset controller driver. A locking error when using the Cpuset controller driver could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-43873: Information leak in vhost driver. A missing variable initialization when using the vhost driver could lead to use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * CVE-2024-43880: Denial-of-service in Mellanox Switch ASIC driver. A logic error when using the Mellanox Switch ASIC driver could lead to the device becoming unresponsive. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-43884: Denial-of-service in Bluetooth subsystem. A missing check when using the Bluetooth subsystem could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-44934: Privilege escalation in IGMP/MLD snooping driver. A race condition when using the IGMP/MLD snooping driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-44944: Information leak in netfilter subsystem. A logic error when using the netfilter subsystem could lead to a partial address leak to userspace. A local attacker could use this flaw to extract sensitive information. * CVE-2024-44983: Remote denial-of-service in Netfilter flow table driver. A missing check on ingress data in the Netfilter flow table driver could lead to use of uninitialized memory. A remote attacker could use this flaw to cause a denial-of-service. * CVE-2024-44985: Privilege escalation in IPv6 Networking driver. A locking error when using the IPv6 routes in the Networking driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-44986: Privilege escalation in IPv6 Networking driver. A locking error when using the IPv6 Networking driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-44987: Privilege escalation in IPv6 networking stack. A locking error when using the IPv6 networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-44989: Denial-of-service in Bonding driver. A missing check when using the Bonding driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-45008, CVE-2024-46745: Denial-of-service in user-level input subsystem. A missing check when using the user-level input subsystem could lead to an arbitrarily large memory allocation. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-45016: Privilege escalation in network emulator. An incorrect return status when enqueuing duplicated packets in the network emulator driver could lead to a use-after-free. A local attacker could use this flaw to gain root privileges. * CVE-2024-45017: Denial-of-service in Mellanox devices driver. A logic error when IPsec creation over a slave device in the Mellanox devices driver could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-45019: Denial-of-service in Mellanox devices driver. A locking error when using the Mellanox devices driver could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46717: Memory corruption in Mellanox 5th generation network adapters (ConnectX series) Ethernet driver. A missing check when using the Mellanox 5th generation network adapters (ConnectX series) Ethernet driver could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-46719: Denial-of-service in USB Type-C Connector System Software Interface driver. An incorrect return status when using USB Type-C UCSI could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46737: Denial-of-service in NVMe over Fabrics TCP target driver. Incorrect return status checks when using the NVMe over Fabrics TCP target driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46755: Denial-of-service in Marvell WiFi-Ex driver. A missing check when using the Marvell WiFi-Ex driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46783: Denial-of-service in TCP/IP networking stack. A logic error when using the TCP/IP networking stack could lead to a kernel panic. A local attacker could use this flaw to cause a denial-of- service. * CVE-2024-46787: Denial-of-service in userfaultfd system call subsystem. A missing check when using the userfaultfd system call subsystem could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46800: Privilege escalation in network emulator. Missing update after a packet drop when using the network emulator could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-46828: Privilege escalation in Common Applications Kept Enhanced (CAKE) driver. A logic error when using the Common Applications Kept Enhanced (CAKE) driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-46830: Memory corruption in Kernel-based Virtual Machine (KVM) driver. A locking error when using the Kernel-based Virtual Machine (KVM) driver could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-46834: Denial-of-service in Ethtool. Incorrect return status when using the Ethtool could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46857: Denial-of-service in Mellanox devices driver. A missing check when using the Mellanox devices driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47668: Privilege escalation in core kernel radix tree library. A race condition when using the core kernel radix tree library could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-47674: Privilege escalation in MMU-based Paged Memory Management driver. A logic error in the MMU-based Paged Memory Management driver could lead to use of uninitialized memory. A local attacker could use this flaw to escalate privileges. * CVE-2024-47684: Denial-of-service in TCP/IP networking driver. A missing check when using the TCP/IP networking driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47685: Remote information leak in IPv6 packet rejection driver. A missing check when using the IPv6 packet rejection driver could lead to use of uninitialized memory. A remote attacker could use this flaw to extract sensitive information. * CVE-2024-47687: Denial-of-service in Mellanox VDPA driver. A missing check when adding a device in the Mellanox VDPA driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47692: Denial-of-service in NFS server driver. A missing check when using the NFS server driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47706: Privilege escalation in generic block I/O layer. A missing check when using the generic block I/O layer could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-47707: Denial-of-service in Linux INET6 driver. A missing check when closing network interface in the Linux INET6 driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47719: Memory corruption in IOMMU driver. A missing check when using the IOMMU driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to cause memory corruption. * CVE-2024-47739: Denial-of-service in padata subsystem. A locking error when using the padata subsystem could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47745: Memory corruption in Memory Management subsystem. A missing check when using the Memory Management subsystem could lead to LSM security check bypass. A local attacker could use this flaw to cause memory corruption. * CVE-2024-49860: Information leak in ACPI driver. A missing check when using the ACPI driver could lead to an out-of-bounds memory read. A local attacker could use this flaw to extract sensitive information. * CVE-2024-49878: Information leak in kernel resource manager with CXL memory. A logic error in the kernel resource manager when CXL memory is in use could lead to accessing normally restricted part of the memory. A local attacker could use this flaw to leak sensitive information. * CVE-2024-49882: Code execution in ext4 filesystem. A logic error in the ext4 filesystem could lead to a double free. A local attacker could use this flaw to execute arbitrary code in kernel mode. * CVE-2024-49883: Privilege escalation in ext4 filesystem. A logic error when using the ext4 filesystem could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49884: Privilege escalation in EXT4 filesystem driver. A logic error when adding extent in the EXT4 filesystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49944: Denial-of-service in SCTP Protocol driver. A missing check when listening on a socket in the SCTP Protocol driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49948: Denial-of-service in core networking layer. Missing checks on maliciously crafted packets from userspace could cause an underflow leading to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49952: Denial-of-service in netfilter packet duplicator. A logic error when using the netfilter packet duplicator could lead to a kernel oops. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49983: Privilege escalation in EXT4 filesystem driver. A logic error when using fast commit feature of the EXT4 filesystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49995: Privilege escalation in TIPC Protocol driver. A logic error when setting TIPC bearer name in the TIPC Protocol driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-49996: Privilege escalation in SMB3 and CIFS driver. A missing check when parsing NFS reparse points in the SMB3 and CIFS driver could lead to an out-of-bounds memory access. A remote attacker could use this flaw to escalate privileges. * CVE-2024-50033: Privilege escalation in SLHC driver. A logic error when using the Van Jacobson TCP/IP Serial Line Header Compression (SLHC) driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-50035: Information leak in PPP (point-to-point protocol) networking stack. A missing check when transmitting using the PPP networking stack could lead to use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * CVE-2024-50036: Privilege escalation in Networking driver. A logic error when using the Networking driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-50039: Denial-of-service in network QoS/scheduling driver. A missing check when using the network QoS/scheduling driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50066: Privilege escalation in Memory Management subsystem. A race condition when using the Memory Management subsystem could lead to page directory corruption. A local attacker could use this flaw to escalate privileges. * CVE-2024-50126: Information leak in Time Aware Priority (taprio) Scheduler driver. A locking error when using the Time Aware Priority (taprio) Scheduler driver could lead to a use-after-free. A local attacker could use this flaw to extract sensitive information. * CVE-2024-50127: Denial-of-service in Time Aware Priority (taprio) Scheduler driver. A race condition when using the Time Aware Priority (taprio) Scheduler driver could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50151: Privilege escalation in SMB3 and CIFS driver. A missing check when using the SMB3 and CIFS driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-50152: Memory corruption in SMB3 and CIFS filesystem driver. A double free error when using the SMB3 and CIFS filesystem driver could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-50158: Memory corruption in Broadcom Netxtreme HCA driver. A missing check when using the Broadcom Netxtreme HCA driver could lead to an out-of-bounds memory write. A local attacker could use this flaw to cause memory corruption. * CVE-2024-50215: Privilege escalation in NVMe over Fabrics In-band Authentication driver. A logic error when using the NVMe over Fabrics In-band Authentication driver could lead to double free. A local attacker could use this flaw to escalate privileges. * CVE-2024-50220: Information leak in userfaultfd driver. A logic error when using the userfaultfd driver could lead to an inconsistent memory access permissions. A local attacker could use this flaw to extract sensitive information and as a step in another kind of attacks. * CVE-2024-50256: Denial-of-service in IPv6 packet rejection driver. A logic error when using the IPv6 packet rejection driver could lead to a kernel assertion failure. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50261: Privilege escalation in IEEE 802.1AE MAC-level encryption (MACsec) driver. A logic error when using the IEEE 802.1AE MAC-level encryption (MACsec) driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-50278, CVE-2024-50279: Privilege escalation in Multiple Device Cache Target driver. Logic errors when manipulating cache in the Multiple Device Cache Target driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-53042: Denial-of-service in IP tunneling subsystem. A race condition when using ip tunnels could lead to a kernel oops. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53057: Privilege escalation in network QoS/scheduling driver. A logic error when using the network QoS/scheduling driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53082: Information leak in Virtio network driver. A missing check when using the Virtio network driver could lead to an out-of-bounds memory access. An attacker could use this flaw to extract sensitive information. * CVE-2024-53103: Privilege escalation in Virtual Socket protocol driver. A missing variable initialization when destroying socket in the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53117, CVE-2024-53118: Denial-of-service in Virtual Socket protocol driver. Incorrect reference counting when using the Virtual Socket protocol driver could lead to a memory leak. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53124: Denial-of-service in IPv6 Networking driver. A missing check when destroying a socket in the IPv6 Networking driver could lead to a memory leak. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53139: Privilege escalation in SCTP protocol driver. A locking error when using the SCTP protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53141: Privilege escalation in netfilter (IP set) subsystem. A missing check when updating the bitmap for IP addresses in the netfilter (IP set) subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-53146: Information leak in NFS server driver. A logic error when using the NFS server driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to extract sensitive information. * CVE-2024-53164: Privilege escalation in CAKE network scheduler. A logic error when using the Common Applications Kept Enhanced (CAKE) network scheduler could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53166: Memory corruption in BFQ I/O scheduler subsystem. A locking error when using the BFQ I/O scheduler subsystem could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-53168: Memory corruption in SUNRPC networking stack. Incorrect reference counting when using the SUNRPC networking stack could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-53173: Privilege escalation in NFS client driver. A logic error when opening multiple files concurrently in the NFS client driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53174: Privilege escalation in SUNRPC networking stack. A missing check when using the SUNRPC networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53209: Denial-of-service in Broadcom NetXtreme-C/E driver. A logic error when using the Broadcom NetXtreme-C/E driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53213: Privilege escalation in Microchip LAN78XX Based USB Ethernet Adapters driver. A logic error when using the Microchip LAN78XX Based USB Ethernet Adapters driver could lead to double free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56590: Privilege escalation in Bluetooth subsystem driver. A logic error when using the Bluetooth subsystem driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-56600: Privilege escalation in Networking subsystem. A missing variable initialization when creating a socket fails in the Networking subsystem could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56601: Privilege escalation in TCP/IP networking driver. A missing variable initialization when creating a socket fails in the TCP/IP networking driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56602: Privilege escalation in IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver. A missing variable initialization when creating a socket fails in the IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56605: Privilege escalation in Bluetooth subsystem driver. A missing variable initialization when creating a l2cap socket fails in the Bluetooth subsystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56613: Denial-of-service in CFS scheduler. A race condition when using the CFS scheduler could lead to a memory leak. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56637: Denial-of-service in netfilter (IP set) subsystem. A logic error when using the netfilter (IP set) subsystem could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56644: Remote denial-of-service in IPv6 networking stack. Incorrect reference counting when using the IPv6 networking stack could lead to a memory leak. A remote attacker could use this flaw to cause a denial-of-service. * CVE-2024-56664: Privilege escalation in bpf() system call driver. A race condition when using the bpf() system call driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-57933: Denial-of-service in Google Virtual NIC (gVNIC) driver. A missing check when using the Google Virtual NIC (gVNIC) driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21669: Denial-of-service in Virtual Socket protocol driver. A logic error when using the Virtual Socket protocol driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21699: Disk corruption in GFS2 filesystem. There is a logic error in the GFS2 filesystem code's handling of the FS_IOC_SETFLAGS ioctl call, which sets the flags for an inode and is used by the `chattr` command. A local attacker could use this flaw to cause disk corruption. This update fixes the logic error so the handling is fixed and later usage of the ioctl results in correct behaviour, but doesn't actively attempt to fix the existing filesystem inodes. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2021-47654, CVE-2022-34494, CVE-2022-34495, CVE-2022-3649 CVE-2022-48674, CVE-2022-48897, CVE-2022-49747, CVE-2022-49778 CVE-2022-49804, CVE-2023-3269, CVE-2023-52608, CVE-2023-52670 CVE-2023-52860, CVE-2023-6270, CVE-2024-26850, CVE-2024-26888 CVE-2024-26898, CVE-2024-27408, CVE-2024-27409, CVE-2024-34030 CVE-2024-34777, CVE-2024-35893, CVE-2024-35917, CVE-2024-35934 CVE-2024-35975, CVE-2024-38563, CVE-2024-38568, CVE-2024-38569 CVE-2024-38572, CVE-2024-38603, CVE-2024-39277, CVE-2024-40938 CVE-2024-40942, CVE-2024-40979, CVE-2024-40991, CVE-2024-41072 CVE-2024-42074, CVE-2024-42075, CVE-2024-42089, CVE-2024-42161 CVE-2024-42253, CVE-2024-42293, CVE-2024-42298, CVE-2024-42318 CVE-2024-43818, CVE-2024-43823, CVE-2024-43824, CVE-2024-43840 CVE-2024-43841, CVE-2024-43847, CVE-2024-43875, CVE-2024-43876 CVE-2024-43881, CVE-2024-43883, CVE-2024-44953, CVE-2024-45002 CVE-2024-45029, CVE-2024-46707, CVE-2024-46761, CVE-2024-46797 CVE-2024-46827, CVE-2024-46843, CVE-2024-46849, CVE-2024-47681 CVE-2024-47712, CVE-2024-47714, CVE-2024-47731, CVE-2024-49931 CVE-2024-49962, CVE-2024-49982, CVE-2024-49987, CVE-2024-50098 CVE-2024-50103, CVE-2024-50104, CVE-2024-50105, CVE-2024-50114 CVE-2024-50139, CVE-2024-50176, CVE-2024-50188, CVE-2024-50203 CVE-2024-50292, CVE-2024-53053, CVE-2024-53067, CVE-2024-53069 CVE-2024-53077, CVE-2024-53134, CVE-2024-53152, CVE-2024-53161 CVE-2024-53188, CVE-2024-53191, CVE-2024-53195, CVE-2024-53196 CVE-2024-53199, CVE-2024-53210, CVE-2024-53225, CVE-2024-53232 CVE-2024-55639, CVE-2024-56541, CVE-2024-56543, CVE-2024-56621 CVE-2024-56624, CVE-2024-56650, CVE-2024-56677, CVE-2024-56678 CVE-2024-56679, CVE-2024-56707, CVE-2024-56725, CVE-2024-56726 CVE-2024-56727, CVE-2024-56728, CVE-2024-56765, CVE-2024-57809 CVE-2024-57838, CVE-2024-57852, CVE-2024-57885, CVE-2024-57893 CVE-2024-58084, CVE-2025-21663, CVE-2025-21668, CVE-2025-21713 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Tue Jun 10 13:21:11 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 17:21:11 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-7423) Message-ID: Synopsis: ELSA-2025-7423 can now be patched using Ksplice CVEs: CVE-2024-46784 CVE-2025-21927 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-7423. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-7423.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-46784: Denial-of-service in Microsoft Azure Network Adapter (MANA) driver. A missing check when using the Microsoft Azure Network Adapter (MANA) driver could lead to a kernel oops. An attacker could use this flaw to cause a denial-of-service. * CVE-2025-21927: Memory corruption in NVM Express over Fabrics FC driver. A missing check of a header length when using the NVM Express over Fabrics FC driver could lead to an out-of-bounds memory write access. An attacker could use this flaw to cause memory corruption. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2024-58069 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Tue Jun 10 14:22:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:31 -0700 Subject: [El-errata] ELSA-2025-8314 Important: Oracle Linux 7 zlib security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8314 http://linux.oracle.com/errata/ELSA-2025-8314.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: minizip-1.2.7-21.0.1.el7_9.i686.rpm minizip-1.2.7-21.0.1.el7_9.x86_64.rpm minizip-devel-1.2.7-21.0.1.el7_9.i686.rpm minizip-devel-1.2.7-21.0.1.el7_9.x86_64.rpm zlib-1.2.7-21.0.1.el7_9.i686.rpm zlib-1.2.7-21.0.1.el7_9.x86_64.rpm zlib-devel-1.2.7-21.0.1.el7_9.i686.rpm zlib-devel-1.2.7-21.0.1.el7_9.x86_64.rpm zlib-static-1.2.7-21.0.1.el7_9.i686.rpm zlib-static-1.2.7-21.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//zlib-1.2.7-21.0.1.el7_9.src.rpm Related CVEs: CVE-2016-9840 Description of changes: [1.2.7-21.0.1] - Resolves: CVE-2025-4638 [Orabug: 38010977] From el-errata at oss.oracle.com Tue Jun 10 14:22:33 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:33 -0700 Subject: [El-errata] ELSA-2025-8465 Important: Oracle Linux 7 firefox security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8465 http://linux.oracle.com/errata/ELSA-2025-8465.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.10.1-1.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.10.1-1.0.1.el7_9.src.rpm Related CVEs: CVE-2025-4918 CVE-2025-4919 Description of changes: [128.10.1-1.0.1] - Update to 128.10.1 [Orabug: 38028280][CVE-2025-4918][CVE-2025-4919] From el-errata at oss.oracle.com Tue Jun 10 14:22:41 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:41 -0700 Subject: [El-errata] ELBA-2025-20357 Oracle Linux 8 oracle-instantclient-release-23-el8 bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20357 http://linux.oracle.com/errata/ELBA-2025-20357.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: oracle-instantclient-release-23ai-el8-1.0-4.el8.x86_64.rpm aarch64: oracle-instantclient-release-23ai-el8-1.0-4.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//oracle-instantclient-release-23ai-el8-1.0-4.el8.src.rpm Description of changes: [1.0-4] - Add repository for Oracle Instant Client 23ai [JIRA: OLERRATA-48274] From el-errata at oss.oracle.com Tue Jun 10 14:22:43 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:43 -0700 Subject: [El-errata] ELBA-2025-20360 Oracle Linux 8 rsyslog bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20360 http://linux.oracle.com/errata/ELBA-2025-20360.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: rsyslog-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-crypto-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-doc-8.2102.0-15.0.1.el8_10.1.noarch.rpm rsyslog-elasticsearch-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-gnutls-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-gssapi-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-kafka-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mmaudit-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mmjsonparse-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mmkubernetes-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mmnormalize-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mmsnmptrapd-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mysql-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-pgsql-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-relp-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-snmp-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-omamqp1-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-udpspoof-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-mmfields-8.2102.0-15.0.1.el8_10.1.x86_64.rpm rsyslog-openssl-8.2102.0-15.0.1.el8_10.1.x86_64.rpm aarch64: rsyslog-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-crypto-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-doc-8.2102.0-15.0.1.el8_10.1.noarch.rpm rsyslog-elasticsearch-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-gnutls-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-gssapi-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-kafka-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mmaudit-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mmjsonparse-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mmkubernetes-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mmnormalize-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mmsnmptrapd-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mysql-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-pgsql-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-relp-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-snmp-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-omamqp1-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-udpspoof-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-mmfields-8.2102.0-15.0.1.el8_10.1.aarch64.rpm rsyslog-openssl-8.2102.0-15.0.1.el8_10.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//rsyslog-8.2102.0-15.0.1.el8_10.1.src.rpm Description of changes: [8.2102.0-15.0.1.1] - Fixes rsyslog segfault during shutdown when relp is configured with TLS [Orabug: 37588023] [8.2102.0-15.1] - Propagate gnutlsPriorityString when accepting new connection resolves: RHEL-54663 From el-errata at oss.oracle.com Tue Jun 10 14:22:44 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:44 -0700 Subject: [El-errata] ELBA-2025-20367 Oracle Linux 8 crash bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20367 http://linux.oracle.com/errata/ELBA-2025-20367.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: crash-9.0.0-1.0.1.el8.x86_64.rpm crash-devel-9.0.0-1.0.1.el8.i686.rpm crash-devel-9.0.0-1.0.1.el8.x86_64.rpm aarch64: crash-9.0.0-1.0.1.el8.aarch64.rpm crash-devel-9.0.0-1.0.1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//crash-9.0.0-1.0.1.el8.src.rpm Description of changes: [9.0.0-1.0.1] - Rebase to upstream crash 9.0.0 [Orabug: 37992883] From el-errata at oss.oracle.com Tue Jun 10 14:22:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:47 -0700 Subject: [El-errata] ELSA-2025-8667 Moderate: Oracle Linux 8 grafana security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8667 http://linux.oracle.com/errata/ELSA-2025-8667.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-9.2.10-25.el8_10.x86_64.rpm grafana-selinux-9.2.10-25.el8_10.x86_64.rpm aarch64: grafana-9.2.10-25.el8_10.aarch64.rpm grafana-selinux-9.2.10-25.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//grafana-9.2.10-25.el8_10.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [9.2.10-25] - Resolves RHEL-89269: CVE-2025-22871 From el-errata at oss.oracle.com Tue Jun 10 14:22:54 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:54 -0700 Subject: [El-errata] ELBA-2025-20358 Oracle Linux 8 btrfs-progs bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20358 http://linux.oracle.com/errata/ELBA-2025-20358.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: btrfs-progs-5.15.1-3.el8.x86_64.rpm btrfs-progs-devel-5.15.1-3.el8.x86_64.rpm libbtrfs-5.15.1-3.el8.x86_64.rpm libbtrfsutil-5.15.1-3.el8.x86_64.rpm python3-btrfsutil-5.15.1-3.el8.x86_64.rpm aarch64: btrfs-progs-5.15.1-3.el8.aarch64.rpm btrfs-progs-devel-5.15.1-3.el8.aarch64.rpm libbtrfs-5.15.1-3.el8.aarch64.rpm libbtrfsutil-5.15.1-3.el8.aarch64.rpm python3-btrfsutil-5.15.1-3.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//btrfs-progs-5.15.1-3.el8.src.rpm Description of changes: [5.15.1-3] - btrfs-progs: mkfs: use path_canonicalize for input device [Orabug: 37868203] From el-errata at oss.oracle.com Tue Jun 10 14:22:56 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:56 -0700 Subject: [El-errata] ELSA-2025-20365 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20365 http://linux.oracle.com/errata/ELSA-2025-20365.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-core-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-309.180.4.el8uek.noarch.rpm kernel-uek-modules-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-container-5.15.0-309.180.4.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-309.180.4.el8uek.x86_64.rpm aarch64: bpftool-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-core-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-309.180.4.el8uek.noarch.rpm kernel-uek-modules-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-container-5.15.0-309.180.4.el8uek.aarch64.rpm kernel-uek-container-debug-5.15.0-309.180.4.el8uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-309.180.4.el8uek.src.rpm Related CVEs: CVE-2024-28956 CVE-2024-8805 Description of changes: [5.15.0-309.180.4.el8uek] - nvme: unblock ctrl state transition for firmware update (Daniel Wagner) - nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (Rafael J. Wysocki) - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Xuanqiang Luo) - usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin) - Revert "PCI: Avoid reset when disabled via sysfs" (Alex Williamson) - uek-rpm: CONFIG_PTP_1588_CLOCK_OCP enable for OCI (Vijayendra Suman) [Orabug: 37777354] - ptp: ocp: let ptp core report driver name instead of the drivers (Vijayendra Suman) [Orabug: 37777354] - ptp: ocp: Add .getmaxphase ptp_clock_info callback (Rahul Rameshbabu) [Orabug: 37777354] - ptp: ocp: remove flash image header check fallback (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: expose config and temperature for ART card (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add serial port of mRO50 MAC on ART card (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add Orolia timecard support (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: upgrade serial line information (Vadim Fedorenko) [Orabug: 37777354] - ] ptp: ocp: remove symlink for second GNSS (Vadim Fedorenko) [Orabug: 37777354] - ptp_ocp: use device_find_any_child() instead of custom approach (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: replace kzalloc(x*y) by kcalloc(y, x) (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: do not call pci_set_drvdata(pdev, NULL) (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: drop duplicate NULL check in ptp_ocp_detach() (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: use bits.h macros for all masks (Andy Shevchenko) [Orabug: 37777354] - ptp: ocp: Add firmware header checks (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: fix PPS source selector debugfs reporting (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add .init function for sma_op vector (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: vectorize the sma accessor functions (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: constify selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: parameterize input/output sma selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: revise firmware display (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add Celestica timecard PCI ids (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Remove #ifdefs around PCI IDs (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: 32-bit fixups for pci start address (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: change sysfs attr group handling (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: have adjtime handle negative delta_ns correctly (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Use DIV64_U64_ROUND_UP for rounding. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: handle error from nvmem_device_find (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: use snprintf() in ptp_ocp_verify() (Dan Carpenter) [Orabug: 37777354] - ptp: ocp: Make debugfs variables the correct bitwidth (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Fix PTP_PF_* verification requests (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add 2 more timestampers (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add 4 frequency counters (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Program the signal generators via PTP_CLK_REQ_PEROUT (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add signal generators and update sysfs nodes (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add firmware capability bits for feature gating (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add GND and VCC output selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Rename output selector 'GNSS' to 'GNSS1' (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add ability to disable input selectors. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add support for selectable SMA directions. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add UPF_NO_THRE_TEST flag for serial ports (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Update devlink firmware display path. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add nvmem interface for accessing eeprom (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: correct label for error path (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: off by in in ptp_ocp_tod_gnss_name() (Dan Carpenter) [Orabug: 37777354] - ptp: ocp: Add serial port information to the debug summary (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: adjust utc_tai_offset to TOD info (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add tod_correction attribute (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Expose clock status drift and offset (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add TOD debug information (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 37777354] - ptp: ocp: Avoid operator precedence warning in ptp_ocp_summary_show() (Nathan Chancellor) [Orabug: 37777354] - ptp: ocp: Add timestamp window adjustment (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Have FPGA fold in ns adjustment for adjtime. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Enable 4th timestamper / PPS generator (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add second GNSS device (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add NMEA output (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add debugfs entry for timecard (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Separate the init and info logic (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add sysfs attribute utc_tai_offset (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add IRIG-B output mode control (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add IRIG-B and DCF blocks (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add SMA selector and controls (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add third timestamper (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Report error if resource registration fails. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Skip resources with out of range irqs (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Skip I2C flash read when there is no controller. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Parameterize the TOD information display. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: parameterize the i2c driver used (Jonathan Lemon) [Orabug: 37777354] - vhost-scsi: log event queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: log control queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: log I/O queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: adjust vhost_scsi_get_desc() to log vring descriptors (Dongli Zhang) [Orabug: 37884058] - vhost: modify vhost_log_write() for broader users (Dongli Zhang) [Orabug: 37884058] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 37956589] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (zhenwei pi) [Orabug: 37956589] - ext4: update the backup superblock's at the end of the online resize (Theodore Ts'o) [Orabug: 37356729] - gve: ignore nonrelevant GSO type bits when processing TSO headers (Joshua Washington) [Orabug: 37356729] - gve: update gve.rst (Rushil Gupta) [Orabug: 37356729] - gve: RX path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Tx path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Control path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Fix gve interrupt names (Praveen Kaligineedi) [Orabug: 37356729] - gve: Handle alternate miss completions (Jeroen de Borst) [Orabug: 37356729] - gve: Adding a new AdminQ command to verify driver (Jeroen de Borst) [Orabug: 37356729] - gve: Fix error return code in gve_prefill_rx_pages() (Yang Yingliang) [Orabug: 37356729] - gve: Reduce alloc and copy costs in the GQ rx path (Shailend Chand) [Orabug: 37356729] - google/gve:fix repeated words in comments (Jilin Yuan) [Orabug: 37356729] - gve: Fix spelling mistake "droping" -> "dropping" (Colin Ian King) [Orabug: 37356729] - gve: enhance no queue page list detection (Haiyue Wang) [Orabug: 37356729] - gve: Recording rx queue before sending to napi (Tao Liu) [Orabug: 37356729] - ext4: add ioctls to get/set the ext4 superblock uuid (Jeremy Bongio) [Orabug: 37356729] - ext4: implement support for get/set fs label (Lukas Czerner) [Orabug: 37356729] - gve: Add tx|rx-coalesce-usec for DQO (Tao Liu) [Orabug: 37356729] - gve: Add consumed counts to ethtool stats (Jordan Kim) [Orabug: 37356729] - gve: Implement suspend/resume/shutdown (Catherine Sullivan) [Orabug: 37356729] - gve: Add optional metadata descriptor type GVE_TXD_MTD (Willem de Bruijn) [Orabug: 37356729] - gve: remove memory barrier around seqno (Catherine Sullivan) [Orabug: 37356729] - gve: Update gve_free_queue_page_list signature (Catherine Sullivan) [Orabug: 37356729] - gve: Move the irq db indexes out of the ntfy block struct (Catherine Sullivan) [Orabug: 37356729] - gve: Correct order of processing device options (Jeroen de Borst) [Orabug: 37356729] - gve: fix for null pointer dereference. (Ameer Hamza) [Orabug: 37356729] - gve: fix unmatched u64_stats_update_end() (Dan Carpenter) [Orabug: 37356729] - gve: Add a jumbo-frame device option. (Shailend Chand) [Orabug: 37356729] - gve: Implement packet continuation for RX. (David Awogbemila) [Orabug: 37356729] - gve: Allow pageflips on larger pages (Jordan Kim) [Orabug: 37356729] - gve: Add netif_set_xps_queue call (Catherine Sullivan) [Orabug: 37356729] - gve: Do lazy cleanup in TX path (Tao Liu) [Orabug: 37356729] - gve: Add rx buffer pagecnt bias (Catherine Sullivan) [Orabug: 37356729] - gve: Switch to use napi_complete_done (Yangchun Fu) [Orabug: 37356729] - gve: Use kvcalloc() instead of kvzalloc() (Gustavo A. R. Silva) [Orabug: 37356729] - selftests/net: optmem_max became per netns (Eric Dumazet) [Orabug: 37356732] - tcp: derive delack_max with tcp_rto_min helper (Kevin Yang) [Orabug: 37356732] - tcp: derive delack_max from rto_min (Eric Dumazet) [Orabug: 37356732] - tcp: add sysctl_tcp_rto_min_us (Kevin Yang) [Orabug: 37356732] - tcp: constify tcp_rto_min() and tcp_rto_min_us() argument (Eric Dumazet) [Orabug: 37356732] - net: constify sk_dst_get() and __sk_dst_get() argument (Eric Dumazet) [Orabug: 37356732] - net: Namespace-ify sysctl_optmem_max (Eric Dumazet) [Orabug: 37356732] - net: increase optmem_max default value (Eric Dumazet) [Orabug: 37356732] - net: phy: dp83867: Fix SGMII FIFO depth for non OF devices (Michael Sit Wei Hong) [Orabug: 37670821] - net: phy: dp83867: fix get nvmem cell fail (Nikita Shubin) [Orabug: 37670821] - net: phy: dp83867: implement support for io_impedance_ctrl nvmem cell (Rasmus Villemoes) [Orabug: 37670821] - net: phy: constify netdev->dev_addr references (Jakub Kicinski) [Orabug: 37670821] - net: phy: dp83867: introduce critical chip default init for non-of platform (Lay, Kuan Loon) [Orabug: 37670821] - RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37872748] - uek-rpm: Reduce the size of the Bluefield 3 kernel (Henry Willard) [Orabug: 37910874] - uek-rpm: Make sure dtb directory exists for emb3. (Henry Willard) [Orabug: 37910874] - uek-rpm: Move the gve kernel module from extra to kernel-uek-core (Samasth Norway Ananda) [Orabug: 37940898] - platform/mellanox: mlxbf-pmc: Support additional PMC blocks (Shravan Kumar Ramani) [Orabug: 37955981] - mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() (David Thompson) [Orabug: 37955981] - mlxbf-bootctl: Support sysfs entries for RTC battery status (Xiangrong Li) [Orabug: 37955981] - platform/mellanox: mlxbf-bootctl: use sysfs_emit() instead of sprintf() (Ai Chao) [Orabug: 37955981] - drivers/platform/mellanox: Convert snprintf to sysfs_emit (Li Zhijian) [Orabug: 37955981] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967553] [5.15.0-309.180.3.el8uek] - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36933755] - x86/sev: Fix position dependent variable references in startup code (Ard Biesheuvel) [Orabug: 37356711] - x86/PCI: Export find_cap() to be used in early PCI code (Rayan Dasoriya) [Orabug: 37356711] - x86/quirks: Scan all busses for early PCI quirks (Rayan Dasoriya) [Orabug: 37356711] - x86/quirks: Add parameter to clear MSIs early on boot (Rayan Dasoriya) [Orabug: 37356711] - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (Vasant Hegde) [Orabug: 37356711] - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711] - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711] - iommu/amd: Use put_pages_list (Matthew Wilcox (Oracle)) [Orabug: 37356711] - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Steve Rutherford) [Orabug: 37356711] - iommu/amd: Simplify pagetable freeing (Robin Murphy) [Orabug: 37356711] - x86/kvm: Add kexec support for SEV Live Migration. (Ashish Kalra) [Orabug: 37356711] - nfsd: allow layout state to be admin-revoked. (NeilBrown) [Orabug: 37644985] - nfsd: allow delegation state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow open state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow lock state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow admin-revoked NFSv4.0 state to be freed. (NeilBrown) [Orabug: 37644985] - nfsd: report in /proc/fs/nfsd/clients/*/states when state is admin-revoke (NeilBrown) [Orabug: 37644985] - nfsd: allow state with no file to appear in /proc/fs/nfsd/clients/*/states (NeilBrown) [Orabug: 37644985] - nfsd: prepare for supporting admin-revocation of state (NeilBrown) [Orabug: 37644985] - nfsd: split sc_status out of sc_type (NeilBrown) [Orabug: 37644985] - nfsd: remove stale comment in nfs4_show_deleg() (NeilBrown) [Orabug: 37644985] - nfsd: avoid race after unhash_delegation_locked() (NeilBrown) [Orabug: 37644985] - nfsd: don't call functions with side-effecting inside WARN_ON() (NeilBrown) [Orabug: 37644985] - NFSD: Add nfsd_seq4_status trace event (Chuck Lever) [Orabug: 37644985] - NFSD: Clean up nfsd4_encode_layoutreturn() (Chuck Lever) [Orabug: 37644985] - NFSD: Make @lgp parameter of ->encode_layoutget a const pointer (Chuck Lever) [Orabug: 37644985] - NFSD: Clean up nfsd4_encode_stateid() (Chuck Lever) [Orabug: 37644985] - NFSD: Add simple u32, u64, and bool encoders (Chuck Lever) [Orabug: 37644985] - NFSD: Add encoders for NFSv4 clientids and verifiers (Chuck Lever) [Orabug: 37644985] - nfsd: add some kerneldoc comments for stateid preprocessing functions (Jeff Layton) [Orabug: 37644985] - nfsd: eliminate find_deleg_file_locked (Jeff Layton) [Orabug: 37644985] - nfsd: fix potential race in nfs4_find_file (Jeff Layton) [Orabug: 37644985] - vhost-scsi: Fix vhost_scsi_send_status() (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: Fix vhost_scsi_send_bad_target() (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: Reduce response iov mem use (Mike Christie) [Orabug: 37840544] - vhost-scsi: Allocate iov_iter used for unaligned copies when needed (Mike Christie) [Orabug: 37840544] - vhost-scsi: Stop duplicating se_cmd fields (Mike Christie) [Orabug: 37840544] - vhost-scsi: Dynamically allocate scatterlists (Mike Christie) [Orabug: 37840544] - vhost-scsi: Return queue full for page alloc failures during copy (Mike Christie) [Orabug: 37840544] - vhost-scsi: Add better resource allocation failure handling (Mike Christie) [Orabug: 37840544] - vhost-scsi: Allocate T10 PI structs only when enabled (Mike Christie) [Orabug: 37840544] - vhost-scsi: Reduce mem use by moving upages to per queue (Mike Christie) [Orabug: 37840544] - scsi: target: core: Use RCU helpers for INQUIRY t10_alua_tg_pt_gp (Mike Christie) [Orabug: 37840544] - scsi: target: Perform ALUA group changes in one step (Mike Christie) [Orabug: 37840544] - scsi: target: Replace lun_tg_pt_gp_lock with rcu in I/O path (Mike Christie) [Orabug: 37840544] - scsi: target: Fix write perf due to unneeded throttling (Mike Christie) [Orabug: 37840544] - vhost scsi: Allow user to control num virtqueues (Mike Christie) [Orabug: 37840544] - vhost-scsi: Rename vhost_scsi_iov_to_sgl (Mike Christie) [Orabug: 37840544] - vhost-scsi: unbreak any layout for response (Jason Wang) [Orabug: 37840544] - Revert "vhost-scsi: protect vq->log_base with vq->mutex" (Mike Christie) [Orabug: 37840544] - Revert "vhost_scsi: log write descriptors" (Mike Christie) [Orabug: 37840544] - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37945824] - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37945831] - x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37945831] - x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37945831] - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) [Orabug: 37945842] {CVE-2024-28956} - x86/alternative: Optimize returns patching (Borislav Petkov (AMD)) [Orabug: 37945842] {CVE-2024-28956} [5.15.0-309.180.2.el8uek] - LTS version: v5.15.180 (Vijayendra Suman) - mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() (Nathan Chancellor) - tracing: Do not use PERF enums when perf is not defined (Steven Rostedt) - mm, slab: remove duplicate kernel-doc comment for ksize() (Vlastimil Babka) - mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume (Kamal Dasu) - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (Chuck Lever) - nfsd: put dl_stid if fail to queue dl_recall (Li Lingfeng) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - ext4: fix OOB read when checking dotdot dir (Acs, Jakub) - ext4: don't over-report free space or inodes in statvfs (Theodore Ts'o) - tracing/osnoise: Fix possible recursive locking for cpus_read_lock() (Ran Xiaokai) - tracing: Fix synth event printk format for str fields (Douglas Raillard) - tracing: Ensure module defining synth event cannot be unloaded while tracing (Douglas Raillard) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (Murad Masimov) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - btrfs: handle errors from btrfs_dec_ref() properly (Josef Bacik) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - platform/x86: ISST: Correct command storage data length (Srinivas Pandruvada) - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (Hersen Wu) - drm/amd/pm: Fix negative array index read (Jesse Zhang) - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (Sherry Sun) - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform (Sherry Sun) - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (Kamal Dasu) - mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 (Kamal Dasu) - can: flexcan: disable transceiver during system PM (Haibo Chen) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) - net: fix geneve_opt length integer overflow (Lin Ma) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - netfilter: nft_tunnel: fix geneve_opt type confusion addition (Lin Ma) - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). (Guillaume Nault) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net: mvpp2: Prevent parser TCAM memory corruption (Tobias Waldekranz) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only (Pablo Neira Ayuso) - ASoC: imx-card: Add NULL check in imx_card_probe() (Henry Martin) - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra (Juhan Jin) - spufs: fix a leak in spufs_create_context() (Al Viro) - spufs: fix a leak on spufs_new_file() failure (Al Viro) - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (Navon John Lukose) - drm/amd: Keep display off while going into S4 (Mario Limonciello) - x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled (Vladis Dronov) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - ksmbd: fix incorrect validation for num_aces field of smb_acl (Namjae Jeon) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (Icenowy Zheng) - nvme-pci: clean up CMBMSC when registering CMB fails (Icenowy Zheng) - nvme-tcp: fix possible UAF in nvme_tcp_poll (Sagi Grimberg) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha sowjanya) - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (Giovanni Gherdovich) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - ksmbd: use aead_request_free to match aead_request_alloc (Miaoqian Lin) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (Mark Zhang) - exfat: fix the infinite loop in exfat_find_last_cluster() (Yuezhang Mo) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Don't keep a raw_data pointer to consumed ring buffer space (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - i3c: master: svc: Fix missing the IBI rules (Stanley Chu) - fuse: fix dax truncate/punch_hole fault path (Alistair Popple) - NFSv4: Don't trigger uneccessary scans for return-on-close delegations (Trond Myklebust) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: adc: ad7124: Fix comparison of channel configs (Uwe Kleine-K?nig) - fs/ntfs3: Fix a couple integer overflows on 32bit systems (Dan Carpenter) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - soundwire: slave: fix an OF node reference leak in soundwire slave device (Joe Hattori) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock (Barnab?s Cz?m?n) - crypto: hisilicon/sec2 - fix for aead auth key length (Wenkai Lin) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) - crypto: nx - Fix uninitialised hv_nxc on error (Herbert Xu) - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - pinctrl: tegra: Set SFIO mode to Mux Register (Prathamesh Shete) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - remoteproc: qcom_q6v5_mss: Handle platforms with one power domain (Luca Weiss) - RDMA/core: Don't expose hw_counters outside of init net namespace (Roman Gushchin) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rzg2l: Fix missing of_node_put() call (Fabrizio Castro) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock (Vladimir Lypak) - clk: samsung: Fix UBSAN panic in samsung_clk_init() (Will McVicker) - libbpf: Fix hypothetical STT_SECTION extern NULL deref case (Andrii Nakryiko) - remoteproc: qcom_q6v5_pas: Make single-PD handling more robust (Luca Weiss) - remoteproc: core: Clear table_sz when rproc_shutdown (Peng Fan) - crypto: hisilicon/sec2 - fix for aead authsize alignment (Wenkai Lin) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (Dan Carpenter) - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (Thippeswamy Havalige) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (Vitaliy Shevtsov) - PCI: Avoid reset when disabled via sysfs (Nishanth Aravamudan) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI: brcmstb: Use internal register to change link capability (Jim Quinlan) - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (Hans Zhang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (AngeloGioacchino Del Regno) - drm/vkms: Fix use after free and double free on init error (Jos? Exp?sito) - drm: xlnx: zynqmp: Fix max dma segment size (Tomi Valkeinen) - drm/dp_mst: Fix drm RAD print (Wayne Lin) - drm/bridge: ti-sn65dsi86: Fix multiple instances (Geert Uytterhoeven) - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (Jayesh Choudhary) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (Jiri Kosina) - media: platform: allgro-dvt: unregister v4l2_device on the error path (Joe Hattori) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - PM: sleep: Adjust check before setting power.must_resume (Rafael J. Wysocki) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - cpufreq: scpi: compare kHz instead of Hz (zuoqian) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport (Microsoft)) - watch_queue: fix pipe accounting mismatch (Eric Sandeen) - media: i2c: et8ek8: Don't strip remove function when driver is builtin (Uwe Kleine-K?nig) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add Brainboxes XC devices (Cameron Williams) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (William Breathitt Gray) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (Dhruv Deshpande) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - bpf, sockmap: Fix race between element replace and close() (Michal Luczaj) - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (Luiz Augusto von Dentz) {CVE-2024-8805} - arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S (Justin Klaassen) - mptcp: Fix data stream corruption in the address announcement (Arthur Mongodin) - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (David Rosca) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) - soc: qcom: pdr: Fix the potential deadlock (Saranya R) - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - proc: fix UAF in proc_get_inode() (Ye Bin) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - regulator: check that dummy regulator has been probed before using it (Christian Eggers) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - Revert "gre: Fix IPv6 link-local address generation." (Guillaume Nault) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (Junxian Huang) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (Junxian Huang) - RDMA/hns: Fix soft lockup during bt pages loop (Junxian Huang) - RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() (Chengchang Tang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - ARM: dts: bcm2711: Don't mark timer regs unconfigured (Phil Elwell) - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (Kashyap Desai) - ARM: dts: bcm2711: PL011 UARTs are actually r1p5 (Phil Elwell) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - smb: client: fix potential UAF in cifs_debug_files_proc_show() (Paulo Alcantara) - smb: client: Fix match_session bug preventing session reuse (Henrique Carvalho) - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (Ma Ke) - drm/amd/display: Check for invalid input params when building scaling params (Michael Strauss) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe JAILLET) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe JAILLET) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe JAILLET) - cifs: Fix integer overflow while processing closetimeo mount option (Murad Masimov) - cifs: Fix integer overflow while processing actimeo mount option (Murad Masimov) - cifs: Fix integer overflow while processing acdirmax mount option (Murad Masimov) - cifs: Fix integer overflow while processing acregmax mount option (Murad Masimov) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe JAILLET) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - ASoC: ops: Consistently treat platform_max as control value (Charles Keepax) - tcp: fix races in tcp_abort() (Eric Dumazet) - lib/buildid: Handle memfd_secret() files in build_id_parse() (Andrii Nakryiko) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Fix slab-use-after-free on hdcp_work (Mario Limonciello) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) - drm/amd/display: Restore correct backlight brightness after a GPU reset (Mario Limonciello) - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - mptcp: safety check before fallback (Matthieu Baerts (NGI0)) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - ASoC: tas2764: Set the SDOUT polarity correctly (Hector Martin) - ASoC: tas2764: Fix power control mask (Hector Martin) - ASoC: tas2770: Fix volume scale (Hector Martin) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (Stephan Gerhold) - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (Terry Cheong) - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. (Vitaly Rodionov) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - thermal/cpufreq_cooling: Remove structure member documentation (Daniel Lezcano) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - sched: Clarify wake_up_q()'s write to task->wake_q.next (Jann Horn) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao (AceLan)) - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - vboxsf: fix building with GCC 15 (Brahmajit Das) - alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support (Eric W. Biederman) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) - scsi: core: Use GFP_NOIO to avoid circular locking dependency (Rik van Riel) - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - net/mlx5: Bridge, fix the crash caused by LAG state check (Jianbo Liu) - net: openvswitch: remove misbehaving actions length check (Ilya Maximets) - openvswitch: Use kmalloc_size_roundup() to match ksize() usage (Kees Cook) - slab: Introduce kmalloc_size_roundup() (Kees Cook) - gre: Fix IPv6 link-local address generation. (Guillaume Nault) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) - net/mlx5: handle errors in mlx5_chains_create_table() (Wentao Liang) - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - net: dsa: mv88e6xxx: Verify after ATU Load ops (Joseph Huang) - ice: fix memory leak in aRFS after reset (Grzegorz Nitka) - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. (Sebastian Andrzej Siewior) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - fbdev: hyperv_fb: iounmap() the correct memory when removing a device (Michael Kelley) - ipv6: Fix signed integer overflow in __ip6_append_data (Wang Yufen) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) - vlan: fix memory leak in vlan_newlink() (Eric Dumazet) [5.15.0-309.179.1.el8uek] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800728] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800728] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX (Boris Ostrovsky) [Orabug: 37800728] From el-errata at oss.oracle.com Tue Jun 10 14:22:46 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:46 -0700 Subject: [El-errata] ELSA-2025-20364 Important: Oracle Linux 8 python3.12-cryptography security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20364 http://linux.oracle.com/errata/ELSA-2025-20364.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-cryptography-41.0.7-1.0.1.el8.x86_64.rpm aarch64: python3.12-cryptography-41.0.7-1.0.1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python3.12-cryptography-41.0.7-1.0.1.el8.src.rpm Related CVEs: CVE-2024-26130 Description of changes: [41.0.7-1.0.1] - CVE-2024-26130 [Orabug: 37982815] From el-errata at oss.oracle.com Tue Jun 10 14:22:48 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:22:48 -0700 Subject: [El-errata] ELSA-2025-8676 Moderate: Oracle Linux 8 libxslt security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8676 http://linux.oracle.com/errata/ELSA-2025-8676.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libxslt-1.1.32-6.2.0.1.el8_10.i686.rpm libxslt-1.1.32-6.2.0.1.el8_10.x86_64.rpm libxslt-devel-1.1.32-6.2.0.1.el8_10.i686.rpm libxslt-devel-1.1.32-6.2.0.1.el8_10.x86_64.rpm aarch64: libxslt-1.1.32-6.2.0.1.el8_10.aarch64.rpm libxslt-devel-1.1.32-6.2.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libxslt-1.1.32-6.2.0.1.el8_10.src.rpm Related CVEs: CVE-2023-40403 Description of changes: [1.1.32-6.2.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-6.2] - Fix CVE-2023-40403 (aka 2022-4909) (RHEL-89374) From el-errata at oss.oracle.com Tue Jun 10 14:23:01 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:01 -0700 Subject: [El-errata] ELSA-2025-20365 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20365 http://linux.oracle.com/errata/ELSA-2025-20365.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-container-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-core-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-309.180.4.el9uek.noarch.rpm kernel-uek-modules-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek64k-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-309.180.4.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-309.180.4.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-309.180.4.el9uek.src.rpm Related CVEs: CVE-2024-28956 CVE-2024-8805 Description of changes: [5.15.0-309.180.4.el9uek] - nvme: unblock ctrl state transition for firmware update (Daniel Wagner) - nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (Rafael J. Wysocki) - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Xuanqiang Luo) - usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin) - Revert "PCI: Avoid reset when disabled via sysfs" (Alex Williamson) - uek-rpm: CONFIG_PTP_1588_CLOCK_OCP enable for OCI (Vijayendra Suman) [Orabug: 37777354] - ptp: ocp: let ptp core report driver name instead of the drivers (Vijayendra Suman) [Orabug: 37777354] - ptp: ocp: Add .getmaxphase ptp_clock_info callback (Rahul Rameshbabu) [Orabug: 37777354] - ptp: ocp: remove flash image header check fallback (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: expose config and temperature for ART card (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add serial port of mRO50 MAC on ART card (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add Orolia timecard support (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: upgrade serial line information (Vadim Fedorenko) [Orabug: 37777354] - ] ptp: ocp: remove symlink for second GNSS (Vadim Fedorenko) [Orabug: 37777354] - ptp_ocp: use device_find_any_child() instead of custom approach (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: replace kzalloc(x*y) by kcalloc(y, x) (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: do not call pci_set_drvdata(pdev, NULL) (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: drop duplicate NULL check in ptp_ocp_detach() (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: use bits.h macros for all masks (Andy Shevchenko) [Orabug: 37777354] - ptp: ocp: Add firmware header checks (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: fix PPS source selector debugfs reporting (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add .init function for sma_op vector (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: vectorize the sma accessor functions (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: constify selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: parameterize input/output sma selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: revise firmware display (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add Celestica timecard PCI ids (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Remove #ifdefs around PCI IDs (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: 32-bit fixups for pci start address (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: change sysfs attr group handling (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: have adjtime handle negative delta_ns correctly (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Use DIV64_U64_ROUND_UP for rounding. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: handle error from nvmem_device_find (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: use snprintf() in ptp_ocp_verify() (Dan Carpenter) [Orabug: 37777354] - ptp: ocp: Make debugfs variables the correct bitwidth (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Fix PTP_PF_* verification requests (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add 2 more timestampers (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add 4 frequency counters (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Program the signal generators via PTP_CLK_REQ_PEROUT (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add signal generators and update sysfs nodes (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add firmware capability bits for feature gating (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add GND and VCC output selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Rename output selector 'GNSS' to 'GNSS1' (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add ability to disable input selectors. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add support for selectable SMA directions. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add UPF_NO_THRE_TEST flag for serial ports (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Update devlink firmware display path. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add nvmem interface for accessing eeprom (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: correct label for error path (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: off by in in ptp_ocp_tod_gnss_name() (Dan Carpenter) [Orabug: 37777354] - ptp: ocp: Add serial port information to the debug summary (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: adjust utc_tai_offset to TOD info (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add tod_correction attribute (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Expose clock status drift and offset (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add TOD debug information (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 37777354] - ptp: ocp: Avoid operator precedence warning in ptp_ocp_summary_show() (Nathan Chancellor) [Orabug: 37777354] - ptp: ocp: Add timestamp window adjustment (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Have FPGA fold in ns adjustment for adjtime. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Enable 4th timestamper / PPS generator (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add second GNSS device (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add NMEA output (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add debugfs entry for timecard (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Separate the init and info logic (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add sysfs attribute utc_tai_offset (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add IRIG-B output mode control (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add IRIG-B and DCF blocks (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add SMA selector and controls (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add third timestamper (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Report error if resource registration fails. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Skip resources with out of range irqs (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Skip I2C flash read when there is no controller. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Parameterize the TOD information display. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: parameterize the i2c driver used (Jonathan Lemon) [Orabug: 37777354] - vhost-scsi: log event queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: log control queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: log I/O queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: adjust vhost_scsi_get_desc() to log vring descriptors (Dongli Zhang) [Orabug: 37884058] - vhost: modify vhost_log_write() for broader users (Dongli Zhang) [Orabug: 37884058] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 37956589] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (zhenwei pi) [Orabug: 37956589] - ext4: update the backup superblock's at the end of the online resize (Theodore Ts'o) [Orabug: 37356729] - gve: ignore nonrelevant GSO type bits when processing TSO headers (Joshua Washington) [Orabug: 37356729] - gve: update gve.rst (Rushil Gupta) [Orabug: 37356729] - gve: RX path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Tx path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Control path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Fix gve interrupt names (Praveen Kaligineedi) [Orabug: 37356729] - gve: Handle alternate miss completions (Jeroen de Borst) [Orabug: 37356729] - gve: Adding a new AdminQ command to verify driver (Jeroen de Borst) [Orabug: 37356729] - gve: Fix error return code in gve_prefill_rx_pages() (Yang Yingliang) [Orabug: 37356729] - gve: Reduce alloc and copy costs in the GQ rx path (Shailend Chand) [Orabug: 37356729] - google/gve:fix repeated words in comments (Jilin Yuan) [Orabug: 37356729] - gve: Fix spelling mistake "droping" -> "dropping" (Colin Ian King) [Orabug: 37356729] - gve: enhance no queue page list detection (Haiyue Wang) [Orabug: 37356729] - gve: Recording rx queue before sending to napi (Tao Liu) [Orabug: 37356729] - ext4: add ioctls to get/set the ext4 superblock uuid (Jeremy Bongio) [Orabug: 37356729] - ext4: implement support for get/set fs label (Lukas Czerner) [Orabug: 37356729] - gve: Add tx|rx-coalesce-usec for DQO (Tao Liu) [Orabug: 37356729] - gve: Add consumed counts to ethtool stats (Jordan Kim) [Orabug: 37356729] - gve: Implement suspend/resume/shutdown (Catherine Sullivan) [Orabug: 37356729] - gve: Add optional metadata descriptor type GVE_TXD_MTD (Willem de Bruijn) [Orabug: 37356729] - gve: remove memory barrier around seqno (Catherine Sullivan) [Orabug: 37356729] - gve: Update gve_free_queue_page_list signature (Catherine Sullivan) [Orabug: 37356729] - gve: Move the irq db indexes out of the ntfy block struct (Catherine Sullivan) [Orabug: 37356729] - gve: Correct order of processing device options (Jeroen de Borst) [Orabug: 37356729] - gve: fix for null pointer dereference. (Ameer Hamza) [Orabug: 37356729] - gve: fix unmatched u64_stats_update_end() (Dan Carpenter) [Orabug: 37356729] - gve: Add a jumbo-frame device option. (Shailend Chand) [Orabug: 37356729] - gve: Implement packet continuation for RX. (David Awogbemila) [Orabug: 37356729] - gve: Allow pageflips on larger pages (Jordan Kim) [Orabug: 37356729] - gve: Add netif_set_xps_queue call (Catherine Sullivan) [Orabug: 37356729] - gve: Do lazy cleanup in TX path (Tao Liu) [Orabug: 37356729] - gve: Add rx buffer pagecnt bias (Catherine Sullivan) [Orabug: 37356729] - gve: Switch to use napi_complete_done (Yangchun Fu) [Orabug: 37356729] - gve: Use kvcalloc() instead of kvzalloc() (Gustavo A. R. Silva) [Orabug: 37356729] - selftests/net: optmem_max became per netns (Eric Dumazet) [Orabug: 37356732] - tcp: derive delack_max with tcp_rto_min helper (Kevin Yang) [Orabug: 37356732] - tcp: derive delack_max from rto_min (Eric Dumazet) [Orabug: 37356732] - tcp: add sysctl_tcp_rto_min_us (Kevin Yang) [Orabug: 37356732] - tcp: constify tcp_rto_min() and tcp_rto_min_us() argument (Eric Dumazet) [Orabug: 37356732] - net: constify sk_dst_get() and __sk_dst_get() argument (Eric Dumazet) [Orabug: 37356732] - net: Namespace-ify sysctl_optmem_max (Eric Dumazet) [Orabug: 37356732] - net: increase optmem_max default value (Eric Dumazet) [Orabug: 37356732] - net: phy: dp83867: Fix SGMII FIFO depth for non OF devices (Michael Sit Wei Hong) [Orabug: 37670821] - net: phy: dp83867: fix get nvmem cell fail (Nikita Shubin) [Orabug: 37670821] - net: phy: dp83867: implement support for io_impedance_ctrl nvmem cell (Rasmus Villemoes) [Orabug: 37670821] - net: phy: constify netdev->dev_addr references (Jakub Kicinski) [Orabug: 37670821] - net: phy: dp83867: introduce critical chip default init for non-of platform (Lay, Kuan Loon) [Orabug: 37670821] - RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37872748] - uek-rpm: Reduce the size of the Bluefield 3 kernel (Henry Willard) [Orabug: 37910874] - uek-rpm: Make sure dtb directory exists for emb3. (Henry Willard) [Orabug: 37910874] - uek-rpm: Move the gve kernel module from extra to kernel-uek-core (Samasth Norway Ananda) [Orabug: 37940898] - platform/mellanox: mlxbf-pmc: Support additional PMC blocks (Shravan Kumar Ramani) [Orabug: 37955981] - mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() (David Thompson) [Orabug: 37955981] - mlxbf-bootctl: Support sysfs entries for RTC battery status (Xiangrong Li) [Orabug: 37955981] - platform/mellanox: mlxbf-bootctl: use sysfs_emit() instead of sprintf() (Ai Chao) [Orabug: 37955981] - drivers/platform/mellanox: Convert snprintf to sysfs_emit (Li Zhijian) [Orabug: 37955981] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967553] [5.15.0-309.180.3.el9uek] - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36933755] - x86/sev: Fix position dependent variable references in startup code (Ard Biesheuvel) [Orabug: 37356711] - x86/PCI: Export find_cap() to be used in early PCI code (Rayan Dasoriya) [Orabug: 37356711] - x86/quirks: Scan all busses for early PCI quirks (Rayan Dasoriya) [Orabug: 37356711] - x86/quirks: Add parameter to clear MSIs early on boot (Rayan Dasoriya) [Orabug: 37356711] - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (Vasant Hegde) [Orabug: 37356711] - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711] - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711] - iommu/amd: Use put_pages_list (Matthew Wilcox (Oracle)) [Orabug: 37356711] - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Steve Rutherford) [Orabug: 37356711] - iommu/amd: Simplify pagetable freeing (Robin Murphy) [Orabug: 37356711] - x86/kvm: Add kexec support for SEV Live Migration. (Ashish Kalra) [Orabug: 37356711] - nfsd: allow layout state to be admin-revoked. (NeilBrown) [Orabug: 37644985] - nfsd: allow delegation state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow open state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow lock state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow admin-revoked NFSv4.0 state to be freed. (NeilBrown) [Orabug: 37644985] - nfsd: report in /proc/fs/nfsd/clients/*/states when state is admin-revoke (NeilBrown) [Orabug: 37644985] - nfsd: allow state with no file to appear in /proc/fs/nfsd/clients/*/states (NeilBrown) [Orabug: 37644985] - nfsd: prepare for supporting admin-revocation of state (NeilBrown) [Orabug: 37644985] - nfsd: split sc_status out of sc_type (NeilBrown) [Orabug: 37644985] - nfsd: remove stale comment in nfs4_show_deleg() (NeilBrown) [Orabug: 37644985] - nfsd: avoid race after unhash_delegation_locked() (NeilBrown) [Orabug: 37644985] - nfsd: don't call functions with side-effecting inside WARN_ON() (NeilBrown) [Orabug: 37644985] - NFSD: Add nfsd_seq4_status trace event (Chuck Lever) [Orabug: 37644985] - NFSD: Clean up nfsd4_encode_layoutreturn() (Chuck Lever) [Orabug: 37644985] - NFSD: Make @lgp parameter of ->encode_layoutget a const pointer (Chuck Lever) [Orabug: 37644985] - NFSD: Clean up nfsd4_encode_stateid() (Chuck Lever) [Orabug: 37644985] - NFSD: Add simple u32, u64, and bool encoders (Chuck Lever) [Orabug: 37644985] - NFSD: Add encoders for NFSv4 clientids and verifiers (Chuck Lever) [Orabug: 37644985] - nfsd: add some kerneldoc comments for stateid preprocessing functions (Jeff Layton) [Orabug: 37644985] - nfsd: eliminate find_deleg_file_locked (Jeff Layton) [Orabug: 37644985] - nfsd: fix potential race in nfs4_find_file (Jeff Layton) [Orabug: 37644985] - vhost-scsi: Fix vhost_scsi_send_status() (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: Fix vhost_scsi_send_bad_target() (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: Reduce response iov mem use (Mike Christie) [Orabug: 37840544] - vhost-scsi: Allocate iov_iter used for unaligned copies when needed (Mike Christie) [Orabug: 37840544] - vhost-scsi: Stop duplicating se_cmd fields (Mike Christie) [Orabug: 37840544] - vhost-scsi: Dynamically allocate scatterlists (Mike Christie) [Orabug: 37840544] - vhost-scsi: Return queue full for page alloc failures during copy (Mike Christie) [Orabug: 37840544] - vhost-scsi: Add better resource allocation failure handling (Mike Christie) [Orabug: 37840544] - vhost-scsi: Allocate T10 PI structs only when enabled (Mike Christie) [Orabug: 37840544] - vhost-scsi: Reduce mem use by moving upages to per queue (Mike Christie) [Orabug: 37840544] - scsi: target: core: Use RCU helpers for INQUIRY t10_alua_tg_pt_gp (Mike Christie) [Orabug: 37840544] - scsi: target: Perform ALUA group changes in one step (Mike Christie) [Orabug: 37840544] - scsi: target: Replace lun_tg_pt_gp_lock with rcu in I/O path (Mike Christie) [Orabug: 37840544] - scsi: target: Fix write perf due to unneeded throttling (Mike Christie) [Orabug: 37840544] - vhost scsi: Allow user to control num virtqueues (Mike Christie) [Orabug: 37840544] - vhost-scsi: Rename vhost_scsi_iov_to_sgl (Mike Christie) [Orabug: 37840544] - vhost-scsi: unbreak any layout for response (Jason Wang) [Orabug: 37840544] - Revert "vhost-scsi: protect vq->log_base with vq->mutex" (Mike Christie) [Orabug: 37840544] - Revert "vhost_scsi: log write descriptors" (Mike Christie) [Orabug: 37840544] - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37945824] - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37945831] - x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37945831] - x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37945831] - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) [Orabug: 37945842] {CVE-2024-28956} - x86/alternative: Optimize returns patching (Borislav Petkov (AMD)) [Orabug: 37945842] {CVE-2024-28956} [5.15.0-309.180.2.el9uek] - LTS version: v5.15.180 (Vijayendra Suman) - mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() (Nathan Chancellor) - tracing: Do not use PERF enums when perf is not defined (Steven Rostedt) - mm, slab: remove duplicate kernel-doc comment for ksize() (Vlastimil Babka) - mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume (Kamal Dasu) - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (Chuck Lever) - nfsd: put dl_stid if fail to queue dl_recall (Li Lingfeng) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - ext4: fix OOB read when checking dotdot dir (Acs, Jakub) - ext4: don't over-report free space or inodes in statvfs (Theodore Ts'o) - tracing/osnoise: Fix possible recursive locking for cpus_read_lock() (Ran Xiaokai) - tracing: Fix synth event printk format for str fields (Douglas Raillard) - tracing: Ensure module defining synth event cannot be unloaded while tracing (Douglas Raillard) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (Murad Masimov) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - btrfs: handle errors from btrfs_dec_ref() properly (Josef Bacik) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - platform/x86: ISST: Correct command storage data length (Srinivas Pandruvada) - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (Hersen Wu) - drm/amd/pm: Fix negative array index read (Jesse Zhang) - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (Sherry Sun) - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform (Sherry Sun) - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (Kamal Dasu) - mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 (Kamal Dasu) - can: flexcan: disable transceiver during system PM (Haibo Chen) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) - net: fix geneve_opt length integer overflow (Lin Ma) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - netfilter: nft_tunnel: fix geneve_opt type confusion addition (Lin Ma) - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). (Guillaume Nault) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net: mvpp2: Prevent parser TCAM memory corruption (Tobias Waldekranz) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only (Pablo Neira Ayuso) - ASoC: imx-card: Add NULL check in imx_card_probe() (Henry Martin) - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra (Juhan Jin) - spufs: fix a leak in spufs_create_context() (Al Viro) - spufs: fix a leak on spufs_new_file() failure (Al Viro) - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (Navon John Lukose) - drm/amd: Keep display off while going into S4 (Mario Limonciello) - x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled (Vladis Dronov) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - ksmbd: fix incorrect validation for num_aces field of smb_acl (Namjae Jeon) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (Icenowy Zheng) - nvme-pci: clean up CMBMSC when registering CMB fails (Icenowy Zheng) - nvme-tcp: fix possible UAF in nvme_tcp_poll (Sagi Grimberg) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha sowjanya) - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (Giovanni Gherdovich) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - ksmbd: use aead_request_free to match aead_request_alloc (Miaoqian Lin) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (Mark Zhang) - exfat: fix the infinite loop in exfat_find_last_cluster() (Yuezhang Mo) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Don't keep a raw_data pointer to consumed ring buffer space (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - i3c: master: svc: Fix missing the IBI rules (Stanley Chu) - fuse: fix dax truncate/punch_hole fault path (Alistair Popple) - NFSv4: Don't trigger uneccessary scans for return-on-close delegations (Trond Myklebust) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: adc: ad7124: Fix comparison of channel configs (Uwe Kleine-K?nig) - fs/ntfs3: Fix a couple integer overflows on 32bit systems (Dan Carpenter) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - soundwire: slave: fix an OF node reference leak in soundwire slave device (Joe Hattori) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock (Barnab?s Cz?m?n) - crypto: hisilicon/sec2 - fix for aead auth key length (Wenkai Lin) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) - crypto: nx - Fix uninitialised hv_nxc on error (Herbert Xu) - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - pinctrl: tegra: Set SFIO mode to Mux Register (Prathamesh Shete) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - remoteproc: qcom_q6v5_mss: Handle platforms with one power domain (Luca Weiss) - RDMA/core: Don't expose hw_counters outside of init net namespace (Roman Gushchin) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rzg2l: Fix missing of_node_put() call (Fabrizio Castro) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock (Vladimir Lypak) - clk: samsung: Fix UBSAN panic in samsung_clk_init() (Will McVicker) - libbpf: Fix hypothetical STT_SECTION extern NULL deref case (Andrii Nakryiko) - remoteproc: qcom_q6v5_pas: Make single-PD handling more robust (Luca Weiss) - remoteproc: core: Clear table_sz when rproc_shutdown (Peng Fan) - crypto: hisilicon/sec2 - fix for aead authsize alignment (Wenkai Lin) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (Dan Carpenter) - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (Thippeswamy Havalige) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (Vitaliy Shevtsov) - PCI: Avoid reset when disabled via sysfs (Nishanth Aravamudan) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI: brcmstb: Use internal register to change link capability (Jim Quinlan) - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (Hans Zhang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (AngeloGioacchino Del Regno) - drm/vkms: Fix use after free and double free on init error (Jos? Exp?sito) - drm: xlnx: zynqmp: Fix max dma segment size (Tomi Valkeinen) - drm/dp_mst: Fix drm RAD print (Wayne Lin) - drm/bridge: ti-sn65dsi86: Fix multiple instances (Geert Uytterhoeven) - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (Jayesh Choudhary) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (Jiri Kosina) - media: platform: allgro-dvt: unregister v4l2_device on the error path (Joe Hattori) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - PM: sleep: Adjust check before setting power.must_resume (Rafael J. Wysocki) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - cpufreq: scpi: compare kHz instead of Hz (zuoqian) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport (Microsoft)) - watch_queue: fix pipe accounting mismatch (Eric Sandeen) - media: i2c: et8ek8: Don't strip remove function when driver is builtin (Uwe Kleine-K?nig) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add Brainboxes XC devices (Cameron Williams) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (William Breathitt Gray) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (Dhruv Deshpande) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - bpf, sockmap: Fix race between element replace and close() (Michal Luczaj) - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (Luiz Augusto von Dentz) {CVE-2024-8805} - arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S (Justin Klaassen) - mptcp: Fix data stream corruption in the address announcement (Arthur Mongodin) - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (David Rosca) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) - soc: qcom: pdr: Fix the potential deadlock (Saranya R) - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - proc: fix UAF in proc_get_inode() (Ye Bin) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - regulator: check that dummy regulator has been probed before using it (Christian Eggers) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - Revert "gre: Fix IPv6 link-local address generation." (Guillaume Nault) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (Junxian Huang) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (Junxian Huang) - RDMA/hns: Fix soft lockup during bt pages loop (Junxian Huang) - RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() (Chengchang Tang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - ARM: dts: bcm2711: Don't mark timer regs unconfigured (Phil Elwell) - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (Kashyap Desai) - ARM: dts: bcm2711: PL011 UARTs are actually r1p5 (Phil Elwell) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - smb: client: fix potential UAF in cifs_debug_files_proc_show() (Paulo Alcantara) - smb: client: Fix match_session bug preventing session reuse (Henrique Carvalho) - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (Ma Ke) - drm/amd/display: Check for invalid input params when building scaling params (Michael Strauss) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe JAILLET) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe JAILLET) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe JAILLET) - cifs: Fix integer overflow while processing closetimeo mount option (Murad Masimov) - cifs: Fix integer overflow while processing actimeo mount option (Murad Masimov) - cifs: Fix integer overflow while processing acdirmax mount option (Murad Masimov) - cifs: Fix integer overflow while processing acregmax mount option (Murad Masimov) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe JAILLET) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - ASoC: ops: Consistently treat platform_max as control value (Charles Keepax) - tcp: fix races in tcp_abort() (Eric Dumazet) - lib/buildid: Handle memfd_secret() files in build_id_parse() (Andrii Nakryiko) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Fix slab-use-after-free on hdcp_work (Mario Limonciello) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) - drm/amd/display: Restore correct backlight brightness after a GPU reset (Mario Limonciello) - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - mptcp: safety check before fallback (Matthieu Baerts (NGI0)) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - ASoC: tas2764: Set the SDOUT polarity correctly (Hector Martin) - ASoC: tas2764: Fix power control mask (Hector Martin) - ASoC: tas2770: Fix volume scale (Hector Martin) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (Stephan Gerhold) - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (Terry Cheong) - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. (Vitaly Rodionov) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - thermal/cpufreq_cooling: Remove structure member documentation (Daniel Lezcano) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - sched: Clarify wake_up_q()'s write to task->wake_q.next (Jann Horn) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao (AceLan)) - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - vboxsf: fix building with GCC 15 (Brahmajit Das) - alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support (Eric W. Biederman) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) - scsi: core: Use GFP_NOIO to avoid circular locking dependency (Rik van Riel) - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - net/mlx5: Bridge, fix the crash caused by LAG state check (Jianbo Liu) - net: openvswitch: remove misbehaving actions length check (Ilya Maximets) - openvswitch: Use kmalloc_size_roundup() to match ksize() usage (Kees Cook) - slab: Introduce kmalloc_size_roundup() (Kees Cook) - gre: Fix IPv6 link-local address generation. (Guillaume Nault) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) - net/mlx5: handle errors in mlx5_chains_create_table() (Wentao Liang) - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - net: dsa: mv88e6xxx: Verify after ATU Load ops (Joseph Huang) - ice: fix memory leak in aRFS after reset (Grzegorz Nitka) - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. (Sebastian Andrzej Siewior) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - fbdev: hyperv_fb: iounmap() the correct memory when removing a device (Michael Kelley) - ipv6: Fix signed integer overflow in __ip6_append_data (Wang Yufen) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) - vlan: fix memory leak in vlan_newlink() (Eric Dumazet) [5.15.0-309.179.1.el9uek] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800728] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800728] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX (Boris Ostrovsky) [Orabug: 37800728] From el-errata at oss.oracle.com Tue Jun 10 14:23:20 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:20 -0700 Subject: [El-errata] OLAMBA-2025-0006 Oracle Linux 8 python-jmespath bug fix update Message-ID: Oracle Linux Bug Fix Advisory OLAMBA-2025-0006 http://linux.oracle.com/errata/OLAMBA-2025-0006.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-jmespath-1.0.1-3.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python-jmespath-1.0.1-3.el8.src.rpm Description of changes: [1.0.1-3] - Rename jp binary to avoid conflicts with other python versions From el-errata at oss.oracle.com Tue Jun 10 14:23:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:03 -0700 Subject: [El-errata] ELSA-2025-8607 Important: Oracle Linux 9 thunderbird security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8607 http://linux.oracle.com/errata/ELSA-2025-8607.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-128.11.0-1.0.1.el9_6.x86_64.rpm aarch64: thunderbird-128.11.0-1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-128.11.0-1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-4918 CVE-2025-4919 CVE-2025-5263 CVE-2025-5264 CVE-2025-5266 CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 Description of changes: [128.11.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.11.0] - Add OpenELA debranding [128.11.0-1] - Update to 128.11.0 From el-errata at oss.oracle.com Tue Jun 10 14:23:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:07 -0700 Subject: [El-errata] ELSA-2025-8682 Moderate: Oracle Linux 9 grafana security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8682 http://linux.oracle.com/errata/ELSA-2025-8682.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-10.2.6-14.el9_6.x86_64.rpm grafana-selinux-10.2.6-14.el9_6.x86_64.rpm aarch64: grafana-10.2.6-14.el9_6.aarch64.rpm grafana-selinux-10.2.6-14.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//grafana-10.2.6-14.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [10.2.6-14] - Resolves RHEL-89309: CVE-2025-22871 From el-errata at oss.oracle.com Tue Jun 10 14:23:05 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:05 -0700 Subject: [El-errata] ELSA-2025-8655 Moderate: Oracle Linux 9 glibc security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8655 http://linux.oracle.com/errata/ELSA-2025-8655.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: glibc-2.34-168.0.1.el9_6.19.i686.rpm glibc-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-all-langpacks-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-common-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-devel-2.34-168.0.1.el9_6.19.i686.rpm glibc-devel-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-doc-2.34-168.0.1.el9_6.19.noarch.rpm glibc-gconv-extra-2.34-168.0.1.el9_6.19.i686.rpm glibc-gconv-extra-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-headers-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-aa-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-af-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-agr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ak-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-am-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-an-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-anp-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ar-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-as-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ast-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ayc-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-az-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-be-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bem-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ber-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bg-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bhb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bho-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bo-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-br-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-brx-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-bs-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-byn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ca-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ce-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-chr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ckb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-cmn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-crh-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-cs-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-csb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-cv-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-cy-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-da-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-de-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-doi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-dsb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-dv-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-dz-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-el-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-en-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-eo-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-es-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-et-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-eu-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fa-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ff-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fil-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fo-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fur-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-fy-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ga-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-gd-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-gez-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-gl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-gu-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-gv-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ha-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hak-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-he-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hif-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hne-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hsb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ht-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hu-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-hy-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ia-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-id-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ig-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ik-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-is-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-it-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-iu-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ja-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ka-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-kab-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-kk-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-kl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-km-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-kn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ko-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-kok-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ks-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ku-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-kw-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ky-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lg-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-li-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lij-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ln-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lo-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lt-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lv-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-lzh-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mag-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mai-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mfe-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mg-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mhr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-miq-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mjw-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mk-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ml-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mni-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mnw-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ms-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-mt-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-my-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nan-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nb-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nds-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ne-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nhn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-niu-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-nso-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-oc-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-om-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-or-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-os-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-pa-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-pap-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-pl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ps-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-pt-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-quz-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-raj-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ro-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ru-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-rw-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sa-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sah-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sat-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sc-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sd-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-se-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sgs-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-shn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-shs-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-si-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sid-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sk-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sm-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-so-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sq-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ss-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-st-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sv-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-sw-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-szl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ta-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tcy-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-te-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tg-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-th-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-the-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ti-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tig-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tk-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tl-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tn-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-to-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tpi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tr-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ts-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-tt-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ug-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-uk-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-unm-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ur-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-uz-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-ve-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-vi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-wa-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-wae-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-wal-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-wo-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-xh-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-yi-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-yo-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-yue-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-yuw-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-zh-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-langpack-zu-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-locale-source-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-minimal-langpack-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-utils-2.34-168.0.1.el9_6.19.x86_64.rpm libnsl-2.34-168.0.1.el9_6.19.i686.rpm libnsl-2.34-168.0.1.el9_6.19.x86_64.rpm nscd-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-benchtests-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-nss-devel-2.34-168.0.1.el9_6.19.i686.rpm glibc-nss-devel-2.34-168.0.1.el9_6.19.x86_64.rpm glibc-static-2.34-168.0.1.el9_6.19.i686.rpm glibc-static-2.34-168.0.1.el9_6.19.x86_64.rpm nss_db-2.34-168.0.1.el9_6.19.i686.rpm nss_db-2.34-168.0.1.el9_6.19.x86_64.rpm nss_hesiod-2.34-168.0.1.el9_6.19.i686.rpm nss_hesiod-2.34-168.0.1.el9_6.19.x86_64.rpm aarch64: glibc-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-all-langpacks-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-common-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-devel-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-doc-2.34-168.0.1.el9_6.19.noarch.rpm glibc-gconv-extra-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-aa-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-af-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-agr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ak-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-am-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-an-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-anp-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ar-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-as-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ast-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ayc-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-az-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-be-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bem-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ber-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bg-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bhb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bho-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bo-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-br-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-brx-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-bs-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-byn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ca-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ce-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-chr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ckb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-cmn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-crh-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-cs-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-csb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-cv-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-cy-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-da-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-de-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-doi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-dsb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-dv-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-dz-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-el-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-en-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-eo-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-es-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-et-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-eu-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fa-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ff-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fil-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fo-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fur-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-fy-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ga-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-gd-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-gez-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-gl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-gu-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-gv-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ha-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hak-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-he-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hif-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hne-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hsb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ht-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hu-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-hy-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ia-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-id-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ig-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ik-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-is-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-it-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-iu-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ja-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ka-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-kab-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-kk-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-kl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-km-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-kn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ko-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-kok-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ks-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ku-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-kw-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ky-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lg-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-li-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lij-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ln-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lo-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lt-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lv-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-lzh-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mag-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mai-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mfe-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mg-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mhr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-miq-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mjw-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mk-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ml-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mni-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mnw-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ms-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-mt-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-my-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nan-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nb-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nds-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ne-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nhn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-niu-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-nso-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-oc-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-om-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-or-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-os-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-pa-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-pap-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-pl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ps-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-pt-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-quz-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-raj-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ro-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ru-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-rw-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sa-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sah-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sat-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sc-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sd-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-se-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sgs-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-shn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-shs-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-si-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sid-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sk-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sm-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-so-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sq-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ss-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-st-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sv-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-sw-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-szl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ta-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tcy-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-te-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tg-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-th-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-the-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ti-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tig-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tk-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tl-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tn-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-to-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tpi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tr-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ts-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-tt-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ug-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-uk-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-unm-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ur-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-uz-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-ve-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-vi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-wa-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-wae-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-wal-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-wo-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-xh-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-yi-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-yo-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-yue-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-yuw-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-zh-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-langpack-zu-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-locale-source-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-minimal-langpack-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-utils-2.34-168.0.1.el9_6.19.aarch64.rpm libnsl-2.34-168.0.1.el9_6.19.aarch64.rpm nscd-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-benchtests-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-nss-devel-2.34-168.0.1.el9_6.19.aarch64.rpm glibc-static-2.34-168.0.1.el9_6.19.aarch64.rpm nss_db-2.34-168.0.1.el9_6.19.aarch64.rpm nss_hesiod-2.34-168.0.1.el9_6.19.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//glibc-2.34-168.0.1.el9_6.19.src.rpm Related CVEs: CVE-2025-4802 Description of changes: [2.34-168.0.1.19] - Forward-port Oracle patches for ol9-u6 Reviewed-by: David Faust Oracle history: From el-errata at oss.oracle.com Tue Jun 10 14:23:21 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:21 -0700 Subject: [El-errata] OLAMSA-2025-0007 Critical: Oracle Linux 8 ol-automation-manager security update Message-ID: Oracle Linux Security Advisory OLAMSA-2025-0007 http://linux.oracle.com/errata/OLAMSA-2025-0007.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: ol-automation-manager-2.2.0-38.el8.x86_64.rpm ol-automation-manager-cli-2.2.0-38.el8.noarch.rpm python311-olamkit-2.2.0-38.el8.noarch.rpm python3.11-jinja2-3.1.3-1.0.5.el8.noarch.rpm python3.11-pulpcore-3.28.26-1.0.6.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ol-automation-manager-2.2.0-38.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-jinja2-3.1.3-1.0.5.el8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pulpcore-3.28.26-1.0.6.el8.src.rpm Related CVEs: CVE-2024-4067 CVE-2024-7143 CVE-2024-56326 CVE-2024-53907 CVE-2024-53908 Description of changes: ol-automation-manager [2.2.0-38.el8] - Fix for CVE-2024-53907 - Fix for CVE-2024-53908 [2.2.0-37.el8] - OLAM-823 Apply patch for CVE-2024-56326 ( Jinja2 3.1.2 ) [2.2.0-36.el8] - OLAM-796 Fix for CVE-2024-53907 (Django 4.2.6) [2.2.0-35.el8] - OLAM-787 Apply patch for CVE-2024-4067 ( micromatch 4.0.2, 4.0.7 ) python-jinja2 [3.1.3-1.0.5] - Apply patch for CVE-2024-56326 [JIRA: OLAM-823] python-pulpcore [3.28.26-1.0.6] - OLAM-510 Fix for CVE-2024-7143 From el-errata at oss.oracle.com Tue Jun 10 14:23:13 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:13 -0700 Subject: [El-errata] ELBA-2025-20358 Oracle Linux 9 btrfs-progs bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20358 http://linux.oracle.com/errata/ELBA-2025-20358.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: btrfs-progs-5.15.1-3.el9.x86_64.rpm btrfs-progs-devel-5.15.1-3.el9.x86_64.rpm libbtrfs-5.15.1-3.el9.x86_64.rpm libbtrfsutil-5.15.1-3.el9.x86_64.rpm python3-btrfsutil-5.15.1-3.el9.x86_64.rpm aarch64: btrfs-progs-5.15.1-3.el9.aarch64.rpm btrfs-progs-devel-5.15.1-3.el9.aarch64.rpm libbtrfs-5.15.1-3.el9.aarch64.rpm libbtrfsutil-5.15.1-3.el9.aarch64.rpm python3-btrfsutil-5.15.1-3.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//btrfs-progs-5.15.1-3.el9.src.rpm Description of changes: [5.15.1-3] - btrfs-progs: mkfs: use path_canonicalize for input device [Orabug: 37868203] From el-errata at oss.oracle.com Tue Jun 10 14:23:28 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:28 -0700 Subject: [El-errata] ELBA-2025-20366 Oracle Linux 9 adaptivemm bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20366 http://linux.oracle.com/errata/ELBA-2025-20366.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: adaptivemm-2.1.0-3.el9.x86_64.rpm aarch64: adaptivemm-2.1.0-3.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//adaptivemm-2.1.0-3.el9.src.rpm Description of changes: [2.1.0-3] - Increase log level in cmp_meminfo() [Orabug: 37768194] From el-errata at oss.oracle.com Tue Jun 10 14:23:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:04 -0700 Subject: [El-errata] ELSA-2025-8635 Important: Oracle Linux 9 perl-FCGI security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8635 http://linux.oracle.com/errata/ELSA-2025-8635.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: perl-FCGI-0.79-8.1.el9_6.x86_64.rpm aarch64: perl-FCGI-0.79-8.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//perl-FCGI-0.79-8.1.el9_6.src.rpm Related CVEs: CVE-2025-40907 Description of changes: [1:0.79-8.1] - Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters) From el-errata at oss.oracle.com Tue Jun 10 14:23:15 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 07:23:15 -0700 Subject: [El-errata] ELSA-2025-20365 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20365 http://linux.oracle.com/errata/ELSA-2025-20365.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-core-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-debug-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-debug-core-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-devel-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-doc-5.15.0-309.180.4.el9uek.noarch.rpm kernel-uek-modules-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-container-5.15.0-309.180.4.el9uek.x86_64.rpm kernel-uek-container-debug-5.15.0-309.180.4.el9uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-309.180.4.el9uek.src.rpm Related CVEs: CVE-2024-28956 CVE-2024-8805 Description of changes: [5.15.0-309.180.4.el9uek] - nvme: unblock ctrl state transition for firmware update (Daniel Wagner) - nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (Rafael J. Wysocki) - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Xuanqiang Luo) - usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin) - Revert "PCI: Avoid reset when disabled via sysfs" (Alex Williamson) - uek-rpm: CONFIG_PTP_1588_CLOCK_OCP enable for OCI (Vijayendra Suman) [Orabug: 37777354] - ptp: ocp: let ptp core report driver name instead of the drivers (Vijayendra Suman) [Orabug: 37777354] - ptp: ocp: Add .getmaxphase ptp_clock_info callback (Rahul Rameshbabu) [Orabug: 37777354] - ptp: ocp: remove flash image header check fallback (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: expose config and temperature for ART card (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add serial port of mRO50 MAC on ART card (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add Orolia timecard support (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: upgrade serial line information (Vadim Fedorenko) [Orabug: 37777354] - ] ptp: ocp: remove symlink for second GNSS (Vadim Fedorenko) [Orabug: 37777354] - ptp_ocp: use device_find_any_child() instead of custom approach (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: replace kzalloc(x*y) by kcalloc(y, x) (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: do not call pci_set_drvdata(pdev, NULL) (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: drop duplicate NULL check in ptp_ocp_detach() (Andy Shevchenko) [Orabug: 37777354] - ptp_ocp: use bits.h macros for all masks (Andy Shevchenko) [Orabug: 37777354] - ptp: ocp: Add firmware header checks (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: fix PPS source selector debugfs reporting (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add .init function for sma_op vector (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: vectorize the sma accessor functions (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: constify selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: parameterize input/output sma selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: revise firmware display (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add Celestica timecard PCI ids (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Remove #ifdefs around PCI IDs (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: 32-bit fixups for pci start address (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: change sysfs attr group handling (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: have adjtime handle negative delta_ns correctly (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Use DIV64_U64_ROUND_UP for rounding. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: handle error from nvmem_device_find (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: use snprintf() in ptp_ocp_verify() (Dan Carpenter) [Orabug: 37777354] - ptp: ocp: Make debugfs variables the correct bitwidth (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Fix PTP_PF_* verification requests (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add 2 more timestampers (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add 4 frequency counters (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Program the signal generators via PTP_CLK_REQ_PEROUT (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add signal generators and update sysfs nodes (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add firmware capability bits for feature gating (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add GND and VCC output selectors (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Rename output selector 'GNSS' to 'GNSS1' (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add ability to disable input selectors. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add support for selectable SMA directions. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add UPF_NO_THRE_TEST flag for serial ports (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Update devlink firmware display path. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: add nvmem interface for accessing eeprom (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: correct label for error path (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: off by in in ptp_ocp_tod_gnss_name() (Dan Carpenter) [Orabug: 37777354] - ptp: ocp: Add serial port information to the debug summary (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: adjust utc_tai_offset to TOD info (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add tod_correction attribute (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Expose clock status drift and offset (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: add TOD debug information (Vadim Fedorenko) [Orabug: 37777354] - ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 37777354] - ptp: ocp: Avoid operator precedence warning in ptp_ocp_summary_show() (Nathan Chancellor) [Orabug: 37777354] - ptp: ocp: Add timestamp window adjustment (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Have FPGA fold in ns adjustment for adjtime. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Enable 4th timestamper / PPS generator (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add second GNSS device (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add NMEA output (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add debugfs entry for timecard (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Separate the init and info logic (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add sysfs attribute utc_tai_offset (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add IRIG-B output mode control (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add IRIG-B and DCF blocks (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add SMA selector and controls (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Add third timestamper (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Report error if resource registration fails. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Skip resources with out of range irqs (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Skip I2C flash read when there is no controller. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: Parameterize the TOD information display. (Jonathan Lemon) [Orabug: 37777354] - ptp: ocp: parameterize the i2c driver used (Jonathan Lemon) [Orabug: 37777354] - vhost-scsi: log event queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: log control queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: log I/O queue write descriptors (Dongli Zhang) [Orabug: 37884058] - vhost-scsi: adjust vhost_scsi_get_desc() to log vring descriptors (Dongli Zhang) [Orabug: 37884058] - vhost: modify vhost_log_write() for broader users (Dongli Zhang) [Orabug: 37884058] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 37956589] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (zhenwei pi) [Orabug: 37956589] - ext4: update the backup superblock's at the end of the online resize (Theodore Ts'o) [Orabug: 37356729] - gve: ignore nonrelevant GSO type bits when processing TSO headers (Joshua Washington) [Orabug: 37356729] - gve: update gve.rst (Rushil Gupta) [Orabug: 37356729] - gve: RX path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Tx path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Control path for DQO-QPL (Rushil Gupta) [Orabug: 37356729] - gve: Fix gve interrupt names (Praveen Kaligineedi) [Orabug: 37356729] - gve: Handle alternate miss completions (Jeroen de Borst) [Orabug: 37356729] - gve: Adding a new AdminQ command to verify driver (Jeroen de Borst) [Orabug: 37356729] - gve: Fix error return code in gve_prefill_rx_pages() (Yang Yingliang) [Orabug: 37356729] - gve: Reduce alloc and copy costs in the GQ rx path (Shailend Chand) [Orabug: 37356729] - google/gve:fix repeated words in comments (Jilin Yuan) [Orabug: 37356729] - gve: Fix spelling mistake "droping" -> "dropping" (Colin Ian King) [Orabug: 37356729] - gve: enhance no queue page list detection (Haiyue Wang) [Orabug: 37356729] - gve: Recording rx queue before sending to napi (Tao Liu) [Orabug: 37356729] - ext4: add ioctls to get/set the ext4 superblock uuid (Jeremy Bongio) [Orabug: 37356729] - ext4: implement support for get/set fs label (Lukas Czerner) [Orabug: 37356729] - gve: Add tx|rx-coalesce-usec for DQO (Tao Liu) [Orabug: 37356729] - gve: Add consumed counts to ethtool stats (Jordan Kim) [Orabug: 37356729] - gve: Implement suspend/resume/shutdown (Catherine Sullivan) [Orabug: 37356729] - gve: Add optional metadata descriptor type GVE_TXD_MTD (Willem de Bruijn) [Orabug: 37356729] - gve: remove memory barrier around seqno (Catherine Sullivan) [Orabug: 37356729] - gve: Update gve_free_queue_page_list signature (Catherine Sullivan) [Orabug: 37356729] - gve: Move the irq db indexes out of the ntfy block struct (Catherine Sullivan) [Orabug: 37356729] - gve: Correct order of processing device options (Jeroen de Borst) [Orabug: 37356729] - gve: fix for null pointer dereference. (Ameer Hamza) [Orabug: 37356729] - gve: fix unmatched u64_stats_update_end() (Dan Carpenter) [Orabug: 37356729] - gve: Add a jumbo-frame device option. (Shailend Chand) [Orabug: 37356729] - gve: Implement packet continuation for RX. (David Awogbemila) [Orabug: 37356729] - gve: Allow pageflips on larger pages (Jordan Kim) [Orabug: 37356729] - gve: Add netif_set_xps_queue call (Catherine Sullivan) [Orabug: 37356729] - gve: Do lazy cleanup in TX path (Tao Liu) [Orabug: 37356729] - gve: Add rx buffer pagecnt bias (Catherine Sullivan) [Orabug: 37356729] - gve: Switch to use napi_complete_done (Yangchun Fu) [Orabug: 37356729] - gve: Use kvcalloc() instead of kvzalloc() (Gustavo A. R. Silva) [Orabug: 37356729] - selftests/net: optmem_max became per netns (Eric Dumazet) [Orabug: 37356732] - tcp: derive delack_max with tcp_rto_min helper (Kevin Yang) [Orabug: 37356732] - tcp: derive delack_max from rto_min (Eric Dumazet) [Orabug: 37356732] - tcp: add sysctl_tcp_rto_min_us (Kevin Yang) [Orabug: 37356732] - tcp: constify tcp_rto_min() and tcp_rto_min_us() argument (Eric Dumazet) [Orabug: 37356732] - net: constify sk_dst_get() and __sk_dst_get() argument (Eric Dumazet) [Orabug: 37356732] - net: Namespace-ify sysctl_optmem_max (Eric Dumazet) [Orabug: 37356732] - net: increase optmem_max default value (Eric Dumazet) [Orabug: 37356732] - net: phy: dp83867: Fix SGMII FIFO depth for non OF devices (Michael Sit Wei Hong) [Orabug: 37670821] - net: phy: dp83867: fix get nvmem cell fail (Nikita Shubin) [Orabug: 37670821] - net: phy: dp83867: implement support for io_impedance_ctrl nvmem cell (Rasmus Villemoes) [Orabug: 37670821] - net: phy: constify netdev->dev_addr references (Jakub Kicinski) [Orabug: 37670821] - net: phy: dp83867: introduce critical chip default init for non-of platform (Lay, Kuan Loon) [Orabug: 37670821] - RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37872748] - uek-rpm: Reduce the size of the Bluefield 3 kernel (Henry Willard) [Orabug: 37910874] - uek-rpm: Make sure dtb directory exists for emb3. (Henry Willard) [Orabug: 37910874] - uek-rpm: Move the gve kernel module from extra to kernel-uek-core (Samasth Norway Ananda) [Orabug: 37940898] - platform/mellanox: mlxbf-pmc: Support additional PMC blocks (Shravan Kumar Ramani) [Orabug: 37955981] - mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() (David Thompson) [Orabug: 37955981] - mlxbf-bootctl: Support sysfs entries for RTC battery status (Xiangrong Li) [Orabug: 37955981] - platform/mellanox: mlxbf-bootctl: use sysfs_emit() instead of sprintf() (Ai Chao) [Orabug: 37955981] - drivers/platform/mellanox: Convert snprintf to sysfs_emit (Li Zhijian) [Orabug: 37955981] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967553] [5.15.0-309.180.3.el9uek] - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36933755] - x86/sev: Fix position dependent variable references in startup code (Ard Biesheuvel) [Orabug: 37356711] - x86/PCI: Export find_cap() to be used in early PCI code (Rayan Dasoriya) [Orabug: 37356711] - x86/quirks: Scan all busses for early PCI quirks (Rayan Dasoriya) [Orabug: 37356711] - x86/quirks: Add parameter to clear MSIs early on boot (Rayan Dasoriya) [Orabug: 37356711] - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (Vasant Hegde) [Orabug: 37356711] - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711] - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711] - iommu/amd: Use put_pages_list (Matthew Wilcox (Oracle)) [Orabug: 37356711] - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Steve Rutherford) [Orabug: 37356711] - iommu/amd: Simplify pagetable freeing (Robin Murphy) [Orabug: 37356711] - x86/kvm: Add kexec support for SEV Live Migration. (Ashish Kalra) [Orabug: 37356711] - nfsd: allow layout state to be admin-revoked. (NeilBrown) [Orabug: 37644985] - nfsd: allow delegation state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow open state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow lock state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985] - nfsd: allow admin-revoked NFSv4.0 state to be freed. (NeilBrown) [Orabug: 37644985] - nfsd: report in /proc/fs/nfsd/clients/*/states when state is admin-revoke (NeilBrown) [Orabug: 37644985] - nfsd: allow state with no file to appear in /proc/fs/nfsd/clients/*/states (NeilBrown) [Orabug: 37644985] - nfsd: prepare for supporting admin-revocation of state (NeilBrown) [Orabug: 37644985] - nfsd: split sc_status out of sc_type (NeilBrown) [Orabug: 37644985] - nfsd: remove stale comment in nfs4_show_deleg() (NeilBrown) [Orabug: 37644985] - nfsd: avoid race after unhash_delegation_locked() (NeilBrown) [Orabug: 37644985] - nfsd: don't call functions with side-effecting inside WARN_ON() (NeilBrown) [Orabug: 37644985] - NFSD: Add nfsd_seq4_status trace event (Chuck Lever) [Orabug: 37644985] - NFSD: Clean up nfsd4_encode_layoutreturn() (Chuck Lever) [Orabug: 37644985] - NFSD: Make @lgp parameter of ->encode_layoutget a const pointer (Chuck Lever) [Orabug: 37644985] - NFSD: Clean up nfsd4_encode_stateid() (Chuck Lever) [Orabug: 37644985] - NFSD: Add simple u32, u64, and bool encoders (Chuck Lever) [Orabug: 37644985] - NFSD: Add encoders for NFSv4 clientids and verifiers (Chuck Lever) [Orabug: 37644985] - nfsd: add some kerneldoc comments for stateid preprocessing functions (Jeff Layton) [Orabug: 37644985] - nfsd: eliminate find_deleg_file_locked (Jeff Layton) [Orabug: 37644985] - nfsd: fix potential race in nfs4_find_file (Jeff Layton) [Orabug: 37644985] - vhost-scsi: Fix vhost_scsi_send_status() (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: Fix vhost_scsi_send_bad_target() (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840544] - vhost-scsi: Reduce response iov mem use (Mike Christie) [Orabug: 37840544] - vhost-scsi: Allocate iov_iter used for unaligned copies when needed (Mike Christie) [Orabug: 37840544] - vhost-scsi: Stop duplicating se_cmd fields (Mike Christie) [Orabug: 37840544] - vhost-scsi: Dynamically allocate scatterlists (Mike Christie) [Orabug: 37840544] - vhost-scsi: Return queue full for page alloc failures during copy (Mike Christie) [Orabug: 37840544] - vhost-scsi: Add better resource allocation failure handling (Mike Christie) [Orabug: 37840544] - vhost-scsi: Allocate T10 PI structs only when enabled (Mike Christie) [Orabug: 37840544] - vhost-scsi: Reduce mem use by moving upages to per queue (Mike Christie) [Orabug: 37840544] - scsi: target: core: Use RCU helpers for INQUIRY t10_alua_tg_pt_gp (Mike Christie) [Orabug: 37840544] - scsi: target: Perform ALUA group changes in one step (Mike Christie) [Orabug: 37840544] - scsi: target: Replace lun_tg_pt_gp_lock with rcu in I/O path (Mike Christie) [Orabug: 37840544] - scsi: target: Fix write perf due to unneeded throttling (Mike Christie) [Orabug: 37840544] - vhost scsi: Allow user to control num virtqueues (Mike Christie) [Orabug: 37840544] - vhost-scsi: Rename vhost_scsi_iov_to_sgl (Mike Christie) [Orabug: 37840544] - vhost-scsi: unbreak any layout for response (Jason Wang) [Orabug: 37840544] - Revert "vhost-scsi: protect vq->log_base with vq->mutex" (Mike Christie) [Orabug: 37840544] - Revert "vhost_scsi: log write descriptors" (Mike Christie) [Orabug: 37840544] - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37945824] - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37945831] - x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37945831] - x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37945831] - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956} - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) [Orabug: 37945842] {CVE-2024-28956} - x86/alternative: Optimize returns patching (Borislav Petkov (AMD)) [Orabug: 37945842] {CVE-2024-28956} [5.15.0-309.180.2.el9uek] - LTS version: v5.15.180 (Vijayendra Suman) - mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() (Nathan Chancellor) - tracing: Do not use PERF enums when perf is not defined (Steven Rostedt) - mm, slab: remove duplicate kernel-doc comment for ksize() (Vlastimil Babka) - mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume (Kamal Dasu) - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (Chuck Lever) - nfsd: put dl_stid if fail to queue dl_recall (Li Lingfeng) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - ext4: fix OOB read when checking dotdot dir (Acs, Jakub) - ext4: don't over-report free space or inodes in statvfs (Theodore Ts'o) - tracing/osnoise: Fix possible recursive locking for cpus_read_lock() (Ran Xiaokai) - tracing: Fix synth event printk format for str fields (Douglas Raillard) - tracing: Ensure module defining synth event cannot be unloaded while tracing (Douglas Raillard) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (Murad Masimov) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - btrfs: handle errors from btrfs_dec_ref() properly (Josef Bacik) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - platform/x86: ISST: Correct command storage data length (Srinivas Pandruvada) - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (Hersen Wu) - drm/amd/pm: Fix negative array index read (Jesse Zhang) - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (Sherry Sun) - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform (Sherry Sun) - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (Kamal Dasu) - mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 (Kamal Dasu) - can: flexcan: disable transceiver during system PM (Haibo Chen) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) - net: fix geneve_opt length integer overflow (Lin Ma) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - netfilter: nft_tunnel: fix geneve_opt type confusion addition (Lin Ma) - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). (Guillaume Nault) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net: mvpp2: Prevent parser TCAM memory corruption (Tobias Waldekranz) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only (Pablo Neira Ayuso) - ASoC: imx-card: Add NULL check in imx_card_probe() (Henry Martin) - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra (Juhan Jin) - spufs: fix a leak in spufs_create_context() (Al Viro) - spufs: fix a leak on spufs_new_file() failure (Al Viro) - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (Navon John Lukose) - drm/amd: Keep display off while going into S4 (Mario Limonciello) - x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled (Vladis Dronov) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - ksmbd: fix incorrect validation for num_aces field of smb_acl (Namjae Jeon) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (Icenowy Zheng) - nvme-pci: clean up CMBMSC when registering CMB fails (Icenowy Zheng) - nvme-tcp: fix possible UAF in nvme_tcp_poll (Sagi Grimberg) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha sowjanya) - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (Giovanni Gherdovich) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - ksmbd: use aead_request_free to match aead_request_alloc (Miaoqian Lin) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (Mark Zhang) - exfat: fix the infinite loop in exfat_find_last_cluster() (Yuezhang Mo) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Don't keep a raw_data pointer to consumed ring buffer space (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - i3c: master: svc: Fix missing the IBI rules (Stanley Chu) - fuse: fix dax truncate/punch_hole fault path (Alistair Popple) - NFSv4: Don't trigger uneccessary scans for return-on-close delegations (Trond Myklebust) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: adc: ad7124: Fix comparison of channel configs (Uwe Kleine-K?nig) - fs/ntfs3: Fix a couple integer overflows on 32bit systems (Dan Carpenter) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - soundwire: slave: fix an OF node reference leak in soundwire slave device (Joe Hattori) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock (Barnab?s Cz?m?n) - crypto: hisilicon/sec2 - fix for aead auth key length (Wenkai Lin) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) - crypto: nx - Fix uninitialised hv_nxc on error (Herbert Xu) - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - pinctrl: tegra: Set SFIO mode to Mux Register (Prathamesh Shete) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - remoteproc: qcom_q6v5_mss: Handle platforms with one power domain (Luca Weiss) - RDMA/core: Don't expose hw_counters outside of init net namespace (Roman Gushchin) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rzg2l: Fix missing of_node_put() call (Fabrizio Castro) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock (Vladimir Lypak) - clk: samsung: Fix UBSAN panic in samsung_clk_init() (Will McVicker) - libbpf: Fix hypothetical STT_SECTION extern NULL deref case (Andrii Nakryiko) - remoteproc: qcom_q6v5_pas: Make single-PD handling more robust (Luca Weiss) - remoteproc: core: Clear table_sz when rproc_shutdown (Peng Fan) - crypto: hisilicon/sec2 - fix for aead authsize alignment (Wenkai Lin) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (Dan Carpenter) - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (Thippeswamy Havalige) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (Vitaliy Shevtsov) - PCI: Avoid reset when disabled via sysfs (Nishanth Aravamudan) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI: brcmstb: Use internal register to change link capability (Jim Quinlan) - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (Hans Zhang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (AngeloGioacchino Del Regno) - drm/vkms: Fix use after free and double free on init error (Jos? Exp?sito) - drm: xlnx: zynqmp: Fix max dma segment size (Tomi Valkeinen) - drm/dp_mst: Fix drm RAD print (Wayne Lin) - drm/bridge: ti-sn65dsi86: Fix multiple instances (Geert Uytterhoeven) - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (Jayesh Choudhary) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (Jiri Kosina) - media: platform: allgro-dvt: unregister v4l2_device on the error path (Joe Hattori) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - PM: sleep: Adjust check before setting power.must_resume (Rafael J. Wysocki) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - cpufreq: scpi: compare kHz instead of Hz (zuoqian) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport (Microsoft)) - watch_queue: fix pipe accounting mismatch (Eric Sandeen) - media: i2c: et8ek8: Don't strip remove function when driver is builtin (Uwe Kleine-K?nig) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add Brainboxes XC devices (Cameron Williams) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (William Breathitt Gray) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (Dhruv Deshpande) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - bpf, sockmap: Fix race between element replace and close() (Michal Luczaj) - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (Luiz Augusto von Dentz) {CVE-2024-8805} - arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S (Justin Klaassen) - mptcp: Fix data stream corruption in the address announcement (Arthur Mongodin) - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (David Rosca) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) - soc: qcom: pdr: Fix the potential deadlock (Saranya R) - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - proc: fix UAF in proc_get_inode() (Ye Bin) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - regulator: check that dummy regulator has been probed before using it (Christian Eggers) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - Revert "gre: Fix IPv6 link-local address generation." (Guillaume Nault) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (Junxian Huang) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (Junxian Huang) - RDMA/hns: Fix soft lockup during bt pages loop (Junxian Huang) - RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() (Chengchang Tang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - ARM: dts: bcm2711: Don't mark timer regs unconfigured (Phil Elwell) - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (Kashyap Desai) - ARM: dts: bcm2711: PL011 UARTs are actually r1p5 (Phil Elwell) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - smb: client: fix potential UAF in cifs_debug_files_proc_show() (Paulo Alcantara) - smb: client: Fix match_session bug preventing session reuse (Henrique Carvalho) - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (Ma Ke) - drm/amd/display: Check for invalid input params when building scaling params (Michael Strauss) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe JAILLET) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe JAILLET) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe JAILLET) - cifs: Fix integer overflow while processing closetimeo mount option (Murad Masimov) - cifs: Fix integer overflow while processing actimeo mount option (Murad Masimov) - cifs: Fix integer overflow while processing acdirmax mount option (Murad Masimov) - cifs: Fix integer overflow while processing acregmax mount option (Murad Masimov) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe JAILLET) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - ASoC: ops: Consistently treat platform_max as control value (Charles Keepax) - tcp: fix races in tcp_abort() (Eric Dumazet) - lib/buildid: Handle memfd_secret() files in build_id_parse() (Andrii Nakryiko) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Fix slab-use-after-free on hdcp_work (Mario Limonciello) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) - drm/amd/display: Restore correct backlight brightness after a GPU reset (Mario Limonciello) - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - mptcp: safety check before fallback (Matthieu Baerts (NGI0)) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - ASoC: tas2764: Set the SDOUT polarity correctly (Hector Martin) - ASoC: tas2764: Fix power control mask (Hector Martin) - ASoC: tas2770: Fix volume scale (Hector Martin) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (Stephan Gerhold) - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (Terry Cheong) - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. (Vitaly Rodionov) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - thermal/cpufreq_cooling: Remove structure member documentation (Daniel Lezcano) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - sched: Clarify wake_up_q()'s write to task->wake_q.next (Jann Horn) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao (AceLan)) - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - vboxsf: fix building with GCC 15 (Brahmajit Das) - alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support (Eric W. Biederman) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) - scsi: core: Use GFP_NOIO to avoid circular locking dependency (Rik van Riel) - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - net/mlx5: Bridge, fix the crash caused by LAG state check (Jianbo Liu) - net: openvswitch: remove misbehaving actions length check (Ilya Maximets) - openvswitch: Use kmalloc_size_roundup() to match ksize() usage (Kees Cook) - slab: Introduce kmalloc_size_roundup() (Kees Cook) - gre: Fix IPv6 link-local address generation. (Guillaume Nault) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) - net/mlx5: handle errors in mlx5_chains_create_table() (Wentao Liang) - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - net: dsa: mv88e6xxx: Verify after ATU Load ops (Joseph Huang) - ice: fix memory leak in aRFS after reset (Grzegorz Nitka) - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. (Sebastian Andrzej Siewior) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - fbdev: hyperv_fb: iounmap() the correct memory when removing a device (Michael Kelley) - ipv6: Fix signed integer overflow in __ip6_append_data (Wang Yufen) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) - vlan: fix memory leak in vlan_newlink() (Eric Dumazet) [5.15.0-309.179.1.el9uek] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800728] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800728] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov (AMD)) [Orabug: 37800728] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX (Boris Ostrovsky) [Orabug: 37800728] From el-errata at oss.oracle.com Tue Jun 10 17:35:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 10 Jun 2025 21:35:31 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-7903) Message-ID: Synopsis: ELSA-2025-7903 can now be patched using Ksplice CVEs: CVE-2025-21756 CVE-2025-21966 CVE-2025-37749 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-7903. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-7903.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-21756: Privilege escalation in Virtual Socket protocol driver. A logic error when using the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2025-21966: Denial-of-service in Flakey target driver. A logic error when using the Flakey target driver could lead to a memory corruption. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-37749: Information leak in PPP driver. A missing check when using the PPP driver could lead to an out-of-bounds memory access. An attacker could use this flaw to extract sensitive information. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Jun 11 05:19:43 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Jun 2025 09:19:43 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-8142) Message-ID: Synopsis: ELSA-2025-8142 can now be patched using Ksplice CVEs: CVE-2025-21964 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-8142. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-8142.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-21964: Denial-of-service in SMB3/CIFS. A logic error when using the SMB3/CIFS could lead to an integer overflow. A local attacker could use this flaw to cause a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Jun 11 19:24:22 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Jun 2025 23:24:22 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-8333) Message-ID: Synopsis: ELSA-2025-8333 can now be patched using Ksplice CVEs: CVE-2022-3424 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-8333. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-8333.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-3424: Denial-of-service in SGI GRU driver. A logic error when using SGI GRU driver could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Thu Jun 12 15:09:52 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 12 Jun 2025 19:09:52 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-8643) Message-ID: Synopsis: ELSA-2025-8643 can now be patched using Ksplice CVEs: CVE-2025-21920 CVE-2025-21926 CVE-2025-21997 CVE-2025-37943 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-8643. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-8643.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-21920: Information leak in ethernet VLAN stack. A missing check for device type in the ethernet VLAN stack could lead to kernel address leak. As System.map file is also readable by an unprivileged attacker, KASLR can be bypassed since the attacker can find out the relative offsets and combine that with the leaked address to find the address of any kernel symbol, which can facilitate an attack, like privilege escalation. * CVE-2025-21926: Denial-of-service in UDPv4 Generic Segmentation Offload support. A logic error when using UDPv4 sockets with GSO could lead to a kernel panic. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21997: Memory corruption in XDP sockets driver. A missing check when using the XDP sockets driver could lead to an integer overflow. A local attacker could use this flaw to cause memory corruption. * CVE-2025-37943: Out-of-bounds memory access in Qualcomm Technologies Wi-Fi 7 (ath12k) driver. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Fri Jun 13 08:30:17 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 10:30:17 +0200 Subject: [El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20372) Message-ID: Synopsis: ELSA-2025-20372 can now be patched using Ksplice CVEs: CVE-2025-21920 CVE-2025-21959 CVE-2025-21971 CVE-2025-21991 CVE-2025-22079 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20372. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20372.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-21959: Use of uninitialised value in netfilter subsystem. * CVE-2025-21971: Statistics corruption in network QoS/scheduling driver. * CVE-2025-21991: Memory corruption in AMD microcode loading driver. * CVE-2025-22079: Out-of-bounds access in OCFS2 file system driver. * Misconfigured delayed reconnect in RDS protocol driver. Delayed reconnect work gets scheduled to an offline CPU, leading to failure in reconnect. Orabug: 37800559 * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2023-53034, CVE-2025-22007, CVE-2025-22018, CVE-2025-22054, CVE-2025-22071, CVE-2025-22073, CVE-2025-38637 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Fri Jun 13 11:15:16 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 11:15:16 +0000 Subject: [El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20365) Message-ID: Synopsis: ELSA-2025-20365 can now be patched using Ksplice CVEs: CVE-2022-49636 CVE-2024-26928 CVE-2024-53144 CVE-2024-56664 CVE-2024-8805 CVE-2025-21959 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21971 CVE- 2025-21991 CVE-2025-22079 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20365. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20365.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on OL8 and OL9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-49636: Memory leak in Networking driver. * CVE-2024-26928: Use-after-free in SMB3/CIFS. * CVE-2024-53144, CVE-2024-8805: Lack of authorization in Bluetooth subsystem. * CVE-2024-56664: Use-after-free in bpf() system call driver. * CVE-2025-21959: Use of uninitialized memory in Netfliter driver. * CVE-2025-21962, CVE-2025-21963, CVE-2025-21964: Integer overflows in SMB3/CIFS driver. * CVE-2025-21971: Kernel panic in QoS driver. * CVE-2025-21991: Out-of-bounds memory access in AMD microcode loading driver. * CVE-2025-22079: Out-of-bounds memory access in OCFS2 file system. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2023-53034, CVE-2024-38611, CVE-2025-21968, CVE-2025-21994, CVE-2025-22007, CVE-2025-22014, CVE-2025-22018, CVE-2025-22054, CVE-2025-22066, CVE-2025-22071, CVE-2025-22073, CVE-2025-22081, CVE-2025-38575, CVE-2025-38637 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Fri Jun 13 12:54:25 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:25 -0700 Subject: [El-errata] ELSA-2025-20372 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20372 http://linux.oracle.com/errata/ELSA-2025-20372.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.344.4.1.el7uek.x86_64.rpm kernel-uek-container-5.4.17-2136.344.4.1.el7uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.344.4.1.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.344.4.1.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.344.4.1.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.344.4.1.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.344.4.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.344.4.1.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.344.4.1.el7uek.src.rpm Related CVEs: CVE-2023-52667 CVE-2024-38555 CVE-2024-50000 CVE-2024-50001 CVE-2024-58093 CVE-2025-21956 CVE-2025-21957 CVE-2025-21959 CVE-2025-21971 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21996 CVE-2025-22004 CVE-2025-22005 CVE-2025-22007 CVE-2025-22018 CVE-2025-22020 CVE-2025-22021 CVE-2025-22035 CVE-2025-22045 CVE-2025-22054 CVE-2025-22063 CVE-2025-22071 CVE-2025-22073 CVE-2025-22079 CVE-2025-22086 CVE-2025-23136 CVE-2025-37937 CVE-2025-38637 Description of changes: [5.4.17-2136.344.4.1.el7uek] - certs: Reference revocation list for all keyrings (Eric Snowberg) [Orabug: 38052126] [5.4.17-2136.344.4.el7uek] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555] [5.4.17-2136.344.3.el7uek] - net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859] - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001} - net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016] [5.4.17-2136.344.2.el7uek] - LTS tag: v5.4.292 (Alok Tiwari) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063} - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021} - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet) - netpoll: move netpoll_send_skb() out of line (Eric Dumazet) - netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet) - netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) [5.4.17-2136.344.1.el7uek] - RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729] - nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518] [5.4.17-2136.343.5.el7uek] - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638} - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303,37846668] {CVE-2025-21640} - uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37834734] [5.4.17-2136.343.4.el7uek] - bpf: Use preempt_count() directly in bpf_send_signal_common() (Hou Tao) - Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes) - jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735} - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (John Keeping) - Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes) - net: usb: usbnet: restore usb%d name exception for local mac addresses (Dominique Martinet) - vlan: fix memory leak in vlan_newlink() (Eric Dumazet) - rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity (H?kon Bugge) [Orabug: 37747826] [5.4.17-2136.343.3.el7uek] - LTS tag: v5.4.291 (Sherry Yang) - eeprom: digsy_mtc: Make GPIO lookup table match the device (Andy Shevchenko) - slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug: 37827905] {CVE-2025-21914} - intel_th: pci: Add Panther Lake-P/U support (Alexander Shishkin) - intel_th: pci: Add Panther Lake-H support (Alexander Shishkin) - intel_th: pci: Add Arrow Lake support (Pawel Chmielewski) - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982} - xhci: pci: Fix indentation in the PCI device ID definitions (Andy Shevchenko) - usb: gadget: Check bmAttributes only if configuration is valid (Prashanth K) - usb: gadget: Fix setting self-powered state on suspend (Marek Szyprowski) - usb: gadget: Set self-powered based on MaxPower and bmAttributes (Prashanth K) - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (AngeloGioacchino Del Regno) - usb: typec: ucsi: increase timeout for PPM reset operations (Fedor Pchelkin) - usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916} - usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917} - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (Miao Li) - usb: renesas_usbhs: Use devm_usb_get_phy() (Claudiu Beznea) - usb: renesas_usbhs: Call clk_put() (Claudiu Beznea) - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (Christian Heusel) - gpio: rcar: Fix missing of_node_put() call (Fabrizio Castro) - net: ipv6: fix missing dst ref drop in ila lwtunnel (Justin Iurman) - net: ipv6: fix dst ref loop in ila lwtunnel (Justin Iurman) - net-timestamp: support TCP GSO case for a few missing flags (Jason Xing) - vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920} - ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922} - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink (Nikolay Aleksandrov) - drm/sched: Fix preprocessor guard (Philipp Stanner) - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (Xinghuo Chen) - llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925} - hwmon: (ad7314) Validate leading zero bits and return error (Erik Schumacher) - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (Maud Spierings) - hwmon: (pmbus) Initialise page count in pmbus_identify() (Titus Rwantare) - caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904} - net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928} - HID: google: fix unused variable warning under !CONFIG_ACPI (Yu-Chun Lin) - wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905} - mm/page_alloc: fix uninitialized variable (Hao Zhang) - rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934} - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935} - wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug: 37827880] {CVE-2025-21909} - wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910} - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 (Ahmed S. Darwish) - x86/cpu: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish) - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish) - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (Mingcong Bai) - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (Richard Thier) - ALSA: hda/realtek: update ALC222 depop optimize (Kailang Yang) - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (Hoku Ishibe) - HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948} - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Rob Herring) - drm/amdgpu: disable BAR resize on Dell G5 SE (Alex Deucher) - drm/amdgpu: Check extended configuration space register when system uses large bar (Ma Jun) - drm/amdgpu: skip BAR resizing if the bios already did it (Alex Deucher) - acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846} - kernel/acct.c: use dedicated helper to access rlimit values (Yang Yang) - kernel/acct.c: use #elif instead of #end and #elif (Sh_Def) - drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702} - sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090} - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (Kaustabh Chakraborty) - phy: tegra: xusb: reset VBUS & ID OVERRIDE (Bh Hsieh) - usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877} - perf/core: Fix low freq setting via IOC_PERIOD (Kan Liang) - ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898} - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems (Russell Senior) - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. (Harshal Chaudhari) - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (Philo Lu) - ASoC: es8328: fix route from DAC to output (Nicolas Frattaroli) - net: cadence: macb: Synchronize stats calculations (Sean Anderson) - sunrpc: suppress warnings for unused procfs functions (Arnd Bergmann) - batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823} - batman-adv: Ignore neighbor throughput metrics in error case (Sven Eckelmann) - acct: block access to kernel internal filesystems (Christian Brauner) - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (John Veness) - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848} - tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871} - power: supply: da9150-fg: fix potential overflow (Andrey Vatoropin) - flow_dissector: Fix port range key handling in BPF conversion (Cong Wang) - flow_dissector: Fix handling of mixed port and port-range keys (Cong Wang) - net: extract port range fields from fl_flow_key (Maksym Glubokiy) - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Kuniyuki Iwashima) - geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858} - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866} - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (Christophe Leroy) - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (Michael Ellerman) - USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859} - usb/gadget: f_midi: Replace tasklet with work (Davidlohr Bueso) - usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API (Allen Pais) - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (Selvarasu Ganesan) - usb: dwc3: Increase DWC3 controller halt timeout (Wesley Cheng) - memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977} - mm: update mark_victim tracepoints fields (Carlos Galo) - crypto: testmgr - some more fixes to RSA test vectors (Ignat Korchagin) - crypto: testmgr - populate RSA CRT parameters in RSA test vectors (Ignat Korchagin) - crypto: testmgr - fix version number of RSA tests (Lei He) - crypto: testmgr - Fix wrong test case of RSA (Lei He) - crypto: testmgr - fix wrong key length for pkcs1pad (Lei He) - driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055} - scsi: storvsc: Set correct data length for sending SCSI command without payload (Long Li) - vlan: move dev_put into vlan_dev_uninit (Xin Long) - vlan: introduce vlan_dev_free_egress_priority (Xin Long) - pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979} - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - x86/i8253: Disable PIT timer 0 when not in use (David Woodhouse) - parport_pc: add support for ASIX AX99100 (Jiaqing Zhao) - serial: 8250_pci: add support for ASIX AX99100 (Jiaqing Zhao) - can: ems_pci: move ASIX AX99100 ids to pci_ids.h (Jiaqing Zhao) - nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811} - nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722} - nilfs2: do not output warnings when clearing dirty buffers (Ryusuke Konishi) - alpha: replace hardcoded stack offsets with autogenerated ones (Ivan Kokshaysky) - ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760} - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761} - arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762} - neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763} - neighbour: delete redundant judgment statements (Li Zetao) - ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764} - ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765} - ipv4: use RCU protection in inet_select_addr() (Eric Dumazet) - ipv4: use RCU protection in rt_is_expired() (Eric Dumazet) - net: add dev_net_rcu() helper (Eric Dumazet) - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko) - regmap-irq: Add missing kfree() (Jiasheng Jiang) - partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772} - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (Xu Wang) - alpha: align stack for page fault and user unaligned trap handlers (Ivan Kokshaysky) - serial: 8250: Fix fifo underflow on flush (John Keeping) - alpha: make stack 16-byte aligned (most cases) (Ivan Kokshaysky) - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (Alexander H?lzl) - can: c_can: fix unbalanced runtime PM disable in error path (Krzysztof Kozlowski) - USB: serial: option: drop MeiG Smart defines (Johan Hovold) - USB: serial: option: fix Telit Cinterion FN990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FN990B compositions (Fabio Porcedda) - USB: serial: option: add MeiG Smart SLM828 (Chester A. Unal) - usb: cdc-acm: Fix handling of oversized fragments (Jann Horn) - usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704} - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (Marek Vasut) - USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug: 37650120] {CVE-2025-21776} - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835} - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (Mathias Nyman) - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (Huanglei) - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (Huacai Chen) - usb: dwc2: gadget: remove of_node reference upon udc_stop (Fabrice Gasnier) - usb: gadget: udc: renesas_usb3: Fix compiler warning (Guo Ren) - usb: roles: set switch registered flag early on (Elson Roy Serrao) - batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (Hans de Goede) - orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782} - Grab mm lock before grabbing pt lock (Maksym Planeta) - vfio/pci: Enable iowrite64 and ioread64 for vfio pci (Ramesh Thomas) - media: cxd2841er: fix 64-bit division on gcc-9 (Arnd Bergmann) - gpio: bcm-kona: Add missing newline to dev_err format string (Artur Weber) - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (Artur Weber) - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (Artur Weber) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785} - team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787} - vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791} - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (Eric Dumazet) - HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020} - ocfs2: check dir i_size in ocfs2_find_entry (Su Yue) - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static (Yuli Wang) - ptp: Ensure info->enable callback is always set (Thomas Wei?schuh) [Orabug: 37650263] {CVE-2025-21814} - net/ncsi: wait for the last response to Deselect Package before configuring channel (Paul Fertser) - misc: fastrpc: Fix registered buffer page address (Ekansh Gupta) - mtd: onenand: Fix uninitialized retlen in do_otp_read() (Ivan Stepchenko) - NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735} - nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736} - ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001} - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687} - nvmem: core: improve range check for nvmem_cell_write() (Jennifer Berringer) - crypto: qce - unregister previously registered algos in error path (Bartosz Golaszewski) - crypto: qce - fix goto jump in error path (Bartosz Golaszewski) - media: uvcvideo: Remove redundant NULL assignment (Ricardo Ribalda) - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (Ricardo Ribalda) - media: ov5640: fix get_light_freq on auto (Samuel Bobrowicz) - soc: qcom: smem_state: fix missing of_node_put in error path (Krzysztof Kozlowski) - kbuild: Move -Wenum-enum-conversion to W=2 (Nathan Chancellor) - powerpc/pseries/eeh: Fix get PE state translation (Narayana Murty N) - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (Claudiu Beznea) - serial: sh-sci: Drop __initdata macro for port_cfg (Claudiu Beznea) - soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007} - usb: gadget: f_tcm: Don't prepare BOT write request twice (Thinh Nguyen) - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (Thinh Nguyen) - usb: gadget: f_tcm: Decrement command ref count on cleanup (Thinh Nguyen) - usb: gadget: f_tcm: Translate error to sense (Thinh Nguyen) - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744} - HID: hid-sensor-hub: don't use stale platform-data on remove (Heiko Stuebner) - of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Zijun Hu) - of: Fix of_find_node_opts_by_path() handling of alias+path+options (Zijun Hu) - of: Correct child specifier used as input of the 2nd nexus node (Zijun Hu) - perf bench: Fix undefined behavior in cmpworker() (Kuan-Wei Chiu) - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (Anastasia Belova) - clk: qcom: clk-alpha-pll: fix alpha mode configuration (Gabor Juhos) - drm/komeda: Add check for komeda_get_layer_fourcc_list() (Haoxiang Li) - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (David Hildenbrand) - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083} - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (Jakob Unterwurzacher) - binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010} - m68k: vga: Fix I/O defines (Thomas Zimmermann) - s390/futex: Fix FUTEX_OP_ANDN implementation (Heiko Carstens) - leds: lp8860: Write full EEPROM, not only half of it (Alexander Sverdlin) - cpufreq: s3c64xx: Fix compilation warning (Viresh Kumar) - tun: revert fix group permission check (Willem de Bruijn) - net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749} - udp: gso: do not drop small packets when PMTU reduces (Yan Zhai) - tg3: Disable tg3 PCIe AER on system reboot (Lenny Szubowicz) - gpu: drm_dp_cec: fix broken CEC adapter properties check (Hans Verkuil) - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (Prasad Pandit) - nvme: handle connectivity loss in nvme_set_queue_count (Daniel Wagner) - usb: xhci: Fix NULL pointer dereference on certain command aborts (Micha? Pecio) [Orabug: 37649622] {CVE-2024-57981} - usb: xhci: Add timeout argument in address_device USB HCD callback (Hardik Gajjar) - net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708} - net: usb: rtl8150: use new tasklet API (Emil Renner Berthing) - tasklet: Introduce new initialization API (Romain Perier) - kbuild: userprogs: use correct lld when linking through clang (Thomas Wei?schuh) - media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002} - media: uvcvideo: Only save async fh if success (Ricardo Ribalda) - nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721} - nilfs2: eliminate staggered calls to kunmap in nilfs_rename (Ryusuke Konishi) - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link (Ryusuke Konishi) - spi-mxs: Fix chipselect glitch (Ralf Schlatterbeck) - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode (Xi Ruoyao) - APEI: GHES: Have GHES honor the panic= setting (Borislav Petkov) - HID: Wacom: Add PCI Wacom device support (Even Xu) - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (Hans de Goede) - tomoyo: don't emit warning in tomoyo_write_control() (Tetsuo Handa) - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug: 37649750] {CVE-2024-58014} - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (Shawn Lin) - tun: fix group permission check (Stas Sergeev) - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017} - x86/amd_nb: Restrict init function to AMD-based systems (Yazen Ghannam) - sched: Don't try to catch up excess steal time. (Suleiman Souhlal) - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (Josef Bacik) - btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug: 37650014] {CVE-2025-21753} - btrfs: output the reason for open_ctree() failure (Qu Wenruo) - usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055} - media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980} - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986} - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (Jos Wang) - drivers/card_reader/rtsx_usb: Restore interrupt based detection (Sean Rhodes) - ktest.pl: Check kernelrelease return in get_version (Ricardo B. Marliere) - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Chuck Lever) - hexagon: Fix unbalanced spinlock in die() (Lin Yujun) - hexagon: fix using plain integer as NULL pointer warning in cmpxchg (Willem de Bruijn) - genksyms: fix memory leak when the same symbol is read from *.symref file (Masahiro Yamada) - genksyms: fix memory leak when the same symbol is added from source (Masahiro Yamada) - net: sh_eth: Fix missing rtnl lock in suspend/resume path (Kory Maincent) - vsock: Allow retrying on connect() failure (Michal Luczaj) - perf trace: Fix runtime error of index out of bounds (Howard Chu) - net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715} - net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718} - PM: hibernate: Add error handling for syscore_suspend() (Xu Wang) - ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719} - net: fec: implement TSO descriptor cleanup (Dheeraj Reddy Jonnalagadda) - ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058} - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069} - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (Joe Hattori) - module: Extend the preempt disabled section in dereference_symbol_descriptor(). (Sebastian Andrzej Siewior) - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (Su Yue) - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (Guixin Liu) - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 (Paul Menzel) - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (Joe Hattori) - media: uvcvideo: Propagate buf->error to userspace (Ricardo Ribalda) - media: camif-core: Add check for clk_enable() (Jiasheng Jiang) - media: mipi-csis: Add check for clk_enable() (Jiasheng Jiang) - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (Zijun Hu) - media: lmedm04: Handle errors for lme2510_int_read (Chen Ni) - media: lmedm04: Use GFP_KERNEL for URB allocation/submission. (Malcolm Priestley) - media: rc: iguanair: handle timeouts (Oliver Neukum) - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (Joe Hattori) - ARM: dts: mediatek: mt7623: fix IR nodename (Rafa? Mi?ecki) - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai) - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property (Chen-Yu Tsai) - rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973} - RDMA/mlx4: Avoid false error about access to uninitialized gids array (Leon Romanovsky) - bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728} - perf report: Fix misleading help message about --demangle (Jiachen Zhang) - perf top: Don't complain about lack of vmlinux when not resolving some kernel samples (Arnaldo Carvalho de Melo) - padata: fix sysfs store callback check (Thomas Wei?schuh) - ktest.pl: Remove unused declarations in run_bisect_test function (Ba Jing) - perf header: Fix one memory leakage in process_bpf_prog_info() (Zhongqiu Han) - perf header: Fix one memory leakage in process_bpf_btf() (Zhongqiu Han) - ASoC: sun4i-spdif: Add clock multiplier settings (George Lander) - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande) - net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug: 37592533] {CVE-2025-21700} - net/mlxfw: Drop hard coded max FW flash image size (Maher Sanalla) - net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806} - clk: analogbits: Fix incorrect calculation of vco rate delta (Bo Gan) - selftests: harness: fix printing of mismatch values in __EXPECT() (Dmitry V. Levin) - selftests/harness: Display signed values correctly (Kees Cook) - wifi: wlcore: fix unbalanced pm_runtime calls (Andreas Kemnade) - regulator: of: Implement the unwind path of of_regulator_match() (Joe Hattori) - team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071} - cpupower: fix TSC MHz calculation (He Rongguang) - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063} - wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072} - wifi: rtlwifi: remove unused dualmac control leftovers (Dmitry Antipov) - wifi: rtlwifi: remove unused timer and related code (Dmitry Antipov) - rtlwifi: replace usage of found with dedicated list iterator variable (Jakob Koschel) - dt-bindings: mmc: controller: clarify the address-cells description (Neil Armstrong) - wifi: rtlwifi: usb: fix workqueue leak when probe fails (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (Thadeu Lima de Souza Cascardo) - rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg (Larry Finger) - wifi: rtlwifi: do not complete firmware loading needlessly (Thadeu Lima de Souza Cascardo) - ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051} - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052} - drm/etnaviv: Fix page property being used for non writecombine buffers (Sui Jingfeng) - partitions: ldm: remove the initial kernel-doc notation (Randy Dunlap) - nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731} - afs: Fix directory format encoding struct (David Howells) - overflow: Allow mixed type arguments (Kees Cook) - overflow: Correct check_shl_overflow() comment (Keith Busch) - overflow: Add __must_check attribute to check_*() helpers (Kees Cook) [5.4.17-2136.343.2.el7uek] - rds: ib: Do not attempt to insert RDMA exthdr twice (H?kon Bugge) [Orabug: 37721764] - net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532} - net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36929747] - rds: ib: Fix racy send affinity work cancellation (H?kon Bugge) [Orabug: 36605776] - uek-rpm: install the perf exec dir (Stephen Brennan) [Orabug: 35023180] - uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37764002] [5.4.17-2136.343.1.el7uek] - rds: ib: Make traffic_class visible to user-space (H?kon Bugge) [Orabug: 37617866] - rds: ib: Remove incorrect update of the path record sl and qos_class fields (H?kon Bugge) [Orabug: 37617866] - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929} - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884} - udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884} - udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884} [5.4.17-2136.342.5.el7uek] - ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494} [5.4.17-2136.342.4.el7uek] - sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke H?iland-J?rgensen) [Orabug: 37497384] {CVE-2025-21647} - udf: Fix use of check_add_overflow() with mixed type arguments (Ben Hutchings) - x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross) - xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik) - ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang) - ALSA: hda/realtek - Add type for ALC287 (Kailang Yang) - net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel) - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37611855] {CVE-2025-21703} - ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao) - Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den) - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima) [Orabug: 37707676] {CVE-2025-21865} - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) [Orabug: 37650394] {CVE-2024-58009} - rds: Make sure transmit path and connection tear-down does not run concurrently (H?kon Bugge) [Orabug: 36308571] - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487] {CVE-2024-50046} [5.4.17-2136.342.3.el7uek] - LTS tag: v5.4.290 (Alok Tiwari) - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann) - drm/v3d: Assign job pointer to NULL before signaling the fence (Ma?ra Canal) [Orabug: 37707590] {CVE-2025-21688} - Input: xpad - add support for wooting two he (arm) (Jack Greiner) - Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto) - Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson) - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman) - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) [Orabug: 37592080] {CVE-2025-21689} - ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200960] {CVE-2024-49884} - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Theodore Ts'O) - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687} - net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206012] {CVE-2024-49936} - net: xen-netback: hash.c: Use built-in RCU list checking (Madhuparna Bhowmik) - signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die (Eric W. Biederman) - m68k: Add missing mmap_read_lock() to sys_cacheflush() (Liam R Howlett) - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (Al Viro) - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [Orabug: 37592129] {CVE-2025-21699} - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons) - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang) - ASoC: wm8994: Add depends on MFD core (Charles Keepax) - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388796] {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() (Surajsonawane2415) [Orabug: 37434118] {CVE-2024-56631} - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200707] {CVE-2024-47707} - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal) - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) [Orabug: 37592153] {CVE-2025-21694} - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit) - nvmet: propagate npwg topology (Luis Chamberlain) - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov) - kheaders: Ignore silly-rename files (David Howells) - hfs: Sanity check the root record (Leo Stone) - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) [Orabug: 37555776] {CVE-2024-57948} - i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang) - drm/v3d: Ensure job pointer is set to NULL after job completion (Ma?ra Canal) [Orabug: 37592115] {CVE-2025-21697} - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter) - gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima) [Orabug: 37555832] {CVE-2025-21678} - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). (Kuniyuki Iwashima) - gtp: use exit_batch_rtnl() method (Eric Dumazet) - net: add exit_batch_rtnl() method (Eric Dumazet) - net: net_namespace: Optimize the code (Yajun Deng) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla) - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497290] {CVE-2025-21639} - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37485004,37707634] {CVE-2024-57892} - ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (Zijun Hu) - phy: core: fix code style in devm_of_phy_provider_unregister (Vinod Koul) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis) - arm64: dts: rockchip: add #power-domain-cells to power domain nodes (Johan Jonker) - arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 (Johan Jonker) - arm64: dts: rockchip: fix defines in pd_vio node for rk3399 (Johan Jonker) - iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori) - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) [Orabug: 37497149] {CVE-2024-57904} - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam) - iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song) - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497160] {CVE-2024-57906} - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497169] {CVE-2024-57908} - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497179] {CVE-2024-57910} - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497183] {CVE-2024-57911} - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497189] {CVE-2024-57912} - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) [Orabug: 37497196] {CVE-2024-57913} - usb: fix reference leak in usb_new_device() (Ma Ke) - USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng) - USB: usblp: return error when setting unsupported protocol (Yan Jun) - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) [Orabug: 37592120,37497205] {CVE-2024-57915,CVE-2025-21698} - USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold) - usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel) - staging: iio: ad9832: Correct phase range check (Zicheng Qu) - staging: iio: ad9834: Correct phase range check (Zicheng Qu) - USB: serial: option: add Neoway N723-EA support (Michal Hrusecky) - USB: serial: option: add MeiG Smart SRM815 (Chukun Pan) - drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen) - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede) - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) [Orabug: 37497225] {CVE-2024-57922} - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283] {CVE-2025-21638} - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303] {CVE-2025-21640} - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) [Orabug: 37506783] {CVE-2025-21664} - tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington) - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) [Orabug: 37497346] {CVE-2025-21653} - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan) - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing) - net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor) - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura) - dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai) - dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai) - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) [Orabug: 37497249] {CVE-2024-57929} - jbd2: flush filesystem device before updating tail sequence (Zhang Yi) [5.4.17-2136.342.2.el7uek] - Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37660195] - rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (H?kon Bugge) [Orabug: 37586090] - dm rq: don't queue request to blk-mq during DM suspend (Ming Lei) [Orabug: 37010188] - dm: rearrange core declarations for extended use from dm-zone.c (Damien Le Moal) [Orabug: 37010188] [5.4.17-2136.342.1.el7uek] - cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621585] - uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619102] - oracleasm: Fix PI when use_logical_block_size is set (Martin K. Petersen) [Orabug: 37503280] - oracleasm: Add support for per-I/O block size selection (Martin K. Petersen) [Orabug: 37503280] - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938] {CVE-2023-52450} [5.4.17-2136.341.3.el7uek] - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 36897354,37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37304721,37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393] - RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584] - NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187,37664124] {CVE-2024-49974} [5.4.17-2136.341.2.el7uek] - LTS tag: v5.4.289 (Sherry Yang) - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) - drm: adv7511: Drop dsi single lane support (Biju Das) - net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov) - sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg) - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin) - RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter) - modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada) - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada) - ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky) - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak) - net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas) - bpf: fix potential error return (Anton Protopopov) - sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu) - wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach) - ila: serialize calls to nf_register_net_hooks() (Eric Dumazet) - ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal) - net: llc: reset skb->transport_header (Antonio Pastor) - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso) - netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) - netrom: check buffer length before accessing it (Ilya Shchipletsov) - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg) - drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean) - RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP) - RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel) - RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad) - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit) - IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit) - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley) - selinux: ignore unknown extended permissions (Thi?baud Weksteen) - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) - skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin) - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - tracing: Constify string literal data member in struct trace_event_call (Christian G?ttsche) - bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen) - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986} - ipv6: use skb_expand_head in ip6_xmit (Vasily Averin) - ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin) - skbuff: introduce skb_expand_head() (Vasily Averin) - MIPS: Probe toolchain support of -msym32 (Jiaxun Yang) - epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan) - virtio-blk: don't keep queue frozen during system suspend (Ming Lei) - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar) - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf) - regmap: Use correct format specifier for logging range errors (Mark Brown) - scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm) - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google)) - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767} - dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco) - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu) - phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu) - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu) - phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu) - mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie) - bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang) - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu) - of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina) - udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn) - nilfs2: prevent use of deleted inode (Edward Adam Davis) - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust) - btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo) - zram: refuse to use zero sized block device as backing device (Kairui Song) - sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven) - USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas) - USB: serial: option: add MediaTek T7XX compositions (Jack Wu) - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang) - USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky) - USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar) - efivarfs: Fix error on non-existent file (James Bottomley) - i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven) - chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter) - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete) - netfilter: ipset: Fix for recursive locking warning (Phil Sutter) - net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori) - net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter) - ionic: use ee->offset when returning sprom data (Shannon Nelson) - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang) - erofs: fix incorrect symlink detection in fast symlink (Gao Xiang) - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang) - drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang) - PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde) - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai) - PCI/AER: Disable AER service on suspend (Kai-Heng Feng) - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi) - net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164} [5.4.17-2136.341.1.el7uek] - kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298] - uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220] [5.4.17-2136.340.4.el7uek] - ftrace: use preempt_enable/disable notrace macros to avoid double fault (Koichiro Den) - nfsd: restore callback functionality for NFSv4.0 (NeilBrown) - i2c: pnx: Fix timeout in wait functions (Vladimir Riabchun) - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (Zijun Hu) - af_packet: fix vlan_get_tci() vs MSG_PEEK (Eric Dumazet) - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Eric Dumazet) - mtd: rawnand: fix double free in atmel_pmecc_create_user() (Dan Carpenter) [Orabug: 37506347] {CVE-2024-56766} [5.4.17-2136.340.3.el7uek] - Revert "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37475435] - vfio/iommu_type1: Fix some sanity checks in detach group (Keqian Zhu) [Orabug: 37136890] - Revert "vfio/iommu_type1: Fix some sanity checks in detach group" (Dongli Zhang) [Orabug: 37136890] - rds: ib: Avoid UAF on RDS Socket's rs_trans_lock (H?kon Bugge) [Orabug: 36693622] - rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() (H?kon Bugge) [Orabug: 36693622] - rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() (H?kon Bugge) [Orabug: 36693622] - Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" (Alejandro Jimenez) [Orabug: 35001679] [5.4.17-2136.340.2.el7uek] - LTS tag: v5.4.288 (Alok Tiwari) - ALSA: usb-audio: Fix a DMA to stack memory bug (Dan Carpenter) - xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240} - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Raghavendra Rao Ananta) - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (Nathan Chancellor) - blk-iocost: fix weight updates of inner active iocgs (Tejun Heo) - blk-iocost: clamp inuse and skip noops in __propagate_weights() (Tejun Heo) - ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired (Daniil Tatianin) - net/sched: netem: account for backlog updates from child qdisc (Martin Ottens) - qca_spi: Make driver probing reliable (Stefan Wahren) - qca_spi: Fix clock speed for multiple QCA7000 (Stefan Wahren) - ACPI: resource: Fix memory resource type union access (Ilpo J?rvinen) - net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659} - tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661} - batman-adv: Do not let TT changes list grows indefinitely (Remi Pommarel) - batman-adv: Remove uninitialized data in full table TT response (Remi Pommarel) - batman-adv: Do not send uninitialized TT changes (Remi Pommarel) - bpf, sockmap: Fix update element with same (Michal Luczaj) - xfs: don't drop errno values when we fail to ficlone the entire range (Darrick J. Wong) - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670} - usb: ehci-hcd: fix call balance of clocks handling routines (Vitalii Mordan) - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (Stefan Wahren) - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (Joe Hattori) - usb: host: max3421-hcd: Correctly abort a USB request. (Mark Tomlinson) - LTS tag: v5.4.287 (Alok Tiwari) - bpf, xdp: Update devmap comments to reflect napi/rcu usage (John Fastabend) - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150} - PCI: rockchip-ep: Fix address translation unit programming (Damien Le Moal) - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" (Zhang Zekun) - modpost: Add .irqentry.text to OTHER_SECTIONS (Thomas Gleixner) - jffs2: Fix rtime decompressor (Richard Weinberger) - jffs2: Prevent rtime decompress memory corruption (Kinsey Moore) - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Kunkun Jiang) - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Kunkun Jiang) - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Jing Zhang) - perf/x86/intel/pt: Fix buffer full but size is 0 case (Adrian Hunter) - bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615} - xdp: Simplify devmap cleanup (Bj?rn T?pel) - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle (Parker Newman) - powerpc/prom_init: Fixup missing powermac #size-cells (Michael Ellerman) - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (Xu Yang) - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (Defa Li) - PCI: Add ACS quirk for Wangxun FF5xxx NICs (Mengyuan Lou) - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (Keith Busch) - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586} - nvdimm: rectify the illogical code within nd_dax_probe() (Yi Yang) - pinctrl: qcom-pmic-gpio: add support for PM8937 (Barnab?s Cz?m?n) - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Kai M?kisara) - scsi: st: Don't modify unknown block number in MTIOCGET (Kai M?kisara) - leds: class: Protect brightness_show() with led_cdev->led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587} - tracing: Use atomic64_inc_return() in trace_clock_counter() (Uros Bizjak) - netpoll: Use rcu_access_pointer() in __netpoll_setup (Breno Leitao) - net/neighbor: clear error in case strict check is not set (Jakub Kicinski) - rocker: fix link status detection in rocker_carrier_init() (Dmitry Antipov) - ASoC: hdmi-codec: reorder channel allocation list (Jonas Karlman) - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (Hilda Wu) - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593} - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (Jiapeng Chong) - drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 37433914] {CVE-2024-56594} - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (Nihar Chaithanya) [Orabug: 37433920] {CVE-2024-56595} - jfs: fix array-index-out-of-bounds in jfs_readdir (Ghanshyam Agrawal) [Orabug: 37433928] {CVE-2024-56596} - jfs: fix shift-out-of-bounds in dbSplit (Ghanshyam Agrawal) [Orabug: 37433934] {CVE-2024-56597} - jfs: array-index-out-of-bounds fix in dtReadFirst (Ghanshyam Agrawal) [Orabug: 37433941] {CVE-2024-56598} - wifi: ath5k: add PCI ID for Arcadyan devices (Rosen Penev) - wifi: ath5k: add PCI ID for SX76X (Rosen Penev) - net: inet6: do not leave a dangling sk pointer in inet6_create() (Ignat Korchagin) [Orabug: 37433955] {CVE-2024-56600} - net: inet: do not leave a dangling sk pointer in inet_create() (Ignat Korchagin) [Orabug: 37433962] {CVE-2024-56601} - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (Ignat Korchagin) [Orabug: 37433970] {CVE-2024-56602} - net: af_can: do not leave a dangling sk pointer in can_create() (Ignat Korchagin) [Orabug: 37433977] {CVE-2024-56603} - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (Ignat Korchagin) [Orabug: 37433990] {CVE-2024-56605} - af_packet: avoid erroring out after sock_init_data() in packet_create() (Ignat Korchagin) [Orabug: 37433996] {CVE-2024-56606} - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (Elena Salomatkina) - net: ethernet: fs_enet: Use %pa to format resource_size_t (Simon Horman) - net: fec_mpc52xx_phy: Use %pa to format resource_size_t (Simon Horman) - samples/bpf: Fix a resource leak (Zhu Jun) - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (Igor Artemiev) - drm/mcde: Enable module autoloading (Liao Chen) - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (Joaqu?n Ignacio Aramend?a) - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (Rohan Barar) - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (David Given) - s390/cpum_sf: Handle CPU hotplug remove during sampling (Thomas Richter) - mmc: core: Further prevent card detect during shutdown (Ulf Hansson) - regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav) - dma-buf: fix dma_fence_array_signaled v4 (Christian K?nig) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (Liequan Che) - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37434065] {CVE-2024-56619} - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (Saurav Kashyap) - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (Anil Gurumurthy) - scsi: qla2xxx: Fix NVMe and NPIV connect issue (Quinn Tran) - ocfs2: update seq_file index in ocfs2_dlm_seq_next (Wengang Wang) - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (Kuan-Wei Chiu) - HID: wacom: fix when get product name maybe null pointer (WangYuli) [Orabug: 37434108] {CVE-2024-56629} - bpf: Fix exact match conditions in trie_get_next_key() (Hou Tao) - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie (Hou Tao) - ocfs2: free inode when ocfs2_get_init_inode() fails (Tetsuo Handa) [Orabug: 37434113] {CVE-2024-56630} - spi: mpc52xx: Add cancel_work_sync before module remove (Pei Xiao) - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (Zijian Zhang) [Orabug: 37434127] {CVE-2024-56633} - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (Pei Xiao) - gpio: grgpio: Add NULL check in grgpio_probe (Charles Han) [Orabug: 37434131] {CVE-2024-56634} - gpio: grgpio: use a helper variable to store the address of ofdev->dev (Bartosz Golaszewski) - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (Eric Biggers) - x86/asm: Reorder early variables (Jiri Slaby) - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (Qiu-ji Chen) [Orabug: 37433540] {CVE-2024-53198} - xen/xenbus: fix locking (Juergen Gross) - xenbus/backend: Protect xenbus callback with lock (SeongJae Park) - xenbus/backend: Add memory pressure handler callback (SeongJae Park) - xen/xenbus: reference count registered modules (Paul Durrant) - netfilter: nft_set_hash: skip duplicated elements pending gc run (Pablo Neira Ayuso) - netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [Orabug: 37434143] {CVE-2024-56637} - igb: Fix potential invalid memory access in igb_init_module() (Yuan Can) - net/qed: allow old cards not supporting "num_images" to work (Louis Leseur) - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Kuniyuki Iwashima) [Orabug: 37434161] {CVE-2024-56642} - tipc: add new AEAD key structure for user API (Tuong Lien) - tipc: enable creating a "preliminary" node (Tuong Lien) - tipc: add reference counter to bearer (Tuong Lien) - dccp: Fix memory leak in dccp_feat_change_recv (Ivan Solodovnikov) [Orabug: 37434167] {CVE-2024-56643} - can: j1939: j1939_session_new(): fix skb reference counting (Dmitry Antipov) - net/sched: tbf: correct backlog statistic for GSO packets (Martin Ottens) - netfilter: x_tables: fix LED ID check in led_tg_check() (Dmitry Antipov) [Orabug: 37434200] {CVE-2024-56650} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (Jinghao Jia) - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (Dario Binacchi) - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (Dario Binacchi) - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (Yassine Oudjana) - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (Oleksandr Ocheretnyi) - drm/etnaviv: flush shader L1 cache after user commandstream (Lucas Stach) - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (Yang Erkun) - nfsd: make sure exp active before svc_export_show (Yang Erkun) [Orabug: 37433745] {CVE-2024-56558} - dm thin: Add missing destroy_work_on_stack() (Yuan Can) - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (Frank Li) [Orabug: 37433756] {CVE-2024-56562} - util_macros.h: fix/rework find_closest() macros (Alexandru Ardelean) - ad7780: fix division by zero in ad7780_write_raw() (Zicheng Qu) [Orabug: 37433772] {CVE-2024-56567} - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (Gabor Juhos) - ftrace: Fix regression with module command in stack_trace_filter (guoweikang) [Orabug: 37433784] {CVE-2024-56569} - ovl: Filter invalid inodes with missing lookup function (Vasiliy Kovalev) [Orabug: 37433789] {CVE-2024-56570} - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (Gaosheng Cui) [Orabug: 37433798] {CVE-2024-56572} - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (Jinjie Ruan) - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan) - media: ts2020: fix null-ptr-deref in ts2020_probe() (Li Zetao) [Orabug: 37433805] {CVE-2024-56574} - media: i2c: tc358743: Fix crash in the probe error path when using polling (Alexander Shiyan) [Orabug: 37433817] {CVE-2024-56576} - btrfs: ref-verify: fix use-after-free after invalid ref action (Filipe Manana) [Orabug: 37433832] {CVE-2024-56581} - quota: flush quota_release_work upon quota writeback (Ojaswin Mujoo) - ASoC: fsl_micfil: fix the naming style for mask definition (Shengjiu Wang) - sh: intc: Fix use-after-free bug in register_intc_controller() (Dan Carpenter) [Orabug: 37433393] {CVE-2024-53165} - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Liu Jian) [Orabug: 37434314] {CVE-2024-56688} - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust) - SUNRPC: correct error code comment in xs_tcp_setup_socket() (Calum Mackay) - modpost: remove incorrect code in do_eisa_entry() (Masahiro Yamada) - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification (Maxime Chevallier) - 9p/xen: fix release of IRQ (Alex Zenla) [Orabug: 37434374] {CVE-2024-56704} - 9p/xen: fix init sequence (Alex Zenla) - block: return unsigned int from bdev_io_min (Christoph Hellwig) - jffs2: fix use of uninitialized variable (Qingfang Deng) - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (Waqar Hameed) [Orabug: 37433414] {CVE-2024-53171} - ubi: fastmap: Fix duplicate slab cache names while attaching (Zhihao Cheng) [Orabug: 37433419] {CVE-2024-53172} - ubifs: Correct the total block count by deducting journal reservation (Zhihao Cheng) - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (Yongliang Gao) [Orabug: 37434456] {CVE-2024-56739} - rtc: abx80x: Fix WDT bit position of the status register (Nobuhiro Iwamatsu) - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Trond Myklebust) [Orabug: 37433426] {CVE-2024-53173} - um: Always dump trace for specified task in show_stack (Tiwei Bie) - um: Clean up stacktrace dump (Johannes Berg) - um: add show_stack_loglvl() (Dmitry Safonov) - um/sysrq: remove needless variable sp (Dmitry Safonov) - um: Fix the return value of elf_core_copy_task_fpregs (Tiwei Bie) - um: Fix potential integer overflow during physmem setup (Tiwei Bie) [Orabug: 37427464] {CVE-2024-53145} - rpmsg: glink: Propagate TX failures in intentless mode as well (Bjorn Andersson) - SUNRPC: make sure cache entry active before cache_show (Yang Erkun) [Orabug: 37433433] {CVE-2024-53174} - NFSD: Prevent a potential integer overflow (Chuck Lever) [Orabug: 37427470] {CVE-2024-53146} - lib: string_helpers: silence snprintf() output truncation warning (Bartosz Golaszewski) - usb: dwc3: gadget: Fix checking for number of TRBs left (Thinh Nguyen) - ALSA: hda/realtek: Apply quirk for Medion E15433 (Takashi Iwai) - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (Dinesh Kumar) - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (Kailang Yang) - ALSA: hda/realtek: Update ALC225 depop procedure (Kailang Yang) - media: wl128x: Fix atomicity violation in fmc_send_cmd() (Qiu-ji Chen) [Orabug: 37434358] {CVE-2024-56700} - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (Jason Gerecke) - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (Muchun Song) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (Will Deacon) - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - um: vector: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433467] {CVE-2024-53181} - serial: 8250: omap: Move pm_runtime_get_sync (Bin Liu) - um: net: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433475] {CVE-2024-53183} - um: ubd: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433484] {CVE-2024-53184} - ubi: wl: Put source PEB into correct list if trying locking LEB failed (Zhihao Cheng) - spi: Fix acpi deferred irq probe (Stanislaw Gruszka) - netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) [Orabug: 37388867] {CVE-2024-53141} - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" (Greg Kroah-Hartman) - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (Andrej Shadura) - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (Nicolas Bouchinet) - comedi: Flush partial mappings in error case (Jann Horn) [Orabug: 37427482] {CVE-2024-53148} - PCI: Fix use-after-free of slot->bus on hot remove (Lukas Wunner) [Orabug: 37433516] {CVE-2024-53194} - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (Qiu-ji Chen) - jfs: xattr: check invalid xattr size more strictly (Artem Sadovnikov) - ext4: fix FS_IOC_GETFSMAP handling (Theodore Ts'o) - ext4: supress data-race warnings in ext4_free_inodes_{count,set}() (Jeongjun Park) - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Beno?t Sevens) [Orabug: 37433532] {CVE-2024-53197} - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Manikanta Mylavarapu) - usb: ehci-spear: fix call balance of sehci clk handling routines (Vitalii Mordan) - apparmor: fix 'Do simple duplicate message elimination' (chao liu) - staging: greybus: uart: clean up TIOCGSERIAL (Johan Hovold) - misc: apds990x: Fix missing pm_runtime_disable() (Jinjie Ruan) - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (Edward Adam Davis) - USB: chaoskey: fail open after removal (Oliver Neukum) - usb: yurex: make waiting on yurex_write interruptible (Oliver Neukum) - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (Jeongjun Park) - ipmr: fix tables suspicious RCU usage (Paolo Abeni) - ipmr: convert /proc handlers to rcu_read_lock() (Eric Dumazet) - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken (Maxime Chevallier) - marvell: pxa168_eth: fix call balance of pep->clk handling routines (Vitalii Mordan) - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (Oleksij Rempel) - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets (Pavan Chebbi) - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (Oleksij Rempel) - power: supply: core: Remove might_sleep() from power_supply_put() (Bart Van Assche) - vfio/pci: Properly hide first-in-list PCIe extended capability (Avihai Horon) [Orabug: 37433578] {CVE-2024-53214} - NFSD: Fix nfsd4_shutdown_copy() (Chuck Lever) - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (Chuck Lever) - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (Chuck Lever) [Orabug: 37433594] {CVE-2024-53217} - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length (Jonathan Marek) - rpmsg: glink: Fix GLINK command prefix (Bjorn Andersson) - rpmsg: glink: Send READ_NOTIFY command in FIFO full case (Arun Kumar Neelakantam) - rpmsg: glink: Add TX_DATA_CONT command while sending (Arun Kumar Neelakantam) - perf trace: Avoid garbage when not printing a syscall's arguments (Benjamin Peterson) - perf trace: Do not lose last events in a race (Benjamin Peterson) - m68k: coldfire/device.c: only build FEC when HW macros are defined (Antonio Quartulli) - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x (Jean-Michel Hautbois) - PCI: cpqphp: Fix PCIBIOS_* return value confusion (Ilpo J?rvinen) - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (weiyufeng) - perf probe: Correct demangled symbols in C++ program (Leo Yan) - perf cs-etm: Don't flush when packet_queue fills up (James Clark) - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (Nuno Sa) - clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand (Alexandru Ardelean) - dt-bindings: clock: axi-clkgen: include AXI clk (Nuno Sa) - dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format (Alexandru Ardelean) - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (Zhen Lei) [Orabug: 37434478] {CVE-2024-56746} - fbdev/sh7760fb: Alloc DMA memory from hardware device (Thomas Zimmermann) - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static (Michal Suchanek) - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (Dmitry Antipov) [Orabug: 37427503] {CVE-2024-53155} - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434484] {CVE-2024-56747} - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434489] {CVE-2024-56748} - scsi: fusion: Remove unused variable 'rc' (Zeng Heng) - scsi: bfa: Fix use-after-free in bfad_im_module_exit() (Ye Bin) [Orabug: 37433630] {CVE-2024-53227} - mfd: rt5033: Fix missing regmap_del_irq_chip() (Zhang Changzhong) - mtd: rawnand: atmel: Fix possible memory leak (Miquel Raynal) - cpufreq: loongson2: Unregister platform_driver on failure (Yuan Can) - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (Andy Shevchenko) [Orabug: 37434429] {CVE-2024-56723} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (Andy Shevchenko) [Orabug: 37434434] {CVE-2024-56724} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (Andy Shevchenko) [Orabug: 37434330] {CVE-2024-56691} - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() (Andy Shevchenko) - mfd: da9052-spi: Change read-mask to write-mask (Marcus Folkesson) - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (Jinjie Ruan) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (Levi Yun) - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (Breno Leitao) - ALSA: 6fire: Release resources at card release (Takashi Iwai) [Orabug: 37433660] {CVE-2024-53239} - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433666] {CVE-2024-56531} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433672] {CVE-2024-56532} - net: rfkill: gpio: Add check for clk_enable() (Mingwei Zheng) - selftests: net: really check for bg process completion (Paolo Abeni) - bpf, sockmap: Fix sk_msg_reset_curr (Zijian Zhang) - bpf, sockmap: Several fixes to bpf_msg_pop_data (Zijian Zhang) - bpf, sockmap: Several fixes to bpf_msg_push_data (Zijian Zhang) - drm/etnaviv: hold GPU lock across perfmon sampling (Lucas Stach) - drm/etnaviv: fix power register offset on GC300 (Doug Brown) - drm/etnaviv: dump: fix sparse warnings (Marc Kleine-Budde) - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - drm/panfrost: Remove unused id_mask from struct panfrost_model (Steven Price) - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (Alper Nebi Yasak) [Orabug: 37433695] {CVE-2024-56539} - bpf: Fix the xdp_adjust_tail sample prog issue (Yuan Chen) - ASoC: fsl_micfil: fix regmap_write_bits usage (Shengjiu Wang) - ASoC: fsl_micfil: use GENMASK to define register bit fields (Sascha Hauer) - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits (Sascha Hauer) - ASoC: fsl_micfil: Drop unnecessary register read (Sascha Hauer) - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc (Igor Prusov) - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - drm/omap: Fix locking in omap_gem_new_dmabuf() (Tomi Valkeinen) - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (Jeongjun Park) [Orabug: 37427509] {CVE-2024-53156} - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (Andy Shevchenko) - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (Luo Qiu) [Orabug: 37427515] {CVE-2024-53157} - regmap: irq: Set lockdep class for hierarchical IRQ domains (Andy Shevchenko) - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints (Andre Przywara) - tpm: fix signed/unsigned bug when checking event logs (Gregory Price) - efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) - mmc: mmc_spi: drop buggy snprintf() (Bartosz Golaszewski) - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (Dan Carpenter) [Orabug: 37427524] {CVE-2024-53158} - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - time: Fix references to _msecs_to_jiffies() handling of values (Miguel Ojeda) - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (Christophe JAILLET) - crypto: bcm - add error check in the ahash_hmac_init function (Chen Ridong) [Orabug: 37434298] {CVE-2024-56681} - crypto: cavium - Fix the if condition to exit loop after timeout (Everest K.C) - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (Yi Yang) [Orabug: 37434323] {CVE-2024-56690} - EDAC/fsl_ddr: Fix bad bit shift operations (Priyanka Singh) - EDAC/bluefield: Fix potential integer overflow (David Thompson) [Orabug: 37427533] {CVE-2024-53161} - firmware: google: Unregister driver_info on failure (Yuan Can) - firmware: google: Unregister driver_info on failure and exit in gsmi (Arthur Heymans) - hfsplus: don't query the device logical block size multiple times (Thadeu Lima de Souza Cascardo) [Orabug: 37433720] {CVE-2024-56548} - s390/syscalls: Avoid creation of arch/arch/ directory (Masahiro Yamada) - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (Aleksandr Mishin) - m68k: mvme147: Reinstate early console (Daniel Palmer) - m68k: mvme16x: Add and use "mvme16x.h" (Geert Uytterhoeven) - m68k: mvme147: Fix SCSI controller IRQ numbers (Daniel Palmer) - nvme-pci: fix freeing of the HMB descriptor table (Christoph Hellwig) [Orabug: 37434510] {CVE-2024-56756} - initramfs: avoid filename buffer overrun (David Disseldorp) [Orabug: 37388874] {CVE-2024-53142} - mips: asm: fix warning when disabling MIPS_FP_SUPPORT (Jonas Gorski) - x86/xen/pvh: Annotate indirect branch as safe (Josh Poimboeuf) - nvme: fix metadata handling in nvme-passthrough (Puranjay Mohan) - cifs: Fix buffer overflow when parsing NFS reparse points (Pali Roh?r) [Orabug: 37206284] {CVE-2024-49996} - ipmr: Fix access to mfc_cache_list without lock held (Breno Leitao) - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (David Wang) - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (Luo Yifan) - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (Luo Yifan) - regulator: rk808: Add apply_bit for BUCK3 on RK809 (Mikhail Rudenko) - soc: qcom: Add check devm_kasprintf() returned value (Charles Han) - net: usb: qmi_wwan: add Quectel RG650V (Beno?t Monin) - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (Arnd Bergmann) - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (Piyush Raj Chouhan) - selftests/watchdog-test: Fix system accidentally reset after watchdog-test (Li Zhijian) - mac80211: fix user-power when emulating chanctx (Ben Greear) - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (Hans de Goede) - kbuild: Use uname for LINUX_COMPILE_HOST detection (Chris Down) - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (Mauro Carvalho Chehab) - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388819] {CVE-2024-53130} - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (Dmitry Antipov) - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388825] {CVE-2024-53131} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (Sean Christopherson) [Orabug: 37388846] {CVE-2024-53135} - ocfs2: uncache inode which has failed entering the group (Dmitry Antipov) [Orabug: 37388753] {CVE-2024-53112} - net/mlx5e: kTLS, Fix incorrect page refcounting (Dragos Tatulea) - net/mlx5: fs, lock FTE when checking if active (Mark Bloch) - netlink: terminate outstanding dump on socket close (Jakub Kicinski) [Orabug: 37388861] {CVE-2024-53140} - LTS tag: v5.4.286 (Alok Tiwari) - 9p: fix slab cache name creation for real (Linus Torvalds) - md/raid10: improve code of mrdev in raid10_sync_request (Li Nan) - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (Reinhard Speyerer) - fs: Fix uninitialized value issue in from_kuid and from_kgid (Alessandro Zanni) [Orabug: 37331928] {CVE-2024-53101} - powerpc/powernv: Free name on error in opal_event_init() (Michael Ellerman) - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML (Julian Vetter) - bpf: use kvzmalloc to allocate BPF verifier environment (Rik van Riel) - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (WangYuli) - 9p: Avoid creating multiple slab caches with the same name (Pedro Falcato) - ALSA: usb-audio: Add endianness annotations (Jan Sch?r) - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Hyunwoo Kim) [Orabug: 37298681] {CVE-2024-50264} - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (Hyunwoo Kim) [Orabug: 37344480] {CVE-2024-53103} - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753574] {CVE-2024-38588} - NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever) - ALSA: usb-audio: Add quirks for Dell WD19 dock (Jan Sch?r) - ALSA: usb-audio: Support jack detection on Dell dock (Jan Sch?r) - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (Andrew Kanner) [Orabug: 37298685] {CVE-2024-50265} - irqchip/gic-v3: Force propagation of the active state with a read-back (Marc Zyngier) - USB: serial: option: add Quectel RG650V (Beno?t Monin) - USB: serial: option: add Fibocom FG132 0x0112 composition (Reinhard Speyerer) - USB: serial: qcserial: add support for Sierra Wireless EM86xx (Jack Wu) - USB: serial: io_edgeport: fix use after free in debug printk (Dan Carpenter) [Orabug: 37298695] {CVE-2024-50267} - usb: musb: sunxi: Fix accessing an released usb phy (Zijun Hu) [Orabug: 37298703] {CVE-2024-50269} - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' (Qi Xi) - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoit Sevens) [Orabug: 37344485] {CVE-2024-53104} - net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753372] {CVE-2024-38538} - spi: fix use-after-free of the add_lock mutex (Michael Walle) - spi: Fix deadlock when adding SPI controllers on SPI buses (Mark Brown) - mtd: rawnand: protect access to rawnand devices while in suspend (Sean Nyekjaer) - btrfs: reinitialize delayed ref list after deleting it from the list (Filipe Manana) [Orabug: 37298715] {CVE-2024-50273} - nfs: Fix KMSAN warning in decode_getfattr_attrs() (Roberto Sassu) [Orabug: 37304779] {CVE-2024-53066} - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (Zichen Xie) - dm cache: fix potential out-of-bounds access on the first resume (Ming-Hung Tsai) [Orabug: 37298732] {CVE-2024-50278} - dm cache: optimize dirty bit checking with find_next_bit when resizing (Ming-Hung Tsai) - dm cache: fix out-of-bounds access to the dirty bitset when resizing (Ming-Hung Tsai) [Orabug: 37298737] {CVE-2024-50279} - dm cache: correct the number of origin blocks to match the target length (Ming-Hung Tsai) - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (Alex Deucher) [Orabug: 37298751] {CVE-2024-50282} - pwm: imx-tpm: Use correct MODULO value for EPWM mode (Erik Schumacher) - media: v4l2-tpg: prevent the risk of a division by zero (Mauro Carvalho Chehab) [Orabug: 37298782] {CVE-2024-50287} - media: cx24116: prevent overflows on SNR calculus (Mauro Carvalho Chehab) [Orabug: 37298797] {CVE-2024-50290} - media: s5p-jpeg: prevent buffer overflows (Mauro Carvalho Chehab) [Orabug: 37304763] {CVE-2024-53061} - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (Murad Masimov) - media: adv7604: prevent underflow condition when reporting colorspace (Mauro Carvalho Chehab) - media: dvb_frontend: don't play tricks with underflow values (Mauro Carvalho Chehab) - media: dvbdev: prevent the risk of out of memory access (Mauro Carvalho Chehab) [Orabug: 37304769] {CVE-2024-53063} - media: stb0899_algo: initialize cfr before using it (Mauro Carvalho Chehab) - net: hns3: fix kernel crash when uninstalling driver (Peiyang Wang) [Orabug: 37298811] {CVE-2024-50296} - can: c_can: fix {rx,tx}_errors statistics (Dario Binacchi) - sctp: properly validate chunk size in sctp_sf_ootb() (Xin Long) [Orabug: 37298820] {CVE-2024-50299} - net: enetc: set MAC address to the VF net_device (Wei Fang) - enetc: simplify the return expression of enetc_vf_set_mac_addr() (Qinglang Miao) - security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong) [Orabug: 37298827] {CVE-2024-50301} - HID: core: zero-initialize the report buffer (Jiri Kosina) [Orabug: 37298834] {CVE-2024-50302} - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin (Heiko Stuebner) - ARM: dts: rockchip: Fix the spi controller on rk3036 (Heiko Stuebner) - ARM: dts: rockchip: drop grf reference from rk3036 hdmi (Heiko Stuebner) - ARM: dts: rockchip: fix rk3036 acodec node (Heiko Stuebner) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (Heiko Stuebner) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (Heiko Stuebner) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (Diederik de Haas) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (Geert Uytterhoeven) [5.4.17-2136.340.1.el7uek] - rds/ib: avoid scq/rcq polling during rds connection shutdown (Arumugam Kolappan) [Orabug: 37092563] - RDMA/mlx5: Send UAR page index as ioctl attribute (Akiva Goldberger) [Orabug: 37029739] - RDMA: Pass entire uverbs attr bundle to create cq function (Akiva Goldberger) [Orabug: 37029739] - IB/uverbs: Enable CQ ioctl commands by default (Yishai Hadas) [Orabug: 37029739] [5.4.17-2136.339.5.el7uek] - tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov) - vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393533] - vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393533] [5.4.17-2136.339.4.el7uek] - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai) - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno) - mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton) - net/ipv6: release expired exception dst cached in socket (Jiri Wiesner) [Orabug: 37434173] {CVE-2024-56644} - Revert "unicode: Don't special case ignorable code points" (Linus Torvalds) - powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy) - Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil) [5.4.17-2136.339.3.el7uek] - Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364531] - rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265127] - rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265125] - rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265123] - rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265121] - rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265117] - rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265115] - md/raid10: fix task hung in raid10d (Li Nan) [Orabug: 37126683] - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (Yu Kuai) [Orabug: 37126683] - md/raid10: avoid deadlock on recovery. (Vitaly Mayatskikh) [Orabug: 37126683] [5.4.17-2136.339.2.el7uek] - arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. (Miguel Luis) [Orabug: 37027863] [5.4.17-2136.339.1.el7uek] - net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] [Orabug: 35316633] - net/rds: Introduce RDS-INQ feature to RDS protocol (Devesh Sharma) [Orabug: 35316632] [Orabug: 37109336] - net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] [Orabug: 37072814] - mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270264] - KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273706] - KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273706] - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 37273706] {CVE-2022-29901} - x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled (Alexandre Chartre) [Orabug: 37310552] - x86/msr: Add functions to set/clear the bit of an MSR on all cpus (Alexandre Chartre) [Orabug: 37310552] From el-errata at oss.oracle.com Fri Jun 13 12:54:32 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:32 -0700 Subject: [El-errata] ELSA-2025-20372 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20372 http://linux.oracle.com/errata/ELSA-2025-20372.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.344.4.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.344.4.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.344.4.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.344.4.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.344.4.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.344.4.1.el8uek.src.rpm Related CVEs: CVE-2023-52667 CVE-2024-38555 CVE-2024-50000 CVE-2024-50001 CVE-2024-58093 CVE-2025-21956 CVE-2025-21957 CVE-2025-21959 CVE-2025-21971 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21996 CVE-2025-22004 CVE-2025-22005 CVE-2025-22007 CVE-2025-22018 CVE-2025-22020 CVE-2025-22021 CVE-2025-22035 CVE-2025-22045 CVE-2025-22054 CVE-2025-22063 CVE-2025-22071 CVE-2025-22073 CVE-2025-22079 CVE-2025-22086 CVE-2025-23136 CVE-2025-37937 CVE-2025-38637 Description of changes: [5.4.17-2136.344.4.1.el8uek] - certs: Reference revocation list for all keyrings (Eric Snowberg) [Orabug: 38052126] [5.4.17-2136.344.4.el8uek] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555] [5.4.17-2136.344.3.el8uek] - net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859] - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001} - net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016] [5.4.17-2136.344.2.el8uek] - LTS tag: v5.4.292 (Alok Tiwari) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063} - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021} - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet) - netpoll: move netpoll_send_skb() out of line (Eric Dumazet) - netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet) - netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) [5.4.17-2136.344.1.el8uek] - RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729] - nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518] From el-errata at oss.oracle.com Fri Jun 13 12:54:34 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:34 -0700 Subject: [El-errata] ELBA-2025-8409 Oracle Linux 8 grub2 bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8409 http://linux.oracle.com/errata/ELBA-2025-8409.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grub2-common-2.02-167.0.1.el8_10.noarch.rpm grub2-efi-aa64-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-efi-ia32-2.02-167.0.1.el8_10.x86_64.rpm grub2-efi-ia32-cdboot-2.02-167.0.1.el8_10.x86_64.rpm grub2-efi-ia32-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-efi-x64-2.02-167.0.1.el8_10.x86_64.rpm grub2-efi-x64-cdboot-2.02-167.0.1.el8_10.x86_64.rpm grub2-efi-x64-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-pc-2.02-167.0.1.el8_10.x86_64.rpm grub2-pc-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-tools-2.02-167.0.1.el8_10.x86_64.rpm grub2-tools-efi-2.02-167.0.1.el8_10.x86_64.rpm grub2-tools-extra-2.02-167.0.1.el8_10.x86_64.rpm grub2-tools-minimal-2.02-167.0.1.el8_10.x86_64.rpm aarch64: grub2-common-2.02-167.0.1.el8_10.noarch.rpm grub2-efi-aa64-2.02-167.0.1.el8_10.aarch64.rpm grub2-efi-aa64-cdboot-2.02-167.0.1.el8_10.aarch64.rpm grub2-efi-aa64-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-efi-ia32-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-efi-x64-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-pc-modules-2.02-167.0.1.el8_10.noarch.rpm grub2-tools-2.02-167.0.1.el8_10.aarch64.rpm grub2-tools-extra-2.02-167.0.1.el8_10.aarch64.rpm grub2-tools-minimal-2.02-167.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//grub2-2.02-167.0.1.el8_10.src.rpm Description of changes: [2.02-167.0.1] - Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761] - Fix typo in SBAT metadata [Orabug: 37693946] - Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946] - net/dns: Fix removal of DNS server [Orabug: 37539625] - net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625] - net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625] - net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625] - Use correct os_name on OL - Backport the support for setting custom kernels as default kernels [Orabug: 36690061] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure [Orabug: 35126950] - Fix CVE-2022-3775 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996] - Enable back btrfs module by default [Orabug: 34377188] - Backport upstream SNP protocol fixes [Orabug: 34195100] - Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232] - enable multiboot2 [Orabug: 34285558] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put "with" in menuentry instead of "using" [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.02-167] - 99-grub-mkconfig.install: fix condition allowing correct checks if GRUB_ENABLE_BLSCFG is not present - Resolves: #RHEL-80168 [2.02-166] - Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set - Resolves: #RHEL-86913 From el-errata at oss.oracle.com Fri Jun 13 12:54:35 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:35 -0700 Subject: [El-errata] ELBA-2025-8738 Oracle Linux 8 389-ds:1.4 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8738 http://linux.oracle.com/errata/ELBA-2025-8738.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: 389-ds-base-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.x86_64.rpm 389-ds-base-devel-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.x86_64.rpm 389-ds-base-libs-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.x86_64.rpm 389-ds-base-snmp-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.x86_64.rpm python3-lib389-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.noarch.rpm aarch64: 389-ds-base-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.aarch64.rpm 389-ds-base-devel-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.aarch64.rpm 389-ds-base-legacy-tools-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.aarch64.rpm 389-ds-base-libs-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.aarch64.rpm 389-ds-base-snmp-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.aarch64.rpm python3-lib389-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//389-ds-base-1.4.3.39-14.module+el8.10.0+90609+3c83b4b6.src.rpm Description of changes: [1.4.3.39-14] - Reverts: RHEL-80704 - Increased memory consumption caused by NDN cache [rhel-8.10.z] - Resolves: RHEL-95442 - ns-slapd[xxxx]: segfault at 10d7d0d0 ip 00007ff734050cdb sp 00007ff6de9f1430 error 6 in libslapd.so.0.1.0[7ff733ec0000+1b3000] [rhel-8.10.z] From el-errata at oss.oracle.com Fri Jun 13 12:54:37 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:37 -0700 Subject: [El-errata] ELBA-2025-8818 Oracle Linux 8 tar bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8818 http://linux.oracle.com/errata/ELBA-2025-8818.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tar-1.30-10.el8_10.x86_64.rpm aarch64: tar-1.30-10.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//tar-1.30-10.el8_10.src.rpm Description of changes: [2:1.30-10] - Warn _file changed as we read it_ less often - Add downstream patch to fix related failure in filerem01 test From el-errata at oss.oracle.com Fri Jun 13 12:54:38 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:38 -0700 Subject: [El-errata] ELSA-2025-8514 Important: Oracle Linux 8 nodejs:20 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8514 http://linux.oracle.com/errata/ELSA-2025-8514.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm aarch64: nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.aarch64.rpm nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.aarch64.rpm nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.src.rpm Related CVEs: CVE-2025-23166 Description of changes: nodejs [1:20.19.2-1] - Update to version 20.19.2 Fixes: CVE-2025-23166 Resolves: RHEL-91595 RHEL-89598 RHEL-92854 [1:20.19.1-1] - Update to version 20.19.1 Resolves: RHEL-78763 [1:20.18.2-4] - Update c-ares to 1.34.5 to address CVE-2025-31498 [1:20.18.2-3] - Remove obsolete lua pretransaction script from spec file Resolves: RHEL-81125 [1:20.18.2-2] - Disable npm's update-notifier Resolves: RHEL-81077 [1:20.18.2-1] - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76001 RHEL-76146 [1:20.16.0-1] - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Addresses CVE-2024-25629 (c-ares) [1:20.11.1-1] - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) [1:20.11.0-1] - Rebase to version 20.11.0 - Resolves: RHEL-21434 [1:20.9.0-1] - Rebase to LTS - Resolves: RHEL-16159 [1:20.8.1-1] - Update node and nghttp - Add fips patch - Fixes CVE-2023-44487 (nghttp) - Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 [1:20.5.1-1] - Rebase to new security release - Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high) - Address CVE-2023-32006, CVE-2023-32559 (medium) - Address CVE-2023-32005, CVE-2023-32003 (low) - Resolves: #2186718 - Resolves RHELPLAN-155624 [1:20.5.0-1] - Update to v20.5.0 - Remove dtrace support - bcond corepack, so we don't provide it by default - Decrease debuginfo verbosity for all arches - Resolves: #2186718 - Resolves RHELPLAN-155624 [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188290 rhbz#2166926 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222287 [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 [1:18.14.2-2] - Provide simduft [1:18.14.2-1] - Rebase to 18.14.2 - Resolves: #2178086 - Resolves: CVE-2022-25881, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 [1:18.12.1-2] - Update version of bundled histogram [1:18.12.1-1] - Rebase to version 18.12.1 Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517 [1:18.9.1-1] - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 [1:18.8.0-1] - Rebase to version 18.8.0 - Include sources for WASM blobs [1:18.6.0-1] - Rebase to version 18.6.0 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Resolves: CVE-2022-29244 [1:18.2.0-1] - Rebase to version 18.2.0 [1:16.14.0-5] - Unify configure calls into single command - Refactor bootstrap-related parts - Decouple dependency bundling from bootstrapping [1:16.14.0-4] - Apply lock file validation fixes - Resolves: CVE-2021-43616 - Resolves: RHBZ#2070013 [1:16.13.1-3] - Resolves: RHBZ#2026329 - Add corepack to spec [1:16.13.1-2] - Resolves: RHBZ#2026329 - Update npm version test [1:16.13.1-1] - Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920 - Resolves: RHBZ#2026329 - Rebase to LTS release and to fix multiple low and medium CVEs [1:16.8.0-1] - Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712 - Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176 [1:16.7.0-2] - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, - CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 - Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 - fix python3 in gyp [1:16.7.0-1] - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, - CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810 - Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963 [1:16.4.2-1] - Resolves: RHBZ#1979847 - Resolves CVE-2021-22918(libuv) - Use system cipher list(1842826, 1952915) [1:16.1.0-1] - Resolves: RHBZ#1953991 - Rebase to v16.x - Update version of gcc and gcc-c++ needed - Remove libs conditionals - Remove unused patches - Bundle nghttp3 and ngtcp2 [1:14.16.0-2] - Resolves RHBZ#1930775 - remove --debug-nghttp2 option [1:14.16.0-1] - Resolves CVE-2021-22883 CVE-2021-22884 - Resolves: RHBZ#1934566, RHBZ#1934599 - Rebase, remove ini patch [1:14.15.4-2] - Add patch for yarn crash - Resolves: RHBZ#1915296 [1:14.15.4-1] - Security rebase to 14.15.4 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - Resolves: RHBZ#1913001, RHBZ#1912953 - Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184 [1:14.15.0-1] - Resolves: RHBZ#1858864 - Update to LTS release [1:14.11.0-1] - Security update to 14.11.0 [1:14.4.0-1] - Security update to 14.4.0 - Resolves: RHBZ#1815402 [1:14.3.0-1] - Update to 14.3.0 - Fix optflags to save memory - Resolves: RHBZ#1815402 [1:14.2.0-1] - Update to 14.2.0 - build with python3 only - some clean up [1:12.16.1-2] - Fix CVE-2020-10531 [1:12.16.1-1] - Rebase to 12.16.1 [1:12.14.1-1] - Rebase to 12.14.1 [1:12.13.1-1] - Resolves: RHBZ# 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds [1:12.4.0-2] - Add condition to libs [1:12.4.0-1] - Update to v12.x - Add v8-devel and libs subpackages from fedora [1:10.14.1-2] - move nodejs-packaging BR out of conditional [1:10.14.1-1] - Resolves RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging From el-errata at oss.oracle.com Fri Jun 13 12:54:41 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:41 -0700 Subject: [El-errata] ELSA-2025-8743 Moderate: Oracle Linux 8 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8743 http://linux.oracle.com/errata/ELSA-2025-8743.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.56.1.el8_10.noarch.rpm kernel-core-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.56.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.56.1.el8_10.x86_64.rpm perf-4.18.0-553.56.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.56.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.56.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.56.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.56.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.56.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.56.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.56.1.el8_10.aarch64.rpm perf-4.18.0-553.56.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.56.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.56.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.56.1.el8_10.src.rpm Related CVEs: CVE-2022-49395 Description of changes: [4.18.0-553.56.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.56.1.el8_10] - tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (David Arcari) [RHEL-86963] - um: Fix out-of-bounds read in LDT setup (CKI Backport Bot) [RHEL-90261] {CVE-2022-49395} [4.18.0-553.55.1.el8_10] - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (Phil Auld) [RHEL-85171] From el-errata at oss.oracle.com Fri Jun 13 12:54:40 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:40 -0700 Subject: [El-errata] ELSA-2025-8686 Moderate: Oracle Linux 8 glibc security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8686 http://linux.oracle.com/errata/ELSA-2025-8686.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: compat-libpthread-nonshared-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-2.28-251.0.3.el8_10.22.i686.rpm glibc-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-all-langpacks-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-common-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-devel-2.28-251.0.3.el8_10.22.i686.rpm glibc-devel-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-doc-2.28-251.0.3.el8_10.22.noarch.rpm glibc-gconv-extra-2.28-251.0.3.el8_10.22.i686.rpm glibc-gconv-extra-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-headers-2.28-251.0.3.el8_10.22.i686.rpm glibc-headers-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-aa-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-af-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-agr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ak-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-am-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-an-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-anp-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ar-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-as-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ast-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ayc-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-az-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-be-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bem-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ber-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bg-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bhb-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bho-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bo-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-br-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-brx-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-bs-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-byn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ca-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ce-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-chr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-cmn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-crh-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-cs-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-csb-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-cv-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-cy-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-da-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-de-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-doi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-dsb-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-dv-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-dz-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-el-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-en-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-eo-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-es-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-et-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-eu-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fa-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ff-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fil-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fo-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fur-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-fy-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ga-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-gd-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-gez-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-gl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-gu-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-gv-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ha-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hak-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-he-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hif-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hne-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hsb-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ht-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hu-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-hy-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ia-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-id-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ig-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ik-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-is-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-it-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-iu-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ja-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ka-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-kab-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-kk-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-kl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-km-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-kn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ko-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-kok-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ks-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ku-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-kw-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ky-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lb-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lg-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-li-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lij-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ln-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lo-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lt-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lv-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-lzh-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mag-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mai-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mfe-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mg-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mhr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-miq-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mjw-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mk-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ml-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mni-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ms-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-mt-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-my-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nan-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nb-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nds-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ne-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nhn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-niu-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-nso-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-oc-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-om-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-or-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-os-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-pa-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-pap-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-pl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ps-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-pt-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-quz-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-raj-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ro-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ru-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-rw-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sa-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sah-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sat-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sc-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sd-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-se-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sgs-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-shn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-shs-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-si-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sid-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sk-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sm-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-so-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sq-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ss-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-st-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sv-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-sw-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-szl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ta-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tcy-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-te-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tg-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-th-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-the-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ti-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tig-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tk-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tl-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tn-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-to-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tpi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tr-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ts-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-tt-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ug-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-uk-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-unm-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ur-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-uz-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-ve-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-vi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-wa-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-wae-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-wal-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-wo-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-xh-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-yi-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-yo-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-yue-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-yuw-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-zh-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-langpack-zu-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-locale-source-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-minimal-langpack-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-utils-2.28-251.0.3.el8_10.22.x86_64.rpm libnsl-2.28-251.0.3.el8_10.22.i686.rpm libnsl-2.28-251.0.3.el8_10.22.x86_64.rpm nscd-2.28-251.0.3.el8_10.22.x86_64.rpm nss_db-2.28-251.0.3.el8_10.22.i686.rpm nss_db-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-benchtests-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-nss-devel-2.28-251.0.3.el8_10.22.i686.rpm glibc-nss-devel-2.28-251.0.3.el8_10.22.x86_64.rpm glibc-static-2.28-251.0.3.el8_10.22.i686.rpm glibc-static-2.28-251.0.3.el8_10.22.x86_64.rpm nss_hesiod-2.28-251.0.3.el8_10.22.i686.rpm nss_hesiod-2.28-251.0.3.el8_10.22.x86_64.rpm aarch64: compat-libpthread-nonshared-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-all-langpacks-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-common-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-devel-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-doc-2.28-251.0.3.el8_10.22.noarch.rpm glibc-gconv-extra-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-headers-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-aa-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-af-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-agr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ak-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-am-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-an-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-anp-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ar-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-as-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ast-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ayc-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-az-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-be-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bem-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ber-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bg-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bhb-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bho-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bo-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-br-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-brx-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-bs-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-byn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ca-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ce-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-chr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-cmn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-crh-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-cs-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-csb-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-cv-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-cy-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-da-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-de-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-doi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-dsb-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-dv-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-dz-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-el-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-en-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-eo-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-es-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-et-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-eu-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fa-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ff-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fil-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fo-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fur-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-fy-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ga-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-gd-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-gez-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-gl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-gu-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-gv-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ha-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hak-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-he-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hif-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hne-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hsb-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ht-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hu-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-hy-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ia-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-id-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ig-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ik-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-is-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-it-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-iu-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ja-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ka-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-kab-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-kk-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-kl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-km-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-kn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ko-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-kok-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ks-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ku-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-kw-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ky-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lb-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lg-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-li-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lij-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ln-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lo-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lt-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lv-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-lzh-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mag-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mai-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mfe-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mg-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mhr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-miq-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mjw-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mk-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ml-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mni-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ms-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-mt-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-my-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nan-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nb-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nds-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ne-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nhn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-niu-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-nso-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-oc-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-om-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-or-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-os-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-pa-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-pap-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-pl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ps-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-pt-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-quz-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-raj-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ro-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ru-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-rw-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sa-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sah-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sat-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sc-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sd-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-se-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sgs-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-shn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-shs-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-si-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sid-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sk-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sm-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-so-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sq-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ss-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-st-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sv-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-sw-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-szl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ta-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tcy-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-te-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tg-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-th-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-the-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ti-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tig-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tk-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tl-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tn-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-to-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tpi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tr-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ts-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-tt-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ug-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-uk-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-unm-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ur-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-uz-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-ve-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-vi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-wa-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-wae-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-wal-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-wo-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-xh-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-yi-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-yo-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-yue-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-yuw-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-zh-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-langpack-zu-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-locale-source-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-minimal-langpack-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-utils-2.28-251.0.3.el8_10.22.aarch64.rpm libnsl-2.28-251.0.3.el8_10.22.aarch64.rpm nscd-2.28-251.0.3.el8_10.22.aarch64.rpm nss_db-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-benchtests-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-nss-devel-2.28-251.0.3.el8_10.22.aarch64.rpm glibc-static-2.28-251.0.3.el8_10.22.aarch64.rpm nss_hesiod-2.28-251.0.3.el8_10.22.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//glibc-2.28-251.0.3.el8_10.22.src.rpm Related CVEs: CVE-2025-4802 Description of changes: [2.28-251.0.3.22] - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of Oracle patches Reviewed-by: David Faust February-19-2025 Cupertino Miranda - 2.28-251.0.2.13 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi January-28-2025 Cupertino Miranda - 2.28-251.0.2.11 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi September-24-2024 Cupertino Miranda - 2.28-251.0.2.5 - Forward port of Oracle patches over 2.28-251.5 Reviewed-by: Jose E. Marchesi August-26-2024 Jose E. Marchesi - 2.28-251.0.2.4 - Forward port of Oracle patches over 2.28-251.4 Reviewed-by: David Faust May-24-2024 Cupertino Miranda - 2.28-251.0.2.2 - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 - Forward port of Oracle patches for ol8-u10 Reviewed-by: Jose E. Marchesi March-28-2024 Cupertino Miranda - 2.28-251.0.1 - Forward port of Oracle patches for ol8-u10-beta Reviewed-by: Jose E. Marchesi March-5-2024 Cupertino Miranda - 2.28-236.0.1.12 - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi November-14-2023 Cupertino Miranda - 2.28-236.0.1.7 - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi October-4-2023 Cupertino Miranda - 2.28-236.0.1.6 - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi April-21-2023 Cupertino Miranda - 2.28-225.0.3 - OraBug 35317410 Glibc tunable to disable huge pages on pthread_create stacks - Created tunable glibc.pthread.stack_hugetlb to control when hugepages can be used for stack allocation. - In case THP are enabled and glibc.pthread.stack_hugetlb is set to 0, glibc will madvise the kernel not to use allow hugepages for stack allocations. Reviewed-by: Jose E. Marchesi April-11-2023 Cupertino Miranda - 2.28-225.0.2 - OraBug: 35268809 Fixed initialization of VDSO for tcache_key_initialize Reviewed-by: Jose E. Marchesi March-28-2023 Cupertino Miranda - 2.28-225.0.1 - Merge of Oracle patches for ol8u8 beta Reviewed-by: Jose E. Marchesi September-28-2022 Patrick McGehearty - 2.28-211.0.1 - Merge of Oracle patches for ol8u7 beta Reviewed-by: Jose E. Marchesi August-8-2022 Patrick McGehearty - 2.28-189.5.0.2 - Enable VDSO on x86_64, aarch64, i386, arm, and mips statically linked programs. - These changes enable reading the realtime clock without a kernel syscall. OraBug: 30478315 Reviewed-by: Jose E. Marchesi May-2-2022 Patrick McGehearty - 2.28-199.0.1 - Merge of patches from c8s 199 with ol8u6 beta Reviewed-by: Jose E. Marchesi - Update siginfo constants from linux kernel (OraBug: 33734528) - Remove limit on MALLOC_MMAP_THRESHOLD tunable (Orabug: 29630826) - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex (Orabug: 27982358) Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list (Patrick McGehearty) - add optimized memset for emag - add an ASIMD variant of strlen for falkor Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. (Orabug: 28849085) - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if (stream->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*stream->_lock); OraBug: 28481550. Reviewed-by: Qing Zhao [2.28-251.22] - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92685) [2.28-251.21] - elf: Keep using minimal malloc after early DTV resize (RHEL-71921) [2.28-251.20] - Add missing libnss_testX.so requirement for tst-nss-test3 (RHEL-88813) [2.28-251.19] - libio: Fix a deadlock after fork in popen - libio: Correctly link tst-popen-fork against libpthread (RHEL-86018) [2.28-251.18] - x86: Avoid integer truncation with large cache sizes (RHEL-76387) [2.28-251.17] - x86: Check the lower byte of EAX of CPUID leaf 2 (RHEL-76211) [2.28-251.16] - nscd: Fix an unlikely TTL issue in the netgroup cache (RHEL-35280) [2.28-251.15] - CVE-2025-0395: Fix a buffer overflow in assert (RHEL-83306) [2.28-251.14] - Correct locking and cancellation cleanup in syslog functions (RHEL-78390) [2.28-251.13] - Restore internal ABI to avoid tooling false positives (RHEL-8381) [2.28-251.12] - Fix missed wakeup in POSIX thread condition variables (RHEL-8381) [2.28-251.11] - add GB18030-2022 charmap and tests (RHEL-67806) [2.28-251.10] - Remove some unused ppc64le string functions (RHEL-61259) [2.28-251.9] - Use /sbin/ldconfig path for lorax compatibility (RHEL-63048) [2.28-251.8] - aarch64: MTE compatible strncmp (RHEL-61255) [2.28-251.7] - Use UsrMove path destination in the RPM files (RHEL-63048) [2.28-251.6] - s390x: Fix segfault in wcsncmp - Enhanced test coverage for strncmp, wcsncmp (RHEL-49490) [2.28-251.5] - elf: Clarify and invert second argument of _dl_allocate_tls_init - elf: Avoid re-initializing already allocated TLS in dlopen (RHEL-36147) [2.28-251.4] - elf: Avoid some free (NULL) calls in _dl_update_slotinfo - elf: Support recursive use of dynamic TLS in interposed malloc (RHEL-39994) [2.28-251.3] - Update i386 libm-test-ulps (RHEL-52428) [2.28-251.2] - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267) - CVE-2024-33601: nscd: crash on out-of-memory condition (RHEL-34271) - CVE-2024-33602: nscd: memory corruption with NSS netgroup modules (RHEL-34273) [2.28-251.1] - CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31804) [2.28-251] - Cache information in x86_64 ld.so --list-diagnostics output (RHEL-21997) [2.28-250] - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19445) [2.28-249] - Updates for AMD cache size computation (RHEL-3010) [2.28-248] - Re-enable output buffering for wide stdio streams (RHEL-19824) [2.28-247] - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17468) [2.28-246] - Include CentOS Hyperscaler SIG patches backported by Intel (RHEL-15696) [2.28-245] - Improve compatibility between underlinking and IFUNC resolvers (RHEL-16825) [2.28-244] - Restore compatibility with C90 compilers (RHEL-15867) [2.28-243] - ldconfig should skip temporary files created by RPM (RHEL-13720) [2.28-242] - Fix force-first handling in dlclose (RHEL-10481) [2.28-241] - Avoid lazy binding failures during dlclose (RHEL-3639) [2.28-240] - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-12894) [2.28-239] - nscd: Skip unusable entries in first pass in prune_cache (RHEL-1192) [2.28-238] - Fix slow tls access after dlopen (RHEL-2122) [2.28-237] - Enable running a single test from the testsuite (RHEL-3757) [2.28-236.7] - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3036) [2.28-236.6] - Revert: Always call destructors in reverse constructor order (#2233338) [2.28-236.5] - CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2423) [2.28-236.4] - CVE-2023-4813: Work around RHEL-8 limitation in test (RHEL-2435) [2.28-236.3] - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435) [2.28-236.2] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234714) [2.28-236.1] - Always call destructors in reverse constructor order (#2233338) [2.28-236] - Fix string and memory function tuning on small systems (#2180462) [2.28-235] - Fix temporal threshold calculations (#2180462) [2.28-234] - Ignore symbolic link change on /etc/nsswitch.conf (#2229709) [2.28-233] - Update test to closer match upstream. (#2176707) [2.28-232] - Make libSegFault.so NODELETE (#2224348) [2.28-231] - Update ESTALE error message translations (#2186781) [2.28-230] - Don't block SIGCHILD when system() is called concurrently (#2176707) [2.28-229] - resolv_conf: release lock on allocation failure (#2213909) [2.28-228] - gmon: Various bug fixes (#2180155) [2.28-227] - Change sgetsgent_r to set errno. (#2172949) [2.28-226] - Fix incorrect inline feraiseexcept on i686, x86-64 (#2183081) [2.28-225] - Enforce a specififc internal ordering for tunables (#2154914) [2.28-224] - Fix rtld-audit trampoline for aarch64 (#2144568) [2.28-223] - Backport upstream fixes to tst-pldd (#2142937) [2.28-222] - Restore IPC_64 support in sysvipc *ctl functions (#2141989) [2.28-221] - Switch to fast DSO dependency sorting algorithm (#1159809) [2.28-220] - Explicitly switch to --with-default-link=no (#2109510) - Define MAP_SYNC on ppc64le (#2139875) [2.28-219] - Fix -Wstrict-overflow warning when using CMSG_NXTHDR macro (#2116938) [2.28-218] - Fix dlmopen/dlclose/dlmopen sequence and libc initialization (#2121746) [2.28-217] - Fix memory corruption in printf with thousands separators and large integer width (#2122501) [2.28-216] - Retain .gnu_debuglink section for libc.so.6 (#2115830) - Remove .annobin* symbols from ld.so - Remove redundant ld.so debuginfo file [2.28-215] - Improve malloc implementation (#1871383) [2.28-214] - Fix hwcaps search path size computation (#2125222) [2.28-213] - Fix nscd netlink cache invalidation if epoll is used (#2122498) [2.28-212] - Run tst-audit-tlsdesc, tst-audit-tlsdesc-dlopen everywhere (#2118667) [2.28-211] - Preserve GLRO (dl_naudit) internal ABI (#2119304) - Avoid s390x ABI change due to z16 recognition on s390x (#2119304) [2.28-210] - Fix locale en_US at ampm (#2104907) [2.28-209] - Improve dynamic loader auditing interface (LD_AUDIT) (#2047981) - Add dlinfo() API support for RTLD_DI_PHDR (#2097898) [2.28-208] - Update syscall-names.list to Linux 5.18. (#2080349) [2.28-207] - Add the no-aaaa DNS stub resolver option (#2096189) [2.28-206] - Fix deadlocks in pthread_atfork handlers (#1888660) * Tue Jun 07 2022 DJ Delorie (#1775294) [2.28-96] - x86-64: Ignore LD_PREFER_MAP_32BIT_EXEC in SUID binaries (#1774021) [2.28-95] - Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP (#1764214) [2.28-94] - Refuse to dlopen PIE objects (#1764223) [2.28-93] - Fix C.UTF-8 locale source ellipsis expressions (#1361965) [2.28-92] - Fix hangs during malloc tracing (#1764235) [2.28-91] - Support moving versioned symbols between sonames (#1764231) [2.28-90] - Avoid creating stale utmp entries for repeated pututxline (#1749439) [2.28-89] - Backport more precise tokenizer for installed headers test (#1769304) [2.28-88] - math: Enable some math builtins for clang in LLVM Toolset (#1764242) [2.28-87] - Support Fortran vectorized math functions with GCC Toolset 9 (#1764238) [2.28-86] - aarch64: Support STO_AARCH64_VARIANT_PCS, DT_AARCH64_VARIANT_PCS (#1726638) [2.28-85] - Add more test-in-container support (#1747502) [2.28-84] - Fix calling getpwent after endpwent (#1747502) [2.28-83] - nptl: Avoid fork handler lock for async-signal-safe fork (#1746928) [2.28-82] - Call _dl_open_check after relocation (#1682954) [2.28-81] - Add malloc fastbin tunable (#1764218) [2.28-80] - Fix race condition in tst-clone3 and add a new ldconfig test, tst-ldconfig-bad-aux-cache (#1764226) [2.28-79] - Remove unwanted whitespace from size lines and account for top chunk in malloc_info output (#1735747) [2.28-78] - Enhance malloc tcache (#1746933) [2.28-77] - Don't define initgroups in nsswitch.conf (#1747505) [2.28-76] - libio: Remove codecvt vtable. (#1764241) [2.28-75] - Implement --preload option for the dynamic linker.(#1747453) [2.28-74] - Make nsswitch.conf more distribution friendly. Improve nscd.conf comments. (#1747505) [2.28-73] - Update system call names list to Linux 5.3 (#1764234) [2.28-72] - Skip wide buffer handling for legacy stdio handles (#1722215) [2.28-71] - Remove copy_file_range emulation (#1724975) [2.28-70] - Avoid nscd assertion failure during persistent db check (#1727152) [2.28-69] - Fix invalid free under valgrind with libdl (#1717438) [2.28-68] - Account for size of locale-archive in rpm package (#1725131) [2.28-67] - Reject IP addresses with trailing characters in getaddrinfo (#1727241) [2.28-66] - Avoid header conflict between and (#1699194) [2.28-65] - glibc-all-langpacks: Do not delete locale archive during update (#1717347) - Do not mark /usr/lib/locale/locale-archive as a configuration file because it is always automatically overwritten by build-locale-archive. [2.28-64] - Avoid ABI exposure of the NSS service_user type (#1710894) [2.28-63] - Enable full ICMP errors for UDP DNS sockets. (#1670043) [2.28-62] - Convert post-install binary to rpm lua scriptlet (#1639346) [2.28-61] - Fix crash during wide stream buffer flush (#1710478) [2.28-60] - Add PF_XDP, AF_XDP and SOL_XDP from Linux 4.18 (#1706777) [2.28-59] - Add .gdb_index to debug information (#1612448) * Wed May 22 2019 DJ Delorie header - Put the correct Unicode version number 11.0.0 into the generated files [2.27.9000-37] - Work around valgrind issue on i686 (#1600034) [2.27.9000-36] - Auto-sync with upstream branch master, commit fd70af45528d59a00eb3190ef6706cb299488fcd: - Add the statx function - regexec: Fix off-by-one bug in weight comparison (#1582229) - nss_files: Fix re-reading of long lines (swbz#18991) - aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT - aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT - conform/conformtest.pl: Escape literal braces in regular expressions - x86: Use AVX_Fast_Unaligned_Load from Zen onwards. [2.27.9000-35] - Remove ppc64 multilibs [2.27.9000-34] - Auto-sync with upstream branch master, commit 3a885c1f51b18852869a91cf59a1b39da1595c7a. [2.27.9000-33] - Enable build flags inheritance for nonshared flags [2.27.9000-32] - Add annobin annotations to assembler code (#1548438) [2.27.9000-31] - Enable -D_FORTIFY_SOURCE=2 for nonshared code [2.27.9000-30] - Auto-sync with upstream branch master, commit b7b88cea4151d85eafd7ababc2e4b7ae1daeedf5: - New locale: dsb_DE (Lower Sorbian) [2.27.9000-29] - Drop glibc-deprecate_libcrypt.patch. Variant applied upstream. (#1566464) - Drop glibc-linux-timespec-header-compat.patch. Upstreamed. - Auto-sync with upstream branch master, commit e69d994a63afc2d367f286a2a7df28cbf710f0fe. [2.27.9000-28] - Drop glibc-rh1315108.patch. extend_alloca was removed upstream. (#1315108) - Auto-sync with upstream branch master, commit c49e18222e4c40f21586dabced8a49732d946917. [2.27.9000-27] - Compatibility fix for and [2.27.9000-26] - Auto-sync with upstream branch master, commit f496b28e61d0342f579bf794c71b80e9c7d0b1b5. [2.27.9000-25] - Auto-sync with upstream branch master, commit f2857da7cdb65bfad75ee30981f5b2fde5bbb1dc. [2.27.9000-24] - Auto-sync with upstream branch master, commit 14beef7575099f6373f9a45b4656f1e3675f7372: - iconv: Make IBM273 equivalent to ISO-8859-1 (#1592270) [2.27.9000-23] - Inherit the -msse2 build flag as well (#1592212) [2.27.9000-22] - Modernise nsswitch.conf defaults (#1581809) - Adjust build flags inheritence from redhat-rpm-config - Auto-sync with upstream branch master, commit 104502102c6fa322515ba0bb3c95c05c3185da7a. [2.27.9000-21] - Auto-sync with upstream branch master, commit c1dc1e1b34873db79dfbfa8f2f0a2abbe28c0514. [2.27.9000-20] - Auto-sync with upstream branch master, commit 7f9f1ecb710eac4d65bb02785ddf288cac098323: - CVE-2018-11237: Buffer overflow in __mempcpy_avx512_no_vzeroupper (#1581275) - Drop glibc-rh1452750-allocate_once.patch, glibc-rh1452750-libidn2.patch. Applied upstream. [2.27.9000-19] - Auto-sync with upstream branch master, commit 8f145c77123a565b816f918969e0e35ee5b89153. [2.27.9000-18] - Do not run telinit u on upgrades (#1579225) - Auto-sync with upstream branch master, commit 632a6cbe44cdd41dba7242887992cdca7b42922a. [2.27.9000-17] - Avoid exporting some Sun RPC symbols with default versions (#1577210) - Inherit the -mstackrealign flag if it is set - Inherit compiler flags in the original order - Auto-sync with upstream branch master, commit 89aacb513eb77549a29df2638913a0f8178cf3f5: - CVE-2018-11236: realpath: Fix path length overflow (#1581270, swbz#22786) [2.27.9000-16] - Use /usr/bin/python3 for benchmarks scripts (#1577223) [2.27.9000-15] - Auto-sync with upstream branch master, commit 0085be1415a38b40a5a1a12e49368498f1687380. [2.27.9000-14] - Auto-sync with upstream branch master, commit 583a27d525ae189bdfaa6784021b92a9a1dae12e. [2.27.9000-13] - Auto-sync with upstream branch master, commit d39c0a459ef32a41daac4840859bf304d931adab: - CVE-2017-18269: memory corruption in i386 memmove (#1580934) [2.27.9000-12] - Auto-sync with upstream branch master, commit fbce6f7260c3847f14dfa38f60c9111978fb33a5. [2.27.9000-11] - Auto-sync with upstream branch master, commit 700593fdd7aef1e36cfa8bad969faab76a6facda. [2.27.9000-10] - Auto-sync with upstream branch master, commit 7108f1f944792ac68332967015d5e6418c5ccc88. [2.27.9000-9] - Auto-sync with upstream branch master, commit da6d4404ecfd7eacba8c096b0761a5758a59da4b. [2.27.9000-8] - Enable annobin annotations (#1548438) [2.27.9000-7] - Auto-sync with upstream branch master, commit 1a2f44a848663036c8a14671fe0faa3fed0b2a25: - Remove spurios reference to libpthread_nonshared.a [2.27.9000-6] - Switch back to upstream master branch - Drop glibc-rh1013801.patch, applied upstream. - Drop glibc-fedora-nptl-linklibc.patch, no longer needed. - Auto-sync with upstream branch master, commit bd60ce86520b781ca24b99b2555e2ad389bbfeaa. [2.27-5] - Inherit as many flags as possible from redhat-rpm-config (#1550914) [2.27-4] - riscv64: Add symlink from /usr/lib64/lp64d -> /usr/lib64 for ABI compat. - riscv64: Disable valgrind smoke test on this architecture. [2.27-3] - Spec file cleanups: - Remove %defattr(-,root,root) - Use shell to run ldconfig %transfiletrigger - Move %transfiletrigger* to the glibc-common subpackage - Trim changelog - Include ChangeLog.old in the source RPM [2.27-2.1] - Linux: use reserved name __key in pkey_get (#1542643) - Auto-sync with upstream branch release/2.27/master, commit 56170e064e2b21ce204f0817733e92f1730541ea. * Wed Feb 07 2018 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.27-1] - Update to released glibc 2.27. - Auto-sync with upstream branch master, commit 23158b08a0908f381459f273a984c6fd328363cb. [2.26.9000-52] - Disable -fstack-clash-protection on riscv64: not supported even by GCC 7.3.1 on this architecture. [2.26.9000-51] - Explicitly run ldconfig in the buildroot - Do not run ldconfig from scriptlets - Put triggers into the glibc-common package, do not pass arguments to ldconfig [2.26.9000-50] - Auto-sync with upstream branch master, commit cdd14619a713ab41e26ba700add4880604324dbb: - libnsl: Turn remaining symbols into compat symbols (swbz#22701) - be_BY, be_BY at latin, lt_LT, el_CY, el_GR, ru_RU, ru_UA, uk_UA: Add alternative month names (swbz#10871) - x86: Revert Intel CET changes to __jmp_buf_tag (swbz#22743) - aarch64: Revert the change of the __reserved member of mcontext_t [2.26.9000-49] - Add file triggers to do ldconfig calls automatically [2.26.9000-48] - Auto-sync with upstream branch master, commit 21c0696cdef617517de6e25711958c40455c554f: - locale: Implement alternative month names (swbz#10871) - locale: Change month names for pl_PL (swbz#10871) [2.26.9000-47] - Unconditionally build without libcrypt [2.26.9000-46] - Remove deprecated libcrypt, gets replaced by libxcrypt - Add applicable Requires on libxcrypt [2.26.9000-45] - Drop static PIE support on aarch64. It leads to crashes at run time. - Remove glibc-rpcgen subpackage. See rpcsvc-proto. (#1531540) [2.26.9000-44] - Correct the list of static PIE architectures (#1247050) - glibc_post_upgrade: Remove process restart logic - glibc_post_upgrade: Integrate into the build process - glibc_post_upgrade: Do not clean up tls subdirectories - glibc_post_upgrade: Drop ia64 support - Remove architecture-specific symbolic link for iconvconfig - Auto-sync with upstream branch master, commit 4612268a0ad8e3409d8ce2314dd2dd8ee0af5269: - powerpc: Fix syscalls during early process initialization (swbz#22685) [2.26.9000-43] - Enable static PIE support on i386, x86_64 (#1247050) - Remove add-on support (already gone upstream) - Rework test suite status reporting - Auto-sync with upstream branch master, commit 64f63cb4583ecc1ba16c7253aacc192b6d088511: - malloc: Fix integer overflows in memalign and malloc functions (swbz#22343) - x86-64: Properly align La_x86_64_retval to VEC_SIZE (swbz#22715) - aarch64: Update bits/hwcap.h for Linux 4.15 - Add NT_ARM_SVE to elf.h [2.26.9000-42] - CVE-2017-14062, CVE-2016-6261, CVE-2016-6263: Use libidn2 for IDNA support (#1452750) [2.26.9000-41] - CVE-2018-1000001: Make getcwd fail if it cannot obtain an absolute path (#1533837) - elf: Synchronize DF_1_* flags with binutils (#1439328) - Auto-sync with upstream branch master, commit 860b0240a5645edd6490161de3f8d1d1f2786025: - aarch64: fix static pie enabled libc when main is in a shared library - malloc: Ensure that the consolidated fast chunk has a sane size [2.26.9000-40] - libnsl: Do not install libnsl.so, libnsl.a (#1531540) - Use unversioned Supplements: for langpacks (#1490725) - Auto-sync with upstream branch master, commit 9a08a366a7e7ddffe62113a9ffe5e50605ea0924: - hu_HU locale: Avoid double space (swbz#22657) - math: Make default libc_feholdsetround_noex_ctx use __feholdexcept (swbz#22702) [2.26.9000-39] - nptl: Open libgcc.so with RTLD_NOW during pthread_cancel (#1527887) - Introduce libnsl subpackage and remove NIS headers (#1531540) - Use versioned Obsoletes: for libcrypt-nss. - Auto-sync with upstream branch master, commit 08c6e95234c60a5c2f37532d1111acf084f39345: - nptl: Add tst-minstack-cancel, tst-minstack-exit (swbz#22636) - math: ldbl-128ibm log1pl (-qNaN) spurious "invalid" exception (swbz#22693) [2.26.9000-38] - nptl: Fix stack guard size accounting (#1527887) - Remove invalid Obsoletes: on glibc-header provides - Require python3 instead of python during builds - Auto-sync with upstream branch master, commit 09085ede12fb9650f286bdcd805609ae69f80618: - math: ldbl-128ibm lrintl/lroundl missing "invalid" exceptions (swbz#22690) - x86-64: Add sincosf with vector FMA [2.26.9000-37] - Add glibc-rpcgen subpackage, until the replacement is packaged (#1531540) [2.26.9000-36] - Auto-sync with upstream branch master, commit 579396ee082565ab5f42ff166a264891223b7b82: - nptl: Add test for callee-saved register restore in pthread_exit - getrlimit64: fix for 32-bit configurations with default version >= 2.2 - elf: Add linux-4.15 VDSO hash for RISC-V - elf: Add RISC-V dynamic relocations to elf.h - powerpc: Fix error message during relocation overflow - prlimit: Replace old_rlimit RLIM64_INFINITY with RLIM_INFINITY (swbz#22678) [2.26.9000-35] - Remove sln (#1531546) - Remove Sun RPC interfaces (#1531540) - Rebuild with newer GCC to fix pthread_exit stack unwinding issue (#1529549) - Auto-sync with upstream branch master, commit f1a844ac6389ea4e111afc019323ca982b5b027d: - CVE-2017-16997: elf: Check for empty tokens before DST expansion (#1526866) - i386: In makecontext, align the stack before calling exit (swbz#22667) - x86, armhfp: sync sys/ptrace.h with Linux 4.15 (swbz#22433) - elf: check for rpath emptiness before making a copy of it - elf: remove redundant is_path argument - elf: remove redundant code from is_dst - elf: remove redundant code from _dl_dst_substitute - scandir: fix wrong assumption about errno (swbz#17804) - Deprecate external use of libio.h and _G_config.h [2.26.9000-34] - Auto-sync with upstream branch master, commit bad7a0c81f501fbbcc79af9eaa4b8254441c4a1f: - copy_file_range: New function to copy file data - nptl: Consolidate pthread_{timed,try}join{_np} - nptl: Implement pthread_self in libc.so (swbz#22635) - math: Provide a C++ version of iseqsig (swbz#22377) - elf: remove redundant __libc_enable_secure check from fillin_rpath - math: Avoid signed shift overflow in pow (swbz#21309) - x86: Add feature_1 to tcbhead_t (swbz#22563) - x86: Update cancel_jmp_buf to match __jmp_buf_tag (swbz#22563) - ld.so: Examine GLRO to detect inactive loader (swbz#20204) - nscd: Fix nscd readlink argument aliasing (swbz#22446) - elf: do not substitute dst in $LD_LIBRARY_PATH twice (swbz#22627) - ldconfig: set LC_COLLATE to C (swbz#22505) - math: New generic sincosf - powerpc: st{r,p}cpy optimization for aligned strings - CVE-2017-1000409: Count in expanded path in _dl_init_path (#1524867) - CVE-2017-1000408: Compute correct array size in _dl_init_paths (#1524867) - x86-64: Remove sysdeps/x86_64/fpu/s_cosf.S - aarch64: Improve strcmp unaligned performance [2.26.9000-33] - Remove power6 platform directory (#1522675) [2.26.9000-32] - Obsolete the libcrypt-nss subpackage (#1525396) - armhfp: Disable -fstack-clash-protection due to GCC bug (#1522678) - ppc64: Disable power6 multilib due to GCC bug (#1522675) - Auto-sync with upstream branch master, commit 243b63337c2c02f30ec3a988ecc44bc0f6ffa0ad: - libio: Free backup area when it not required (swbz#22415) - math: Fix nextafter and nexttoward declaration (swbz#22593) - math: New generic cosf - powerpc: POWER8 memcpy optimization for cached memory - x86-64: Add sinf with FMA - x86-64: Remove sysdeps/x86_64/fpu/s_sinf.S - math: Fix ctanh (0 + i NaN), ctanh (0 + i Inf) (swbz#22568) - lt_LT locale: Base collation on copy "iso14651_t1" (swbz#22524) - math: Add _Float32 function aliases - math: Make cacosh (0 + iNaN) return NaN + i pi/2 (swbz#22561) - hsb_DE locale: Base collation on copy "iso14651_t1" (swbz#22515) [2.26.9000-31] - Add elision tunables. Drop related configure flag. (#1383986) - Auto-sync with upstream branch master, commit 37ac8e635a29810318f6d79902102e2e96b2b5bf: - Linux: Implement interfaces for memory protection keys - math: Add _Float64, _Float32x function aliases - math: Use sign as double for reduced case in sinf - math: fix sinf(NAN) - math: s_sinf.c: Replace floor with simple casts - et_EE locale: Base collation on iso14651_t1 (swbz#22517) - tr_TR locale: Base collation on iso14651_t1 (swbz#22527) - hr_HR locale: Avoid single code points for digraphs in LC_TIME (swbz#10580) - S390: Fix backtrace in vdso functions [2.26.9000-30] - Add build dependency on bison - Auto-sync with upstream branch master, commit 7863a7118112fe502e8020a0db0fa74fef281f29: - math: New generic sinf (swbz#5997) - is_IS locale: Base collation on iso14651_t1 (swbz#22519) - intl: Improve reproducibility by using bison (swbz#22432) - sr_RS, bs_BA locales: make collation rules the same as for hr_HR (wbz#22534) - hr_HR locale: various updates (swbz#10580) - x86: Make a space in jmpbuf for shadow stack pointer - CVE-2017-17426: malloc: Fix integer overflow in tcache (swbz#22375) - locale: make forward accent sorting the default in collating (swbz#17750) [2.26.9000-29] - Enable -fstack-clash-protection (#1512531) - Auto-sync with upstream branch master, commit a55430cb0e261834ce7a4e118dd9e0f2b7fb14bc: - elf: Properly compute offsets of note descriptor and next note (swbz#22370) - cs_CZ locale: Base collation on iso14651_t1 (swbz#22336) - Implement the mlock2 function - Add _Float64x function aliases - elf: Consolidate link map sorting - pl_PL locale: Base collation on iso14651_t1 (swbz#22469) - nss: Export nscd hash function as __nss_hash (swbz#22459) [2.26.9000-28] - Auto-sync with upstream branch master, commit cccb6d4e87053ed63c74aee063fa84eb63ebf7b8: - sigwait can fail with EINTR (#1516394) - Add memfd_create function - resolv: Fix p_secstodate overflow handling (swbz#22463) - resolv: Obsolete p_secstodate - Avoid use of strlen in getlogin_r (swbz#22447) - lv_LV locale: fix collation (swbz#15537) - S390: Add cfi information for start routines in order to stop unwinding - aarch64: Optimized memset for falkor [2.26.9000-27] - Auto-sync with upstream branch master, commit f6e965ee94b37289f64ecd3253021541f7c214c3: - powerpc: AT_HWCAP2 bit PPC_FEATURE2_HTM_NO_SUSPEND - aarch64: Add HWCAP_DCPOP bit - ttyname, ttyname_r: Don't bail prematurely (swbz#22145) - signal: Optimize sigrelse implementation - inet: Check length of ifname in if_nametoindex (swbz#22442) - malloc: Account for all heaps in an arena in malloc_info (swbz#22439) - malloc: Add missing arena lock in malloc_info (swbz#22408) - malloc: Use __builtin_tgmath in tgmath.h with GCC 8 (swbz#21660) - locale: Replaced unicode sequences in the ASCII printable range - resolv: More precise checks in res_hnok, res_dnok (swbz#22409, swbz#22412) - resolv: ns_name_pton should report trailing \ as error (swbz#22413) - locale: mfe_MU, miq_NI, an_ES, kab_DZ, om_ET: Escape / in d_fmt (swbz#22403) [2.26.9000-26] - Auto-sync with upstream branch master, commit 6b86036452b9ac47b4ee7789a50f2f37df7ecc4f: - CVE-2017-15804: glob: Fix buffer overflow during GLOB_TILDE unescaping - powerpc: Use latest string function optimization for internal function calls - math: No _Float128 support for ppc64le -mlong-double-64 (swbz#22402) - tpi_PG locale: Fix wrong d_fmt - aarch64: Disable lazy symbol binding of TLSDESC - tpi_PG locale: fix syntax error (swbz#22382) - i586: Use conditional branches in strcpy.S (swbz#22353) - ffsl, ffsll: Declare under __USE_MISC, not just __USE_GNU - csb_PL locale: Fix abmon/mon for March (swbz#19485) - locale: Various yesstr/nostr/yesexpr/noexpr fixes (swbz#15260, swbz#15261) - localedef: Add --no-warnings/--warnings option - powerpc: Replace lxvd2x/stxvd2x with lvx/stvx in P7's memcpy/memmove - locale: Use ASCII as much as possible in LC_MESSAGES - Add new locale yuw_PG (swbz#20952) - malloc: Add single-threaded path to malloc/realloc/calloc/memalloc - i386: Replace assembly versions of e_powf with generic e_powf.c - i386: Replace assembly versions of e_log2f with generic e_log2f.c - x86-64: Add powf with FMA - x86-64: Add logf with FMA - i386: Replace assembly versions of e_logf with generic e_logf.c - i386: Replace assembly versions of e_exp2f with generic e_exp2f.c - x86-64: Add exp2f with FMA - i386: Replace assembly versions of e_expf with generic e_expf.c [2.26.9000-25] - Auto-sync with upstream branch master, commit 797ba44ba27521261f94cc521f1c2ca74f650147: - math: Add bits/floatn.h defines for more _FloatN / _FloatNx types - posix: Fix improper assert in Linux posix_spawn (swbz#22273) - x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve (swbz#21265) - CVE-2017-15670: glob: Fix one-byte overflow (#1504807) - malloc: Add single-threaded path to _int_free - locale: Add new locale kab_DZ (swbz#18812) - locale: Add new locale shn_MM (swbz#13605) [2.26.9000-24] - Use make -O to serialize make output - Auto-sync with upstream branch master, commit 63b4baa44e8d22501c433c4093aa3310f91b6aa2: - sysconf: Fix missing definition of UIO_MAXIOV on Linux (#1504165) - Install correct bits/long-double.h for MIPS64 (swbz#22322) - malloc: Fix deadlock in _int_free consistency check - x86-64: Don't set GLRO(dl_platform) to NULL (swbz#22299) - math: Add _Float128 function aliases - locale: Add new locale mjw_IN (swbz#13994) - aarch64: Rewrite elf_machine_load_address using _DYNAMIC symbol - powerpc: fix check-before-set in SET_RESTORE_ROUND - locale: Use U+202F as thousands separators in pl_PL locale (swbz#16777) - math: Use __f128 to define FLT128_* constants in include/float.h for old GCC - malloc: Improve malloc initialization sequence (swbz#22159) - malloc: Use relaxed atomics for malloc have_fastchunks - locale: New locale ca_ES at valencia (swbz#2522) - math: Let signbit use the builtin in C++ mode with gcc < 6.x (swbz#22296) - locale: Place monetary symbol in el_GR, el_CY after the amount (swbz#22019) [2.26.9000-23] - Switch to .9000 version numbers during development [2.26.90-22] - Auto-sync with upstream branch master, commit c38a4bfd596db2be2b9c1f96715bdc833eab760a: - malloc: Use compat_symbol_reference in libmcheck (swbz#22050) [2.26.90-21] - Auto-sync with upstream branch master, commit 596f70134a8f11967c65c1d55a94a3a2718c731d: - Silence -O3 -Wall warning in malloc/hooks.c with GCC 7 (swbz#22052) - locale: No warning for non-symbolic character (swbz#22295) - locale: Allow "" int_curr_Symbol (swbz#22294) - locale: Fix localedef exit code (swbz#22292) - nptl: Preserve error in setxid thread broadcast in coredumps (swbz#22153) - powerpc: Avoid putting floating point values in memory (swbz#22189) - powerpc: Fix the carry bit on mpn_[add|sub]_n on POWER7 (swbz#22142) - Support profiling PIE (swbz#22284) [2.26.90-20] - Auto-sync with upstream branch master, commit d8425e116cdd954fea0c04c0f406179b5daebbb3: - nss_files performance issue in multi mode (swbz#22078) - Ensure C99 and C11 interfaces are available for C++ (swbz#21326) [2.26.90-19] - Move /var/db/Makefile to nss_db (#1498900) - Auto-sync with upstream branch master, commit 645ac9aaf89e3311949828546df6334322f48933: - openpty: use TIOCGPTPEER to open slave side fd [2.26.90-18] - Auto-sync with upstream master, commit 1e26d35193efbb29239c710a4c46a64708643320. - malloc: Fix tcache leak after thread destruction (swbz#22111) - powerpc: Fix IFUNC for memrchr. - aarch64: Optimized implementation of memmove for Qualcomm Falkor - Always do locking when iterating over list of streams (swbz#15142) - abort: Do not flush stdio streams (swbz#15436) [2.26.90-17] - Move nss_compat to the main glibc package (#1400538) - Auto-sync with upstream master, commit 11c4f5010c58029e73e656d5df4f8f42c9b8e877: - crypt: Use NSPR header files in addition to NSS header files (#1489339) - math: Fix yn(n,0) without SVID wrapper (swbz#22244) - math: Fix log2(0) and log(10) in downward rounding (swbz#22243) - math: Add C++ versions of iscanonical for ldbl-96, ldbl-128ibm (swbz#22235) - powerpc: Optimize memrchr for power8 - Hide various internal functions (swbz#18822) [2.26.90-16] - Auto-sync with upstream master, commit 1e2bffd05c36a9be30d7092d6593a9e9aa009ada: - Add IBM858 charset (#1416405) - Update kernel version in syscall-names.list to 4.13 - Add Linux 4.13 constants to bits/fcntl-linux.h - Add fcntl sealing interfaces from Linux 3.17 to bits/fcntl-linux.h - math: New generic powf, log2f, logf - Fix nearbyint arithmetic moved before feholdexcept (swbz#22225) - Mark __dso_handle as hidden (swbz#18822) - Skip PT_DYNAMIC segment with p_filesz == 0 (swbz#22101) - glob now matches dangling symbolic links (swbz#866, swbz#22183) - nscd: Release read lock after resetting timeout (swbz#22161) - Avoid __MATH_TG in C++ mode with -Os for fpclassify (swbz#22146) - Fix dlclose/exit race (swbz#22180) - x86: Add SSE4.1 trunc, truncf (swbz#20142) - Fix atexit/exit race (swbz#14333) - Use execveat syscall in fexecve (swbz#22134) - Enable unwind info in libc-start.c and backtrace.c - powerpc: Avoid misaligned stores in memset - powerpc: build some IFUNC math functions for libc and libm (swbz#21745) - Removed redundant data (LC_TIME and LC_MESSAGES) for niu_NZ (swbz#22023) - Fix LC_TELEPHONE for az_AZ (swbz#22112) - x86: Add MathVec_Prefer_No_AVX512 to cpu-features (swbz#21967) - x86: Add x86_64 to x86-64 HWCAP (swbz#22093) - Finish change from ?Bengali? to ?Bangla? (swbz#14925) - posix: fix glob bugs with long login names (swbz#1062) - posix: Fix getpwnam_r usage (swbz#1062) - posix: accept inode 0 is a valid inode number (swbz#19971) - Remove redundant LC_TIME data in om_KE (swbz#22100) - Remove remaining _HAVE_STRING_ARCH_* definitions (swbz#18858) - resolv: Fix memory leak with OOM during resolv.conf parsing (swbz#22095) - Add miq_NI locale for Miskito (swbz#20498) - Fix bits/math-finite.h exp10 condition (swbz#22082) [2.26.90-15] - Auto-sync with upstream master, commit b38042f51430974642616a60afbbf96fd0b98659: - Implement tmpfile with O_TMPFILE (swbz#21530) - Obsolete pow10 functions - math.h: Warn about an already-defined log macro [2.26.90-14] - Build glibc with -O2 (following the upstream default). - Auto-sync with upstream master, commit f4a6be2582b8dfe8adfa68da3dd8decf566b3983: - malloc: Abort on heap corruption, without a backtrace (swbz#21754) - getaddrinfo: Return EAI_NODATA for gethostbyname2_r with NO_DATA (swbz#21922) - getaddrinfo: Fix error handling in gethosts (swbz#21915) (swbz#21922) - Place $(elf-objpfx)sofini.os last (swbz#22051) - Various locale fixes (swbz#15332, swbz#22044) [2.26.90-13] - Drop glibc-rh952799.patch, applied upstream (#952799, swbz#22025) - Auto-sync with upstream master, commit 5f9409b787c5758fc277f8d1baf7478b752b775d: - Various locale fixes (swbz#22022, swbz#22038, swbz#21951, swbz#13805, swbz#21971, swbz#21959) - MIPS/o32: Fix internal_syscall5/6/7 (swbz#21956) - AArch64: Fix procfs.h not to expose stdint.h types - iconv_open: Fix heap corruption on gconv_init failure (swbz#22026) - iconv: Mangle __btowc_fct even without __init_fct (swbz#22025) - Fix bits/math-finite.h _MSUF_ expansion namespace (swbz#22028) - Provide a C++ version of iszero that does not use __MATH_TG (swbz#21930) [2.26.90-12] - Auto-sync with upstream master, commit 2dba5ce7b8115d6a2789bf279892263621088e74. [2.26.90-11] - Auto-sync with upstream master, commit 3d7b66f66cb223e899a7ebc0f4c20f13e711c9e0: - string/stratcliff.c: Replace int with size_t (swbz#21982) - Fix tgmath.h handling of complex integers (swbz#21684) [2.26.90-10] - Use an architecture-independent system call list (#1484729) - Drop glibc-fedora-include-bits-ldbl.patch (#1482105) [2.26.90-9] - Auto-sync with upstream master, commit 80f91666fed71fa3dd5eb5618739147cc731bc89. [2.26.90-8] - Auto-sync with upstream master, commit a8410a5fc9305c316633a5a3033f3927b759be35: - Obsolete matherr, _LIB_VERSION, libieee.a. [2.26.90-7] - Auto-sync with upstream master, commit 4504783c0f65b7074204c6126c6255ed89d6594e. [2.26.90-6] - Auto-sync with upstream master, commit b5889d25e9bf944a89fdd7bcabf3b6c6f6bb6f7c: - assert: Support types without operator== (int) (#1483005) [2.26.90-5] - Auto-sync with upstream master, commit 2585d7b839559e665d5723734862fbe62264b25d: - Do not use generic selection in C++ mode - Do not use __builtin_types_compatible_p in C++ mode (#1481205) - x86-64: Check FMA_Usable in ifunc-mathvec-avx2.h (swbz#21966) - Various locale fixes (swbz#21750, swbz#21960, swbz#21959, swbz#19852) - Fix sigval namespace (swbz#21944) - x86-64: Optimize e_expf with FMA (swbz#21912) - Adjust glibc-rh827510.patch. [2.26-4] - Remove 'Buildroot' tag, 'Group' tag, and '%clean' section, and don't remove the buildroot in '%install', all per Fedora Packaging Guidelines (#1476839) [2.26.90-3] - Auto-sync with upstream master, commit 403143e1df85dadd374f304bd891be0cd7573e3b: - x86-64: Align L(SP_RANGE)/L(SP_INF_0) to 8 bytes (swbz#21955) - powerpc: Add values from Linux 4.8 to - S390: Add new s390 platform z14. - Various locale fixes (swbz#14925, swbz#20008, swbz#20482, swbz#12349 swbz#19982, swbz#20756, swbz#20756, swbz#21836, swbz#17563, swbz#16905, swbz#21920, swbz#21854) - NSS: Replace exported NSS lookup functions with stubs (swbz#21962) - i386: Do not set internal_function - assert: Suppress pedantic warning caused by statement expression (swbz#21242) - powerpc: Restrict xssqrtqp operands to Vector Registers (swbz#21941) - sys/ptrace.h: remove obsolete PTRACE_SEIZE_DEVEL constant (swbz#21928) - Remove __qaddr_t, __long_double_t - Fix uc_* namespace (swbz#21457) - nss: Call __resolv_context_put before early return in get*_r (swbz#21932) - aarch64: Optimized memcpy for Qualcomm Falkor processor - manual: Document getcontext uc_stack value on Linux (swbz#759) - i386: Add (swbz#21913) - Don't use IFUNC resolver for longjmp or system in libpthread (swbz#21041) - Fix XPG4.2 bits/sigaction.h namespace (swbz#21899) - x86-64: Add FMA multiarch functions to libm - i386: Support static PIE in start.S - Compile tst-prelink.c without PIE (swbz#21815) - x86-64: Use _dl_runtime_resolve_opt only with AVX512F (swbz#21871) - x86: Remove __memset_zero_constant_len_parameter (swbz#21790) [2.26-2] - Disable multi-arch (IFUNC string functions) on i686 (#1471427) - Remove nosegneg 32-bit Xen PV support libraries (#1482027) - Adjust spec file to RPM changes [2.26-1] - Update to released glibc 2.26. - Auto-sync with upstream master, commit 2aad4b04ad7b17a2e6b0e66d2cb4bc559376617b. - getaddrinfo: Release resolver context on error in gethosts (swbz#21885) From el-errata at oss.oracle.com Fri Jun 13 12:54:45 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:45 -0700 Subject: [El-errata] ELSA-2025-8815 Important: Oracle Linux 8 .NET 9.0 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8815 http://linux.oracle.com/errata/ELSA-2025-8815.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-9.0.107-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-host-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-runtime-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-9.0.107-1.0.1.el8_10.x86_64.rpm dotnet-sdk-aot-9.0-9.0.107-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.107-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-9.0-9.0.6-1.0.1.el8_10.x86_64.rpm dotnet-templates-9.0-9.0.107-1.0.1.el8_10.x86_64.rpm netstandard-targeting-pack-2.1-9.0.107-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.107-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-9.0.107-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-host-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-runtime-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-9.0.107-1.0.1.el8_10.aarch64.rpm dotnet-sdk-aot-9.0-9.0.107-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.107-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-9.0-9.0.6-1.0.1.el8_10.aarch64.rpm dotnet-templates-9.0-9.0.107-1.0.1.el8_10.aarch64.rpm netstandard-targeting-pack-2.1-9.0.107-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.107-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dotnet9.0-9.0.107-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-30399 Description of changes: [9.0.107-1.0.1] - Add support for Oracle Linux [9.0.107-1] - Update to .NET SDK 9.0.107 and Runtime 9.0.6 - Resolves: RHEL-94422 From el-errata at oss.oracle.com Fri Jun 13 12:54:43 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:43 -0700 Subject: [El-errata] ELSA-2025-8756 Important: Oracle Linux 8 thunderbird security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8756 http://linux.oracle.com/errata/ELSA-2025-8756.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-128.11.0-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-128.11.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-128.11.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-3875 CVE-2025-3877 CVE-2025-3909 CVE-2025-3932 CVE-2025-4918 CVE-2025-4919 CVE-2025-5263 CVE-2025-5264 CVE-2025-5266 CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 Description of changes: [128.11.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [128.11.0] - Add OpenELA debranding [128.11.0-1] - Update to 128.11.0 [128.10.1-1] - Update to 128.10.1 From el-errata at oss.oracle.com Fri Jun 13 12:54:44 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:44 -0700 Subject: [El-errata] ELSA-2025-8812 Important: Oracle Linux 8 .NET 8.0 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8812 http://linux.oracle.com/errata/ELSA-2025-8812.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm dotnet-runtime-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-8.0.117-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-8.0-8.0.17-1.0.1.el8_10.x86_64.rpm dotnet-templates-8.0-8.0.117-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm dotnet-runtime-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-8.0.117-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-8.0-8.0.17-1.0.1.el8_10.aarch64.rpm dotnet-templates-8.0-8.0.117-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dotnet8.0-8.0.117-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-30399 Description of changes: [8.0.117-1.0.1] - Add support for Oracle Linux [8.0.117-1] - Update to .NET SDK 8.0.117 and Runtime 8.0.17 - Resolves: RHEL-94415 From el-errata at oss.oracle.com Fri Jun 13 12:54:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:47 -0700 Subject: [El-errata] ELSA-2025-8844 Important: Oracle Linux 8 mod_security security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8844 http://linux.oracle.com/errata/ELSA-2025-8844.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mod_security-2.9.6-2.el8_10.x86_64.rpm mod_security-mlogc-2.9.6-2.el8_10.x86_64.rpm aarch64: mod_security-2.9.6-2.el8_10.aarch64.rpm mod_security-mlogc-2.9.6-2.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mod_security-2.9.6-2.el8_10.src.rpm Related CVEs: CVE-2025-47947 Description of changes: [2.9.6-2] - add fix for CVE-2025-47947 - Resolves: RHEL-93005 From el-errata at oss.oracle.com Fri Jun 13 12:54:48 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:48 -0700 Subject: [El-errata] ELSA-2025-8918 Moderate: Oracle Linux 8 grafana-pcp security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8918 http://linux.oracle.com/errata/ELSA-2025-8918.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-pcp-5.1.1-10.el8_10.x86_64.rpm aarch64: grafana-pcp-5.1.1-10.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//grafana-pcp-5.1.1-10.el8_10.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [5.1.1-10] - Resolves RHEL-89274: CVE-2025-22871 From el-errata at oss.oracle.com Fri Jun 13 12:55:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:04 -0700 Subject: [El-errata] ELBA-2025-8743-1 Oracle Linux 8 kernel bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8743-1 http://linux.oracle.com/errata/ELBA-2025-8743-1.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.56.1.0.1.el8_10.noarch.rpm kernel-core-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.56.1.0.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm perf-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.56.1.0.1.el8_10.src.rpm Description of changes: [4.18.0-553.56.1.0.1.el8_10.OL8] - scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.56.1.el8_10] - tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (David Arcari) [RHEL-86963] - um: Fix out-of-bounds read in LDT setup (CKI Backport Bot) [RHEL-90261] {CVE-2022-49395} [4.18.0-553.55.1.el8_10] - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (Phil Auld) [RHEL-85171] From el-errata at oss.oracle.com Fri Jun 13 12:54:50 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:54:50 -0700 Subject: [El-errata] ELSA-2025-8958 Moderate: Oracle Linux 8 libxml2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8958 http://linux.oracle.com/errata/ELSA-2025-8958.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libxml2-2.9.7-20.el8_10.i686.rpm libxml2-2.9.7-20.el8_10.x86_64.rpm libxml2-devel-2.9.7-20.el8_10.i686.rpm libxml2-devel-2.9.7-20.el8_10.x86_64.rpm python3-libxml2-2.9.7-20.el8_10.x86_64.rpm aarch64: libxml2-2.9.7-20.el8_10.aarch64.rpm libxml2-devel-2.9.7-20.el8_10.aarch64.rpm python3-libxml2-2.9.7-20.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libxml2-2.9.7-20.el8_10.src.rpm Related CVEs: CVE-2025-32414 Description of changes: [2.9.7-20] - Fix CVE-2025-32414 (RHEL-88198) From el-errata at oss.oracle.com Fri Jun 13 12:55:41 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:41 -0700 Subject: [El-errata] ELSA-2025-20372 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20372 http://linux.oracle.com/errata/ELSA-2025-20372.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.344.4.1.el8uek.x86_64.rpm kernel-uek-container-5.4.17-2136.344.4.1.el8uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.344.4.1.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.344.4.1.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.344.4.1.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.344.4.1.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.344.4.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.344.4.1.el8uek.src.rpm Related CVEs: CVE-2023-52667 CVE-2024-38555 CVE-2024-50000 CVE-2024-50001 CVE-2024-58093 CVE-2025-21956 CVE-2025-21957 CVE-2025-21959 CVE-2025-21971 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21996 CVE-2025-22004 CVE-2025-22005 CVE-2025-22007 CVE-2025-22018 CVE-2025-22020 CVE-2025-22021 CVE-2025-22035 CVE-2025-22045 CVE-2025-22054 CVE-2025-22063 CVE-2025-22071 CVE-2025-22073 CVE-2025-22079 CVE-2025-22086 CVE-2025-23136 CVE-2025-37937 CVE-2025-38637 Description of changes: [5.4.17-2136.344.4.1.el8uek] - certs: Reference revocation list for all keyrings (Eric Snowberg) [Orabug: 38052126] [5.4.17-2136.344.4.el8uek] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555] [5.4.17-2136.344.3.el8uek] - net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859] - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001} - net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016] [5.4.17-2136.344.2.el8uek] - LTS tag: v5.4.292 (Alok Tiwari) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063} - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021} - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet) - netpoll: move netpoll_send_skb() out of line (Eric Dumazet) - netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet) - netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) [5.4.17-2136.344.1.el8uek] - RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729] - nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518] From el-errata at oss.oracle.com Fri Jun 13 12:55:50 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:50 -0700 Subject: [El-errata] ELBA-2025-20370 Oracle Linux 9 crash bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20370 http://linux.oracle.com/errata/ELBA-2025-20370.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: crash-9.0.0-1.0.1.el9.x86_64.rpm crash-devel-9.0.0-1.0.1.el9.i686.rpm crash-devel-9.0.0-1.0.1.el9.x86_64.rpm aarch64: crash-9.0.0-1.0.1.el9.aarch64.rpm crash-devel-9.0.0-1.0.1.el9.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//crash-9.0.0-1.0.1.el9.src.rpm Description of changes: [9.0.0-1.0.1] - Rebase to upstream crash 9.0.0 [Orabug: 37992801] From el-errata at oss.oracle.com Fri Jun 13 12:55:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:51 -0700 Subject: [El-errata] ELBA-2025-8725 Oracle Linux 9 389-ds-base bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8725 http://linux.oracle.com/errata/ELBA-2025-8725.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: 389-ds-base-2.6.1-9.el9_6.x86_64.rpm 389-ds-base-libs-2.6.1-9.el9_6.x86_64.rpm 389-ds-base-snmp-2.6.1-9.el9_6.x86_64.rpm python3-lib389-2.6.1-9.el9_6.noarch.rpm 389-ds-base-devel-2.6.1-9.el9_6.x86_64.rpm aarch64: 389-ds-base-2.6.1-9.el9_6.aarch64.rpm 389-ds-base-libs-2.6.1-9.el9_6.aarch64.rpm 389-ds-base-snmp-2.6.1-9.el9_6.aarch64.rpm python3-lib389-2.6.1-9.el9_6.noarch.rpm 389-ds-base-devel-2.6.1-9.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//389-ds-base-2.6.1-9.el9_6.src.rpm Description of changes: [2.6.1-9] - Reverts: RHEL-80713 - Increased memory consumption caused by NDN cache [rhel-9.6.z] - Resolves: RHEL-95443 - ns-slapd[xxxx]: segfault at 10d7d0d0 ip 00007ff734050cdb sp 00007ff6de9f1430 error 6 in libslapd.so.0.1.0[7ff733ec0000+1b3000] [rhel-9.6.z] From el-errata at oss.oracle.com Fri Jun 13 12:55:53 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:53 -0700 Subject: [El-errata] ELBA-2025-8899 Oracle Linux 9 dracut bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8899 http://linux.oracle.com/errata/ELBA-2025-8899.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: dracut-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-caps-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-config-generic-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-config-rescue-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-live-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-network-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-squash-057-88.git20250311.0.1.el9_6.x86_64.rpm dracut-tools-057-88.git20250311.0.1.el9_6.x86_64.rpm aarch64: dracut-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-caps-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-config-generic-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-config-rescue-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-live-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-network-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-squash-057-88.git20250311.0.1.el9_6.aarch64.rpm dracut-tools-057-88.git20250311.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//dracut-057-88.git20250311.0.1.el9_6.src.rpm Description of changes: [057-88.git20250311.0.1] - Ship Oracle IMA certificate [Orabug: 35992862] - Ship 98-integrity.conf, populating initramfs with Oracle IMA certificate [Orabug: 35992862] - fix(systemd): add missing modprobe at .service [Orabug: 35267570] - Include sys-fs-fuse-connections.mount if needed [Orabug: 35267570] - network-legacy: Revert some shellcheck that breaks parse_option_121 in dhclient [Orabug: 33778173] - Change installation dir in network legacy module-setup so that file is never missing [Orabug: 33516170] - Fix paths in squash module, so that correct modprobe is installed [Orabug: 33514517] - Install missing 68-del-part-node.rules [Orabug: 32827579] - Fix permission denied error while upgrading from OL8u2 to OL8u3 [Orabug 32160196] - dracut-shutdown.service should run before shutdown.target is invoked [Orabug: 29629738] - Update list of necessary files after squashfs execution [Orabug: 29864620] - Supress iscsidm error output during non-debug PV boot [Orabug: 29846195] - Stop block device service in case system is dropped to emergency shell [Orabug: 29851988] - Enable booting from block device if netroot=iscsi has failed [Orabug: 29478156] - Calculate relative path for kernel and initrd in 51-dracut-rescue.instal [Orabug: 29503293] - 40network scripts ifup and netlib updates for iSCSI [Orabug: 28502725] - Increase timeout when waiting for carrier detection on a network interface [Orabug: 24657828] (kevin.x.lyons at oracle.com) - add hyperv-keyboard for Hyper-V Gen2 VM [Orabug: 19191303] (Vaughan Cao) [057-88.git20250311] - fix(dracut.sh): don't pass empty string as dir [057-87.git20250311] - fix(rescue): create hmac file for rescue kernel [057-86.git20250217] - fix(35network-manager): remove duplicate installkernel - feat(fips): include fips module unconditionally - fix(dracut.sh): make omit-drivers option do exact match for - feat: add openssl module [057-79.git20241127] - fix(35network-manager): install nftables kernel modules - fix(35network-manager): install nft binary during module - fix(dracut-install): copy xattr when use clone ioctl - feat(dracut.sh): add --add-confdir option - fix: typo in variable name - feat(fips): add support for UKIs - fix(kernel-modules): use modalias info in get_dev_module() - fix(dracut-functions.sh): convert mmcblk to the real kernel [057-70.git20240819] - fix(systemd): set right permissions for the machine-id file - feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ - feat(dracut-init.sh): give --force-add precedence over --omit [057-67.git20240812] - feat(systemd): install systemd-executor - test: use -device instead of -watchdog to remove qemu - fix(fips): remove /dev/{random,urandom} pre-creation - fix(systemd): always include sg module - fix(fips): do not blindly remove /boot - fix(github): update format of labeler - fix(network-manager): add "After" dependency on dbus.service - fix(url-lib.sh): nfs_already_mounted() with trailing slash in - feat(systemd-pcrphase): introducing the systemd-pcrphase - fix(systemd-pcrphase): only include - fix(nfs): include also entries from /usr/lib/{passwd,group} [057-53.git20240104] - fix(dracut-install): use stripped kernel module path as hash [057-52.git20231207] - fix(dracut.sh): remove microcode check based on [057-51.git20231115] - fix(nvmf): move /etc/nvme/host{nqn,id} requirement to [057-51.git20231114] - fix(dracut.sh): correct wrong systemd variable paths - fix(hwdb): follow shfmt-recommended format - feat(dracut): add --sbat option to add sbat policy to UKI - feat(systemd): install systemd-sysroot-fstab-check - fix(dracut.spec): add jq dependency to network subpackage - fix(fcoe-uefi): exit early on empty vlan [057-44.git20230822] - feat(hwdb): install hwdb on demand when module is needed [057-43.git20230816] - feat(spec): include modules for IMA - fix(dracut): there can be \ at the end on line in awk script - fix(rngd): spacing - fix(integrity): do not enable EVM if there is no key - fix(fips): include openssl's fips.so and openssl.cnf [057-38.git20230725] - fix(dracut.sh): use dynamically uefi's sections offset - fix(dracut.sh): handle imagebase for uefi - fix(dracut.sh): use gawk for strtonum - fix(rngd): install system service file - fix(nvmf): nvme list-subsys prints the address using commas - fix(nvmf): don't try to validate network connections in - fix(nvmf): no need to load the nvme module - fix(nvmf): don't create did-setup file - fix(nvmf): don't use "finished" queue for autoconnect - fix(nvmf): make sure "rd.nvmf.discover=fc,auto" takes - fix(nvmf): avoid calling "exit" in a cmdline hook - fix(nvmf): run cmdline hook before parse-ip-opts.sh - feat(nvmf): set rd.neednet=1 if tcp records encountered - fix(nvmf): install 8021q module unconditionally - fix(nvmf): support /etc/nvme/config.json - feat(nvmf): add code for parsing the NBFT From el-errata at oss.oracle.com Fri Jun 13 12:55:54 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:54 -0700 Subject: [El-errata] ELEA-2025-8879 Oracle Linux 9 nodejs:18 bug fix and enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2025-8879 http://linux.oracle.com/errata/ELEA-2025-8879.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-18.20.8-1.module+el9.6.0+90614+f11b29ab.x86_64.rpm nodejs-devel-18.20.8-1.module+el9.6.0+90614+f11b29ab.x86_64.rpm nodejs-docs-18.20.8-1.module+el9.6.0+90614+f11b29ab.noarch.rpm nodejs-full-i18n-18.20.8-1.module+el9.6.0+90614+f11b29ab.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.5.0+90514+74072e0a.noarch.rpm nodejs-packaging-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm npm-10.8.2-1.18.20.8.1.module+el9.6.0+90614+f11b29ab.x86_64.rpm aarch64: nodejs-18.20.8-1.module+el9.6.0+90614+f11b29ab.aarch64.rpm nodejs-devel-18.20.8-1.module+el9.6.0+90614+f11b29ab.aarch64.rpm nodejs-docs-18.20.8-1.module+el9.6.0+90614+f11b29ab.noarch.rpm nodejs-full-i18n-18.20.8-1.module+el9.6.0+90614+f11b29ab.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.5.0+90514+74072e0a.noarch.rpm nodejs-packaging-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm npm-10.8.2-1.18.20.8.1.module+el9.6.0+90614+f11b29ab.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//nodejs-18.20.8-1.module+el9.6.0+90614+f11b29ab.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.5.0+90514+74072e0a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.5.0+90514+74072e0a.src.rpm Description of changes: nodejs [1:18.20.8-1] - Update to version 18.20.8 Resolves: RHEL-83532 RHEL-89595 [1:18.20.6-2] - Disable npm's update-notifier Resolves: RHEL-81076 [1:18.20.6-1] - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 [1:18.20.4-1] - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 [1:18.20.2-2] - Removes .ps1 files [1:18.20.2-1] - Rebase to 18.20.2 - Fix: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 (medium) [1:18.19.0-1] - Rebase to version 18.19.0 Resolves: RHEL-21436 [1:18.17.1-1] - Rebase to version 18.17.1 Resolves: rhbz#2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz#2226726 [1:18.16.1-2] - Fix segfault that happens when processing fips-related options Resolves: BZ#2226726 [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188292 rhbz#2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222285 [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 nodejs-nodemon nodejs-packaging From el-errata at oss.oracle.com Fri Jun 13 12:55:56 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:56 -0700 Subject: [El-errata] ELSA-2025-8643 Important: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8643 http://linux.oracle.com/errata/ELSA-2025-8643.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.21.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.21.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm aarch64: kernel-headers-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm kernel-cross-headers-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.21.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-21920 CVE-2025-21926 CVE-2025-21997 CVE-2025-22055 CVE-2025-37785 CVE-2025-37943 Description of changes: [5.14.0-570.21.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.21.1.el9_6] - xsk: fix an integer overflow in xp_create_and_assign_umem() (CKI Backport Bot) [RHEL-87911] {CVE-2025-21997} - vlan: enforce underlying device type (Guillaume Nault) [RHEL-87884] {CVE-2025-21920} - net: fix geneve_opt length integer overflow (Guillaume Nault) [RHEL-87974] {CVE-2025-22055} - net: gso: fix ownership in __udp_gso_segment (CKI Backport Bot) [RHEL-88333] {CVE-2025-21926} [5.14.0-570.20.1.el9_6] - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (CKI Backport Bot) [RHEL-93253] {CVE-2025-37943} - ext4: fix OOB read when checking dotdot dir (CKI Backport Bot) [RHEL-87985] {CVE-2025-37785} From el-errata at oss.oracle.com Fri Jun 13 12:55:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:57 -0700 Subject: [El-errata] ELSA-2025-8813 Important: Oracle Linux 9 .NET 8.0 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8813 http://linux.oracle.com/errata/ELSA-2025-8813.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm dotnet-apphost-pack-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm dotnet-hostfxr-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm dotnet-runtime-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm dotnet-sdk-8.0-8.0.117-1.0.1.el9_6.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el9_6.x86_64.rpm dotnet-targeting-pack-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm dotnet-templates-8.0-8.0.117-1.0.1.el9_6.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el9_6.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm dotnet-apphost-pack-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm dotnet-hostfxr-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm dotnet-runtime-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm dotnet-sdk-8.0-8.0.117-1.0.1.el9_6.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el9_6.aarch64.rpm dotnet-targeting-pack-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm dotnet-templates-8.0-8.0.117-1.0.1.el9_6.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//dotnet8.0-8.0.117-1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-30399 Description of changes: [8.0.117-1.0.1] - Add support for Oracle Linux [8.0.117-1] - Update to .NET SDK 8.0.117 and Runtime 8.0.17 - Resolves: RHEL-94420 From el-errata at oss.oracle.com Fri Jun 13 12:56:00 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:56:00 -0700 Subject: [El-errata] ELSA-2025-8916 Moderate: Oracle Linux 9 grafana-pcp security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8916 http://linux.oracle.com/errata/ELSA-2025-8916.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-pcp-5.1.1-11.el9_6.x86_64.rpm aarch64: grafana-pcp-5.1.1-11.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//grafana-pcp-5.1.1-11.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [5.1.1-11] - Resolves RHEL-89314: CVE-2025-22871 From el-errata at oss.oracle.com Fri Jun 13 12:55:58 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:55:58 -0700 Subject: [El-errata] ELSA-2025-8837 Important: Oracle Linux 9 mod_security security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8837 http://linux.oracle.com/errata/ELSA-2025-8837.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mod_security-2.9.6-2.el9_6.x86_64.rpm mod_security-mlogc-2.9.6-2.el9_6.x86_64.rpm aarch64: mod_security-2.9.6-2.el9_6.aarch64.rpm mod_security-mlogc-2.9.6-2.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//mod_security-2.9.6-2.el9_6.src.rpm Related CVEs: CVE-2025-47947 Description of changes: [2.9.6-2] - add fix for CVE-2025-47947 - Resolves: RHEL-93016 From el-errata at oss.oracle.com Fri Jun 13 12:56:13 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Jun 2025 05:56:13 -0700 Subject: [El-errata] ELSA-2025-20368 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20368 http://linux.oracle.com/errata/ELSA-2025-20368.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-core-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-core-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-devel-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-doc-6.12.0-100.28.2.el9uek.noarch.rpm kernel-uek-modules-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-core-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-100.28.2.el9uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-100.28.2.el9uek.x86_64.rpm aarch64: kernel-uek-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-core-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-core-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-devel-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-core-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-core-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-100.28.2.el9uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-100.28.2.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-6.12.0-100.28.2.el9uek.src.rpm Related CVEs: CVE-2024-28956 Description of changes: [6.12.0-100.28.2.el9uek] - sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash (Omar Sandoval) - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967533] - Revert "block: sysfs option to change ioticks granularity" (Gulam Mohamed) [Orabug: 37921776] - RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37968545] [6.12.0-100.28.1.el9uek] - KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command (Michael Roth) [Orabug: 37894105] - KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching (Michael Roth) [Orabug: 37894105] - Revert "KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching" (Liam Merwick) [Orabug: 37894105] - uek-rpm: Enable SECURITY_DMESG_RESTRICT in UEK8 (Harshit Mogalapalli) [Orabug: 37867042] [6.12.0-2.28.3.el9uek] - LTS version: v6.12.28 (Jack Vogel) - dm: fix copying after src array boundaries (Tudor Ambarus) - drm/amd/display: Fix slab-use-after-free in hdcp (Chris Bainbridge) - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (Mario Limonciello) - drivers: base: handle module_kobject creation (Shyam Saini) - kernel: globalize lookup_or_create_module_kobject() (Shyam Saini) - kernel: param: rename locate_module_kobject (Shyam Saini) - Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" (Christian Hewitt) - arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs (Christian Bruel) - arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs (Christian Bruel) - ARM: dts: opos6ul: add ksz8081 phy properties (S?bastien Szymanski) - arm64: dts: imx95: Correct the range of PCIe app-reg region (Richard Zhu) - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (Sudeep Holla) - firmware: arm_scmi: Balance device refcount when destroying devices (Cristian Marussi) - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (Niranjana Vishwanathapura) - sch_ets: make est_qlen_notify() idempotent (Cong Wang) - sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang) - sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) - sch_drr: make drr_qlen_notify() idempotent (Cong Wang) - sch_htb: make htb_qlen_notify() idempotent (Cong Wang) - accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW (Karol Wachowski) - accel/ivpu: Fix locking order in ivpu_job_submit (Karol Wachowski) - accel/ivpu: Abort all jobs after command queue unregister (Karol Wachowski) - accel/ivpu: Update VPU FW API headers (Andrzej Kacprowski) - accel/ivpu: Fix a typo (Andrew Kreimer) - accel/ivpu: Use xa_alloc_cyclic() instead of custom function (Karol Wachowski) - accel/ivpu: Make DB_ID and JOB_ID allocations incremental (Tomasz Rusinowicz) - net: Fix the devmem sock opts and msgs for parisc (Pranjal Shrivastava) - bcachefs: Remove incorrect __counted_by annotation (Alan Huang) - mm, slab: clean up slab->obj_exts always (Zhenhua Huang) - net: vertexcom: mse102x: Fix RX error handling (Stefan Wahren) - net: vertexcom: mse102x: Add range check for CMD_RTS (Stefan Wahren) - net: vertexcom: mse102x: Fix LEN_MASK (Stefan Wahren) - net: vertexcom: mse102x: Fix possible stuck of SPI interrupt (Stefan Wahren) - net: hns3: defer calling ptp_clock_register() (Jian Shen) - net: hns3: fixed debugfs tm_qset size (Hao Lan) - net: hns3: fix an interrupt residual problem (Yonglong Liu) - net: hns3: store rx VLAN tag offload state for VF (Jian Shen) - octeon_ep: Fix host hang issue during device reboot (Sathesh B Edara) - net: fec: ERR007885 Workaround for conventional TX (Mattias Barthel) - net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan) - ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations (Sagi Maimon) - net: use sock_gen_put() when sk_state is TCP_TIME_WAIT (Jibin Zhang) - bnxt_en: fix module unload sequence (Vadim Fedorenko) - ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (Alexander Stein) - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (Alistair Francis) - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (Alistair Francis) - nvme-tcp: fix premature queue removal and I/O failover (Michael Liang) - bnxt_en: Fix ethtool -d byte order for 32-bit values (Michael Chan) - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (Shruti Parab) - bnxt_en: Fix coredump logic to free allocated buffer (Shruti Parab) - bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (Kashyap Desai) - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (Somnath Kotur) - bnxt_en: Fix ethtool selftest output in one of the failure cases (Kalesh AP) - bnxt_en: Fix error handling path in bnxt_init_chip() (Shravya KN) - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (Takashi Iwai) - net: ipv6: fix UDPv6 GSO segmentation with NAT (Felix Fietkau) - net: dsa: felix: fix broken taprio gate states after clock jump (Vladimir Oltean) - net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM (Chad Monroe) - igc: fix lock order in igc_ptp_reset (Jacob Keller) - idpf: protect shutdown from reset (Larysa Zaremba) - idpf: fix potential memory leak on kcalloc() failure (Michal Swiatkowski) - net: mdio: mux-meson-gxl: set reversed bit when using internal phy (Da Xue) - net: dlink: Correct endianness handling of led_mode (Simon Horman) - drm/mipi-dbi: Fix blanking for non-16 bit formats (Russell Cloran) - drm/tests: shmem: Fix memleak (Maxime Ripard) - nvme-pci: fix queue unquiesce check on slot_reset (Keith Busch) - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (Takashi Iwai) - scsi: ufs: core: Remove redundant query_complete trace (Keoseong Park) - idpf: fix offloads support for encapsulated packets (Madhu Chittim) - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Xuanqiang Luo) - net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira) - net_sched: ets: Fix double list add in class with netem as child qdisc (Victor Nogueira) - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira) - net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira) - pds_core: remove write-after-free of client_id (Shannon Nelson) - pds_core: specify auxiliary_device to be created (Shannon Nelson) - pds_core: make pdsc_auxbus_dev_del() void (Shannon Nelson) - net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array (Daniel Golle) - net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised (Louis-Alexis Eyraud) - net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (Louis-Alexis Eyraud) - rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation (Justin Lai) - bnxt_en: improve TX timestamping FIFO configuration (Vadim Fedorenko) - octeon_ep_vf: Resolve netdevice usage count issue (Sathesh B Edara) - net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID (Vladimir Oltean) - Bluetooth: L2CAP: copy RX timestamp to new fragments (Pauli Virtanen) - Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (Kiran K) - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (En-Wei Wu) - Bluetooth: btintel_pcie: Avoid redundant buffer allocation (Kiran K) - Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync (Luiz Augusto von Dentz) - Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver (Luiz Augusto von Dentz) - Bluetooth: hci_conn: Remove alloc from critical section (Iulia Tanasescu) - ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot (Venkata Prasad Potturu) - accel/ivpu: Correct DCT interrupt handling (Karol Wachowski) - net/mlx5: E-switch, Fix error handling for enabling roce (Chris Mi) - net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (Cosmin Ratiu) - net/mlx5e: TC, Continue the attr process even if encap entry is invalid (Jianbo Liu) - net/mlx5: E-Switch, Initialize MAC Address for Default GID (Maor Gottlieb) - net/mlx5e: Use custom tunnel header for vxlan gbp (Vlad Dogaru) - xsk: Fix race condition in AF_XDP generic RX path (e.kubanski) - vxlan: vnifilter: Fix unlocked deletion of default FDB entry (Ido Schimmel) - powerpc/boot: Fix dash warning (Madhavan Srinivasan) - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (Murad Masimov) - wifi: iwlwifi: fix the check for the SCRATCH register upon resume (Emmanuel Grumbach) - wifi: iwlwifi: don't warn if the NIC is gone in resume (Emmanuel Grumbach) - drm/i915/pxp: fix undefined reference to intel_pxp_gsccs_is_ready_for_sessions' (Chen Linxuan) - ALSA: hda/realtek - Enable speaker for HP platform (Kailang Yang) - ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init() (Chenyuan Yang) - powerpc/boot: Check for ld-option support (Madhavan Srinivasan) - pinctrl: imx: Return NULL if no group is matched and found (Hui Wang) - book3s64/radix : Align section vmemmap start address to PAGE_SIZE (Donet Tom) - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (Sheetal) - ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB (Richard Fitzgerald) - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (Geert Uytterhoeven) - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (Leo Li) - tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park) - cpufreq: Fix setting policy limits when frequency tables are used (Rafael J. Wysocki) - cpufreq: Avoid using inconsistent policy->min and policy->max (Rafael J. Wysocki) - smb: client: fix zero length for mkdir POSIX create context (Jethro Donaldson) - ksmbd: fix use-after-free in session logoff (Sean Heelan) - ksmbd: fix use-after-free in kerberos authentication (Sean Heelan) - ksmbd: fix use-after-free in ksmbd_session_rpc_open (Namjae Jeon) - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (Shouye Liu) - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (Mario Limonciello) - iommu: Fix two issues in iommu_copy_struct_from_user() (Nicolin Chen) - iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) (Mingcong Bai) - iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (Balbir Singh) - iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids (Nicolin Chen) - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov) - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (Janne Grunau) - drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (Lijo Lazar) - dm: always update the array size in realloc_argv on success (Benjamin Marzinski) - dm-integrity: fix a warning on invalid table line (Mikulas Patocka) - dm-bufio: don't schedule in atomic context (LongPing Wei) - x86/boot/sev: Support memory acceptance in the EFI stub under SVSM (Ard Biesheuvel) - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Wentao Liang) - tracing: Do not take trace_event_sem in print_event_fields() (Steven Rostedt) - spi: tegra114: Don't fail set_cs_timing when delays are zero (Aaron Kling) - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (Ruslan Piasetskyi) - mm/memblock: repeat setting reserved region nid if array is doubled (Wei Yang) - mm/memblock: pass size instead of end to memblock_set_node() (Wei Yang) - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (Stephan Gerhold) - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload (Vishal Badole) - perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. (Sean Christopherson) - perf/x86/intel: Only check the group flag for X86 leader (Kan Liang) - parisc: Fix double SIGFPE crash (Helge Deller) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Will Deacon) - i2c: imx-lpi2c: Fix clock count when probe defers (Clark Wang) - EDAC/altera: Set DDR and SDMMC interrupt mask before registration (Niravkumar L Rabara) - EDAC/altera: Test the correct error reg offset (Niravkumar L Rabara) - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (Philipp Stanner) - drm/fdinfo: Protect against driver unbind (Tvrtko Ursulin) - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (Srinivas Pandruvada) - btrfs: fix COW handling in run_delalloc_nocow() (Dave Chen) - btrfs: adjust subpage bit start based on sectorsize (Josef Bacik) - binder: fix offset calculation in debug log (Carlos Llamas) - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (Joachim Priesner) - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (Geoffrey D. Bennett) - Revert "rndis_host: Flag RNDIS modems as WWAN devices" (Christian Heusel) - Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x (Zijun Hu) - Bluetooth: btusb: Add new VID/PID for WCN785x (Dorian Cruveiller) - Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x (Mark Dietzer) - Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x (Zijun Hu) - Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x (Zijun Hu) - Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x (Aaron Ma) - x86/PCI: Export find_cap() to be used in early PCI code (Rayan Dasoriya) [Orabug: 37383447] - x86/quirks: Scan all busses for early PCI quirks (Rayan Dasoriya) [Orabug: 37383447] - x86/quirks: Add parameter to clear MSIs early on boot (Rayan Dasoriya) [Orabug: 37383447] - scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (Chandrakanth Patil) [Orabug: 37877985] - scsi: megaraid_sas: Make most module parameters static (Dr. David Alan Gilbert) [Orabug: 37877985] - scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (Dan Carpenter) [Orabug: 37878012] - scsi: mpt3sas: Fix spelling mistake "receveid" -> "received" (Colin Ian King) [Orabug: 37878012] - scsi: mpt3sas: update driver version to 52.100.00.00 (Shivasharan S) [Orabug: 37878012] - scsi: mpt3sas: Send a diag reset if target reset fails (Shivasharan S) [Orabug: 37878012] - scsi: mpt3sas: Report driver capability as part of IOCINFO command (Shivasharan S) [Orabug: 37878012] - scsi: mpt3sas: Add support for MCTP Passthrough commands (Shivasharan S) [Orabug: 37878012] - scsi: mpt3sas: Update MPI headers to 02.00.62 version (Shivasharan S) [Orabug: 37878012] - scsi: mpt3sas: Fix a locking bug in an error path (Bart Van Assche) [Orabug: 37878012] - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (Paul Menzel) [Orabug: 37878012] - scsi: mpt3sas: Remove unused config functions (Dr. David Alan Gilbert) [Orabug: 37878012] - scsi: mpt3sas: Add details to EEDPTagMode error message (Paul Menzel) [Orabug: 37878012] - scsi: mpt3sas: Update driver version to 51.100.00.00 (Ranjan Kumar) [Orabug: 37878012] - vhost-scsi: log event queue write descriptors (Dongli Zhang) [Orabug: 37883837] - vhost-scsi: log control queue write descriptors (Dongli Zhang) [Orabug: 37883837] - vhost-scsi: log I/O queue write descriptors (Dongli Zhang) [Orabug: 37883837] - vhost-scsi: adjust vhost_scsi_get_desc() to log vring descriptors (Dongli Zhang) [Orabug: 37883837] - vhost: modify vhost_log_write() for broader users (Dongli Zhang) [Orabug: 37883837] - uek: kabi: update x86_64 kABI files for new symbols (Yifei Liu) [Orabug: 37899161] - uek-rpm: Move vmxnet3 to module-core in UEK8 (Harshit Mogalapalli) [Orabug: 37908279] - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37936569] - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37920673] - x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37920673] - x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37920673] - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Add support for RSB stuffing mitigation (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956} [6.12.0-2.27.2.el9uek] - LTS version: v6.12.27 (Jack Vogel) - bpf: Fix BPF_INTERNAL namespace import (Xi Ruoyao) - LTS version: v6.12.26 (Jack Vogel) - mq-deadline: don't call req_get_ioprio from the I/O completion handler (Christoph Hellwig) - arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size (Keerthy) - crypto: Kconfig - Select LIB generic option (Herbert Xu) - usb: typec: class: Unlocked on error in typec_register_partner() (Dan Carpenter) - objtool: Silence more KCOV warnings, part 2 (Josh Poimboeuf) - objtool: Ignore end-of-section jumps for KCOV/GCOV (Josh Poimboeuf) - usb: xhci: Fix Short Packet handling rework ignoring errors (Michal Pecio) - nvme: fixup scan failure for non-ANA multipath controllers (Hannes Reinecke) - MIPS: cm: Fix warning if MIPS_CM is disabled (Thomas Bogendoerfer) - media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() (Dan Carpenter) - crypto: lib/Kconfig - Hide arch options from user (Herbert Xu) - iommu: Handle race with default domain setup (Robin Murphy) - net: dsa: mv88e6xxx: enable STU methods for 6320 family (Marek Beh?n) - net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family (Marek Beh?n) - net: dsa: mv88e6xxx: enable PVT for 6321 switch (Marek Beh?n) - net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family (Marek Beh?n) - Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family" (Marek Beh?n) - usb: typec: class: Invalidate USB device pointers on partner unregistration (Andrei Kuchynski) - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (Baokun Li) - comedi: jr3_pci: Fix synchronous deletion of timer (Ian Abbott) - vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (Daniel Borkmann) - usb: typec: class: Fix NULL pointer access (Andrei Kuchynski) - selftests/bpf: Adjust data size to have ETH_HLEN (Shigeru Yoshida) - selftests/bpf: check program redirect in xdp_cpumap_attach (Alexis Lothor? (eBPF Foundation)) - selftests/bpf: make xdp_cpumap_attach keep redirect prog attached (Alexis Lothor? (eBPF Foundation)) - selftests/bpf: fix bpf_map_redirect call for cpu map test (Alexis Lothor? (eBPF Foundation)) - xfs: flush inodegc before swapon (Christoph Hellwig) - xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate (Christoph Hellwig) - xfs: Do not allow norecovery mount with quotacheck (Carlos Maiolino) - xfs: do not check NEEDSREPAIR if ro,norecovery mount. (Lukas Herbolt) - driver core: fix potential NULL pointer dereference in dev_uevent() (Dmitry Torokhov) - driver core: introduce device_set_driver() helper (Dmitry Torokhov) - Revert "drivers: core: synchronize really_probe() and dev_uevent()" (Dmitry Torokhov) - spi: spi-imx: Add check for spi_imx_setupxfer() (Tamura Dai) - drm/amdgpu: Use the right function for hdp flush (Lijo Lazar) - drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (Christian K?nig) - md/raid1: Add check for missing source disk in process_checks() (Meir Elisha) - x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores (Pi Xiange) - ubsan: Fix panic from test_ubsan_out_of_bounds (Mostafa Saleh) - spi: tegra210-quad: add rate limiting and simplify timeout error message (Breno Leitao) - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (Breno Leitao) - ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" (Namjae Jeon) - riscv: Provide all alternative macros all the time (Andrew Jones) - iomap: skip unnecessary ifs_block_is_uptodate check (Gou Hao) - netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS (Song Liu) - x86/i8253: Call clockevent_i8253_disable() with interrupts disabled (Fernando Fernandez Mancera) - ASoC: fsl_asrc_dma: get codec or cpu dai from backend (Shengjiu Wang) - scsi: pm80xx: Set phy_attached to zero when device is gone (Igor Pylypiv) - scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (Peter Griffin) - scsi: ufs: exynos: Move phy calls to .exit() callback (Peter Griffin) - scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (Peter Griffin) - scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (Peter Griffin) - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (Xingui Yang) - ext4: make block validity check resistent to sb bh corruption (Ojaswin Mujoo) - iommu: Clear iommu-dma ops on cleanup (Robin Murphy) - cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 (Pali Roh?r) - timekeeping: Add a lockdep override in tick_freeze() (Sebastian Andrzej Siewior) - cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode (Pali Roh?r) - nvmet-fc: put ref when assoc->del_work is already scheduled (Daniel Wagner) - nvmet-fc: take tgtport reference only once (Daniel Wagner) - x86/bugs: Don't fill RSB on context switch with eIBRS (Josh Poimboeuf) - x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline (Josh Poimboeuf) - x86/bugs: Use SBPB in write_ibpb() if applicable (Josh Poimboeuf) - selftests/mincore: Allow read-ahead pages to reach the end of the file (Qiuxu Zhuo) - x86/xen: disable CPU idle and frequency drivers for PVH dom0 (Roger Pau Monne) - gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment (Andy Shevchenko) - objtool: Stop UNRET validation on UD2 (Josh Poimboeuf) - nvme: multipath: fix return value of nvme_available_path (Uday Shankar) - nvme: re-read ANA log page after ns scan completes (Hannes Reinecke) - drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (Julia Filipchuk) - drm/amdgpu: Increase KIQ invalidate_tlbs timeout (Jay Cornwall) - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (Jean-Marc Eurin) - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (Mario Limonciello) - nvme: requeue namespace scan on missed AENs (Hannes Reinecke) - xen: Change xen-acpi-processor dom0 dependency (Jason Andryuk) - perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init (Gabriel Shahrouzi) - selftests: ublk: fix test_stripe_04 (Ming Lei) - cgroup/cpuset: Don't allow creation of local partition over a remote one (Waiman Long) - KVM: s390: Don't use %pK through debug printing (Thomas Wei?schuh) - KVM: s390: Don't use %pK through tracepoints (Thomas Wei?schuh) - sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP (Oleg Nesterov) - kbuild: add dependency from vmlinux to sorttable (Xi Ruoyao) - io_uring: always do atomic put from iowq (Pavel Begunkov) - rtc: pcf85063: do a SW reset if POR failed (Lukas Stockmann) - 9p/trans_fd: mark concurrent read and writes to p9_conn->err (Ignacio Encinas) - 9p/net: fix improper handling of bogus negative read/write replies (Dominique Martinet) - ntb_hw_amd: Add NTB PCI ID for new gen CPU (Basavaraj Natikar) - ntb: reduce stack usage in idt_scan_mws (Arnd Bergmann) - qibfs: fix _another_ leak (Al Viro) - objtool, lkdtm: Obfuscate the do_nothing() pointer (Josh Poimboeuf) - objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (Josh Poimboeuf) - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (Josh Poimboeuf) - objtool, panic: Disable SMAP in __stack_chk_fail() (Josh Poimboeuf) - objtool: Silence more KCOV warnings (Josh Poimboeuf) - um: work around sched_yield not yielding in time-travel mode (Benjamin Berg) - thunderbolt: Scan retimers after device router has been enumerated (Mika Westerberg) - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (Th?o Lebrun) - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang) - phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init (Andy Yan) - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (Michal Pecio) - dmaengine: dmatest: Fix dmatest waiting less when interrupted (Vinicius Costa Gomes) - i3c: master: svc: Add support for Nuvoton npcm845 i3c (Stanley Chu) - xhci: Handle spurious events on Etron host isoc enpoints (Mathias Nyman) - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling (Michal Pecio) - usb: xhci: Complete 'error mid TD' transfers when handling Missed Service (Michal Pecio) - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (John Stultz) - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (Andy Shevchenko) - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (Andy Shevchenko) - fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size (Edward Adam Davis) - fs/ntfs3: Keep write operations atomic (Lizhi Xu) - usb: host: max3421-hcd: Add missing spi_device_id table (Alexander Stein) - mailbox: pcc: Always clear the platform ack interrupt first (Sudeep Holla) - mailbox: pcc: Fix the possible race in updation of chan_in_use flag (Huisong Li) - bpf: Reject attaching fexit/fmod_ret to __noreturn functions (Yafang Shao) - bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (Martin KaFai Lau) - bpf: bpftool: Setting error code in do_loader() (Sewon Nam) - s390/tty: Fix a potential memory leak bug (Haoxiang Li) - s390/sclp: Add check for get_zeroed_page() (Haoxiang Li) - parisc: PDT: Fix missing prototype warning (Yu-Chun Lin) - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() (Heiko Stuebner) - bpf: Fix deadlock between rcu_tasks_trace and event_mutex. (Alexei Starovoitov) - bpf: Fix kmemleak warning for percpu hashmap (Yonghong Song) - crypto: null - Use spin lock instead of mutex (Herbert Xu) - crypto: lib/Kconfig - Fix lib built-in failure when arch is modular (Herbert Xu) - crypto: ccp - Add support for PCI device 0x1134 (Devaraj Rangasamy) - MIPS: cm: Detect CM quirks from device tree (Gregory CLEMENT) - pinctrl: mcp23s08: Get rid of spurious level interrupts (Dmitry Mastykin) - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (Chenyuan Yang) - selftests/bpf: Fix stdout race condition in traffic monitor (Amery Hung) - USB: wdm: add annotation (Oliver Neukum) - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (Oliver Neukum) - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (Oliver Neukum) - USB: wdm: handle IO errors in wdm_wwan_port_start (Oliver Neukum) - USB: VLI disk crashes if LPM is used (Oliver Neukum) - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (Miao Li) - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (Miao Li) - usb: dwc3: xilinx: Prevent spike in reset signal (Mike Looijmans) - usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen) - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (Huacai Chen) - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (Fedor Pchelkin) - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (Fedor Pchelkin) - usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin) - usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen) - usb: xhci: Fix invalid pointer dereference in Etron workaround (Michal Pecio) - xhci: Limit time spent with xHC interrupts disabled during bus resume (Mathias Nyman) - USB: serial: simple: add OWON HDS200 series oscilloscope support (Craig Hesling) - USB: serial: option: add Sierra Wireless EM9291 (Adam Xue) - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (Michael Ehrenreich) - serial: sifive: lock port in startup()/shutdown() callbacks (Ryo Takakura) - serial: msm: Configure correct working mode before starting earlycon (Stephan Gerhold) - tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (G?nther Noack) - firmware: stratix10-svc: Add of_platform_default_populate() (Mahesh Rao) - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (Rengarajan S) - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (Rengarajan S) - char: misc: register chrdev region with all possible minors (Thadeu Lima de Souza Cascardo) - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) - KVM: x86: Reset IRTE to host control if *new* route isn't postable (Sean Christopherson) - KVM: x86: Explicitly treat routing entry type changes as changes (Sean Christopherson) - mei: vsc: Fix fortify-panic caused by invalid counted_by() use (Hans de Goede) - mei: me: add panther lake H DID (Alexander Usyskin) - scsi: Improve CDL control (Damien Le Moal) - USB: storage: quirk for ADATA Portable HDD CH94 (Oliver Neukum) - ata: libata-scsi: Fix ata_msense_control_ata_feature() (Damien Le Moal) - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (Damien Le Moal) - ata: libata-scsi: Improve CDL control (Damien Le Moal) - mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li) - cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (Smita Koralahalli) - KVM: SVM: Allocate IR data using atomic allocation (Sean Christopherson) - io_uring: fix 'sync' handling of io_fallback_tw() (Jens Axboe) - LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally (Bibo Mao) - LoongArch: KVM: Fully clear some CSRs when VM reboot (Bibo Mao) - LoongArch: Remove a bogus reference to ZONE_DMA (Petr Tesarik) - LoongArch: Return NULL from huge_pte_offset() for invalid PMD (Ming Wang) - LoongArch: Handle fp, lsx, lasx and lbt assembly symbols (Tiezhu Yang) - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose) - x86/insn: Fix CTEST instruction decoding (Kirill A. Shutemov) - drm/amd/display: Force full update in gpu reset (Roman Li) - drm/amd/display: Fix gpu reset in multidisplay config (Roman Li) - drm: panel: jd9365da: fix reset signal polarity in unprepare (Hugo Villeneuve) - rust: firmware: Use ffi::c_char type in FwFunc (Christian Schrefl) - net: phy: microchip: force IRQ polling mode for lan88xx (Fiona Klute) - net: selftests: initialize TCP header and skb payload with zero (Oleksij Rempel) - xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (Alexey Nepomnyashih) - crypto: atmel-sha204a - Set hwrng quality to lowest possible (Marek Beh?n) - sched_ext: Use kvzalloc for large exit_dump allocation (Breno Leitao) - virtio_console: fix missing byte order handling for cols and rows (Halil Pasic) - netfilter: fib: avoid lookup if socket is available (Florian Westphal) - LoongArch: Make do_xyz() exception handlers more robust (Tiezhu Yang) - LoongArch: Make regs_irqs_disabled() more clear (Tiezhu Yang) - LoongArch: Select ARCH_USE_MEMTEST (Yuli Wang) - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (Luo Gengkun) - bpf: Add namespace to BPF internal symbols (Alexei Starovoitov) - splice: remove duplicate noinline from pipe_clear_nowait (T.J. Mercier) - riscv: uprobes: Add missing fence.i after building the XOL buffer (Bj?rn T?pel) - riscv: Replace function-like macro by static inline function (Bj?rn T?pel) - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (Sean Christopherson) - block: never reduce ra_pages in blk_apply_bdi_limits (Christoph Hellwig) - pds_core: make wait_context part of q_info (Shannon Nelson) - pds_core: Remove unnecessary check in pds_client_adminq_cmd() (Brett Creeley) - pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (Brett Creeley) - pds_core: Prevent possible adminq overflow/stuck condition (Brett Creeley) - net: dsa: mt7530: sync driver-specific behavior of MT7531 variants (Daniel Golle) - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang) - net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang) - fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() (Al Viro) - net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration (Bo-Cun Chen) - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen) - net: phy: leds: fix memory leak (Qingfang Deng) - net: lwtunnel: disable BHs when required (Justin Iurman) - scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() (Chenyuan Yang) - scsi: core: Clear flags for scsi_cmnd that did not complete (Anastasia Kovaleva) - net/mlx5: Move ttc allocation after switch case to prevent leaks (Henry Martin) - net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (Henry Martin) - cgroup/cpuset-v1: Add missing support for cpuset_v2_mode (T.J. Mercier) - btrfs: zoned: return EIO on RAID1 block group write pointer mismatch (Johannes Thumshirn) - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (Qu Wenruo) - cpufreq: fix compile-test defaults (Johan Hovold) - cpufreq: Do not enable by default during compile testing (Krzysztof Kozlowski) - cpufreq: cppc: Fix invalid return value in .get() callback (Marc Zyngier) - scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() (Chenyuan Yang) - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin) - cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (Henry Martin) - cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (Henry Martin) - dma/contiguous: avoid warning about unused size_bytes (Arnd Bergmann) - cpufreq: sun50i: prevent out-of-bounds access (Andre Przywara) - ceph: Fix incorrect flush end position calculation (David Howells) - lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP (Nathan Chancellor) - drm/amd/display/dml2: use vzalloc rather than kzalloc (Alex Deucher) - drm/amd/display: Fix unnecessary cast warnings from checkpatch (Rohit Chavan) - drm/xe/bmg: Add one additional PCI ID (Matt Roper) - net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (Jonathan Currier) - scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set (Peter Griffin) - scsi: ufs: exynos: Move UFS shareability value to drvdata (Peter Griffin) - scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (Peter Griffin) - scsi: ufs: exynos: Remove superfluous function parameter (Tudor Ambarus) - scsi: ufs: exynos: Remove empty drv_init method (Tudor Ambarus) - ksmbd: fix use-after-free in __smb2_lease_break_noti() (Namjae Jeon) - ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL (Namjae Jeon) - ksmbd: add netdev-up/down event debug print (Namjae Jeon) - ksmbd: use __GFP_RETRY_MAYFAIL (Namjae Jeon) - accel/ivpu: Fix the NPU's DPU frequency calculation (Andrzej Kacprowski) - accel/ivpu: Add auto selection logic for job scheduler (Jacek Lawrynowicz) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (Jonathan Currier) - PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends (Thomas Gleixner) - PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag (Roger Pau Monne) - scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (Tudor Ambarus) - of: resolver: Fix device node refcount leakage in of_resolve_phandles() (Zijun Hu) - of: resolver: Simplify of_resolve_phandles() using __free() (Rob Herring (Arm)) - arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks (Siddharth Vadapalli) - arm64: dts: ti: Refactor J784s4 SoC files to a common file (Manorit Chawdhry) - iio: adc: ad7768-1: Fix conversion result sign (Sergiu Cuciurean) - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (Jonathan Cameron) - net: dsa: mv88e6xxx: fix VTU methods for 6320 family (Marek Beh?n) - media: ov08x40: Add missing ov08x40_identify_module() call on stream-start (Hans de Goede) - media: ov08x40: Move ov08x40_identify_module() function up (Hans de Goede) - media: i2c: imx214: Fix link frequency validation (Andr? Apitzsch) - media: i2c: imx214: Check number of lanes from device tree (Andr? Apitzsch) - media: i2c: imx214: Replace register addresses with macros (Andr? Apitzsch) - media: i2c: imx214: Convert to CCI register access helpers (Andr? Apitzsch) - media: i2c: imx214: Simplify with dev_err_probe() (Andr? Apitzsch) - media: i2c: imx214: Use subdev active state (Andr? Apitzsch) - PM: EM: Address RCU-related sparse warnings (Rafael J. Wysocki) - PM: EM: use kfree_rcu() to simplify the code (Li RongQing) - mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get (Tudor Ambarus) - soc: qcom: ice: introduce devm_of_qcom_ice_get (Tudor Ambarus) - mm/vmscan: don't try to reclaim hwpoison folio (Jinjiang Tu) - tracing: Verify event formats that have "%*p.." (Steven Rostedt) - tracing: Add __print_dynamic_array() helper (Steven Rostedt) - module: sign with sha512 instead of sha1 by default (Thorsten Leemhuis) - LTS version: v6.12.25 (Jack Vogel) - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (Eduard Zingerman) - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (Eduard Zingerman) - selftests/bpf: validate that tail call invalidates packet pointers (Eduard Zingerman) - selftests/bpf: freplace tests for tracking of changes_packet_data (Eduard Zingerman) - bpf: check changes_pkt_data property for extension programs (Eduard Zingerman) - selftests/bpf: test for changing packet data from global functions (Eduard Zingerman) - bpf: track changes_pkt_data property for global functions (Eduard Zingerman) - bpf: add find_containing_subprog() utility function (Eduard Zingerman) - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (P Praneesh) - MIPS: ds1287: Match ds1287_set_base_clock() function types (WangYuli) - MIPS: cevt-ds1287: Add missing ds1287.h include (WangYuli) - MIPS: dec: Declare which_prom() as static (WangYuli) - Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process" (Alexander Tsoy) - mm/vma: add give_up_on_oom option on modify/merge, use in uffd release (Lorenzo Stoakes) - nvmet-fc: Remove unused functions (WangYuli) - drm/amd/display: Temporarily disable hostvm on DCN31 (Aurabindo Pillai) - LoongArch: Eliminate superfluous get_numa_distances_cnt() (Yuli Wang) - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (Hamza Mahfooz) - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (Kunihiko Hayashi) - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi) - selftests/bpf: Fix raw_tp null handling test (Shung-Hsi Yu) - md: fix mddev uaf while iterating all_mddevs list (Yu Kuai) - platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug (Armin Wolf) - platform/x86: msi-wmi-platform: Rename "data" variable (Armin Wolf) - kbuild: Add '-fno-builtin-wcslen' (Nathan Chancellor) - scripts: generate_rust_analyzer: Add ffi crate (Lukas Fischer) - cpufreq: Reference count policy in cpufreq_update_limits() (Rafael J. Wysocki) - arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 (Anshuman Khandual) - arm64/sysreg: Add register fields for HFGWTR2_EL2 (Anshuman Khandual) - arm64/sysreg: Add register fields for HFGRTR2_EL2 (Anshuman Khandual) - arm64/sysreg: Add register fields for HFGITR2_EL2 (Anshuman Khandual) - arm64/sysreg: Add register fields for HDFGWTR2_EL2 (Anshuman Khandual) - arm64/sysreg: Add register fields for HDFGRTR2_EL2 (Anshuman Khandual) - arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (Anshuman Khandual) register (Thomas Zimmermann) - drm/amdgpu: fix warning of drm_mm_clean (ZhenGuo Yin) - drm/xe: Set LRC addresses before guc load (Lucas De Marchi) - drm/xe/userptr: fix notifier vs folio deadlock (Matthew Auld) - drm/xe/dma_buf: stop relying on placement in unmap (Matthew Auld) - drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 (Mario Limonciello) - drm/amd/display: Protect FPU in dml2_init()/dml21_init() (Huacai Chen) - drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() (Tom Chung) - drm/amdgpu: immediately use GTT for new allocations (Christian K?nig) - drm/i915/gvt: fix unterminated-string-initialization warning (Jani Nikula) - drm/xe: Fix an out-of-bounds shift when invalidating TLB (Thomas Hellstr?m) - drm/sti: remove duplicate object names (Rolf Eike Beer) - drm/imagination: take paired job reference (Brendan King) - drm/imagination: fix firmware memory leaks (Brendan King) - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge) - drm/amdgpu/dma_buf: fix page_link check (Matthew Auld) - drm/amdgpu/mes11: optimize MES pipe FW version fetching (Alex Deucher) - drm/amd/display: Protect FPU in dml21_copy() (Huacai Chen) - drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() (Huacai Chen) - drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 (Mario Limonciello) - drm/xe: Use local fence in error path of xe_migrate_clear (Matthew Brost) - drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed (Ankit Nautiyal) - drm/amdgpu/mes12: optimize MES pipe FW version fetching (Alex Deucher) - drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero (Denis Arefev) - drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero (Denis Arefev) - drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero (Denis Arefev) - drm/amd/pm/smu11: Prevent division by zero (Denis Arefev) - drm/amd/pm/powerplay: Prevent division by zero (Denis Arefev) - drm/amd/pm: Prevent division by zero (Denis Arefev) - drm/amd/display: Increase vblank offdelay for PSR panels (Leo Li) - drm/amd/display: Actually do immediate vblank disable (Leo Li) - drm/amd: Handle being compiled without SI or CIK support better (Mario Limonciello) - drm/amd/display: prevent hang on link training fail (Brendan Tam) - drm/amdgpu: Prefer shadow rom when available (Lijo Lazar) - drm/msm/a6xx: Fix stale rpmh votes from GPU (Akhil P Oommen) - drm/msm/dsi: Add check for devm_kstrdup() (Haoxiang Li) - drm/ast: Fix ast_dp connection status (Jocelyn Falempe) - drm/repaper: fix integer overflows in repeat functions (Nikita Zhandarovich) - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (Kan Liang) - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (Kan Liang) - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (Kan Liang) - perf/x86/intel: Allow to update user space GPRs from PEBS records (Dapeng Mi) - platform/x86: amd: pmf: Fix STT limits (Mario Limonciello) - RAS/AMD/FMPM: Get masked address (Yazen Ghannam) - RAS/AMD/ATL: Include row[13] bit in row retirement (Yazen Ghannam) - scsi: ufs: exynos: Ensure consistent phy reference counts (Peter Griffin) - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (Chandrakanth Patil) - x86/boot/sev: Avoid shared GHCB page for early memory acceptance (Ard Biesheuvel) - x86/cpu/amd: Fix workaround for erratum 1054 (Sandipan Das) - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov (AMD)) - virtiofs: add filesystem context source name check (Xiangsheng Hou) - tracing: Fix filter string testing (Steven Rostedt) - string: Add load_unaligned_zeropad() code path to sized_strscpy() (Peter Collingbourne) - smb3 client: fix open hardlink on deferred close file error (Chunjie Zhu) - slab: ensure slab->obj_exts is clear in a newly allocated slab page (Suren Baghdasaryan) - selftests/mm: generate a temporary mountpoint for cgroup filesystem (Mark Brown) - riscv: Avoid fortify warning in syscall_get_arguments() (Nathan Chancellor) - Revert "smb: client: fix TCP timers deadlock after rmmod" (Kuniyuki Iwashima) - Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Kuniyuki Iwashima) - ksmbd: fix the warning from __kernel_write_iter (Namjae Jeon) - ksmbd: Prevent integer overflow in calculation of deadtime (Denis Arefev) - ksmbd: fix use-after-free in smb_break_all_levII_oplock() (Namjae Jeon) - ksmbd: Fix dangling pointer in krb_authenticate (Sean Heelan) - ovl: don't allow datadir only (Miklos Szeredi) - mm: fix apply_to_existing_page_range() (Kirill A. Shutemov) - mm: fix filemap_get_folios_contig returning batches of identical folios (Vishal Moola (Oracle)) - mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() (Baoquan He) - mm/compaction: fix bug in hugetlb handling pathway (Vishal Moola (Oracle)) - loop: LOOP_SET_FD: send uevents for partitions (Thomas Wei?schuh) - loop: properly send KOBJ_CHANGED uevent for disk device (Thomas Wei?schuh) - isofs: Prevent the use of too small fid (Edward Adam Davis) - i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo) - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (Vasiliy Kovalev) - crypto: caam/qi - Fix drv_ctx refcount bug (Herbert Xu) - cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki) - btrfs: correctly escape subvol in btrfs_show_options() (Johannes Kimmel) - Bluetooth: vhci: Avoid needless snprintf() calls (Kees Cook) - Bluetooth: l2cap: Process valid commands in too long frame (Fr?d?ric Danis) - drm/msm/a6xx+: Don't let IB_SIZE overflow (Rob Clark) - ftrace: fix incorrect hash size in register_ftrace_direct() (Menglong Dong) - i2c: atr: Fix wrong include (Andy Shevchenko) - nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng) - nfs: add missing selections of CONFIG_CRC32 (Eric Biggers) - dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() (Dan Carpenter) - drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later (Ma?ra Canal) - block: integrity: Do not call set_page_dirty_lock() (Martin K. Petersen) - asus-laptop: Fix an uninitialized variable (Denis Arefev) - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (Evgeny Pimenov) - ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16 (Peter Ujfalusi) - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (Srinivas Kandagatla) - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (Srinivas Kandagatla) - ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event (Herve Codina) - Revert "PCI: Avoid reset when disabled via sysfs" (Alex Williamson) - writeback: fix false warning in inode_to_wb() (Andreas Gruenbacher) - rust: kbuild: use pound to support GNU Make < 4.3 (Miguel Ojeda) - rust: disable clippy::needless_continue (Miguel Ojeda) - rust: kasan/kbuild: fix missing flags on first build (Miguel Ojeda) - objtool/rust: add one more noreturn Rust function for Rust 1.86.0 (Miguel Ojeda) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (Rafael J. Wysocki) - riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break (WangYuli) - riscv: KGDB: Do not inline arch_kgdb_breakpoint() (WangYuli) - kunit: qemu_configs: SH: Respect kunit cmdline (Thomas Wei?schuh) - riscv: module: Allocate PLT entries for R_RISCV_PLT32 (Samuel Holland) - riscv: module: Fix out-of-bounds relocation access (Samuel Holland) - riscv: Properly export reserved regions in /proc/iomem (Bj?rn T?pel) - riscv: Use kvmalloc_array on relocation_hashtable (Will Pierce) - net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings (Bo-Cun Chen) - net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps (Bo-Cun Chen) - net: ethernet: mtk_eth_soc: reapply mdc divider on reset (Bo-Cun Chen) - net: ti: icss-iep: Fix possible NULL pointer dereference for perout request (Meghana Malladi) - net: ti: icss-iep: Add phase offset configuration for perout signal (Meghana Malladi) - net: ti: icss-iep: Add pwidth configuration for perout signal (Meghana Malladi) - ptp: ocp: fix start time alignment in ptp_ocp_signal_set (Sagi Maimon) - net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails (Vladimir Oltean) - net: dsa: free routing table on probe failure (Vladimir Oltean) - net: dsa: clean up FDB, MDB, VLAN entries on unbind (Vladimir Oltean) - net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (Vladimir Oltean) - net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (Vladimir Oltean) - net: txgbe: fix memory leak in txgbe_probe() error path (Abdun Nihaal) - net: bridge: switchdev: do not notify new brentries as changed (Jonas Gorski) - net: b53: enable BPDU reception for management port (Jonas Gorski) - netlink: specs: rt-link: adjust mctp attribute naming (Jakub Kicinski) - netlink: specs: rt-link: add an attr layer around alt-ifname (Jakub Kicinski) - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (Abdun Nihaal) - ata: libata-sata: Save all fields from sense data descriptor (Niklas Cassel) - loop: stop using vfs_iter_{read,write} for buffered I/O (Christoph Hellwig) - loop: aio inherit the ioprio of original request (Yunlong Xing) - eth: bnxt: fix missing ring index trim on error path (Jakub Kicinski) - net: ethernet: ti: am65-cpsw: fix port_np reference counting (Michael Walle) - net: ngbe: fix memory leak in ngbe_probe() error path (Abdun Nihaal) - can: rockchip_canfd: fix broken quirks checks (Weizhao Ouyang) - net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets) - netlink: specs: ovs_vport: align with C codegen capabilities (Jakub Kicinski) - block: fix resource leak in blk_register_queue() error path (Zheng Qixing) - net: mctp: Set SOCK_RCU_FREE (Matt Johnston) - ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (Damodharam Ammepalli) - pds_core: fix memory leak in pdsc_debugfs_add_qcq() (Abdun Nihaal) - test suite: use %zu to print size_t (Matthew Wilcox (Oracle)) - smc: Fix lockdep false-positive for IPPROTO_SMC. (Kuniyuki Iwashima) - dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry (Geert Uytterhoeven) - igc: add lock preventing multiple simultaneous PTM transactions (Christopher S M Hall) - igc: cleanup PTP module if probe fails (Christopher S M Hall) - igc: handle the IGC_PTP_ENABLED flag correctly (Christopher S M Hall) - igc: move ktime snapshot into PTM retry loop (Christopher S M Hall) - igc: increase wait time before retrying PTM (Christopher S M Hall) - igc: fix PTM cycle trigger logic (Christopher S M Hall) - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Johannes Berg) - xen: fix multicall debug feature (Juergen Gross) - ipv6: add exception routes to GC list in rt6_insert_exception (Xin Long) - Bluetooth: l2cap: Check encryption key size on incoming connection (Fr?d?ric Danis) - Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter) - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (Luiz Augusto von Dentz) - RDMA/core: Silence oversized kvmalloc() warning (Shay Drory) - ASoC: cs42l43: Reset clamp override on jack removal (Charles Keepax) - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (Kailang Yang) - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (Takashi Iwai) - ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA (Jaroslav Kysela) - ALSA: hda/cirrus_scodec_test: Don't select dependencies (Richard Fitzgerald) - RDMA/hns: Fix wrong maximum DMA segment size (Chengchang Tang) - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (Yue Haibing) - ovl: remove unused forward declaration (Giuseppe Scrivano) - crypto: tegra - Fix IV usage for AES ECB (Akhil R) - crypto: tegra - Do not use fixed size buffers (Akhil R) - crypto: tegra - remove redundant error check on ret (Colin Ian King) - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (Henry Martin) - ASoC: dwc: always enable/disable i2s irqs (Brady Norander) - md/md-bitmap: fix stats collection for external bitmaps (Zheng Qixing) - md/raid10: fix missing discard IO accounting (Yu Kuai) - scsi: iscsi: Fix missing scsi_host_put() in error path (Miaoqian Lin) - wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal) - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel) - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (Remi Pommarel) - wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal) - scsi: hisi_sas: Enable force phy when SATA disk directly connected (Xingui Yang) - aarch64: increase DEFAULT_CRASH_KERNEL_LOW_SIZE for kdump (Brian Maly) [Orabug: 37446372] - vhost-scsi: Fix vhost_scsi_send_status() (Dongli Zhang) [Orabug: 37840543] - vhost-scsi: Fix vhost_scsi_send_bad_target() (Dongli Zhang) [Orabug: 37840543] - vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840543] - vhost-scsi: Reduce response iov mem use (Mike Christie) [Orabug: 37840543] - vhost-scsi: Allocate iov_iter used for unaligned copies when needed (Mike Christie) [Orabug: 37840543] - vhost-scsi: Stop duplicating se_cmd fields (Mike Christie) [Orabug: 37840543] - vhost-scsi: Dynamically allocate scatterlists (Mike Christie) [Orabug: 37840543] - vhost-scsi: Return queue full for page alloc failures during copy (Mike Christie) [Orabug: 37840543] - vhost-scsi: Add better resource allocation failure handling (Mike Christie) [Orabug: 37840543] - vhost-scsi: Allocate T10 PI structs only when enabled (Mike Christie) [Orabug: 37840543] - vhost-scsi: Reduce mem use by moving upages to per queue (Mike Christie) [Orabug: 37840543] - Revert "vhost-scsi: protect vq->log_base with vq->mutex" (Mike Christie) [Orabug: 37840543] - Revert "vhost_scsi: log write descriptors" (Mike Christie) [Orabug: 37840543] - scsi: mpi3mr: Event processing debug improvement (Ranjan Kumar) [Orabug: 37878021] - scsi: mpi3mr: Add level check to control event logging (Ranjan Kumar) [Orabug: 37878021] - scsi: mpi3mr: Reset the pending interrupt flag (Ranjan Kumar) [Orabug: 37878021] - scsi: mpi3mr: Fix pending I/O counter (Ranjan Kumar) [Orabug: 37878021] [6.12.0-2.24.1.el9uek] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800727] - LTS version: v6.12.24 (Jack Vogel) - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang) - s390/cpumf: Fix double free on error in cpumf_pmu_event_init() (Thomas Richter) - Bluetooth: hci_uart: Fix another race during initialization (Arseniy Krasnov) - media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline (Arnd Bergmann) - kbuild: Add '-fno-builtin-wcslen' (Nathan Chancellor) - libbpf: Prevent compiler warnings/errors (Eder Zulian) - x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() (Myrrh Periwinkle) - nfsd: don't ignore the return code of svc_proc_register() (Jeff Layton) - NFSD: Fix CB_GETATTR status fix (Chuck Lever) - NFSD: fix decoding in nfs4_xdr_dec_cb_getattr (Olga Kornievskaia) - ACPI: platform-profile: Fix CFI violation when accessing sysfs files (Nathan Chancellor) - iommufd: Fail replace if device has not been attached (Yi Liu) - iommufd: Make attach_handle generic than fault specific (Nicolin Chen) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Douglas Anderson) - thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold (N?colas F. R. A. Prado) - thermal/drivers/mediatek/lvts: Disable monitor mode during suspend (N?colas F. R. A. Prado) - selftests: mptcp: fix incorrect fd checks in main_loop (Cong Liu) - selftests: mptcp: close fd_in before returning in main_loop (Geliang Tang) - sched_ext: create_dsq: Return -EEXIST on duplicate request (Jake Hillion) - s390: Fix linker error when -no-pie option is unavailable (Sumanth Korikkar) - s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (David Hildenbrand) - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Niklas Schnelle) - ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() (Steven Rostedt) - pinctrl: samsung: add support for eint_fltcon_offset (Peter Griffin) - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (Stephan Gerhold) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (Stefan Eichenberger) - PCI: Fix wrong length of devres array (Philipp Stanner) - PCI: Fix reference leak in pci_register_host_bridge() (Ma Ke) - PCI: Fix reference leak in pci_alloc_child_bus() (Ma Ke) - PCI: pciehp: Avoid unnecessary device replacement check (Lukas Wunner) - PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4 (Siddharth Vadapalli) - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (Stanimir Varbanov) - of/irq: Fix device node refcount leakages in of_irq_init() (Zijun Hu) - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() (Zijun Hu) - of/irq: Fix device node refcount leakages in of_irq_count() (Zijun Hu) - of/irq: Fix device node refcount leakage in API of_irq_parse_raw() (Zijun Hu) - of/irq: Fix device node refcount leakage in API of_irq_parse_one() (Zijun Hu) - ntb: use 64-bit arithmetic for the MSI doorbell mask (Fedor Pchelkin) - net: mana: Switch to page pool for jumbo frames (Haiyang Zhang) - misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error (Kunihiko Hayashi) - selftests/landlock: Add a new test for setuid() (Micka?l Sala?n) - selftests/landlock: Split signal_scoping_threads tests (Micka?l Sala?n) - landlock: Prepare to add second errata (Micka?l Sala?n) - landlock: Always allow signals between threads of the same process (Micka?l Sala?n) - landlock: Add erratum for TCP fix (Micka?l Sala?n) - landlock: Add the errata interface (Micka?l Sala?n) - landlock: Move code to ease future backports (Micka?l Sala?n) - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (Sean Christopherson) - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (Sean Christopherson) - KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests (Amit Machhiwal) - gve: handle overflow when reporting TX consumed descriptors (Joshua Washington) - gpio: zynq: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - gpio: tegra186: fix resource handling in ACPI probe path (Guixin Liu) - ftrace: Properly merge notrace hashes (Andy Chiu) - ftrace: Add cond_resched() to ftrace_graph_set_hash() (zhoumin) - dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' (Krzysztof Kozlowski) - dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' (Krzysztof Kozlowski) - dm-verity: fix prefetch-vs-suspend race (Mikulas Patocka) - dm-integrity: fix non-constant-time tag verification (Jo Van Bulck) - dm-integrity: set ti->error on memory allocation failure (Mikulas Patocka) - dm-ebs: fix prefetch-vs-suspend race (Mikulas Patocka) - dlm: fix error if active rsb is not hashed (Alexander Aring) - dlm: fix error if inactive rsb is not hashed (Alexander Aring) - crypto: ccp - Fix uAPI definitions of PSP errors (Dionna Glaze) - crypto: ccp - Fix check for the primary ASP device (Tom Lendacky) - clk: qcom: gdsc: Set retain_ff before moving to HW CTRL (Taniya Das) - clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code (Bryan O'Donoghue) - clk: qcom: gdsc: Release pm subdomains in reverse add order (Bryan O'Donoghue) - clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks (Ajit Pandey) - clk: renesas: r9a07g043: Fix HP clock source for RZ/Five (Lad Prabhakar) - cifs: Ensure that all non-client-specific reparse points are processed by the server (Pali Roh?r) - cifs: fix integer overflow in match_server() (Roman Smirnov) - cifs: avoid NULL pointer dereference in dbg call (Alexandra Diupina) - CIFS: Propagate min offload along with other parameters from primary to secondary channels. (Aman) - thermal/drivers/rockchip: Add missing rk3328 mapping entry (Trevor Woerner) - tracing: Do not add length to print format in synthetic events (Steven Rostedt) - tracing: fprobe events: Fix possible UAF on modules (Masami Hiramatsu (Google)) - x86/xen: fix balloon target initialization for PVH dom0 (Roger Pau Monne) - sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Ca?uelo Navarro) - mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper (Jinjiang Tu) - mm/hugetlb: move hugetlb_sysctl_init() to the __init section (Marc Herbert) - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (Shuai Xue) - mm/userfaultfd: fix release hang over concurrent GUP (Peter Xu) - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock (Mathieu Desnoyers) - mm/mremap: correctly handle partial mremap() of VMA starting at 0 (Lorenzo Stoakes) - mm: fix lazy mmu docs and usage (Ryan Roberts) - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) - mm/rmap: reject hugetlb folios in folio_make_device_exclusive() (David Hildenbrand) - mm/damon/ops: have damon_get_folio return folio even for tail pages (Usama Arif) - sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes (Ryan Roberts) - sparc/mm: disable preemption in lazy mmu mode (Ryan Roberts) - iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs (Sean Christopherson) - iommu/vt-d: Fix possible circular locking dependency (Lu Baolu) - iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes (Sean Christopherson) - iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled (Sean Christopherson) - iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() (Nicolin Chen) - iommufd: Fix uninitialized rc in iommufd_access_rw() (Nicolin Chen) - btrfs: zoned: fix zone finishing with missing devices (Johannes Thumshirn) - btrfs: zoned: fix zone activation with missing devices (Johannes Thumshirn) - btrfs: tests: fix chunk map leak after failure to add it to the tree (Filipe Manana) - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (Filipe Manana) - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (Herve Codina) - arm64: dts: exynos: gs101: disable pinctrl_gsacore node (Peter Griffin) - arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string (Chen-Yu Tsai) - arm64: mm: Correct the update of max_pfn (Zhenhua Huang) - arm64: tegra: Remove the Orin NX/Nano suspend key (Ninad Malwade) - arm64: mops: Do not dereference src reg for a set operation (Keir Fraser) - mtd: rawnand: Add status chack in r852_ready() (Wentao Liang) - mtd: inftlcore: Add error check for inftl_read_oob() (Wentao Liang) - mptcp: only inc MPJoinAckHMacFailure for HMAC failures (Matthieu Baerts (NGI0)) - mptcp: fix NULL pointer in can_accept_new_subflow (Gang Yan) - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (T Pratham) - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() (Boqun Feng) - mailbox: tegra-hsp: Define dimensioning masks in SoC data (Kartik Rajput) - mfd: ene-kb3930: Fix a potential NULL pointer dereference (Chenyuan Yang) - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (Abel Vesa) - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (Abel Vesa) - jbd2: remove wrong sb->s_sequence check (Jan Kara) - i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh) - i3c: master: svc: Use readsb helper for reading MDB (Stanley Chu) - ima: limit the number of ToMToU integrity violations (Mimi Zohar) - ima: limit the number of open-writers integrity violations (Mimi Zohar) - smb311 client: fix missing tcon check when mounting with linux/posix extensions (Steve French) - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (Chenyuan Yang) - svcrdma: do not unregister device for listeners (Olga Kornievskaia) - tpm: do not start chip while suspended (Thadeu Lima de Souza Cascardo) - udf: Fix inode_getblk() return value (Jan Kara) - vdpa/mlx5: Fix oversized null mkey longer than 32bit (Si-Wei Liu) - f2fs: fix to avoid atomicity corruption of atomic file (Yeongjin Gil) - ext4: fix off-by-one error in do_split (Artem Sadovnikov) - bus: mhi: host: Fix race between unprepare and queue_buf (Jeff Hugo) - accel/ivpu: Fix deadlock in ivpu_ms_cleanup() (Jacek Lawrynowicz) - accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() (Jacek Lawrynowicz) - ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx (Sharan Kumar M) - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (Alexey Klimov) - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. (Srinivas Kandagatla) - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. (Srinivas Kandagatla) - ASoC: q6apm-dai: make use of q6apm_get_hw_pointer (Srinivas Kandagatla) - ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs (Srinivas Kandagatla) - ASoC: q6apm: add q6apm_get_hw_pointer helper (Srinivas Kandagatla) - ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() (Haoxiang Li) - io_uring/kbuf: reject zero sized provided buffers (Jens Axboe) - io_uring/net: fix io_req_post_cqe abuse by send bundle (Pavel Begunkov) - io_uring/net: fix accept multishot handling (Pavel Begunkov) - wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO (Ming Yen Hsieh) - wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present (Ming Yen Hsieh) - wifi: mt76: mt7925: fix country count limitation for CLC (Ming Yen Hsieh) - wifi: mt76: mt7925: ensure wow pattern command align fw format (Ming Yen Hsieh) - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (Gavrilov Ilia) - wifi: mt76: Add check for devm_kstrdup() (Haoxiang Li) - clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup (Alexandre Torgue) - mtd: Replace kcalloc() with devm_kcalloc() (Jiasheng Jiang) - net: dsa: mv88e6xxx: fix internal PHYs for 6320 family (Marek Beh?n) - net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family (Marek Beh?n) - mtd: Add check for devm_kcalloc() (Jiasheng Jiang) - mptcp: sockopt: fix getting freebind & transparent (Matthieu Baerts (NGI0)) - mptcp: sockopt: fix getting IPV6_V6ONLY (Matthieu Baerts (NGI0)) - media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster (Jackson.lee) - media: chips-media: wave5: Fix a hang after seeking (Jackson.lee) - media: chips-media: wave5: Avoid race condition in the interrupt handler (Jackson.lee) - media: chips-media: wave5: Fix gray color on screen (Jackson.lee) - media: i2c: imx214: Rectify probe error handling related to runtime PM (Sakari Ailus) - media: i2c: imx219: Rectify runtime PM handling in probe and remove (Sakari Ailus) - media: i2c: imx319: Rectify runtime PM handling probe and remove (Sakari Ailus) - media: venus: hfi_parser: refactor hfi packet parsing logic (Vikash Garodia) - media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia) - media: nuvoton: Fix reference handling of ece_pdev (Ricardo Ribalda) - media: nuvoton: Fix reference handling of ece_node (Ricardo Ribalda) - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (Sakari Ailus) - media: i2c: ov7251: Set enable GPIO low in probe (Sakari Ailus) - media: i2c: ccs: Set the device's runtime PM status correctly in probe (Sakari Ailus) - media: i2c: ccs: Set the device's runtime PM status correctly in remove (Sakari Ailus) - Revert "media: imx214: Fix the error handling in imx214_probe()" (Sakari Ailus) - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (Karina Yankevich) - media: imx219: Adjust PLL settings based on the number of MIPI lanes (Dave Stevenson) - media: platform: stm32: Add check for clk_enable() (Jiasheng Jiang) - media: visl: Fix ERANGE error when setting enum controls (Nicolas Dufresne) - media: hi556: Fix memory leak (on error) in hi556_check_hwcfg() (Hans de Goede) - media: streamzap: prevent processing IR data on URB failure (Murad Masimov) - accel/ivpu: Fix PM related deadlocks in MS IOCTLs (Jacek Lawrynowicz) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (Jonathan McDowell) - mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu) - spi: cadence-qspi: Fix probe on AM62A LP SK (Miquel Raynal) - KVM: arm64: Tear down vGIC on failed vCPU creation (Will Deacon) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Douglas Anderson) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB (Douglas Anderson) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (Douglas Anderson) - arm64: cputype: Add MIDR_CORTEX_A76AE (Douglas Anderson) - xenfs/xensyms: respect hypervisor's "next" indication (Jan Beulich) - media: rockchip: rga: fix rga offset lookup (John Keeping) - media: siano: Fix error handling in smsdvb_module_init() (Yuan Can) - media: vim2m: print device name after registering device (Matthew Majewski) - media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia) - media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia) - media: intel/ipu6: set the dev_parent of video device to pdev (Bingbu Cao) - media: mgb4: Fix switched CMT frequency range "magic values" sets (Martin T?ma) - media: i2c: adv748x: Fix test pattern selection mask (Niklas S?derlund) - media: mgb4: Fix CMT registers update logic (Martin T?ma) - media: uapi: rkisp1-config: Fix typo in extensible params example (Niklas S?derlund) - media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning (Arnd Bergmann) - media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (Jiasheng Jiang) - dt-bindings: media: st,stmipid02: correct lane-polarities maxItems (Alain Volmat) - auxdisplay: hd44780: Fix an API misuse in hd44780.c (Haoxiang Li) - HID: pidff: Fix set_device_control() (Tomasz Paku?a) - HID: pidff: Fix 90 degrees direction name North -> East (Tomasz Paku?a) - HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff (Tomasz Paku?a) - HID: pidff: Clamp effect playback LOOP_COUNT value (Tomasz Paku?a) - HID: pidff: Rename two functions to align them with naming convention (Tomasz Paku?a) - HID: pidff: Remove redundant call to pidff_find_special_keys (Tomasz Paku?a) - HID: pidff: Support device error response from PID_BLOCK_LOAD (Tomasz Paku?a) - HID: pidff: Comment and code style update (Tomasz Paku?a) - HID: hid-universal-pidff: Add Asetek wheelbases support (Tomasz Paku?a) - HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX (Tomasz Paku?a) - HID: pidff: Factor out pool report fetch and remove excess declaration (Tomasz Paku?a) - HID: pidff: Use macros instead of hardcoded min/max values for shorts (Tomasz Paku?a) - HID: pidff: Simplify pidff_rescale_signed (Tomasz Paku?a) - HID: pidff: Move all hid-pidff definitions to a dedicated header (Tomasz Paku?a) - HID: pidff: Factor out code for setting gain (Tomasz Paku?a) - HID: pidff: Rescale time values to match field units (Tomasz Paku?a) - HID: pidff: Define values used in pidff_find_special_fields (Tomasz Paku?a) - HID: pidff: Simplify pidff_upload_effect function (Tomasz Paku?a) - HID: pidff: Completely rework and fix pidff_reset function (Tomasz Paku?a) - HID: pidff: Stop all effects before enabling actuators (Tomasz Paku?a) - HID: pidff: Clamp PERIODIC effect period to device's logical range (Tomasz Paku?a) - s390/pci: Fix s390_mmio_read/write syscall page fault handling (Niklas Schnelle) - ext4: don't treat fhandle lookup of ea_inode as FS corruption (Jann Horn) - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags (Willem de Bruijn) - erofs: set error to bio if file-backed IO fails (Sheng Yong) - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (Uwe Kleine-K?nig) - pwm: rcar: Improve register calculation (Uwe Kleine-K?nig) - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf) - tpm: End any active auth session before shutdown (Jonathan McDowell) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (Jonathan McDowell) - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (Ayush Jain) - tracing: probe-events: Add comments about entry data storing code (Masami Hiramatsu (Google)) - fbdev: omapfb: Add 'plane' value check (Leonid Arapov) - drm/amdgpu: grab an additional reference on the gang fence v2 (Christian K?nig) - drm/amdgpu: Fix the race condition for draining retry fault (Emily Deng) - PCI: Enable Configuration RRS SV early (Bjorn Helgaas) - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (Wentao Liang) - PCI: Add Rockchip Vendor ID (Shawn Lin) - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (AngeloGioacchino Del Regno) - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (AngeloGioacchino Del Regno) - drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds (Tvrtko Ursulin) - drm/amdkfd: debugfs hang_hws skip GPU with MES (Philip Yang) - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (Philip Yang) - drm/amdkfd: Fix mode1 reset crash issue (Philip Yang) - drm/amdkfd: clamp queue size to minimum (David Yat Sin) - drivers: base: devres: Allow to release group on device release (Lucas De Marchi) - drm/amd/display: stop DML2 from removing pipes based on planes (Mike Katsnelson) - drm/bridge: panel: forbid initializing a panel with unknown connector type (Luca Ceresoli) - drm/debugfs: fix printk format for bridge index (Luca Ceresoli) - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (Andrew Wyatt) - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (Andrew Wyatt) - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (Andrew Wyatt) - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (Andrew Wyatt) - drm: panel-orientation-quirks: Add support for AYANEO 2S (Andrew Wyatt) - drm/amdgpu: Unlocked unmap only clear page table leaves (Philip Yang) - drm/amd/display: Update Cursor request mode to the beginning prefetch always (Zhikai Zhai) - drm/xe/vf: Don't try to trigger a full GT reset if VF (Michal Wajdeczko) - drm/xe/bmg: Add new PCI IDs (Shekhar Chauhan) - drm: allow encoder mode_set even when connectors change for crtc (Abhinav Kumar) - Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE (Pedro Nishiyama) - Bluetooth: Add quirk for broken READ_VOICE_SETTING (Pedro Nishiyama) - Bluetooth: qca: simplify WCN399x NVM loading (Dmitry Baryshkov) - Bluetooth: hci_qca: use the power sequencer for wcn6750 (Janaki Ramaiah Thota) - Bluetooth: btusb: Add 2 HWIDs for MT7922 (Jiande Lu) - Bluetooth: hci_uart: fix race during initialization (Arseniy Krasnov) - Bluetooth: btintel_pcie: Add device id of Whale Peak (Kiran K) - tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER (Gabriele Paoloni) - net: vlan: don't propagate flags on open (Stanislav Fomichev) - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (Icenowy Zheng) - btrfs: harden block_group::bg_list against list_del() races (Boris Burkov) - ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI (Huacai Chen) - scsi: st: Fix array overflow in st_setup() (Kai M?kisara) - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (Philipp Hahn) - ext4: ignore xattrs past end (Bhupesh) - Revert "f2fs: rebuild nat_bits during umount" (Chao Yu) - ext4: protect ext4_release_dquot against freezing (Ojaswin Mujoo) - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (Daniel Kral) - net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module (Martin Schiller) - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() (Chao Yu) - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (Manish Dharanenthiran) - net: sfp: add quirk for 2.5G OEM BX SFP (Birger Koblitz) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (Niklas Cassel) - jfs: add sanity check for agwidth in dbMount (Edward Adam Davis) - jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis) - fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb) - fs/jfs: cast inactags to s64 to prevent potential overflow (Rand Deeb) - jfs: Fix uninit-value access of imap allocated in the diMount() function (Zhongqiu Han) - can: flexcan: add NXP S32G2/S32G3 SoC support (Ciprian Marian Costea) - can: flexcan: Add quirk to handle separate interrupt lines for mailboxes (Ciprian Marian Costea) - page_pool: avoid infinite loop to schedule delayed worker (Jason Xing) - net: usb: asix_devices: add FiberGecko DeviceID (Max Schulze) - scsi: target: spc: Fix RSOC parameter data header size (Chaohai Chen) - wifi: mac80211: ensure sdata->work is canceled before initialized. (Miri Korenblit) - wifi: mac80211: add strict mode disabling workarounds (Johannes Berg) - f2fs: don't retry IO for corrupted data scenario (Chao Yu) - net: page_pool: don't cast mp param to devmem (Pavel Begunkov) - ata: libata-core: Add 'external' to the libata.force kernel parameter (Niklas Cassel) - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (P Praneesh) - wifi: ath12k: fix memory leak in ath12k_pci_remove() (Miaoqing Pan) - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (Miaoqing Pan) - wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues (P Praneesh) - platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig (Hans de Goede) - ASoC: amd: yc: update quirk data for new Lenovo model (Syed Saba kareem) - ASoC: amd: Add DMI quirk for ACP6X mic support (keenplify) - ALSA: usb-audio: Fix CME quirk for UF series keyboards (Ricard Wanderlof) - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (Kaustabh Chakraborty) - media: s5p-mfc: Corrected NV12M/NV21M plane-sizes (Aakarsh Jain) - media: uvcvideo: Add quirk for Actions UVC05 (Ricardo Ribalda) - ASoC: fsl_audmix: register card device depends on 'dais' property (Shengjiu Wang) - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (Maxim Mikityanskiy) - ALSA: hda: intel: Fix Optimus when GPU has no sound (Maxim Mikityanskiy) - ASoC: amd: ps: use macro for ACP6.3 pci revision id (Vijendar Mukunda) - HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Paku?a) - HID: pidff: Add PERIODIC_SINE_ONLY quirk (Tomasz Paku?a) - HID: Add hid-universal-pidff driver and supported device ids (Tomasz Paku?a) - HID: pidff: Add FIX_WHEEL_DIRECTION quirk (Tomasz Paku?a) - HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol (Tomasz Paku?a) - HID: pidff: Add PERMISSIVE_CONTROL quirk (Tomasz Paku?a) - HID: pidff: Add MISSING_PBO quirk and its detection (Tomasz Paku?a) - HID: pidff: Add MISSING_DELAY quirk and its detection (Tomasz Paku?a) - HID: pidff: Do not send effect envelope if it's empty (Tomasz Paku?a) - HID: pidff: Convert infinite length from Linux API to PID standard (Tomasz Paku?a) - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (Zhang Heng) - platform/chrome: cros_ec_lpc: Match on Framework ACPI device (Daniel Schaefer) - zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault (Ingo Molnar) - xen/mcelog: Add __nonstring annotations for unterminated strings (Kees Cook) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (Douglas Anderson) - Flush console log from kernel_power_off() (Paul E. McKenney) - PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() (Lizhi Xu) - perf/dwc_pcie: fix some unreleased resources (Yunhui Cui) - perf: arm_pmu: Don't disable counter in armpmu_add() (Mark Rutland) - x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine (Max Grobecker) - x86/ia32: Leave NULL selector values 0~3 unchanged (Xin Li (Intel)) - x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (Uros Bizjak) - x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW (Matthew Wilcox (Oracle)) - pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han) - umount: Allow superblock owners to force umount (Trond Myklebust) - fs: consistently deref the files table with rcu_dereference_raw() (Mateusz Guzik) - iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (Louis-Alexis Eyraud) - iommu/exynos: Fix suspend/resume with IDENTITY domain (Marek Szyprowski) - nft_set_pipapo: fix incorrect avx2 match of 5th field octet (Florian Westphal) - net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte) - ipv6: Align behavior across nexthops during path selection (Ido Schimmel) - net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (Vladimir Oltean) - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (Vladimir Oltean) - smb: client: fix UAF in decryption with multichannel (Paulo Alcantara) - net_sched: sch_sfq: move the limit validation (Octavian Purdila) - net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) - nvmet-fcloop: swap list_add_tail arguments (Daniel Wagner) - drm/i915/huc: Fix fence not released on early probe errors (Janusz Krzysztofik) - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (Wentao Liang) - net: libwx: handle page_pool_dev_alloc_pages error (Chenyuan Yang) - drm/tests: probe-helper: Fix drm_display_mode memory leak (Maxime Ripard) - drm/tests: modes: Fix drm_display_mode memory leak (Maxime Ripard) - drm/tests: cmdline: Fix drm_display_mode memory leak (Maxime Ripard) - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (Maxime Ripard) - drm/tests: modeset: Fix drm_display_mode memory leak (Maxime Ripard) - net: ethtool: Don't call .cleanup_data when prepare_data fails (Maxime Chevallier) - tc: Ensure we have enough buffer space when sending filter netlink notifications (Toke H?iland-J?rgensen) - octeontx2-pf: qos: fix VF root node parent queue index (Hariprasad Kelam) - net: tls: explicitly disallow disconnect (Jakub Kicinski) - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) - tipc: fix memory leak in tipc_link_xmit (Tung Nguyen) - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (Josh Poimboeuf) - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin) - drm/xe/hw_engine: define sysfs_ops on all directories (Tejas Upadhyay) - x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI (Petr Van?k) - drm/i915: Disable RPG during live selftest (Badal Nilawar) - ublk: fix handling recovery & reissue in ublk_abort_queue() (Ming Lei) - ublk: refactor recovery configuration flag helpers (Uday Shankar) - selftests/futex: futex_waitv wouldblock test should fail (Edward Liaw) - gpiolib: of: Fix the choice for Ingenic NAND quirk (Andy Shevchenko) - cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set (Waiman Long) - cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation (Waiman Long) - cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in update_cpumasks_hier()" (Waiman Long) - cgroup/cpuset: Fix error handling in remote_partition_disable() (Waiman Long) - cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() (Waiman Long) - ASoC: Intel: adl: add 2xrt1316 audio configuration (Bard Liao) From el-errata at oss.oracle.com Mon Jun 16 10:06:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 16 Jun 2025 03:06:03 -0700 Subject: [El-errata] ELBA-2025-8871 Oracle Linux 8 tigervnc bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8871 http://linux.oracle.com/errata/ELBA-2025-8871.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.15.0-5.el8_10.x86_64.rpm tigervnc-icons-1.15.0-5.el8_10.noarch.rpm tigervnc-license-1.15.0-5.el8_10.noarch.rpm tigervnc-selinux-1.15.0-5.el8_10.noarch.rpm tigervnc-server-1.15.0-5.el8_10.x86_64.rpm tigervnc-server-minimal-1.15.0-5.el8_10.x86_64.rpm tigervnc-server-module-1.15.0-5.el8_10.x86_64.rpm aarch64: tigervnc-1.15.0-5.el8_10.aarch64.rpm tigervnc-icons-1.15.0-5.el8_10.noarch.rpm tigervnc-license-1.15.0-5.el8_10.noarch.rpm tigervnc-selinux-1.15.0-5.el8_10.noarch.rpm tigervnc-server-1.15.0-5.el8_10.aarch64.rpm tigervnc-server-minimal-1.15.0-5.el8_10.aarch64.rpm tigervnc-server-module-1.15.0-5.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.15.0-5.el8_10.src.rpm Description of changes: [1.15.0-5] - Fix broken authentication with x0vncserver Resolves: RHEL-93729 [1.15.0-4] - Add option "ApproveLoggedUserOnly" allowing to connect only the user owning the running session Resolves: RHEL-91104 [1.15.0-3] - Only warn about 8 characters limit, but let it proceed Resolves: RHEL-89430 [1.15.0-2] - Fix inetd mode not working Resolves: RHEL-86513 From el-errata at oss.oracle.com Mon Jun 16 10:06:16 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 16 Jun 2025 03:06:16 -0700 Subject: [El-errata] ELBA-2025-20373 Oracle Linux 8 oVirt 4.5 ovirt-engine bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20373 http://linux.oracle.com/errata/ELBA-2025-20373.html The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network: x86_64: ovirt-engine-4.5.5-1.47.el8.noarch.rpm ovirt-engine-backend-4.5.5-1.47.el8.noarch.rpm ovirt-engine-dbscripts-4.5.5-1.47.el8.noarch.rpm ovirt-engine-health-check-bundler-4.5.5-1.47.el8.noarch.rpm ovirt-engine-restapi-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-base-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.5-1.47.el8.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.5-1.47.el8.noarch.rpm ovirt-engine-tools-4.5.5-1.47.el8.noarch.rpm ovirt-engine-tools-backup-4.5.5-1.47.el8.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.5-1.47.el8.noarch.rpm ovirt-engine-webadmin-portal-4.5.5-1.47.el8.noarch.rpm ovirt-engine-websocket-proxy-4.5.5-1.47.el8.noarch.rpm python3-ovirt-engine-lib-4.5.5-1.47.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ovirt-engine-4.5.5-1.47.el8.src.rpm Description of changes: [4.5.5-1.47] - Fix PostgreSQL function GetNvramData From el-errata at oss.oracle.com Mon Jun 16 10:06:10 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 16 Jun 2025 03:06:10 -0700 Subject: [El-errata] ELSA-2025-8817 Important: Oracle Linux 9 .NET 9.0 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-8817 http://linux.oracle.com/errata/ELSA-2025-8817.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-apphost-pack-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-host-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-hostfxr-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-runtime-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-sdk-9.0-9.0.107-1.0.1.el9_6.x86_64.rpm dotnet-sdk-aot-9.0-9.0.107-1.0.1.el9_6.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.107-1.0.1.el9_6.x86_64.rpm dotnet-targeting-pack-9.0-9.0.6-1.0.1.el9_6.x86_64.rpm dotnet-templates-9.0-9.0.107-1.0.1.el9_6.x86_64.rpm netstandard-targeting-pack-2.1-9.0.107-1.0.1.el9_6.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.107-1.0.1.el9_6.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-apphost-pack-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-host-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-hostfxr-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-runtime-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-sdk-9.0-9.0.107-1.0.1.el9_6.aarch64.rpm dotnet-sdk-aot-9.0-9.0.107-1.0.1.el9_6.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.107-1.0.1.el9_6.aarch64.rpm dotnet-targeting-pack-9.0-9.0.6-1.0.1.el9_6.aarch64.rpm dotnet-templates-9.0-9.0.107-1.0.1.el9_6.aarch64.rpm netstandard-targeting-pack-2.1-9.0.107-1.0.1.el9_6.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.107-1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//dotnet9.0-9.0.107-1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-30399 Description of changes: [9.0.107-1.0.1] - Add support for Oracle Linux [9.0.107-1] - Update to .NET SDK 9.0.107 and Runtime 9.0.6 - Resolves: RHEL-94424 From el-errata at oss.oracle.com Wed Jun 18 03:51:48 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:51:48 -0700 Subject: [El-errata] ELEA-2025-9103 Oracle Linux 8 nodejs:18 bug fix and enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2025-9103 http://linux.oracle.com/errata/ELEA-2025-9103.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-18.20.8-1.module+el8.10.0+90616+d5957e10.x86_64.rpm nodejs-devel-18.20.8-1.module+el8.10.0+90616+d5957e10.x86_64.rpm nodejs-docs-18.20.8-1.module+el8.10.0+90616+d5957e10.noarch.rpm nodejs-full-i18n-18.20.8-1.module+el8.10.0+90616+d5957e10.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90616+d5957e10.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90616+d5957e10.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90616+d5957e10.noarch.rpm npm-10.8.2-1.18.20.8.1.module+el8.10.0+90616+d5957e10.x86_64.rpm aarch64: nodejs-18.20.8-1.module+el8.10.0+90616+d5957e10.aarch64.rpm nodejs-devel-18.20.8-1.module+el8.10.0+90616+d5957e10.aarch64.rpm nodejs-docs-18.20.8-1.module+el8.10.0+90616+d5957e10.noarch.rpm nodejs-full-i18n-18.20.8-1.module+el8.10.0+90616+d5957e10.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90616+d5957e10.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90616+d5957e10.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90616+d5957e10.noarch.rpm npm-10.8.2-1.18.20.8.1.module+el8.10.0+90616+d5957e10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//nodejs-18.20.8-1.module+el8.10.0+90616+d5957e10.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.10.0+90616+d5957e10.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.10.0+90616+d5957e10.src.rpm Description of changes: nodejs [1:18.20.8-1] - Update to version 18.20.8 Resolves: RHEL-83531 RHEL-89597 nodejs-nodemon nodejs-packaging From el-errata at oss.oracle.com Wed Jun 18 03:51:49 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:51:49 -0700 Subject: [El-errata] ELSA-2025-9060 Moderate: Oracle Linux 8 git-lfs security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9060 http://linux.oracle.com/errata/ELSA-2025-9060.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: git-lfs-3.4.1-5.el8_10.x86_64.rpm aarch64: git-lfs-3.4.1-5.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//git-lfs-3.4.1-5.el8_10.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [3.4.1-5] - Rebuild with new Golang - Resolves: RHEL-89264 From el-errata at oss.oracle.com Wed Jun 18 03:51:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:51:51 -0700 Subject: [El-errata] ELSA-2025-9119 Important: Oracle Linux 8 libvpx security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9119 http://linux.oracle.com/errata/ELSA-2025-9119.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libvpx-1.7.0-12.el8_10.i686.rpm libvpx-1.7.0-12.el8_10.x86_64.rpm libvpx-devel-1.7.0-12.el8_10.i686.rpm libvpx-devel-1.7.0-12.el8_10.x86_64.rpm aarch64: libvpx-1.7.0-12.el8_10.aarch64.rpm libvpx-devel-1.7.0-12.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libvpx-1.7.0-12.el8_10.src.rpm Related CVEs: CVE-2025-5283 Description of changes: [1.7.0-12] - Add patch for double free Resolves: RHEL-93914 From el-errata at oss.oracle.com Wed Jun 18 03:51:59 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:51:59 -0700 Subject: [El-errata] ELSA-2025-9106 Moderate: Oracle Linux 9 git-lfs security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9106 http://linux.oracle.com/errata/ELSA-2025-9106.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: git-lfs-3.6.1-2.el9_6.x86_64.rpm aarch64: git-lfs-3.6.1-2.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//git-lfs-3.6.1-2.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [3.6.1-2] - Rebuild with new Golang - Resolves: RHEL-89304 From el-errata at oss.oracle.com Wed Jun 18 03:52:00 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:00 -0700 Subject: [El-errata] ELSA-2025-9118 Important: Oracle Linux 9 libvpx security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9118 http://linux.oracle.com/errata/ELSA-2025-9118.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libvpx-1.9.0-9.el9_6.i686.rpm libvpx-1.9.0-9.el9_6.x86_64.rpm libvpx-devel-1.9.0-9.el9_6.i686.rpm libvpx-devel-1.9.0-9.el9_6.x86_64.rpm aarch64: libvpx-1.9.0-9.el9_6.aarch64.rpm libvpx-devel-1.9.0-9.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//libvpx-1.9.0-9.el9_6.src.rpm Related CVEs: CVE-2025-5283 Description of changes: [1.9.0-9] - Add patch for double free Resolves: RHEL-93908 From el-errata at oss.oracle.com Wed Jun 18 03:52:01 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:01 -0700 Subject: [El-errata] ELSA-2025-9143 Moderate: Oracle Linux 9 containernetworking-plugins security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9143 http://linux.oracle.com/errata/ELSA-2025-9143.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: containernetworking-plugins-1.6.2-2.el9_6.x86_64.rpm aarch64: containernetworking-plugins-1.6.2-2.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//containernetworking-plugins-1.6.2-2.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [1:1.6.2-2] - rebuild to fix CVE-2025-22871 containernetworking-plugins: Request smuggling due to acceptance of invalid chunked data in net/http - Resolves: RHEL-90031 From el-errata at oss.oracle.com Wed Jun 18 03:52:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:03 -0700 Subject: [El-errata] ELSA-2025-9144 Moderate: Oracle Linux 9 podman security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9144 http://linux.oracle.com/errata/ELSA-2025-9144.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: podman-5.4.0-10.0.1.el9_6.x86_64.rpm podman-docker-5.4.0-10.0.1.el9_6.noarch.rpm podman-plugins-5.4.0-10.0.1.el9_6.x86_64.rpm podman-remote-5.4.0-10.0.1.el9_6.x86_64.rpm podman-tests-5.4.0-10.0.1.el9_6.x86_64.rpm aarch64: podman-5.4.0-10.0.1.el9_6.aarch64.rpm podman-docker-5.4.0-10.0.1.el9_6.noarch.rpm podman-plugins-5.4.0-10.0.1.el9_6.aarch64.rpm podman-remote-5.4.0-10.0.1.el9_6.aarch64.rpm podman-tests-5.4.0-10.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//podman-5.4.0-10.0.1.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [5.4.0-10.0.1] - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [5:5.4.0-10] - rebuild to fix CVE-2025-22871 podman: Request smuggling due to acceptance of invalid chunked data in net/http - Resolves: RHEL-90055 From el-errata at oss.oracle.com Wed Jun 18 03:52:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:04 -0700 Subject: [El-errata] ELSA-2025-9145 Moderate: Oracle Linux 9 skopeo security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9145 http://linux.oracle.com/errata/ELSA-2025-9145.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: skopeo-1.18.1-2.el9_6.x86_64.rpm skopeo-tests-1.18.1-2.el9_6.x86_64.rpm aarch64: skopeo-1.18.1-2.el9_6.aarch64.rpm skopeo-tests-1.18.1-2.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//skopeo-1.18.1-2.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [2:1.18.1-2] - rebuild to fix CVE-2025-22871 skopeo: Request smuggling due to acceptance of invalid chunked data in net/http - Resolves: RHEL-89329 From el-errata at oss.oracle.com Wed Jun 18 03:52:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:06 -0700 Subject: [El-errata] ELSA-2025-9147 Moderate: Oracle Linux 9 buildah security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9147 http://linux.oracle.com/errata/ELSA-2025-9147.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: buildah-1.39.4-2.0.1.el9_6.x86_64.rpm buildah-tests-1.39.4-2.0.1.el9_6.x86_64.rpm aarch64: buildah-1.39.4-2.0.1.el9_6.aarch64.rpm buildah-tests-1.39.4-2.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//buildah-1.39.4-2.0.1.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [1.39.4-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.39.4-2] - rebuild to fix CVE-2025-22871 buildah: Request smuggling due to acceptance of invalid chunked data in net/http - Resolves: RHEL-89294 From el-errata at oss.oracle.com Wed Jun 18 03:52:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:07 -0700 Subject: [El-errata] ELSA-2025-9150 Moderate: Oracle Linux 9 gvisor-tap-vsock security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9150 http://linux.oracle.com/errata/ELSA-2025-9150.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gvisor-tap-vsock-0.8.5-2.el9_6.x86_64.rpm gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.x86_64.rpm aarch64: gvisor-tap-vsock-0.8.5-2.el9_6.aarch64.rpm gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//gvisor-tap-vsock-0.8.5-2.el9_6.src.rpm Related CVEs: CVE-2025-22871 Description of changes: [6:0.8.5-2] - rebuild for CVE-2025-22871 - Resolves: RHEL-90038 From el-errata at oss.oracle.com Wed Jun 18 03:52:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:52:08 -0700 Subject: [El-errata] ELSA-2025-9162 Important: Oracle Linux 9 gimp security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9162 http://linux.oracle.com/errata/ELSA-2025-9162.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gimp-2.99.8-4.el9_6.2.x86_64.rpm gimp-libs-2.99.8-4.el9_6.2.i686.rpm gimp-libs-2.99.8-4.el9_6.2.x86_64.rpm aarch64: gimp-2.99.8-4.el9_6.2.aarch64.rpm gimp-libs-2.99.8-4.el9_6.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//gimp-2.99.8-4.el9_6.2.src.rpm Related CVEs: CVE-2025-5473 CVE-2025-48797 CVE-2025-48798 Description of changes: [2:2.99.8-4.2] - fix CVE-2025-5473 (RHEL-95700) [2:2.99.8-4.1] - fix CVE-2025-48797 (RHEL-93521) - fix CVE-2025-48798 (RHEL-93522) From el-errata at oss.oracle.com Wed Jun 18 03:51:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Jun 2025 20:51:57 -0700 Subject: [El-errata] ELSA-2025-9080 Important: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9080 http://linux.oracle.com/errata/ELSA-2025-9080.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.22.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.22.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.22.1.0.1.el9_6.x86_64.rpm aarch64: kernel-headers-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm kernel-cross-headers-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.22.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.22.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-21961 CVE-2025-21963 CVE-2025-21969 CVE-2025-21979 CVE-2025-21999 CVE-2025-22126 CVE-2025-37750 Description of changes: [5.14.0-570.22.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.22.1.el9_6] - Bluetooth: L2CAP: Fix corrupted list in hci_chan_del (David Marlin) [RHEL-87890] {CVE-2025-21969} - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (David Marlin) [RHEL-87890] {CVE-2025-21969} - Revert "SUNRPC: Revert e0a912e8ddba" (Benjamin Coddington) [RHEL-94811] - mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio (Jay Shin) [RHEL-92291] - mm: fix crashes from deferred split racing folio migration (Jay Shin) [RHEL-92291] {CVE-2024-42234} - mm: memcg: fix split queue list crash when large folio migration (Jay Shin) [RHEL-92291] - proc: fix UAF in proc_get_inode() (Ian Kent) [RHEL-86808] {CVE-2025-21999} - cifs: Fix integer overflow while processing acdirmax mount option (Paulo Alcantara) [RHEL-87941] {CVE-2025-21963} - wifi: cfg80211: init wiphy_work before allocating rfkill fails (CKI Backport Bot) [RHEL-87931] {CVE-2025-21979} - wifi: cfg80211: cancel wiphy_work before freeing wiphy (CKI Backport Bot) [RHEL-87931] {CVE-2025-21979} - eth: bnxt: fix truesize for mb-xdp-pass case (CKI Backport Bot) [RHEL-88328] {CVE-2025-21961} - vmxnet3: unregister xdp rxq info in the reset path (CKI Backport Bot) [RHEL-92471] - md: fix mddev uaf while iterating all_mddevs list (CKI Backport Bot) [RHEL-89062] {CVE-2025-22126} - nvme: print firmware bug note for non-unique identifiers (Bryan Gurney) [RHEL-91163] - nvme-pci: add BOGUS_NID quirk for Samsung PM1733 (Bryan Gurney) [RHEL-91163] - media: v4l2-mediabus: Drop V4L2_MBUS_CSI2_CONTINUOUS_CLOCK flag (Kate Hsuan) [RHEL-90323] - media: v4l2-mediabus: Drop legacy V4L2_MBUS_CSI2_CHANNEL_* flags (Kate Hsuan) [RHEL-90323] - media: v4l2-mediabus: Use structures to describe bus configuration (Kate Hsuan) [RHEL-90323] - media: v4l2-fwnode: Move bus config structure to v4l2_mediabus.h (Kate Hsuan) [RHEL-90323] - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (Phil Auld) [RHEL-86302] - smb: client: fix UAF in decryption with multichannel (CKI Backport Bot) [RHEL-94460] {CVE-2025-37750} From el-errata at oss.oracle.com Thu Jun 19 03:51:22 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Jun 2025 20:51:22 -0700 Subject: [El-errata] ELSA-2025-7898 Important: Oracle Linux 7 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-7898 http://linux.oracle.com/errata/ELSA-2025-7898.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1160.119.1.0.9.el7.noarch.rpm kernel-debug-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-devel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-doc-3.10.0-1160.119.1.0.9.el7.noarch.rpm kernel-headers-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-tools-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.119.1.0.9.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm perf-3.10.0-1160.119.1.0.9.el7.x86_64.rpm python-perf-3.10.0-1160.119.1.0.9.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//kernel-3.10.0-1160.119.1.0.9.el7.src.rpm Related CVEs: CVE-2024-53141 Description of changes: [3.10.0-1160.119.1.0.9.el7.OL7] - netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) {CVE-2024-53141} [Orabug: 37964173] - Update OL SB certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985797] From el-errata at oss.oracle.com Thu Jun 19 03:51:29 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Jun 2025 20:51:29 -0700 Subject: [El-errata] ELBA-2025-20377 Oracle Linux 9 shim bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20377 http://linux.oracle.com/errata/ELBA-2025-20377.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: shim-x64-15.8-1.0.5.el9_4.x86_64.rpm aarch64: shim-aa64-15.8-1.0.5.el9_4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//shim-15.8-1.0.5.el9_4.src.rpm Description of changes: [15.8-1.0.5] - Add support for Oracle signed shim [Orabug: 38029686] - Add vendor shim binaries signed with Oracle Secure Boot Signing (key 2) [Orabug: 38029686] [15.8-1.0.4] - Update shim-unsigned v15.8 providing Oracle SecureBoot CA [Orabug: 37631079] [15.8-1.0.3] - Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072879] - Update shim fb and mm binaries to match unsigned releases [Orabug: 36072879] [15.8-1.0.2] - Use binaries with correct shim.ol generation [Orabug: 36072879] - Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072879] [15.8-1.0.1] - Update to 15.8 [Orabug: 36072879] - fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072879] From el-errata at oss.oracle.com Thu Jun 19 03:51:30 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Jun 2025 20:51:30 -0700 Subject: [El-errata] ELSA-2025-9184 Important: Oracle Linux 9 ipa security update Message-ID: Oracle Linux Security Advisory ELSA-2025-9184 http://linux.oracle.com/errata/ELSA-2025-9184.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: ipa-client-4.12.2-14.0.1.el9_6.1.x86_64.rpm ipa-client-common-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-client-encrypted-dns-4.12.2-14.0.1.el9_6.1.x86_64.rpm ipa-client-epn-4.12.2-14.0.1.el9_6.1.x86_64.rpm ipa-client-samba-4.12.2-14.0.1.el9_6.1.x86_64.rpm ipa-common-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-selinux-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-selinux-luna-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-selinux-nfast-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-server-4.12.2-14.0.1.el9_6.1.x86_64.rpm ipa-server-common-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-server-dns-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-server-encrypted-dns-4.12.2-14.0.1.el9_6.1.x86_64.rpm ipa-server-trust-ad-4.12.2-14.0.1.el9_6.1.x86_64.rpm python3-ipaclient-4.12.2-14.0.1.el9_6.1.noarch.rpm python3-ipalib-4.12.2-14.0.1.el9_6.1.noarch.rpm python3-ipaserver-4.12.2-14.0.1.el9_6.1.noarch.rpm python3-ipatests-4.12.2-14.0.1.el9_6.1.noarch.rpm aarch64: ipa-client-4.12.2-14.0.1.el9_6.1.aarch64.rpm ipa-client-common-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-client-encrypted-dns-4.12.2-14.0.1.el9_6.1.aarch64.rpm ipa-client-epn-4.12.2-14.0.1.el9_6.1.aarch64.rpm ipa-client-samba-4.12.2-14.0.1.el9_6.1.aarch64.rpm ipa-common-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-selinux-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-selinux-luna-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-selinux-nfast-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-server-4.12.2-14.0.1.el9_6.1.aarch64.rpm ipa-server-common-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-server-dns-4.12.2-14.0.1.el9_6.1.noarch.rpm ipa-server-encrypted-dns-4.12.2-14.0.1.el9_6.1.aarch64.rpm ipa-server-trust-ad-4.12.2-14.0.1.el9_6.1.aarch64.rpm python3-ipaclient-4.12.2-14.0.1.el9_6.1.noarch.rpm python3-ipalib-4.12.2-14.0.1.el9_6.1.noarch.rpm python3-ipaserver-4.12.2-14.0.1.el9_6.1.noarch.rpm python3-ipatests-4.12.2-14.0.1.el9_6.1.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//ipa-4.12.2-14.0.1.el9_6.1.src.rpm Related CVEs: CVE-2025-4404 Description of changes: [4.12.2-14.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.12.2-14.1] - Resolves: RHEL-89908 EMBARGOED CVE-2025-4404 ipa: Privilege escalation from host to domain admin in FreeIPA - Resolves: RHEL-89144 kdb: ipadb_get_connection() succeeds but returns null LDAP context