[El-errata] ELSA-2026-21468 Important: Oracle Linux 9 cockpit security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jun 25 01:09:52 UTC 2026


Oracle Linux Security Advisory ELSA-2026-21468

http://linux.oracle.com/errata/ELSA-2026-21468.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-356.2-1.0.1.el9_8.x86_64.rpm
cockpit-bridge-356.2-1.0.1.el9_8.noarch.rpm
cockpit-doc-356.2-1.0.1.el9_8.noarch.rpm
cockpit-packagekit-356.2-1.0.1.el9_8.noarch.rpm
cockpit-storaged-356.2-1.0.1.el9_8.noarch.rpm
cockpit-system-356.2-1.0.1.el9_8.noarch.rpm
cockpit-ws-356.2-1.0.1.el9_8.x86_64.rpm
cockpit-ws-selinux-356.2-1.0.1.el9_8.x86_64.rpm

aarch64:
cockpit-356.2-1.0.1.el9_8.aarch64.rpm
cockpit-bridge-356.2-1.0.1.el9_8.noarch.rpm
cockpit-doc-356.2-1.0.1.el9_8.noarch.rpm
cockpit-packagekit-356.2-1.0.1.el9_8.noarch.rpm
cockpit-storaged-356.2-1.0.1.el9_8.noarch.rpm
cockpit-system-356.2-1.0.1.el9_8.noarch.rpm
cockpit-ws-356.2-1.0.1.el9_8.aarch64.rpm
cockpit-ws-selinux-356.2-1.0.1.el9_8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/cockpit-356.2-1.0.1.el9_8.src.rpm

Related CVEs:

CVE-2026-4802




Description of changes:

[356.2-1.0.1]
- Apply the patch for duplicate reference [Orabug: 39250109]
- Storage: Enable btrfs support [Orabug: 37464632]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095],
  [Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876], [Orabug: 37253273]
- Update spec file for new release

[356.2]
- Remove recommends on subscription-manager-cockpit if applicable

[356.1-1]
- ws: Prevent remote code execution with SSH argument injection (RHEL-158310)
- node: update lodash dependency (RHEL-164196)




More information about the El-errata mailing list