Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4,531 articles for you...
217

Oracle Linux Important Kernel Patch ELSA-2026-50351 CVE-2026-52943

The following updated rpms for have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50351 http://linux.oracle.com/errata/ELSA-2026-50351.html The following updated rpms for have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-uek-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-core-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-devel-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-doc-6.12.0-203.76.7.6.el10uek.noarch.rpm kernel-uek-modules-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-core-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-tools-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-core-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-203.76.7.6.el10uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-203.76.7.6.el10uek.x86_64.rpm aarch64: kernel-uek-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-core-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-devel-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-doc-6.12.0-203.76.7.6.el10uek.noarch.rpm kernel-uek-modules-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-core-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-tools-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-core-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-core-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-devel-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-203.76.7.6.el10uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-203.76.7.6.el10uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-203.76.7.6.el10uek.src.rpm Related CVEs: CVE-2026-52943 Description of changes: [6.12.0-203.76.7.6] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39639984] {CVE-2026-52943} _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated kernels have been uploaded for Oracle Linux to address security flaws. Important patches are recommended.. Oracle Linux Kernel Update Important Advisory. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 Advisory ELSA-2026-50351 Kernel Important DoS CVE-2026-52943

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50351 http://linux.oracle.com/errata/ELSA-2026-50351.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-uek-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-core-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-core-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-devel-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-doc-6.12.0-203.76.7.6.el9uek.noarch.rpm kernel-uek-modules-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-core-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-203.76.7.6.el9uek.x86_64.rpm kernel-uek-tools-6.12.0-203.76.7.6.el9uek.x86_64.rpm aarch64: kernel-uek-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-core-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-core-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-devel-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-doc-6.12.0-203.76.7.6.el9uek.noarch.rpm kernel-uek-modules-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-core-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek-tools-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-core-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-devel-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-203.76.7.6.el9uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-203.76.7.6.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-203.76.7.6.el9uek.src.rpm Related CVEs: CVE-2026-52943 Description of changes: [6.12.0-203.76.7.6] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39639984] {CVE-2026-52943} _______________________________________________ El-errata mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Critical updates for Oracle Linux 9 kernel addressing key security concerns and potential threats. Stay protected!. Oracle Linux kernel updates, security advisory Oracle, important kernel issues, kernel security fixes. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 perl-IO-Compress Important Fix CVE-2026-48962

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-30859 http://linux.oracle.com/errata/ELSA-2026-30859.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: perl-IO-Compress-2.102-4.el9_8.1.noarch.rpm aarch64: perl-IO-Compress-2.102-4.el9_8.1.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/perl-IO-Compress-2.102-4.el9_8.1.src.rpm Related CVEs: CVE-2026-48962 Description of changes: [2.102-4.1] - Fix CVE-2026-48962: remove use of eval in File::GlobMapper - Resolves: RHEL-180418 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updates for perl-IO-Compress addressing important fix for CVE-2026-48962. Update your systems now.. Oracle Linux, perl-IO-Compress, security patch, CVE-2026-48962, software update. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 perl-Archive-Tar Important Security Fix CVE-2026-42496

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-30856 http://linux.oracle.com/errata/ELSA-2026-30856.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: perl-Archive-Tar-2.38-6.el9_8.1.noarch.rpm aarch64: perl-Archive-Tar-2.38-6.el9_8.1.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/perl-Archive-Tar-2.38-6.el9_8.1.src.rpm Related CVEs: CVE-2026-42496 Description of changes: [2.38-6.1] - Fix CVE-2026-42496: validate symlink and hardlink targets in secure extract mode - Resolves: RHEL-181662 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updates include important security fixes for perl-Archive-Tar addressing CVE-2026-42496.. Oracle Linux, perl Archive-Tar, important security fixes, Oracle security advisory, CVE-2026-42496. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 git-lfs Important Remote Access Advisory ELSA-2026-30854

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-30854 http://linux.oracle.com/errata/ELSA-2026-30854.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: git-lfs-3.7.1-4.el9_8.1.x86_64.rpm aarch64: git-lfs-3.7.1-4.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/git-lfs-3.7.1-4.el9_8.1.src.rpm Related CVEs: CVE-2026-39821 Description of changes: [3.7.1-4.1] - Fix CVE-2026-39821: vendored golang.org/x/net/idna ToUnicode incorrectly accepting all-ASCII xn-- labels - Resolves: RHEL-183797 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updates for git-lfs, addressing CVE-2026-39821 with important patches. Stay secure with the latest fixes.. Oracle Linux Updates, git-lfs Security, CVE-2026-39821 Patches, Important Oracle Security Advisory. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 nginx Important Denial of Service Issues ELSA-2026-28212

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-28212 http://linux.oracle.com/errata/ELSA-2026-28212.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpm nginx-core-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpm nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm aarch64: nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpm nginx-core-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpm nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.src.rpm Related CVEs: CVE-2026-9256 Description of changes: [1.24.0-7.0.1.2] - Reference oracle-indexhtml within Requires [Orabug:33802044] - Remove Red Hat references [Orabug: 29498217] [1:1.24.0-7.2] - Resolves: RHEL-178681 - nginx:1.24/nginx: code execution and denial of service (CVE-2026-9256) - Resolves: RHEL-182554 - nginx:1.24/nginx: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack [1:1.24.0-7.1] - Resolves: RHEL-176234 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) [1:1.24.0-7] - Resolves: RHEL-157889 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159448 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled - Resolves: RHEL-159561 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module - Resolves: RHEL-159540 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file [1:1.24.0-6] - Resolves: RHEL-146529 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [1:1.24.0-5] - Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347) [1:1.24.0-4] - Resolves: RHEL-49350 - nginx worker processes memory leak _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Critical updates for important nginx vulnerabilities in Oracle Linux 9 improve security against denial of service risks.. Oracle Linux 9 security, nginx updates, denial of service vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 Kernel Important Update Advisory ELSA-2026-25217

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25217 http://linux.oracle.com/errata/ELSA-2026-25217.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-abi-stablelists-5.14.0-687.17.1.el9_8.noarch.rpm kernel-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-cross-headers-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-devel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-devel-matched-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-modules-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-modules-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-modules-extra-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-uki-virt-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-devel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-devel-matched-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-doc-5.14.0-687.17.1.el9_8.noarch.rpm kernel-headers-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-modules-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-modules-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-modules-extra-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-tools-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-tools-libs-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-tools-libs-devel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-uki-virt-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-uki-virt-addons-5.14.0-687.17.1.el9_8.x86_64.rpm libperf-5.14.0-687.17.1.el9_8.x86_64.rpm perf-5.14.0-687.17.1.el9_8.x86_64.rpm python3-perf-5.14.0-687.17.1.el9_8.x86_64.rpm rtla-5.14.0-687.17.1.el9_8.x86_64.rpm rv-5.14.0-687.17.1.el9_8.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-headers-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-tools-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-tools-libs-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-tools-libs-devel-5.14.0-687.17.1.el9_8.aarch64.rpm libperf-5.14.0-687.17.1.el9_8.aarch64.rpm perf-5.14.0-687.17.1.el9_8.aarch64.rpm python3-perf-5.14.0-687.17.1.el9_8.aarch64.rpm rtla-5.14.0-687.17.1.el9_8.aarch64.rpm rv-5.14.0-687.17.1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-687.17.1.el9_8.src.rpm RelatedCVEs: CVE-2026-23216 CVE-2026-31419 CVE-2026-31508 CVE-2026-31581 CVE-2026-43037 CVE-2026-43056 CVE-2026-43116 CVE-2026-43125 CVE-2026-43501 CVE-2026-45852 CVE-2026-46181 Description of changes: [5.14.0-687.17.1] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 cb[] in ip4ip6_err() (Guillaume Nault) [RHEL-172646] {CVE-2026-43037} - net: openvswitch: Avoid releasing netdev before teardown completes (CKI Backport Bot) [RHEL-170539] {CVE-2026-31508} [5.14.0-687.14.1] - RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (Kamal Heib) [RHEL-179988] {CVE-2026-46181} - redhat: Remove the mlx5 symbols from kabi (Kamal Heib) [RHEL-181822] - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (Antoine Tenart) [RHEL-178408] {CVE-2026-43501} - RDMA/rxe: Fix double free in rxe_srq_from_init (CKI Backport Bot) [RHEL-179712] {CVE-2026-45852} - netfilter: ctnetlink: ensure safe access to master conntrack (Florian Westphal) [RHEL-173843] {CVE-2026-43116} - ice: fix stats array overflow when VF requests more queues (Michal Schmidt) [RHEL-177526] - ice: set max queues in alloc_etherdev_mqs() (Michal Schmidt) [RHEL-174336] - ice: use netif_get_num_default_rss_queues() (Michal Schmidt) [RHEL-174336] - ice: set default rss queues num to physical cores / 2 (Michal Schmidt) [RHEL-174336] - dlm: fix buffer overflow from negative len in dlm_search_rsb_tree (Alexander Aring) [RHEL-173993] {CVE-2026-43125} - dlm: validate length in dlm_search_rsb_tree (Alexander Aring) [RHEL-173993] {CVE-2026-43125} - dpll: zl3073x: add ref-sync pair support (Ivan Vecera) [RHEL-167273] - dpll: zl3073x: add ref sync and output clock type helpers (Ivan Vecera) [RHEL-167273] - dpll: zl3073x: use FIELD_MODIFY() for clear-and-set patterns (Ivan Vecera)[RHEL-167273] - dpll: zl3073x: clean up esync get/set and use zl3073x_out_is_ndiv() (Ivan Vecera) [RHEL-167273] - dpll: zl3073x: implement frequency monitoring (Ivan Vecera) [RHEL-167833] - dpll: add frequency monitoring callback ops (Ivan Vecera) [RHEL-167833] - dpll: add frequency monitoring to netlink spec (Ivan Vecera) [RHEL-167833] - dpll: zl3073x: drop selected and simplify connected ref getter (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add reference priority to zl3073x_chan (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add DPLL channel status fields to zl3073x_chan (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: introduce zl3073x_chan for DPLL channel state (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add zl3073x_ref_state_update helper (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: use struct_group to partition states (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add die temperature reporting for supported chips (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: detect DPLL channel count from chip ID at runtime (Ivan Vecera) [RHEL-172938] - ALSA: 6fire: fix use-after-free on disconnect (CKI Backport Bot) [RHEL-172969] {CVE-2026-31581} - net: mana: fix use-after-free in add_adev() error path (CKI Backport Bot) [RHEL-172768] {CVE-2026-43056} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CKI Backport Bot) [RHEL-165564] {CVE-2026-23216} - net: bonding: fix use-after-free in bond_xmit_broadcast() (CKI Backport Bot) [RHEL-168068] {CVE-2026-31419} - x86/kvm: Avoid freeing stack-allocated node in kvm_async_pf_queue_task (Ryosuke Yasuoka) [RHEL-158916] [5.14.0-687.13.1] - smb: client: reject userspace cifs.spnego descriptions (Paulo Alcantara) [RHEL-178944] {CVE-2026-46243} - s390/dasd: Copy detected format information to secondary device (Ramesh Chhetri) [RHEL-176472] - s390/dasd: Move quiesce state with pprc swap (Ramesh Chhetri) [RHEL-176472] - s390/dasd: Fix gendisk parent after copy pair swap (Ramesh Chhetri) [RHEL-176472] - nvme: nvme-fc: Ensure -> ioerr_work is cancelled innvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-171745] - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-171745] - Buffer overflow in drivers/xen/sys-hypervisor.c (Vitaly Kuznetsov) [RHEL-172510] {CVE-2026-31786} - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (Vladislav Dronov) [RHEL-172167] - crypto: authenc - Fix sleep in atomic context in decrypt_tail (Vladislav Dronov) [RHEL-172167] - smb: client: fix OOB reads parsing symlink error response (CKI Backport Bot) [RHEL-171471] {CVE-2026-31613} - mm/page_alloc: add vm.thp_thisnode_reclaim sysctl to allow THP reclaim on local node (Nico Pache) [RHEL-164778] - mm/page_alloc: simplify __alloc_pages_slowpath() flow (Nico Pache) [RHEL-164778] - mm/page_alloc: refactor the initial compaction handling (Nico Pache) [RHEL-164778] - mm/page_alloc: ignore the exact initial compaction result (Nico Pache) [RHEL-164778] - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (Nico Pache) [RHEL-164778] - mm/page_alloc.c: avoid infinite retries caused by cpuset race (Nico Pache) [RHEL-164778] - mm: warn about illegal __GFP_NOFAIL usage in a more appropriate location and manner (Nico Pache) [RHEL-164778] - mm: document __GFP_NOFAIL must be blockable (Nico Pache) [RHEL-164778] [5.14.0-687.12.1] - dm-thin: fix metadata refcount underflow (Benjamin Marzinski) [RHEL-169626] - netfilter: xt_tcpmss: check remaining length before reading optlen (CKI Backport Bot) [RHEL-174216] {CVE-2026-43190} - wifi: brcmfmac: validate bsscfg indices in IF events (CKI Backport Bot) [RHEL-173848] {CVE-2026-43110} - Bluetooth: SCO: fix race conditions in sco_sock_connect() (CKI Backport Bot) [RHEL-172599] {CVE-2026-43023} - Bluetooth: MGMT: validate LTK enc_size on load (CKI Backport Bot) [RHEL-172572] {CVE-2026-43020} - crypto: tegra - Disable softirqs before finalizing request (CKI Backport Bot) [RHEL-170914] - proc: fix type confusion in pde_set_flags() (Abhi Das) [RHEL-163343] {CVE-2025-38653} - proc: fix missing pde_set_flags()for net proc files (Abhi Das) [RHEL-163343] {CVE-2025-38653} - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CKI Backport Bot) [RHEL-163343] {CVE-2025-38653} - pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN (Olga Kornievskaia) [RHEL-157470] [5.14.0-687.11.1] - mm/page_alloc: clear page-> private in free_pages_prepare() (Rafael Aquini) [RHEL-174750] {CVE-2026-43303} - ice: fix infinite recursion in ice_cfg_tx_topo via ice_init_dev_hw (CKI Backport Bot) [RHEL-175441] - smb: client: validate dacloffset before building DACL pointers (Paulo Alcantara) [RHEL-172821] - smb: client: use kzalloc to zero-initialize security descriptor buffer (Paulo Alcantara) [RHEL-172821] - smb: client: scope end_of_dacl to CIFS_DEBUG2 use in parse_dacl (Paulo Alcantara) [RHEL-172821] - smb: client: require a full NFS mode SID before reading mode bits (Paulo Alcantara) [RHEL-172821] - smb: client: validate the whole DACL before rewriting it in cifsacl (Paulo Alcantara) [RHEL-172821] {CVE-2026-31709} - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (David Marlin) [RHEL-165063] {CVE-2026-31408} - xfs: fix freemap adjustments when adding xattrs to leaf blocks (CKI Backport Bot) [RHEL-174058] {CVE-2026-43158} - xfs: delete attr leaf freemap entries when empty (CKI Backport Bot) [RHEL-174058] {CVE-2026-43158} - redhat/configs: enable CONFIG_SCLP_OFB for s390x (Jan Polensky) [RHEL-172927] - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CKI Backport Bot) [RHEL-172740] {CVE-2026-43051} - netfilter: nf_conntrack_helper: pass helper to expect cleanup (CKI Backport Bot) [RHEL-172620] {CVE-2026-43027} - s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (Ramesh Chhetri) [RHEL-166859] - ice: add dpll peer notification for paired SMA and U.FL pins (Petr Oros) [RHEL-171829] - ice: fix missing dpll notifications for SW pins (Petr Oros) [RHEL-171829] - dpll: export __dpll_pin_change_ntf() for use under dpll_lock (Petr Oros) [RHEL-171829] -ice: fix SMA and U.FL pin state changes affecting paired pin (Petr Oros) [RHEL-162179] - ice: fix missing SMA pin initialization in DPLL subsystem (Petr Oros) [RHEL-171832] - ice: fix NULL pointer dereference in ice_reset_all_vfs() (Petr Oros) [RHEL-172257] - dpll: zl3073x: Remove redundant cleanup in devm_dpll_init() (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: fix REF_PHASE_OFFSET_COMP register width for some chip IDs (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: Fix ref frequency setting (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: Include current frequency in supported frequencies list (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: Add output pin frequency helper (CKI Backport Bot) [RHEL-164442] - scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (Vitaly Kuznetsov) [RHEL-171378] - netfilter: ip6t_eui64: reject invalid MAC header for all packets (CKI Backport Bot) [RHEL-171155] {CVE-2026-31685} - net: sched: act_csum: validate nested VLAN headers (CKI Backport Bot) [RHEL-171138] {CVE-2026-31684} - cifs: make default value of retrans as zero (Paulo Alcantara) [RHEL-170960] - ice: fix ice_ptp_read_tx_hwtstamp_status_eth56g (Petr Oros) [RHEL-170701] - ice: fix ready bitmap check for non-E822 devices (Petr Oros) [RHEL-170701] - ice: perform PHY soft reset for E825C ports at initialization (Petr Oros) [RHEL-170701] - ice: fix timestamp interrupt configuration for E825C (Petr Oros) [RHEL-170701] - drm/mgag200: fix mgag200_bmc_stop_scanout() (Jocelyn Falempe) [RHEL-150179] - nbd: defer config unlock in nbd_genl_connect (Jeff Moyer) [RHEL-166950] {CVE-2025-68366} - x86/mm: flush IOMMU before freeing kernel page table pages (Jerry Snitselaar) [RHEL-167100] {CVE-2025-71089} - iommu/sva: add kernel page table IOTLB flush notification (Jerry Snitselaar) [RHEL-167100] {CVE-2025-71089} - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CKI Backport Bot) [RHEL-166987] {CVE-2026-23455} - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKIBackport Bot) [RHEL-166927] {CVE-2025-68724} - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (Bruno Meneguele) [RHEL-169734] {CVE-2025-68183} - i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (David Arcari) [RHEL-155312] - ice: fix PTP timestamping broken by SyncE code on E825C (Petr Oros) [RHEL-162182] - ice: fix missing TX timestamps interrupts on E825 devices (CKI Backport Bot) [RHEL-162185] - Revert "mm: pcp: increase pcp-> free_count threshold to trigger free_high" (Luiz Capitulino) [RHEL-163464] - netfilter: nf_tables: release flowtable after rcu grace period on error (CKI Backport Bot) [RHEL-160461] {CVE-2026-23392} [5.14.0-687.10.1] - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300} - net: move skb_gro_receive_list from udp to core (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300} - ptrace: slightly saner 'get_dumpable()' logic (Ricardo Robaina) [RHEL-176454] {CVE-2026-46333} - md/bitmap: fix GPF in write_page caused by resize race (Nigel Croxon) [RHEL-174091] {CVE-2026-43163} - RDMA/umem: Fix double dma_buf_unpin in failure path (CKI Backport Bot) [RHEL-174020] {CVE-2026-43128} - usbip: validate number_of_packets in usbip_pack_ret_submit() (CKI Backport Bot) [RHEL-171430] {CVE-2026-31607} - can: raw: fix ro-> uniq use-after-free in raw_rcv() (CKI Backport Bot) [RHEL-170759] {CVE-2026-31532} [5.14.0-687.9.1] - xfrm: esp: avoid in-place decrypt on shared skb frags (Sabrina Dubroca) [RHEL-174563] {CVE-2026-43284} _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux updates focus on Important kernel security advisories and fixes for multiple CVEs, enhancing system integrity.. Oracle Linux Security Advisory, Important Kernel Update, Kernel Threat Management. .LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
217

Oracle Linux 9 Kernel Important Security Advisory ELSA-2026-24381

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-24381 http://linux.oracle.com/errata/ELSA-2026-24381.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-abi-stablelists-5.14.0-687.17.1.el9_8.noarch.rpm kernel-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-cross-headers-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-devel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-devel-matched-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-modules-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-modules-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-modules-extra-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-debug-uki-virt-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-devel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-devel-matched-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-doc-5.14.0-687.17.1.el9_8.noarch.rpm kernel-headers-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-modules-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-modules-core-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-modules-extra-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-tools-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-tools-libs-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-tools-libs-devel-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-uki-virt-5.14.0-687.17.1.el9_8.x86_64.rpm kernel-uki-virt-addons-5.14.0-687.17.1.el9_8.x86_64.rpm libperf-5.14.0-687.17.1.el9_8.x86_64.rpm perf-5.14.0-687.17.1.el9_8.x86_64.rpm python3-perf-5.14.0-687.17.1.el9_8.x86_64.rpm rtla-5.14.0-687.17.1.el9_8.x86_64.rpm rv-5.14.0-687.17.1.el9_8.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-headers-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-tools-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-tools-libs-5.14.0-687.17.1.el9_8.aarch64.rpm kernel-tools-libs-devel-5.14.0-687.17.1.el9_8.aarch64.rpm libperf-5.14.0-687.17.1.el9_8.aarch64.rpm perf-5.14.0-687.17.1.el9_8.aarch64.rpm python3-perf-5.14.0-687.17.1.el9_8.aarch64.rpm rtla-5.14.0-687.17.1.el9_8.aarch64.rpm rv-5.14.0-687.17.1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-687.17.1.el9_8.src.rpm RelatedCVEs: CVE-2026-31613 CVE-2026-31786 CVE-2026-46243 Description of changes: [5.14.0-687.17.1] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 cb[] in ip4ip6_err() (Guillaume Nault) [RHEL-172646] {CVE-2026-43037} - net: openvswitch: Avoid releasing netdev before teardown completes (CKI Backport Bot) [RHEL-170539] {CVE-2026-31508} [5.14.0-687.14.1] - RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (Kamal Heib) [RHEL-179988] {CVE-2026-46181} - redhat: Remove the mlx5 symbols from kabi (Kamal Heib) [RHEL-181822] - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (Antoine Tenart) [RHEL-178408] {CVE-2026-43501} - RDMA/rxe: Fix double free in rxe_srq_from_init (CKI Backport Bot) [RHEL-179712] {CVE-2026-45852} - netfilter: ctnetlink: ensure safe access to master conntrack (Florian Westphal) [RHEL-173843] {CVE-2026-43116} - ice: fix stats array overflow when VF requests more queues (Michal Schmidt) [RHEL-177526] - ice: set max queues in alloc_etherdev_mqs() (Michal Schmidt) [RHEL-174336] - ice: use netif_get_num_default_rss_queues() (Michal Schmidt) [RHEL-174336] - ice: set default rss queues num to physical cores / 2 (Michal Schmidt) [RHEL-174336] - dlm: fix buffer overflow from negative len in dlm_search_rsb_tree (Alexander Aring) [RHEL-173993] {CVE-2026-43125} - dlm: validate length in dlm_search_rsb_tree (Alexander Aring) [RHEL-173993] {CVE-2026-43125} - dpll: zl3073x: add ref-sync pair support (Ivan Vecera) [RHEL-167273] - dpll: zl3073x: add ref sync and output clock type helpers (Ivan Vecera) [RHEL-167273] - dpll: zl3073x: use FIELD_MODIFY() for clear-and-set patterns (Ivan Vecera) [RHEL-167273] - dpll: zl3073x: clean up esync get/set and use zl3073x_out_is_ndiv() (Ivan Vecera) [RHEL-167273] - dpll:zl3073x: implement frequency monitoring (Ivan Vecera) [RHEL-167833] - dpll: add frequency monitoring callback ops (Ivan Vecera) [RHEL-167833] - dpll: add frequency monitoring to netlink spec (Ivan Vecera) [RHEL-167833] - dpll: zl3073x: drop selected and simplify connected ref getter (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add reference priority to zl3073x_chan (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add DPLL channel status fields to zl3073x_chan (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: introduce zl3073x_chan for DPLL channel state (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add zl3073x_ref_state_update helper (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: use struct_group to partition states (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: add die temperature reporting for supported chips (Ivan Vecera) [RHEL-172938] - dpll: zl3073x: detect DPLL channel count from chip ID at runtime (Ivan Vecera) [RHEL-172938] - ALSA: 6fire: fix use-after-free on disconnect (CKI Backport Bot) [RHEL-172969] {CVE-2026-31581} - net: mana: fix use-after-free in add_adev() error path (CKI Backport Bot) [RHEL-172768] {CVE-2026-43056} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CKI Backport Bot) [RHEL-165564] {CVE-2026-23216} - net: bonding: fix use-after-free in bond_xmit_broadcast() (CKI Backport Bot) [RHEL-168068] {CVE-2026-31419} - x86/kvm: Avoid freeing stack-allocated node in kvm_async_pf_queue_task (Ryosuke Yasuoka) [RHEL-158916] [5.14.0-687.13.1] - smb: client: reject userspace cifs.spnego descriptions (Paulo Alcantara) [RHEL-178944] {CVE-2026-46243} - s390/dasd: Copy detected format information to secondary device (Ramesh Chhetri) [RHEL-176472] - s390/dasd: Move quiesce state with pprc swap (Ramesh Chhetri) [RHEL-176472] - s390/dasd: Fix gendisk parent after copy pair swap (Ramesh Chhetri) [RHEL-176472] - nvme: nvme-fc: Ensure -> ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-171745] - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (Ewan D. Milne)[RHEL-171745] - Buffer overflow in drivers/xen/sys-hypervisor.c (Vitaly Kuznetsov) [RHEL-172510] {CVE-2026-31786} - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (Vladislav Dronov) [RHEL-172167] - crypto: authenc - Fix sleep in atomic context in decrypt_tail (Vladislav Dronov) [RHEL-172167] - smb: client: fix OOB reads parsing symlink error response (CKI Backport Bot) [RHEL-171471] {CVE-2026-31613} - mm/page_alloc: add vm.thp_thisnode_reclaim sysctl to allow THP reclaim on local node (Nico Pache) [RHEL-164778] - mm/page_alloc: simplify __alloc_pages_slowpath() flow (Nico Pache) [RHEL-164778] - mm/page_alloc: refactor the initial compaction handling (Nico Pache) [RHEL-164778] - mm/page_alloc: ignore the exact initial compaction result (Nico Pache) [RHEL-164778] - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (Nico Pache) [RHEL-164778] - mm/page_alloc.c: avoid infinite retries caused by cpuset race (Nico Pache) [RHEL-164778] - mm: warn about illegal __GFP_NOFAIL usage in a more appropriate location and manner (Nico Pache) [RHEL-164778] - mm: document __GFP_NOFAIL must be blockable (Nico Pache) [RHEL-164778] [5.14.0-687.12.1] - dm-thin: fix metadata refcount underflow (Benjamin Marzinski) [RHEL-169626] - netfilter: xt_tcpmss: check remaining length before reading optlen (CKI Backport Bot) [RHEL-174216] {CVE-2026-43190} - wifi: brcmfmac: validate bsscfg indices in IF events (CKI Backport Bot) [RHEL-173848] {CVE-2026-43110} - Bluetooth: SCO: fix race conditions in sco_sock_connect() (CKI Backport Bot) [RHEL-172599] {CVE-2026-43023} - Bluetooth: MGMT: validate LTK enc_size on load (CKI Backport Bot) [RHEL-172572] {CVE-2026-43020} - crypto: tegra - Disable softirqs before finalizing request (CKI Backport Bot) [RHEL-170914] - proc: fix type confusion in pde_set_flags() (Abhi Das) [RHEL-163343] {CVE-2025-38653} - proc: fix missing pde_set_flags() for net proc files (Abhi Das) [RHEL-163343] {CVE-2025-38653} - proc: use the same treatment to check proc_lseek as ones forproc_read_iter et.al (CKI Backport Bot) [RHEL-163343] {CVE-2025-38653} - pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN (Olga Kornievskaia) [RHEL-157470] [5.14.0-687.11.1] - mm/page_alloc: clear page-> private in free_pages_prepare() (Rafael Aquini) [RHEL-174750] {CVE-2026-43303} - ice: fix infinite recursion in ice_cfg_tx_topo via ice_init_dev_hw (CKI Backport Bot) [RHEL-175441] - smb: client: validate dacloffset before building DACL pointers (Paulo Alcantara) [RHEL-172821] - smb: client: use kzalloc to zero-initialize security descriptor buffer (Paulo Alcantara) [RHEL-172821] - smb: client: scope end_of_dacl to CIFS_DEBUG2 use in parse_dacl (Paulo Alcantara) [RHEL-172821] - smb: client: require a full NFS mode SID before reading mode bits (Paulo Alcantara) [RHEL-172821] - smb: client: validate the whole DACL before rewriting it in cifsacl (Paulo Alcantara) [RHEL-172821] {CVE-2026-31709} - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (David Marlin) [RHEL-165063] {CVE-2026-31408} - xfs: fix freemap adjustments when adding xattrs to leaf blocks (CKI Backport Bot) [RHEL-174058] {CVE-2026-43158} - xfs: delete attr leaf freemap entries when empty (CKI Backport Bot) [RHEL-174058] {CVE-2026-43158} - redhat/configs: enable CONFIG_SCLP_OFB for s390x (Jan Polensky) [RHEL-172927] - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CKI Backport Bot) [RHEL-172740] {CVE-2026-43051} - netfilter: nf_conntrack_helper: pass helper to expect cleanup (CKI Backport Bot) [RHEL-172620] {CVE-2026-43027} - s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (Ramesh Chhetri) [RHEL-166859] - ice: add dpll peer notification for paired SMA and U.FL pins (Petr Oros) [RHEL-171829] - ice: fix missing dpll notifications for SW pins (Petr Oros) [RHEL-171829] - dpll: export __dpll_pin_change_ntf() for use under dpll_lock (Petr Oros) [RHEL-171829] - ice: fix SMA and U.FL pin state changes affecting paired pin (Petr Oros) [RHEL-162179] - ice: fix missing SMA pininitialization in DPLL subsystem (Petr Oros) [RHEL-171832] - ice: fix NULL pointer dereference in ice_reset_all_vfs() (Petr Oros) [RHEL-172257] - dpll: zl3073x: Remove redundant cleanup in devm_dpll_init() (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: fix REF_PHASE_OFFSET_COMP register width for some chip IDs (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: Fix ref frequency setting (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: Include current frequency in supported frequencies list (CKI Backport Bot) [RHEL-164442] - dpll: zl3073x: Add output pin frequency helper (CKI Backport Bot) [RHEL-164442] - scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (Vitaly Kuznetsov) [RHEL-171378] - netfilter: ip6t_eui64: reject invalid MAC header for all packets (CKI Backport Bot) [RHEL-171155] {CVE-2026-31685} - net: sched: act_csum: validate nested VLAN headers (CKI Backport Bot) [RHEL-171138] {CVE-2026-31684} - cifs: make default value of retrans as zero (Paulo Alcantara) [RHEL-170960] - ice: fix ice_ptp_read_tx_hwtstamp_status_eth56g (Petr Oros) [RHEL-170701] - ice: fix ready bitmap check for non-E822 devices (Petr Oros) [RHEL-170701] - ice: perform PHY soft reset for E825C ports at initialization (Petr Oros) [RHEL-170701] - ice: fix timestamp interrupt configuration for E825C (Petr Oros) [RHEL-170701] - drm/mgag200: fix mgag200_bmc_stop_scanout() (Jocelyn Falempe) [RHEL-150179] - nbd: defer config unlock in nbd_genl_connect (Jeff Moyer) [RHEL-166950] {CVE-2025-68366} - x86/mm: flush IOMMU before freeing kernel page table pages (Jerry Snitselaar) [RHEL-167100] {CVE-2025-71089} - iommu/sva: add kernel page table IOTLB flush notification (Jerry Snitselaar) [RHEL-167100] {CVE-2025-71089} - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CKI Backport Bot) [RHEL-166987] {CVE-2026-23455} - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166927] {CVE-2025-68724} - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMAxattr (Bruno Meneguele) [RHEL-169734] {CVE-2025-68183} - i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (David Arcari) [RHEL-155312] - ice: fix PTP timestamping broken by SyncE code on E825C (Petr Oros) [RHEL-162182] - ice: fix missing TX timestamps interrupts on E825 devices (CKI Backport Bot) [RHEL-162185] - Revert "mm: pcp: increase pcp-> free_count threshold to trigger free_high" (Luiz Capitulino) [RHEL-163464] - netfilter: nf_tables: release flowtable after rcu grace period on error (CKI Backport Bot) [RHEL-160461] {CVE-2026-23392} [5.14.0-687.10.1] - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300} - net: move skb_gro_receive_list from udp to core (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300} - ptrace: slightly saner 'get_dumpable()' logic (Ricardo Robaina) [RHEL-176454] {CVE-2026-46333} - md/bitmap: fix GPF in write_page caused by resize race (Nigel Croxon) [RHEL-174091] {CVE-2026-43163} - RDMA/umem: Fix double dma_buf_unpin in failure path (CKI Backport Bot) [RHEL-174020] {CVE-2026-43128} - usbip: validate number_of_packets in usbip_pack_ret_submit() (CKI Backport Bot) [RHEL-171430] {CVE-2026-31607} - can: raw: fix ro-> uniq use-after-free in raw_rcv() (CKI Backport Bot) [RHEL-170759] {CVE-2026-31532} [5.14.0-687.9.1] - xfrm: esp: avoid in-place decrypt on shared skb frags (Sabrina Dubroca) [RHEL-174563] {CVE-2026-43284} _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Essential updates for Oracle Linux 9 addressing important kernel issues and security risks that require attention.. Oracle Linux updates important kernel security buffer overflow. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Oracle
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here