From el-errata at oss.oracle.com Wed Apr 1 19:54:16 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:16 -0700 Subject: [El-errata] ELSA-2026-6037 Moderate: Oracle Linux 8 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6037 http://linux.oracle.com/errata/ELSA-2026-6037.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.115.1.el8_10.noarch.rpm kernel-core-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.115.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.115.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.115.1.el8_10.x86_64.rpm perf-4.18.0-553.115.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.115.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.115.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.115.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.115.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.115.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.115.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.115.1.el8_10.aarch64.rpm perf-4.18.0-553.115.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.115.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.115.1.el8_10.src.rpm Related CVEs: CVE-2025-38180 CVE-2026-23204 CVE-2026-23209 Description of changes: [4.18.0-553.115.1] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.115.1] - x86/microcode/AMD: Revert "Backport AMD microcode commits for better microcode loading support" (Waiman Long) [RHEL-155860] - net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150398] {CVE-2026-23204} - net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150398] - tcp: fix forever orphan socket caused by tcp_abort (Paolo Abeni) [RHEL-146187] - xfs: fix minimum agno handling for xfs alloc modes in RHEL8 (Brian Foster) [RHEL-102464] - xfs: fix uninitialized use of flags variable in xfs_alloc_vextent() (Brian Foster) [RHEL-102464] - ipv4/tcp: do not use per netns ctl sockets (Davide Caratti) [RHEL-82523] - tcp: use this_cpu_read(*X) instead of *this_cpu_ptr(X) (Davide Caratti) [RHEL-82523] - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150221] - macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150221] {CVE-2026-23209} - x86/uprobes: Fix XOL allocation failure for 32-bit tasks (Oleg Nesterov) [RHEL-96016] [4.18.0-553.114.1] - s390/kexec: Emit an error message when cmdline is too long (Mete Durlu) [RHEL-144946] - s390/boot: Fix kernel size in bootparm area (Mete Durlu) [RHEL-144946] - redhat: genlog: add new JIRA cloud server hostname (Jan Stancek) - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (Rafael Aquini) [RHEL-137123] - gfs2: Fix data loss during inode evict (Andreas Gruenbacher) [RHEL-151614] - gfs2: minor evict_[un]linked_inode cleanup (Andreas Gruenbacher) [RHEL-151614] - gfs2: Remove useless transaction in evict_linked_inode (Andreas Gruenbacher) [RHEL-151614] - gfs2: Remove unnecessary check in gfs2_evict_inode (Andreas Gruenbacher) [RHEL-151614] - gfs2: Call unlock_new_inode before d_instantiate (Andreas Gruenbacher) [RHEL-151614] - gfs2: Don't remember delete unless it's successful (Andreas Gruenbacher) [RHEL-151614] - gfs2: Remove redundant check for GLF_INSTANTIATE_NEEDED (Andreas Gruenbacher) [RHEL-151614] - gfs2: fiemap page fault fix (Andreas Gruenbacher) [RHEL-151614] - gfs2: Don't get stuck writing page onto itself under direct I/O (Andreas Gruenbacher) [RHEL-151614] - net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146419] {CVE-2025-38180} - net: atm: add lec_mutex (Hangbin Liu) [RHEL-146419] {CVE-2025-38323} [4.18.0-553.113.1] - scsi: st: Skip buffer flush for information ioctls (John Meneghini) [RHEL-136288] - scsi: st: Separate st-unique ioctl handling from SCSI common ioctl handling (John Meneghini) [RHEL-136288] - scsi: core: Fix the unit attention counter implementation (John Meneghini) [RHEL-136288] - scsi: st: Tighten the page format heuristics with MODE SELECT (John Meneghini) [RHEL-136288] - scsi: st: ERASE does not change tape location (John Meneghini) [RHEL-136288] - scsi: st: Fix array overflow in st_setup() (John Meneghini) [RHEL-136288] - scsi: st: Add sysfs file position_lost_in_reset (John Meneghini) [RHEL-136288] - scsi: st: Modify st.c to use the new scsi_error counters (John Meneghini) [RHEL-136288] - scsi: core: Add counters for New Media and Power On/Reset UNIT ATTENTIONs (John Meneghini) [RHEL-136288] - scsi: st: Restore some drive settings after reset (John Meneghini) [RHEL-136288] - scsi: st: Fix input/output error on empty drive reset (John Meneghini) [RHEL-136288] [4.18.0-553.112.1] - smb: client: handle lack of IPC in dfs_cache_refresh() (Paulo Alcantara) [RHEL-138235] - smb: client: allow parsing zero-length AV pairs (Paulo Alcantara) [RHEL-138235] - cifs: reduce warning log level for server not advertising interfaces (Paulo Alcantara) [RHEL-138235] - smb: client: Fix match_session bug preventing session reuse (Paulo Alcantara) [RHEL-138235] - smb: client: get rid of kstrdup() in get_ses_refpath() (Paulo Alcantara) [RHEL-138235] - smb: client: fix noisy when tree connecting to DFS interlink targets (Paulo Alcantara) [RHEL-138235] - smb: client: don't trust DFSREF_STORAGE_SERVER bit (Paulo Alcantara) [RHEL-138235] - smb: client: don't check for @leaf_fullpath in match_server() (Paulo Alcantara) [RHEL-138235] - smb: client: get rid of TCP_Server_Info::refpath_lock (Paulo Alcantara) [RHEL-138235] - smb: client: don't retry DFS targets on server shutdown (Paulo Alcantara) [RHEL-138235] - smb: client: fix return value of parse_dfs_referrals() (Paulo Alcantara) [RHEL-138235] - smb: client: optimize referral walk on failed link targets (Paulo Alcantara) [RHEL-138235] - smb: client: provide dns_resolve_{unc,name} helpers (Paulo Alcantara) [RHEL-138235] - smb: client: parse DNS domain name from domain= option (Paulo Alcantara) [RHEL-138235] - smb: client: fix DFS mount against old servers with NTLMSSP (Paulo Alcantara) [RHEL-138235] - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (Paulo Alcantara) [RHEL-138235] - smb: client: introduce av_for_each_entry() helper (Paulo Alcantara) [RHEL-138235] - smb: client: fix double free of TCP_Server_Info::hostname (Paulo Alcantara) [RHEL-138235] {CVE-2025-21673} - smb: client: fix potential race in cifs_put_tcon() (Paulo Alcantara) [RHEL-138235] - smb: client: fix noisy message when mounting shares (Paulo Alcantara) [RHEL-138235] - smb: client: don't try following DFS links in cifs_tree_connect() (Paulo Alcantara) [RHEL-138235] - smb: client: allow reconnect when sending ioctl (Paulo Alcantara) [RHEL-138235] - smb: client: get rid of @nlsc param in cifs_tree_connect() (Paulo Alcantara) [RHEL-138235] - smb: client: allow more DFS referrals to be cached (Paulo Alcantara) [RHEL-138235] - smb: client: propagate error from cifs_construct_tcon() (Paulo Alcantara) [RHEL-138235] - smb: client: fix DFS failover in multiuser mounts (Paulo Alcantara) [RHEL-138235] - smb: client: fix DFS interlink failover (Paulo Alcantara) [RHEL-138235] - smb: client: improve purging of cached referrals (Paulo Alcantara) [RHEL-138235] - smb: client: avoid unnecessary reconnects when refreshing referrals (Paulo Alcantara) [RHEL-138235] - smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex (Paulo Alcantara) [RHEL-138235] - smb: client: handle DFS tcons in cifs_construct_tcon() (Paulo Alcantara) [RHEL-138235] - smb: client: refresh referral without acquiring refpath_lock (Paulo Alcantara) [RHEL-138235] - smb: client: guarantee refcounted children from parent session (Paulo Alcantara) [RHEL-138235] {CVE-2024-35869} - smb: client: set correct id, uid and cruid for multiuser automounts (Paulo Alcantara) [RHEL-138235] {CVE-2024-26822} - cifs: change tcon status when need_reconnect is set on it (Paulo Alcantara) [RHEL-138235] - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) [RHEL-138235] - smb: client: fix mount when dns_resolver key is not available (Paulo Alcantara) [RHEL-138235] - smb: client: get rid of dfs code dep in namespace.c (Paulo Alcantara) [RHEL-138235] - smb: client: get rid of dfs naming in automount code (Paulo Alcantara) [RHEL-138235] - smb: client: rename cifs_dfs_ref.c to namespace.c (Paulo Alcantara) [RHEL-138235] - smb: client: ensure to try all targets when finding nested links (Paulo Alcantara) [RHEL-138235] - smb: client: introduce DFS_CACHE_TGT_LIST() (Paulo Alcantara) [RHEL-138235] - smb: client: fix null auth (Paulo Alcantara) [RHEL-138235] - smb: client: fix dfs link mount against w2k8 (Paulo Alcantara) [RHEL-138235] - cifs: fix charset issue in reconnection (Paulo Alcantara) [RHEL-138235] - smb: client: fix missed ses refcounting (Paulo Alcantara) [RHEL-138235] {CVE-2023-54076} - fs/nls: make load_nls() take a const parameter (Paulo Alcantara) [RHEL-138235] - smb: client: remove redundant pointer 'server' (Paulo Alcantara) [RHEL-138235] - smb: client: improve DFS mount check (Paulo Alcantara) [RHEL-138235] - smb: client: fix shared DFS root mounts with different prefixes (Paulo Alcantara) [RHEL-138235] - smb: client: fix parsing of source mount option (Paulo Alcantara) [RHEL-138235] - smb: client: fix warning in cifs_match_super() (Paulo Alcantara) [RHEL-138235] - cifs: fix max_credits implementation (Paulo Alcantara) [RHEL-138235] - cifs: fix sockaddr comparison in iface_cmp (Paulo Alcantara) [RHEL-138235] - cifs: fix status checks in cifs_tree_connect (Paulo Alcantara) [RHEL-138235] - cifs: fix smb1 mount regression (Paulo Alcantara) [RHEL-138235] - cifs: fix sharing of DFS connections (Paulo Alcantara) [RHEL-138235] - cifs: avoid potential races when handling multiple dfs tcons (Paulo Alcantara) [RHEL-138235] - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (Paulo Alcantara) [RHEL-138235] - cifs: avoid dup prefix path in dfs_get_automount_devname() (Paulo Alcantara) [RHEL-138235] - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (Paulo Alcantara) [RHEL-138235] {CVE-2023-53246} - smb3: fix unusable share after force unmount failure (Paulo Alcantara) [RHEL-138235] - cifs: check only tcon status on tcon related functions (Paulo Alcantara) [RHEL-138235] - cifs: return DFS root session id in DebugData (Paulo Alcantara) [RHEL-138235] - cifs: fix use-after-free bug in refresh_cache_worker() (Paulo Alcantara) [RHEL-138235] {CVE-2023-53052} - cifs: set DFS root session in cifs_get_smb_ses() (Paulo Alcantara) [RHEL-138235] - cifs: remove unused function (Paulo Alcantara) [RHEL-138235] - cifs: remove duplicate code in __refresh_tcon() (Paulo Alcantara) [RHEL-138235] - cifs: remove redundant assignment to the variable match (Paulo Alcantara) [RHEL-138235] - cifs: use origin fullpath for automounts (Paulo Alcantara) [RHEL-138235] - cifs: fix source pathname comparison of dfs supers (Paulo Alcantara) [RHEL-138235] - cifs: fix confusing debug message (Paulo Alcantara) [RHEL-138235] - cifs: don't block in dfs_cache_noreq_update_tgthint() (Paulo Alcantara) [RHEL-138235] - cifs: refresh root referrals (Paulo Alcantara) [RHEL-138235] - cifs: fix refresh of cached referrals (Paulo Alcantara) [RHEL-138235] - cifs: share dfs connections and supers (Paulo Alcantara) [RHEL-138235] - cifs: split out ses and tcon retrieval from mount_get_conns() (Paulo Alcantara) [RHEL-138235] - cifs: set resolved ip in sockaddr (Paulo Alcantara) [RHEL-138235] - cifs: remove unused smb3_fs_context::mount_options (Paulo Alcantara) [RHEL-138235] - cifs: get rid of mount options string parsing (Paulo Alcantara) [RHEL-138235] - cifs: use fs_context for automounts (Paulo Alcantara) [RHEL-138235] - cifs: remove various function description warnings (Paulo Alcantara) [RHEL-138235] - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Select which microcode patch to load (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Add more known models to entry sign checking (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Limit Entrysign signature checking to known generations (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Use sha256() instead of init/update/final (Waiman Long) [RHEL-132479] - x86/microcode: Fix Entrysign revision check for Zen1/Naples (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Handle the case of no BIOS microcode (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Add some forgotten models to the SHA check (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Load only SHA256-checksummed patches (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Add get_patch_level() (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Have __apply_microcode_amd() return bool (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Flush patch buffer mapping after application (Waiman Long) [RHEL-132479] - x86/mm: Carve out INVLPG inline asm for use by others (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Split load_microcode_amd() (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Pay attention to the stepping dynamically (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (Waiman Long) [RHEL-132479] - x86/microcode/amd: Cache builtin microcode too (Waiman Long) [RHEL-132479] - x86/microcode/amd: Use correct per CPU ucode_cpu_info (Waiman Long) [RHEL-132479] - x86/microcode/amd: Remove X86_32 specific code in early_apply_microcode() & get_builtin_microcode() (Waiman Long) [RHEL-132479] - x86/microcode: Move core specific defines to local header (Waiman Long) [RHEL-132479] - x86/microcode/intel: Rename get_datasize() since its used externally (Waiman Long) [RHEL-132479] - x86/microcode: Make reload_early_microcode() static (Waiman Long) [RHEL-132479] - x86/microcode: Include vendor headers into microcode.h (Waiman Long) [RHEL-132479] - x86/microcode/intel: Move microcode functions out of cpu/intel.c (Waiman Long) [RHEL-132479] - x86/microcode/AMD: Get rid of __find_equiv_id() (Waiman Long) [RHEL-132479] - x86/microcode: Add explicit CPU vendor dependency (Waiman Long) [RHEL-132479] From el-errata at oss.oracle.com Wed Apr 1 19:54:18 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:18 -0700 Subject: [El-errata] ELSA-2026-6281 Important: Oracle Linux 8 python3.11 security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6281 http://linux.oracle.com/errata/ELSA-2026-6281.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-3.11.13-6.0.1.el8_10.i686.rpm python3.11-3.11.13-6.0.1.el8_10.x86_64.rpm python3.11-debug-3.11.13-6.0.1.el8_10.i686.rpm python3.11-debug-3.11.13-6.0.1.el8_10.x86_64.rpm python3.11-devel-3.11.13-6.0.1.el8_10.i686.rpm python3.11-devel-3.11.13-6.0.1.el8_10.x86_64.rpm python3.11-idle-3.11.13-6.0.1.el8_10.i686.rpm python3.11-idle-3.11.13-6.0.1.el8_10.x86_64.rpm python3.11-libs-3.11.13-6.0.1.el8_10.i686.rpm python3.11-libs-3.11.13-6.0.1.el8_10.x86_64.rpm python3.11-rpm-macros-3.11.13-6.0.1.el8_10.noarch.rpm python3.11-test-3.11.13-6.0.1.el8_10.i686.rpm python3.11-test-3.11.13-6.0.1.el8_10.x86_64.rpm python3.11-tkinter-3.11.13-6.0.1.el8_10.i686.rpm python3.11-tkinter-3.11.13-6.0.1.el8_10.x86_64.rpm aarch64: python3.11-3.11.13-6.0.1.el8_10.aarch64.rpm python3.11-debug-3.11.13-6.0.1.el8_10.aarch64.rpm python3.11-devel-3.11.13-6.0.1.el8_10.aarch64.rpm python3.11-idle-3.11.13-6.0.1.el8_10.aarch64.rpm python3.11-libs-3.11.13-6.0.1.el8_10.aarch64.rpm python3.11-rpm-macros-3.11.13-6.0.1.el8_10.noarch.rpm python3.11-test-3.11.13-6.0.1.el8_10.aarch64.rpm python3.11-tkinter-3.11.13-6.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/python3.11-3.11.13-6.0.1.el8_10.src.rpm Related CVEs: CVE-2026-4519 Description of changes: [3.11.13-6.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.13-6] - Security fix for CVE-2026-4519 Resolves: RHEL-158028 From el-errata at oss.oracle.com Wed Apr 1 19:54:19 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:19 -0700 Subject: [El-errata] ELSA-2026-6283 Important: Oracle Linux 8 python3.12 security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6283 http://linux.oracle.com/errata/ELSA-2026-6283.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-3.12.12-4.el8_10.i686.rpm python3.12-3.12.12-4.el8_10.x86_64.rpm python3.12-debug-3.12.12-4.el8_10.i686.rpm python3.12-debug-3.12.12-4.el8_10.x86_64.rpm python3.12-devel-3.12.12-4.el8_10.i686.rpm python3.12-devel-3.12.12-4.el8_10.x86_64.rpm python3.12-idle-3.12.12-4.el8_10.i686.rpm python3.12-idle-3.12.12-4.el8_10.x86_64.rpm python3.12-libs-3.12.12-4.el8_10.i686.rpm python3.12-libs-3.12.12-4.el8_10.x86_64.rpm python3.12-rpm-macros-3.12.12-4.el8_10.noarch.rpm python3.12-test-3.12.12-4.el8_10.i686.rpm python3.12-test-3.12.12-4.el8_10.x86_64.rpm python3.12-tkinter-3.12.12-4.el8_10.i686.rpm python3.12-tkinter-3.12.12-4.el8_10.x86_64.rpm aarch64: python3.12-3.12.12-4.el8_10.aarch64.rpm python3.12-debug-3.12.12-4.el8_10.aarch64.rpm python3.12-devel-3.12.12-4.el8_10.aarch64.rpm python3.12-idle-3.12.12-4.el8_10.aarch64.rpm python3.12-libs-3.12.12-4.el8_10.aarch64.rpm python3.12-rpm-macros-3.12.12-4.el8_10.noarch.rpm python3.12-test-3.12.12-4.el8_10.aarch64.rpm python3.12-tkinter-3.12.12-4.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/python3.12-3.12.12-4.el8_10.src.rpm Related CVEs: CVE-2026-4519 Description of changes: [3.12.12-4] - Security fix for CVE-2026-4519 Resolves: RHEL-158029 From el-errata at oss.oracle.com Wed Apr 1 19:54:25 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:25 -0700 Subject: [El-errata] ELSA-2026-6153 Moderate: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6153 http://linux.oracle.com/errata/ELSA-2026-6153.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-abi-stablelists-5.14.0-611.45.1.el9_7.noarch.rpm kernel-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-cross-headers-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-devel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-devel-matched-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-modules-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-modules-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-modules-extra-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-uki-virt-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-devel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-devel-matched-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-doc-5.14.0-611.45.1.el9_7.noarch.rpm kernel-headers-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-modules-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-modules-extra-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-tools-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-tools-libs-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-tools-libs-devel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-uki-virt-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-uki-virt-addons-5.14.0-611.45.1.el9_7.x86_64.rpm libperf-5.14.0-611.45.1.el9_7.x86_64.rpm perf-5.14.0-611.45.1.el9_7.x86_64.rpm python3-perf-5.14.0-611.45.1.el9_7.x86_64.rpm rtla-5.14.0-611.45.1.el9_7.x86_64.rpm rv-5.14.0-611.45.1.el9_7.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-headers-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-tools-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-tools-libs-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-tools-libs-devel-5.14.0-611.45.1.el9_7.aarch64.rpm libperf-5.14.0-611.45.1.el9_7.aarch64.rpm perf-5.14.0-611.45.1.el9_7.aarch64.rpm python3-perf-5.14.0-611.45.1.el9_7.aarch64.rpm rtla-5.14.0-611.45.1.el9_7.aarch64.rpm rv-5.14.0-611.45.1.el9_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.45.1.el9_7.src.rpm Related CVEs: CVE-2025-38180 CVE-2025-40096 CVE-2026-23144 CVE-2026-23171 CVE-2026-23191 CVE-2026-23193 CVE-2026-23204 CVE-2026-23209 Description of changes: [5.14.0-611.45.1] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-611.45.1] - net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150403] {CVE-2026-23204} - net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150403] - iommu: Skip PASID validation for devices without PASID capability (Eder Zulian) [RHEL-95264] [5.14.0-611.44.1] - nfsd: add list_head nf_gc to struct nfsd_file (Roberto Bergantinos Corpas) [RHEL-152551] - redhat: genlog: add new JIRA cloud server hostname (Jan Stancek) - smb: client: fix oops due to uninitialised var in smb2_unlink() (Paulo Alcantara) [RHEL-154395] - cifs: some missing initializations on replay (Paulo Alcantara) [RHEL-154395] - smb: client: fix potential UAF and double free in smb2_open_file() (Paulo Alcantara) [RHEL-154395] - smb/client: fix memory leak in smb2_open_file() (Paulo Alcantara) [RHEL-154395] - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Paulo Alcantara) [RHEL-154395] - bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152383] {CVE-2026-23171} - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CKI Backport Bot) [RHEL-150477] {CVE-2026-23144} - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150226] - macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150226] {CVE-2026-23209} - dpll: zl3073x: Fix output pin phase adjustment sign (CKI Backport Bot) [RHEL-149764] - scsi: s390: zfcp: Ensure synchronous unit_add (CKI Backport Bot) [RHEL-143736] [5.14.0-611.43.1] - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150422] {CVE-2026-23193} - ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150130] {CVE-2026-23191} - net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146421] {CVE-2025-38180} - net: atm: add lec_mutex (Hangbin Liu) [RHEL-146421] {CVE-2025-38323} - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Mika Penttil?) [RHEL-125460] {CVE-2025-40096} From el-errata at oss.oracle.com Wed Apr 1 19:54:27 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:27 -0700 Subject: [El-errata] ELSA-2026-6266 Moderate: Oracle Linux 9 libxslt security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6266 http://linux.oracle.com/errata/ELSA-2026-6266.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libxslt-1.1.34-14.0.1.el9_7.1.i686.rpm libxslt-1.1.34-14.0.1.el9_7.1.x86_64.rpm libxslt-devel-1.1.34-14.0.1.el9_7.1.i686.rpm libxslt-devel-1.1.34-14.0.1.el9_7.1.x86_64.rpm aarch64: libxslt-1.1.34-14.0.1.el9_7.1.aarch64.rpm libxslt-devel-1.1.34-14.0.1.el9_7.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libxslt-1.1.34-14.0.1.el9_7.1.src.rpm Related CVEs: CVE-2023-40403 Description of changes: [1.1.34-14.0.1.el9_7.1] - Fix memory leak in exclPrefixPush [Orabug: 37871881] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.34-14.1] - Fix upgrade path for CVE-2023-40403 (RHEL-82213) [1.1.34-12.1] - Fix CVE-2023-40403 (RHEL-82213) [1.1.34-12] - Include alloc changes into previous patch (RHEL-83514) [1.1.34-11] - Fix CVE-2024-55549 (RHEL-83514) [1.1.34-10] - Fix CVE-2025-24855 (RHEL-83500) From el-errata at oss.oracle.com Wed Apr 1 19:54:30 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:30 -0700 Subject: [El-errata] ELSA-2026-6285 Important: Oracle Linux 9 python3.12 security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6285 http://linux.oracle.com/errata/ELSA-2026-6285.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-3.12.12-4.0.1.el9_7.2.x86_64.rpm python3.12-debug-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-debug-3.12.12-4.0.1.el9_7.2.x86_64.rpm python3.12-devel-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-devel-3.12.12-4.0.1.el9_7.2.x86_64.rpm python3.12-idle-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-idle-3.12.12-4.0.1.el9_7.2.x86_64.rpm python3.12-libs-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-libs-3.12.12-4.0.1.el9_7.2.x86_64.rpm python3.12-test-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-test-3.12.12-4.0.1.el9_7.2.x86_64.rpm python3.12-tkinter-3.12.12-4.0.1.el9_7.2.i686.rpm python3.12-tkinter-3.12.12-4.0.1.el9_7.2.x86_64.rpm aarch64: python3.12-3.12.12-4.0.1.el9_7.2.aarch64.rpm python3.12-debug-3.12.12-4.0.1.el9_7.2.aarch64.rpm python3.12-devel-3.12.12-4.0.1.el9_7.2.aarch64.rpm python3.12-idle-3.12.12-4.0.1.el9_7.2.aarch64.rpm python3.12-libs-3.12.12-4.0.1.el9_7.2.aarch64.rpm python3.12-test-3.12.12-4.0.1.el9_7.2.aarch64.rpm python3.12-tkinter-3.12.12-4.0.1.el9_7.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/python3.12-3.12.12-4.0.1.el9_7.2.src.rpm Related CVEs: CVE-2026-4519 Description of changes: [3.12.12-4.0.1.el9_7.2] - Remove upstream URL reference [3.12.12-4.2] - Security fix for CVE-2026-4519 Resolves: RHEL-158051 [3.12.12-4.1] - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299 Resolves: RHEL-143106 RHEL-143168 RHEL-144891 From el-errata at oss.oracle.com Wed Apr 1 19:54:33 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:33 -0700 Subject: [El-errata] ELSA-2026-6286 Important: Oracle Linux 9 python3.11 security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6286 http://linux.oracle.com/errata/ELSA-2026-6286.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-3.11.13-5.2.0.1.el9_7.x86_64.rpm python3.11-debug-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-debug-3.11.13-5.2.0.1.el9_7.x86_64.rpm python3.11-devel-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-devel-3.11.13-5.2.0.1.el9_7.x86_64.rpm python3.11-idle-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-idle-3.11.13-5.2.0.1.el9_7.x86_64.rpm python3.11-libs-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-libs-3.11.13-5.2.0.1.el9_7.x86_64.rpm python3.11-test-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-test-3.11.13-5.2.0.1.el9_7.x86_64.rpm python3.11-tkinter-3.11.13-5.2.0.1.el9_7.i686.rpm python3.11-tkinter-3.11.13-5.2.0.1.el9_7.x86_64.rpm aarch64: python3.11-3.11.13-5.2.0.1.el9_7.aarch64.rpm python3.11-debug-3.11.13-5.2.0.1.el9_7.aarch64.rpm python3.11-devel-3.11.13-5.2.0.1.el9_7.aarch64.rpm python3.11-idle-3.11.13-5.2.0.1.el9_7.aarch64.rpm python3.11-libs-3.11.13-5.2.0.1.el9_7.aarch64.rpm python3.11-test-3.11.13-5.2.0.1.el9_7.aarch64.rpm python3.11-tkinter-3.11.13-5.2.0.1.el9_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/python3.11-3.11.13-5.2.0.1.el9_7.src.rpm Related CVEs: CVE-2026-4519 Description of changes: [3.11.13-5.2.0.1] - Remove upstream URL reference [Orabug: 36073032] [3.11.13-5.2] - Security fix for CVE-2026-4519 Resolves: RHEL-158050 From el-errata at oss.oracle.com Wed Apr 1 19:54:34 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:34 -0700 Subject: [El-errata] ELSA-2026-6301 Important: Oracle Linux 9 squid security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6301 http://linux.oracle.com/errata/ELSA-2026-6301.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: squid-5.5-22.el9_7.4.x86_64.rpm aarch64: squid-5.5-22.el9_7.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/squid-5.5-22.el9_7.4.src.rpm Related CVEs: CVE-2026-32748 CVE-2026-33526 Description of changes: [7:5.5-22.4] - Resolves: RHEL-160692 - squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748) [7:5.5-22.3] - Resolves: RHEL-160693 - squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) From el-errata at oss.oracle.com Wed Apr 1 19:54:36 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:36 -0700 Subject: [El-errata] ELSA-2026-6340 Important: Oracle Linux 9 freerdp security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6340 http://linux.oracle.com/errata/ELSA-2026-6340.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: freerdp-2.11.7-1.el9_7.5.x86_64.rpm freerdp-devel-2.11.7-1.el9_7.5.i686.rpm freerdp-devel-2.11.7-1.el9_7.5.x86_64.rpm freerdp-libs-2.11.7-1.el9_7.5.i686.rpm freerdp-libs-2.11.7-1.el9_7.5.x86_64.rpm libwinpr-2.11.7-1.el9_7.5.i686.rpm libwinpr-2.11.7-1.el9_7.5.x86_64.rpm libwinpr-devel-2.11.7-1.el9_7.5.i686.rpm libwinpr-devel-2.11.7-1.el9_7.5.x86_64.rpm aarch64: freerdp-2.11.7-1.el9_7.5.aarch64.rpm freerdp-devel-2.11.7-1.el9_7.5.aarch64.rpm freerdp-libs-2.11.7-1.el9_7.5.aarch64.rpm libwinpr-2.11.7-1.el9_7.5.aarch64.rpm libwinpr-devel-2.11.7-1.el9_7.5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-1.el9_7.5.src.rpm Related CVEs: CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24679 CVE-2026-24681 CVE-2026-24683 CVE-2026-24684 CVE-2026-31806 Description of changes: [2:2.11.7-1.5] - Fix use of nsc_process_message Resolves: RHEL-155993 [2:2.11.7-1.4] - Backport several CVE fixes Resolves: RHEL-148046, RHEL-148049, RHEL-148054, RHEL-148061, RHEL-148079 Resolves: RHEL-148094, RHEL-148096, RHEL-148104, RHEL-148939, RHEL-149029 Resolves: RHEL-149042, RHEL-149065, RHEL-155993 From el-errata at oss.oracle.com Wed Apr 1 19:54:42 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:42 -0700 Subject: [El-errata] ELBA-2026-6009 Oracle Linux 10 java-25-openjdk bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2026-6009 http://linux.oracle.com/errata/ELBA-2026-6009.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: java-25-openjdk-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-demo-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-demo-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-demo-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-devel-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-devel-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-devel-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-headless-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-headless-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-headless-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-javadoc-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-javadoc-zip-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-jmods-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-jmods-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-jmods-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-src-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-src-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-src-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-static-libs-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-static-libs-fastdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm java-25-openjdk-static-libs-slowdebug-25.0.2.0.10-4.0.1.el10_1.x86_64.rpm aarch64: java-25-openjdk-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-demo-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-demo-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-demo-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-devel-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-devel-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-devel-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-headless-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-headless-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-headless-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-javadoc-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-javadoc-zip-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-jmods-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-jmods-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-jmods-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-src-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-src-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-src-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-static-libs-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-static-libs-fastdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm java-25-openjdk-static-libs-slowdebug-25.0.2.0.10-4.0.1.el10_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/java-25-openjdk-25.0.2.0.10-4.0.1.el10_1.src.rpm Description of changes: [1:25.0.2.0.10-4.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:25.0.2.0.10-4] - Add tagging scripts with signature checks and gating handling - Update tagged versions to include 9.8.0-z, 9.9.0, 10.2-z & 10.3. - Add gating scripts to simplify obtaining results and waiving issues - Sync the copy of the portable specfile with the latest update - Resolves: RHEL-155327 - Resolves: RHEL-155337 - Resolves: RHEL-155339 - Related: RHEL-155000 - Related: RHEL-146649 - Related: RHEL-148327 - Related: RHEL-148830 [1:25.0.2.0.10-3] - Disable abidiff inspection in rpminspect.yaml to avoid an out-of-memory error on the CentOS test farm - See: https://docs.testing-farm.io/Testing%20Farm/0.1/errors.html#TFE-1 - Resolves: RHEL-150976 [1:25.0.2.0.10-3] - Update FIPS patch to e55ada9353e to include the fix for the too restrictive provider lockdown - Fix FIPS issue list to represent the new 25u version - Add JDK-8375063 libpng 1.6.54 ahead of 25.0.3 - Add JDK-8375057 harfbuzz 12.3.2 ahead of 25.0.3 - Add JDK-8377526 libpng 1.6.55 ahead of 25.0.3 - Bump libpng version to 1.6.55 following JDK-8375063 & JDK-8377526 - Bump harfbuzz version to 12.3.2 following JDK-8375057 - Bump nssadapter version to bring in shared PKCS11 session fix - Drop LDFLAGS nssadapter patch which is now upstream in 0.1.1 - Resolves: RHEL-155000 - Resolves: RHEL-146649 - Resolves: RHEL-148327 - Resolves: RHEL-148830 - Resolves: RHEL-155044 [1:25.0.2.0.10-2] - Bump rpmrelease for CentOS build - Related: RHEL-139579 - Related: RHEL-131430 - Related: RHEL-131443 - Related: RHEL-142855 - Related: RHEL-142799 [1:25.0.2.0.10-1] - Execute create-redhat-properties-files.bash with '-e' to exit on failure - Related: RHEL-142855 [1:25.0.2.0.10-1] - Update to jdk-25.0.2+10 (GA) - Update release notes to 25.0.2+10 - Add JDK-8372534 libpng 1.6.51 ahead of 25.0.3 - Bump libpng version to 1.6.51 following JDK-8372534 - Bump ID of NSS adapter patch so we can stay in sync with portable on the libpng patch - Test for java.security's existence in create-redhat-properties-files.bash - Handle 'upgrade' as an alternative to 'update' in openjdk_news.sh - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2026-01-20 @ 1pm PT. ** - Resolves: RHEL-139579 - Resolves: RHEL-131430 - Resolves: RHEL-131443 - Resolves: RHEL-142855 - Resolves: RHEL-142799 From el-errata at oss.oracle.com Wed Apr 1 19:54:44 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:44 -0700 Subject: [El-errata] ELSA-2026-6256 Important: Oracle Linux 10 python3.12 security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6256 http://linux.oracle.com/errata/ELSA-2026-6256.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: python-unversioned-command-3.12.12-3.0.1.el10_1.2.noarch.rpm python3-3.12.12-3.0.1.el10_1.2.x86_64.rpm python3-debug-3.12.12-3.0.1.el10_1.2.x86_64.rpm python3-devel-3.12.12-3.0.1.el10_1.2.x86_64.rpm python3-idle-3.12.12-3.0.1.el10_1.2.x86_64.rpm python3-libs-3.12.12-3.0.1.el10_1.2.x86_64.rpm python3-test-3.12.12-3.0.1.el10_1.2.x86_64.rpm python3-tkinter-3.12.12-3.0.1.el10_1.2.x86_64.rpm aarch64: python-unversioned-command-3.12.12-3.0.1.el10_1.2.noarch.rpm python3-3.12.12-3.0.1.el10_1.2.aarch64.rpm python3-debug-3.12.12-3.0.1.el10_1.2.aarch64.rpm python3-devel-3.12.12-3.0.1.el10_1.2.aarch64.rpm python3-idle-3.12.12-3.0.1.el10_1.2.aarch64.rpm python3-libs-3.12.12-3.0.1.el10_1.2.aarch64.rpm python3-test-3.12.12-3.0.1.el10_1.2.aarch64.rpm python3-tkinter-3.12.12-3.0.1.el10_1.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/python3.12-3.12.12-3.0.1.el10_1.2.src.rpm Related CVEs: CVE-2026-4519 Description of changes: [3.12.12-3.0.1.el10_1.2] - Remove upstream URL reference [3.12.12-3.2] - Security fix for CVE-2026-4519 Resolves: RHEL-158127 [3.12.12-3.1] - Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 and CVE-2026-1299 Resolves: RHEL-143054 RHEL-143105 RHEL-144852 From el-errata at oss.oracle.com Wed Apr 1 19:54:47 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:47 -0700 Subject: [El-errata] ELSA-2026-6259 Important: Oracle Linux 10 gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6259 http://linux.oracle.com/errata/ELSA-2026-6259.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: gstreamer1-plugins-bad-free-1.24.11-3.el10_1.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.24.11-3.el10_1.x86_64.rpm gstreamer1-plugins-bad-free-libs-1.24.11-3.el10_1.x86_64.rpm gstreamer1-plugins-base-1.24.11-2.el10_1.x86_64.rpm gstreamer1-plugins-base-devel-1.24.11-2.el10_1.x86_64.rpm gstreamer1-plugins-base-tools-1.24.11-2.el10_1.x86_64.rpm gstreamer1-plugins-good-1.24.11-2.el10_1.x86_64.rpm gstreamer1-plugins-good-gtk-1.24.11-2.el10_1.x86_64.rpm gstreamer1-plugins-ugly-free-1.24.11-2.el10_1.x86_64.rpm aarch64: gstreamer1-plugins-bad-free-1.24.11-3.el10_1.aarch64.rpm gstreamer1-plugins-bad-free-devel-1.24.11-3.el10_1.aarch64.rpm gstreamer1-plugins-bad-free-libs-1.24.11-3.el10_1.aarch64.rpm gstreamer1-plugins-base-1.24.11-2.el10_1.aarch64.rpm gstreamer1-plugins-base-devel-1.24.11-2.el10_1.aarch64.rpm gstreamer1-plugins-base-tools-1.24.11-2.el10_1.aarch64.rpm gstreamer1-plugins-good-1.24.11-2.el10_1.aarch64.rpm gstreamer1-plugins-good-gtk-1.24.11-2.el10_1.aarch64.rpm gstreamer1-plugins-ugly-free-1.24.11-2.el10_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/gstreamer1-plugins-bad-free-1.24.11-3.el10_1.src.rpm http://oss.oracle.com/ol10/SRPMS-updates/gstreamer1-plugins-base-1.24.11-2.el10_1.src.rpm http://oss.oracle.com/ol10/SRPMS-updates/gstreamer1-plugins-good-1.24.11-2.el10_1.src.rpm http://oss.oracle.com/ol10/SRPMS-updates/gstreamer1-plugins-ugly-free-1.24.11-2.el10_1.src.rpm Related CVEs: CVE-2026-2920 CVE-2026-2921 CVE-2026-2922 CVE-2026-2923 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 Description of changes: gstreamer1-plugins-bad-free [1.24.11-3] - fix for CVE-2026-2923, CVE-2026-3082 Resolves: RHEL-156111, RHEL-156158 gstreamer1-plugins-base [1.24.11-2] - Apply patch for CVE-2026-2921 Resolves: RHEL-156120 gstreamer1-plugins-good [1.24.11-2] - Apply patches for CVE-2026-3083, CVE-2026-3085 Resolves: RHEL-156130, RHEL-156109 gstreamer1-plugins-ugly-free [1.24.11-2] - Add patch for CVE-2026-2920, CVE-2026-2922 Resolves: RHEL-156146, RHEL-156043 From el-errata at oss.oracle.com Wed Apr 1 19:54:49 2026 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 01 Apr 2026 12:54:49 -0700 Subject: [El-errata] ELSA-2026-6342 Important: Oracle Linux 10 thunderbird security update Message-ID: Oracle Linux Security Advisory ELSA-2026-6342 http://linux.oracle.com/errata/ELSA-2026-6342.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-140.9.0-1.0.1.el10_1.x86_64.rpm aarch64: thunderbird-140.9.0-1.0.1.el10_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/thunderbird-140.9.0-1.0.1.el10_1.src.rpm Related CVEs: CVE-2026-3889 CVE-2026-4371 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686 CVE-2026-4687 CVE-2026-4688 CVE-2026-4689 CVE-2026-4690 CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694 CVE-2026-4695 CVE-2026-4696 CVE-2026-4697 CVE-2026-4698 CVE-2026-4699 CVE-2026-4700 CVE-2026-4701 CVE-2026-4702 CVE-2026-4704 CVE-2026-4705 CVE-2026-4706 CVE-2026-4707 CVE-2026-4708 CVE-2026-4709 CVE-2026-4710 CVE-2026-4711 CVE-2026-4712 CVE-2026-4713 CVE-2026-4714 CVE-2026-4715 CVE-2026-4716 CVE-2026-4717 CVE-2026-4718 CVE-2026-4719 CVE-2026-4720 CVE-2026-4721 Description of changes: [140.9.0-1.0.1] - Add Oracle prefs [140.9.0-1] - Update to 140.9.0 ESR