Oracle Linux Security Advisory ELSA-2026-6153 http://linux.oracle.com/errata/ELSA-2026-6153.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-abi-stablelists-5.14.0-611.45.1.el9_7.noarch.rpm kernel-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-cross-headers-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-devel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-devel-matched-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-modules-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-modules-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-modules-extra-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-debug-uki-virt-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-devel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-devel-matched-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-doc-5.14.0-611.45.1.el9_7.noarch.rpm kernel-headers-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-modules-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-modules-extra-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-tools-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-tools-libs-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-tools-libs-devel-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-uki-virt-5.14.0-611.45.1.el9_7.x86_64.rpm kernel-uki-virt-addons-5.14.0-611.45.1.el9_7.x86_64.rpm libperf-5.14.0-611.45.1.el9_7.x86_64.rpm perf-5.14.0-611.45.1.el9_7.x86_64.rpm python3-perf-5.14.0-611.45.1.el9_7.x86_64.rpm rtla-5.14.0-611.45.1.el9_7.x86_64.rpm rv-5.14.0-611.45.1.el9_7.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-headers-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-tools-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-tools-libs-5.14.0-611.45.1.el9_7.aarch64.rpm kernel-tools-libs-devel-5.14.0-611.45.1.el9_7.aarch64.rpm libperf-5.14.0-611.45.1.el9_7.aarch64.rpm perf-5.14.0-611.45.1.el9_7.aarch64.rpm python3-perf-5.14.0-611.45.1.el9_7.aarch64.rpm rtla-5.14.0-611.45.1.el9_7.aarch64.rpm rv-5.14.0-611.45.1.el9_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.45.1.el9_7.src.rpm Related CVEs: CVE-2025-38180 CVE-2025-40096 CVE-2026-23144 CVE-2026-23171 CVE-2026-23191 CVE-2026-23193 CVE-2026-23204 CVE-2026-23209 Description of changes: [5.14.0-611.45.1] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-611.45.1] - net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150403] {CVE-2026-23204} - net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150403] - iommu: Skip PASID validation for devices without PASID capability (Eder Zulian) [RHEL-95264] [5.14.0-611.44.1] - nfsd: add list_head nf_gc to struct nfsd_file (Roberto Bergantinos Corpas) [RHEL-152551] - redhat: genlog: add new JIRA cloud server hostname (Jan Stancek) - smb: client: fix oops due to uninitialised var in smb2_unlink() (Paulo Alcantara) [RHEL-154395] - cifs: some missing initializations on replay (Paulo Alcantara) [RHEL-154395] - smb: client: fix potential UAF and double free in smb2_open_file() (Paulo Alcantara) [RHEL-154395] - smb/client: fix memory leak in smb2_open_file() (Paulo Alcantara) [RHEL-154395] - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Paulo Alcantara) [RHEL-154395] - bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152383] {CVE-2026-23171} - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CKI Backport Bot) [RHEL-150477] {CVE-2026-23144} - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150226] - macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150226] {CVE-2026-23209} - dpll: zl3073x: Fix output pin phase adjustment sign (CKI Backport Bot) [RHEL-149764] - scsi: s390: zfcp: Ensure synchronous unit_add (CKI Backport Bot) [RHEL-143736] [5.14.0-611.43.1] - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150422] {CVE-2026-23193} - ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150130] {CVE-2026-23191} - net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146421] {CVE-2025-38180} - net: atm: add lec_mutex (Hangbin Liu) [RHEL-146421] {CVE-2025-38323} - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Mika Penttilä) [RHEL-125460] {CVE-2025-40096} _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
