Oracle Linux 6307 Published by

Oracle Linux has issued multiple security updates, which encompass python-virtualenv, raptor2, rsync, fence-agents, .NET 9.0, libblockdev, .NET 8.0, cockpit, udisks2, kexec-tools, and unbreakable enterprise kernel security updates:

ELSA-2024-11048 Important: Oracle Linux 7 python-virtualenv security update
ELSA-2025-20019 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2025-0325 Important: Oracle Linux 8 rsync security update
ELSA-2025-0314 Important: Oracle Linux 8 raptor2 security update
ELSA-2025-0334 Moderate: Oracle Linux 9 ipa security update
ELSA-2025-20019 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-20018 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-0377 Moderate: Oracle Linux 9 Security and bug fixes for NetworkManager
ELSA-2025-0312 Important: Oracle Linux 9 raptor2 security update
ELSA-2025-0324 Important: Oracle Linux 9 rsync security update
ELSA-2025-0308 Important: Oracle Linux 9 fence-agents security update
ELBA-2025-0305 Oracle Linux 9 .NET 9.0 bug fix and enhancement update
ELBA-2025-20024 Oracle Linux 9 libblockdev bug fix update
ELBA-2025-0304 Oracle Linux 9 .NET 8.0 bug fix and enhancement update
ELBA-2025-20021 Oracle Linux 9 cockpit bug fix update
ELBA-2025-20023 Oracle Linux 9 udisks2 bug fix update
ELBA-2025-20015 Oracle Linux 9 kexec-tools bug fix update
ELSA-2025-20018 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update




ELSA-2024-11048 Important: Oracle Linux 7 python-virtualenv security update


Oracle Linux Security Advisory ELSA-2024-11048

http://linux.oracle.com/errata/ELSA-2024-11048.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
python-virtualenv-15.1.0-7.0.1.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//python-virtualenv-15.1.0-7.0.1.el7_9.src.rpm

Related CVEs:

CVE-2024-53899

Description of changes:

[15.1.0-7.0.1]
- Fixes CVE-2024-53899 Quote template strings in activation scripts [Orabug: 37396464]



ELSA-2025-20019 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20019

http://linux.oracle.com/errata/ELSA-2025-20019.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.339.5.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.339.5.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.339.5.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.339.5.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.339.5.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.339.5.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.339.5.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.339.5.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.339.5.el7uek.src.rpm

Related CVEs:

CVE-2022-29901
CVE-2024-56644

Description of changes:

[5.4.17-2136.339.5.el7uek]
- tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov)
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393533]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393533]

[5.4.17-2136.339.4.el7uek]
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- net/ipv6: release expired exception dst cached in socket (Jiri Wiesner)
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil)

[5.4.17-2136.339.3.el7uek]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364531]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265127]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265125]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265123]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265121]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265117]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265115]
- md/raid10: fix task hung in raid10d (Li Nan) [Orabug: 37126683]
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (Yu Kuai) [Orabug: 37126683]
- md/raid10: avoid deadlock on recovery. (Vitaly Mayatskikh) [Orabug: 37126683]

[5.4.17-2136.339.2.el7uek]
- arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. (Miguel Luis) [Orabug: 37027863]

[5.4.17-2136.339.1.el7uek]
- net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] [Orabug: 35316633]
- net/rds: Introduce RDS-INQ feature to RDS protocol (Devesh Sharma) [Orabug: 35316632] [Orabug: 37109336]
- net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] [Orabug: 37072814]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270264]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273706]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273706]
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 37273706] {CVE-2022-29901}
- x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled (Alexandre Chartre) [Orabug: 37310552]
- x86/msr: Add functions to set/clear the bit of an MSR on all cpus (Alexandre Chartre) [Orabug: 37310552]



ELSA-2025-0325 Important: Oracle Linux 8 rsync security update


Oracle Linux Security Advisory ELSA-2025-0325

http://linux.oracle.com/errata/ELSA-2025-0325.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
rsync-3.1.3-20.el8_10.x86_64.rpm
rsync-daemon-3.1.3-20.el8_10.noarch.rpm

aarch64:
rsync-3.1.3-20.el8_10.aarch64.rpm
rsync-daemon-3.1.3-20.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//rsync-3.1.3-20.el8_10.src.rpm

Related CVEs:

CVE-2024-12085

Description of changes:

[3.1.3-20]
- Resolves: RHEL-70157 - Info Leak via Uninitialized Stack Contents



ELSA-2025-0314 Important: Oracle Linux 8 raptor2 security update


Oracle Linux Security Advisory ELSA-2025-0314

http://linux.oracle.com/errata/ELSA-2025-0314.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
raptor2-2.0.15-17.el8_10.i686.rpm
raptor2-2.0.15-17.el8_10.x86_64.rpm
raptor2-devel-2.0.15-17.el8_10.i686.rpm
raptor2-devel-2.0.15-17.el8_10.x86_64.rpm

aarch64:
raptor2-2.0.15-17.el8_10.aarch64.rpm
raptor2-devel-2.0.15-17.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//raptor2-2.0.15-17.el8_10.src.rpm

Related CVEs:

CVE-2024-57823

Description of changes:

[2.0.15-17]
- Resolves: CVE-2024-57823 integer underflow when normalizing a URI with the
turtle parser



ELSA-2025-0334 Moderate: Oracle Linux 9 ipa security update


Oracle Linux Security Advisory ELSA-2025-0334

http://linux.oracle.com/errata/ELSA-2025-0334.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipa-client-4.12.2-1.0.1.el9_5.3.x86_64.rpm
ipa-client-common-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-client-epn-4.12.2-1.0.1.el9_5.3.x86_64.rpm
ipa-client-samba-4.12.2-1.0.1.el9_5.3.x86_64.rpm
ipa-common-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-selinux-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-selinux-luna-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-selinux-nfast-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-server-4.12.2-1.0.1.el9_5.3.x86_64.rpm
ipa-server-common-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-server-dns-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-server-trust-ad-4.12.2-1.0.1.el9_5.3.x86_64.rpm
python3-ipaclient-4.12.2-1.0.1.el9_5.3.noarch.rpm
python3-ipalib-4.12.2-1.0.1.el9_5.3.noarch.rpm
python3-ipaserver-4.12.2-1.0.1.el9_5.3.noarch.rpm
python3-ipatests-4.12.2-1.0.1.el9_5.3.noarch.rpm

aarch64:
ipa-client-4.12.2-1.0.1.el9_5.3.aarch64.rpm
ipa-client-common-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-client-epn-4.12.2-1.0.1.el9_5.3.aarch64.rpm
ipa-client-samba-4.12.2-1.0.1.el9_5.3.aarch64.rpm
ipa-common-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-selinux-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-selinux-luna-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-selinux-nfast-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-server-4.12.2-1.0.1.el9_5.3.aarch64.rpm
ipa-server-common-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-server-dns-4.12.2-1.0.1.el9_5.3.noarch.rpm
ipa-server-trust-ad-4.12.2-1.0.1.el9_5.3.aarch64.rpm
python3-ipaclient-4.12.2-1.0.1.el9_5.3.noarch.rpm
python3-ipalib-4.12.2-1.0.1.el9_5.3.noarch.rpm
python3-ipaserver-4.12.2-1.0.1.el9_5.3.noarch.rpm
python3-ipatests-4.12.2-1.0.1.el9_5.3.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ipa-4.12.2-1.0.1.el9_5.3.src.rpm

Related CVEs:

CVE-2024-11029

Description of changes:

[4.12.2-1.0.1.3]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
- Add bind to ipa-server-common Requires [Orabug: 36518596]

[4.12.2-1.3]
- Resolves: RHEL-69928 add support for python cryptography 44.0.0
- Resolves: RHEL-70258 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
- Resolves: RHEL-70482 ipa-server-upgrade fails after established trust with ad
- Resolves: RHEL-67192 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal



ELSA-2025-20019 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20019

http://linux.oracle.com/errata/ELSA-2025-20019.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.339.5.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.339.5.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.339.5.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.339.5.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.339.5.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.339.5.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.339.5.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.339.5.el8uek.src.rpm

Related CVEs:

CVE-2022-29901
CVE-2024-56644

Description of changes:

[5.4.17-2136.339.5.el8uek]
- tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov)
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393533]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393533]

[5.4.17-2136.339.4.el8uek]
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- net/ipv6: release expired exception dst cached in socket (Jiri Wiesner)
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil)

[5.4.17-2136.339.3.el8uek]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364531]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265127]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265125]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265123]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265121]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265117]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265115]
- md/raid10: fix task hung in raid10d (Li Nan) [Orabug: 37126683]
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (Yu Kuai) [Orabug: 37126683]
- md/raid10: avoid deadlock on recovery. (Vitaly Mayatskikh) [Orabug: 37126683]

[5.4.17-2136.339.2.el8uek]
- arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. (Miguel Luis) [Orabug: 37027863]

[5.4.17-2136.339.1.el8uek]
- net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] [Orabug: 35316633]
- net/rds: Introduce RDS-INQ feature to RDS protocol (Devesh Sharma) [Orabug: 35316632] [Orabug: 37109336]
- net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] [Orabug: 37072814]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270264]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273706]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273706]
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 37273706] {CVE-2022-29901}
- x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled (Alexandre Chartre) [Orabug: 37310552]
- x86/msr: Add functions to set/clear the bit of an MSR on all cpus (Alexandre Chartre) [Orabug: 37310552]



ELSA-2025-20018 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20018

http://linux.oracle.com/errata/ELSA-2025-20018.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-304.171.4.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-304.171.4.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-304.171.4.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-304.171.4.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-304.171.4.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-304.171.4.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-304.171.4.el8uek.src.rpm

Related CVEs:

CVE-2024-46770
CVE-2024-53060
CVE-2024-53070
CVE-2024-53097
CVE-2024-53206
CVE-2024-53226

Description of changes:

[5.15.0-304.171.4.el8uek]
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Kuniyuki Iwashima)
- lib/buildid: Fix build ID parsing logic (Jiri Olsa)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- mm: krealloc: Fix MTE false alarm in __do_krealloc (Qun-Wei Lin)
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" (Jarosław Janik)
- usb: dwc3: fix fault at system suspend if device was already runtime suspended (Roger Quadros)
- ACPI: PRM: Clean up guid type in struct prm_handler_info (Dan Carpenter)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (Junxian Huang)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- ACPI: CPPC: Fix _CPC register setting issue (Lifeng Zheng)
- scsi: qla2xxx: Fix abort in bsg timeout (Quinn Tran)
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (Antonio Quartulli)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393531]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393531]

[5.15.0-304.171.3.el8uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37381702]
- mtd: fix use-after-free in mtd release (Alexander Usyskin) [Orabug: 37371929]
- mtd: Clean refcounting with MTD_PARTITIONED_MASTER (Miquel Raynal) [Orabug: 37371929]
- mtd: call external _get and _put in right order (Alexander Usyskin) [Orabug: 37371929]
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (Andy Shevchenko) [Orabug: 37371929]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364544]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37361290]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37361290]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma) [Orabug: 37347419]
- mm/memcontrol: Fix memcg stat calculation (Aruna Ramakrishna) [Orabug: 37306542]

[5.15.0-304.171.2.el8uek]
- uek-rpm: Add mstflint_access module to the core list (Thomas Tai) [Orabug: 37345530]
- uek-rpm/ol8/config-aarch64-emb3: Enable CONFIG_ARM_SDE_INTERFACE (Thomas Tai) [Orabug: 37345530]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37329531]
- Partial revert "rds: Add inc/frag cache statistics" (Hans Westgaard Ry) [Orabug: 37232315]

[5.15.0-304.171.1.el8uek]
- kpcimgr: assign CPU to handle PCIE transactions during kexec (Joe Dobosenski) [Orabug: 37295980]
- kexec: update start address for LPI table data (Joe Dobosenski) [Orabug: 37295980]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37295980]
- embedded2: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Joe Dobosenski) [Orabug: 37295980]
- embedded2: Support booting an encrypted root filesystem (Joe Dobosenski) [Orabug: 37295980]
- Update embedded2 config for UEK7 (Joe Dobosenski) [Orabug: 37295980]
- Pensando: kernel config changes for kdump (Rob Gardner) [Orabug: 34091165] [Orabug: 37295980]
- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Joe Dobosenski) [Orabug: 37295980]
- arm64: kexec: add support for kexec with spin-table (Henry Willard) [Orabug: 32549965] [Orabug: 37295980]
- drivers/soc/pensando/cap_mem.c: Support DM region mapping. (David Clear) [Orabug: 37295980]
- drivers/edac: elba: Support multiple DDR bypass ranges. (David Clear) [Orabug: 37295980]
- mmc: sdhci-cadence: Enable host driver defined bounce buffer (Brad Larson) [Orabug: 37295980]
- Fix NULL pointer dereference in cn_filter() (Anjali Kulkarni) [Orabug: 37280567]
- selftests: connector: Fix input argument error paths to skip (Shuah Khan) [Orabug: 37280567]
- connector/cn_proc: Selftest for proc connector (Anjali Kulkarni) [Orabug: 37280567]
- connector/cn_proc: Allow non-root users access (Anjali Kulkarni) [Orabug: 37280567]
- connector/cn_proc: Performance improvements (Anjali Kulkarni) [Orabug: 37280567]
- connector/cn_proc: Add filtering to fix some bugs (Anjali Kulkarni) [Orabug: 37280567]
- netlink: Add new netlink_release function (Anjali Kulkarni) [Orabug: 37280567]
- ice: Add netif_device_attach/detach into PF reset flow (Dawid Osuchowski) [Orabug: 37214589] {CVE-2024-46770}



ELSA-2025-0377 Moderate: Oracle Linux 9 Security and bug fixes for NetworkManager


Oracle Linux Security Advisory ELSA-2025-0377

http://linux.oracle.com/errata/ELSA-2025-0377.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
NetworkManager-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-adsl-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-bluetooth-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-cloud-setup-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-config-connectivity-oracle-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-config-server-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-dispatcher-routing-rules-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-initscripts-updown-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-libnm-1.48.10-5.0.1.el9_5.i686.rpm
NetworkManager-libnm-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-ovs-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-ppp-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-team-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-tui-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-wifi-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-wwan-1.48.10-5.0.1.el9_5.x86_64.rpm
NetworkManager-libnm-devel-1.48.10-5.0.1.el9_5.i686.rpm
NetworkManager-libnm-devel-1.48.10-5.0.1.el9_5.x86_64.rpm

aarch64:
NetworkManager-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-adsl-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-bluetooth-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-cloud-setup-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-config-connectivity-oracle-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-config-server-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-dispatcher-routing-rules-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-initscripts-updown-1.48.10-5.0.1.el9_5.noarch.rpm
NetworkManager-libnm-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-ovs-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-ppp-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-team-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-tui-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-wifi-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-wwan-1.48.10-5.0.1.el9_5.aarch64.rpm
NetworkManager-libnm-devel-1.48.10-5.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//NetworkManager-1.48.10-5.0.1.el9_5.src.rpm

Related CVEs:

CVE-2024-3661

Description of changes:

[1.48.10-5.0.1]
- disable MPTCP handling by default [Orabug: 34801142]
- add connectivity check via Oracle servers [Orabug: 32051972]

[1:1.48.10-5]
- vpn: Support routing rules in vpn conenctions (RHEL-73167)
- vpn: Place gateway route to table defined in ipvx.route-table (RHEL-73166)

[1:1.48.10-4]
- Remove routes added by NetworkManager when doing reapply, also those not in main table (RHEL-73013)



ELSA-2025-0312 Important: Oracle Linux 9 raptor2 security update


Oracle Linux Security Advisory ELSA-2025-0312

http://linux.oracle.com/errata/ELSA-2025-0312.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
raptor2-2.0.15-32.el9_5.i686.rpm
raptor2-2.0.15-32.el9_5.x86_64.rpm
raptor2-devel-2.0.15-32.el9_5.i686.rpm
raptor2-devel-2.0.15-32.el9_5.x86_64.rpm

aarch64:
raptor2-2.0.15-32.el9_5.aarch64.rpm
raptor2-devel-2.0.15-32.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//raptor2-2.0.15-32.el9_5.src.rpm

Related CVEs:

CVE-2024-57823

Description of changes:

[2.0.15-32]
- Bump NVR

[2.0.15-31]
- Resolves: CVE-2024-57823 integer underflow when normalizing a URI with the
turtle parser



ELSA-2025-0324 Important: Oracle Linux 9 rsync security update


Oracle Linux Security Advisory ELSA-2025-0324

http://linux.oracle.com/errata/ELSA-2025-0324.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
rsync-3.2.3-20.el9_5.1.x86_64.rpm
rsync-daemon-3.2.3-20.el9_5.1.noarch.rpm

aarch64:
rsync-3.2.3-20.el9_5.1.aarch64.rpm
rsync-daemon-3.2.3-20.el9_5.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//rsync-3.2.3-20.el9_5.1.src.rpm

Related CVEs:

CVE-2024-12085

Description of changes:

[3.2.3-20.1]
- Resolves: RHEL-72495 - Info Leak via Uninitialized Stack Contents



ELSA-2025-0308 Important: Oracle Linux 9 fence-agents security update


Oracle Linux Security Advisory ELSA-2025-0308

http://linux.oracle.com/errata/ELSA-2025-0308.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
fence-agents-common-4.10.0-76.el9_5.4.noarch.rpm
fence-agents-compute-4.10.0-76.el9_5.4.x86_64.rpm
fence-agents-ibm-powervs-4.10.0-76.el9_5.4.noarch.rpm
fence-agents-ibm-vpc-4.10.0-76.el9_5.4.noarch.rpm
fence-agents-kubevirt-4.10.0-76.el9_5.4.x86_64.rpm
fence-agents-virsh-4.10.0-76.el9_5.4.noarch.rpm
fence-virt-4.10.0-76.el9_5.4.x86_64.rpm
fence-virtd-4.10.0-76.el9_5.4.x86_64.rpm
fence-virtd-cpg-4.10.0-76.el9_5.4.x86_64.rpm
fence-virtd-libvirt-4.10.0-76.el9_5.4.x86_64.rpm
fence-virtd-multicast-4.10.0-76.el9_5.4.x86_64.rpm
fence-virtd-serial-4.10.0-76.el9_5.4.x86_64.rpm
fence-virtd-tcp-4.10.0-76.el9_5.4.x86_64.rpm

aarch64:
fence-agents-common-4.10.0-76.el9_5.4.noarch.rpm
fence-agents-ibm-powervs-4.10.0-76.el9_5.4.noarch.rpm
fence-agents-ibm-vpc-4.10.0-76.el9_5.4.noarch.rpm
fence-agents-kubevirt-4.10.0-76.el9_5.4.aarch64.rpm
fence-agents-virsh-4.10.0-76.el9_5.4.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//fence-agents-4.10.0-76.el9_5.4.src.rpm

Related CVEs:

CVE-2024-56201
CVE-2024-56326

Description of changes:

[4.10.0-76.4]
- bundled jinja2: fix CVE-2024-56201 and CVE-2024-56326
Resolves: RHEL-72070, RHEL-72063



ELBA-2025-0305 Oracle Linux 9 .NET 9.0 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-0305

http://linux.oracle.com/errata/ELBA-2025-0305.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
aspnetcore-runtime-dbg-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
aspnetcore-targeting-pack-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-apphost-pack-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-host-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-hostfxr-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-runtime-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-runtime-dbg-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-9.0-9.0.102-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-aot-9.0-9.0.102-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-dbg-9.0-9.0.102-1.0.1.el9_5.x86_64.rpm
dotnet-targeting-pack-9.0-9.0.1-1.0.1.el9_5.x86_64.rpm
dotnet-templates-9.0-9.0.102-1.0.1.el9_5.x86_64.rpm
netstandard-targeting-pack-2.1-9.0.102-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-9.0-source-built-artifacts-9.0.102-1.0.1.el9_5.x86_64.rpm

aarch64:
aspnetcore-runtime-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
aspnetcore-runtime-dbg-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
aspnetcore-targeting-pack-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-apphost-pack-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-host-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-hostfxr-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-runtime-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-runtime-dbg-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-9.0-9.0.102-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-aot-9.0-9.0.102-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-dbg-9.0-9.0.102-1.0.1.el9_5.aarch64.rpm
dotnet-targeting-pack-9.0-9.0.1-1.0.1.el9_5.aarch64.rpm
dotnet-templates-9.0-9.0.102-1.0.1.el9_5.aarch64.rpm
netstandard-targeting-pack-2.1-9.0.102-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-9.0-source-built-artifacts-9.0.102-1.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//dotnet9.0-9.0.102-1.0.1.el9_5.src.rpm

Description of changes:

[9.0.102-1.0.1]
- Add support for Oracle Linux

[9.0.102-1]
- Update to .NET SDK 9.0.102 and Runtime 9.0.1
- Resolves: RHEL-71552



ELBA-2025-20024 Oracle Linux 9 libblockdev bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20024

http://linux.oracle.com/errata/ELBA-2025-20024.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libblockdev-2.28-10.0.1.el9.i686.rpm
libblockdev-2.28-10.0.1.el9.x86_64.rpm
libblockdev-btrfs-2.28-10.0.1.el9.x86_64.rpm
libblockdev-crypto-2.28-10.0.1.el9.i686.rpm
libblockdev-crypto-2.28-10.0.1.el9.x86_64.rpm
libblockdev-dm-2.28-10.0.1.el9.i686.rpm
libblockdev-dm-2.28-10.0.1.el9.x86_64.rpm
libblockdev-fs-2.28-10.0.1.el9.i686.rpm
libblockdev-fs-2.28-10.0.1.el9.x86_64.rpm
libblockdev-kbd-2.28-10.0.1.el9.i686.rpm
libblockdev-kbd-2.28-10.0.1.el9.x86_64.rpm
libblockdev-loop-2.28-10.0.1.el9.i686.rpm
libblockdev-loop-2.28-10.0.1.el9.x86_64.rpm
libblockdev-lvm-2.28-10.0.1.el9.i686.rpm
libblockdev-lvm-2.28-10.0.1.el9.x86_64.rpm
libblockdev-lvm-dbus-2.28-10.0.1.el9.i686.rpm
libblockdev-lvm-dbus-2.28-10.0.1.el9.x86_64.rpm
libblockdev-mdraid-2.28-10.0.1.el9.i686.rpm
libblockdev-mdraid-2.28-10.0.1.el9.x86_64.rpm
libblockdev-mpath-2.28-10.0.1.el9.i686.rpm
libblockdev-mpath-2.28-10.0.1.el9.x86_64.rpm
libblockdev-nvdimm-2.28-10.0.1.el9.i686.rpm
libblockdev-nvdimm-2.28-10.0.1.el9.x86_64.rpm
libblockdev-part-2.28-10.0.1.el9.i686.rpm
libblockdev-part-2.28-10.0.1.el9.x86_64.rpm
libblockdev-plugins-all-2.28-10.0.1.el9.x86_64.rpm
libblockdev-swap-2.28-10.0.1.el9.i686.rpm
libblockdev-swap-2.28-10.0.1.el9.x86_64.rpm
libblockdev-tools-2.28-10.0.1.el9.x86_64.rpm
libblockdev-utils-2.28-10.0.1.el9.i686.rpm
libblockdev-utils-2.28-10.0.1.el9.x86_64.rpm
libblockdev-nvme-2.28-10.0.1.el9.i686.rpm
libblockdev-nvme-2.28-10.0.1.el9.x86_64.rpm
python3-blockdev-2.28-10.0.1.el9.x86_64.rpm

aarch64:
libblockdev-nvme-2.28-10.0.1.el9.aarch64.rpm
libblockdev-2.28-10.0.1.el9.aarch64.rpm
libblockdev-btrfs-2.28-10.0.1.el9.aarch64.rpm
libblockdev-crypto-2.28-10.0.1.el9.aarch64.rpm
libblockdev-dm-2.28-10.0.1.el9.aarch64.rpm
libblockdev-fs-2.28-10.0.1.el9.aarch64.rpm
libblockdev-kbd-2.28-10.0.1.el9.aarch64.rpm
libblockdev-loop-2.28-10.0.1.el9.aarch64.rpm
libblockdev-lvm-2.28-10.0.1.el9.aarch64.rpm
libblockdev-lvm-dbus-2.28-10.0.1.el9.aarch64.rpm
libblockdev-mdraid-2.28-10.0.1.el9.aarch64.rpm
libblockdev-mpath-2.28-10.0.1.el9.aarch64.rpm
libblockdev-nvdimm-2.28-10.0.1.el9.aarch64.rpm
libblockdev-part-2.28-10.0.1.el9.aarch64.rpm
libblockdev-plugins-all-2.28-10.0.1.el9.aarch64.rpm
libblockdev-swap-2.28-10.0.1.el9.aarch64.rpm
libblockdev-tools-2.28-10.0.1.el9.aarch64.rpm
libblockdev-utils-2.28-10.0.1.el9.aarch64.rpm
python3-blockdev-2.28-10.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//libblockdev-2.28-10.0.1.el9.src.rpm

Description of changes:

[2.28-10.0.1]
- enable btrfs support [Orabug: 30792917]

[2.28-10]
- lvm: Add support for starting and stopping VG locking
Resolves: RHEL-15921

[2.28-9]
- nvme: HostID fixes for TP4126
Resolves: RHEL-1375
- nvme: Stack smashing fixes
Resolves: RHEL-13127
Resolves: RHEL-8037

[2.28-8]
- lvm: Add a function to activate LVs in shared mode
Resolves: RHEL-14018



ELBA-2025-0304 Oracle Linux 9 .NET 8.0 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-0304

http://linux.oracle.com/errata/ELBA-2025-0304.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
aspnetcore-runtime-dbg-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
aspnetcore-targeting-pack-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
dotnet-apphost-pack-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
dotnet-hostfxr-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
dotnet-runtime-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
dotnet-runtime-dbg-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-8.0-8.0.112-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-dbg-8.0-8.0.112-1.0.1.el9_5.x86_64.rpm
dotnet-targeting-pack-8.0-8.0.12-1.0.1.el9_5.x86_64.rpm
dotnet-templates-8.0-8.0.112-1.0.1.el9_5.x86_64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.112-1.0.1.el9_5.x86_64.rpm

aarch64:
aspnetcore-runtime-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
aspnetcore-runtime-dbg-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
aspnetcore-targeting-pack-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
dotnet-apphost-pack-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
dotnet-hostfxr-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
dotnet-runtime-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
dotnet-runtime-dbg-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-8.0-8.0.112-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-dbg-8.0-8.0.112-1.0.1.el9_5.aarch64.rpm
dotnet-targeting-pack-8.0-8.0.12-1.0.1.el9_5.aarch64.rpm
dotnet-templates-8.0-8.0.112-1.0.1.el9_5.aarch64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.112-1.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//dotnet8.0-8.0.112-1.0.1.el9_5.src.rpm

Description of changes:

[8.0.112-1.0.1]
- Add support for Oracle Linux

[8.0.112-1]
- Update to .NET SDK 8.0.112 and Runtime 8.0.12
- Resolves: RHEL-71556

[8.0.111-1]
- Update to .NET SDK 8.0.111 and Runtime 8.0.11
- Resolves: RHEL-65369



ELBA-2025-20021 Oracle Linux 9 cockpit bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20021

http://linux.oracle.com/errata/ELBA-2025-20021.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cockpit-323.1-1.0.2.el9_5.x86_64.rpm
cockpit-bridge-323.1-1.0.2.el9_5.x86_64.rpm
cockpit-doc-323.1-1.0.2.el9_5.noarch.rpm
cockpit-system-323.1-1.0.2.el9_5.noarch.rpm
cockpit-ws-323.1-1.0.2.el9_5.x86_64.rpm
cockpit-packagekit-323.1-1.0.2.el9_5.noarch.rpm
cockpit-pcp-323.1-1.0.2.el9_5.x86_64.rpm
cockpit-storaged-323.1-1.0.2.el9_5.noarch.rpm

aarch64:
cockpit-323.1-1.0.2.el9_5.aarch64.rpm
cockpit-bridge-323.1-1.0.2.el9_5.aarch64.rpm
cockpit-doc-323.1-1.0.2.el9_5.noarch.rpm
cockpit-system-323.1-1.0.2.el9_5.noarch.rpm
cockpit-ws-323.1-1.0.2.el9_5.aarch64.rpm
cockpit-packagekit-323.1-1.0.2.el9_5.noarch.rpm
cockpit-pcp-323.1-1.0.2.el9_5.aarch64.rpm
cockpit-storaged-323.1-1.0.2.el9_5.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//cockpit-323.1-1.0.2.el9_5.src.rpm

Description of changes:

[323.1-1.0.2]
- Storage: Enable btrfs support [Orabug: 37464632]



ELBA-2025-20023 Oracle Linux 9 udisks2 bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20023

http://linux.oracle.com/errata/ELBA-2025-20023.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libudisks2-2.9.4-11.0.1.el9.i686.rpm
libudisks2-2.9.4-11.0.1.el9.x86_64.rpm
udisks2-2.9.4-11.0.1.el9.x86_64.rpm
udisks2-iscsi-2.9.4-11.0.1.el9.x86_64.rpm
udisks2-lsm-2.9.4-11.0.1.el9.x86_64.rpm
udisks2-lvm2-2.9.4-11.0.1.el9.x86_64.rpm
libudisks2-devel-2.9.4-11.0.1.el9.i686.rpm
libudisks2-devel-2.9.4-11.0.1.el9.x86_64.rpm

aarch64:
libudisks2-2.9.4-11.0.1.el9.aarch64.rpm
udisks2-2.9.4-11.0.1.el9.aarch64.rpm
udisks2-iscsi-2.9.4-11.0.1.el9.aarch64.rpm
udisks2-lsm-2.9.4-11.0.1.el9.aarch64.rpm
udisks2-lvm2-2.9.4-11.0.1.el9.aarch64.rpm
libudisks2-devel-2.9.4-11.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//udisks2-2.9.4-11.0.1.el9.src.rpm

Description of changes:

[2.9.4-11.0.1]
- Enable btrfs support for OL supported arches [Orabug: 37464632]



ELBA-2025-20015 Oracle Linux 9 kexec-tools bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20015

http://linux.oracle.com/errata/ELBA-2025-20015.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kexec-tools-2.0.28-1.0.10.el9_5.x86_64.rpm

aarch64:
kexec-tools-2.0.28-1.0.10.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kexec-tools-2.0.28-1.0.10.el9_5.src.rpm

Description of changes:

[2.0.28-1.0.10]
- Rebase makedumpfile to v1.7.6 [Orabug: 37289579]



ELSA-2025-20018 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20018

http://linux.oracle.com/errata/ELSA-2025-20018.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-304.171.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-304.171.4.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-304.171.4.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-304.171.4.el9uek.src.rpm

Related CVEs:

CVE-2024-46770
CVE-2024-53060
CVE-2024-53070
CVE-2024-53097
CVE-2024-53206
CVE-2024-53226

Description of changes:

[5.15.0-304.171.4.el9uek]
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Kuniyuki Iwashima)
- lib/buildid: Fix build ID parsing logic (Jiri Olsa)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- mm: krealloc: Fix MTE false alarm in __do_krealloc (Qun-Wei Lin)
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" (Jarosław Janik)
- usb: dwc3: fix fault at system suspend if device was already runtime suspended (Roger Quadros)
- ACPI: PRM: Clean up guid type in struct prm_handler_info (Dan Carpenter)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (Junxian Huang)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- ACPI: CPPC: Fix _CPC register setting issue (Lifeng Zheng)
- scsi: qla2xxx: Fix abort in bsg timeout (Quinn Tran)
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (Antonio Quartulli)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393531]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393531]

[5.15.0-304.171.3.el9uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37381702]
- mtd: fix use-after-free in mtd release (Alexander Usyskin) [Orabug: 37371929]
- mtd: Clean refcounting with MTD_PARTITIONED_MASTER (Miquel Raynal) [Orabug: 37371929]
- mtd: call external _get and _put in right order (Alexander Usyskin) [Orabug: 37371929]
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (Andy Shevchenko) [Orabug: 37371929]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364544]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37361290]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37361290]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma) [Orabug: 37347419]
- mm/memcontrol: Fix memcg stat calculation (Aruna Ramakrishna) [Orabug: 37306542]

[5.15.0-304.171.2.el9uek]
- uek-rpm: Add mstflint_access module to the core list (Thomas Tai) [Orabug: 37345530]
- uek-rpm/ol8/config-aarch64-emb3: Enable CONFIG_ARM_SDE_INTERFACE (Thomas Tai) [Orabug: 37345530]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37329531]
- Partial revert "rds: Add inc/frag cache statistics" (Hans Westgaard Ry) [Orabug: 37232315]

[5.15.0-304.171.1.el9uek]
- kpcimgr: assign CPU to handle PCIE transactions during kexec (Joe Dobosenski) [Orabug: 37295980]
- kexec: update start address for LPI table data (Joe Dobosenski) [Orabug: 37295980]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37295980]
- embedded2: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Joe Dobosenski) [Orabug: 37295980]
- embedded2: Support booting an encrypted root filesystem (Joe Dobosenski) [Orabug: 37295980]
- Update embedded2 config for UEK7 (Joe Dobosenski) [Orabug: 37295980]
- Pensando: kernel config changes for kdump (Rob Gardner) [Orabug: 34091165] [Orabug: 37295980]
- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Joe Dobosenski) [Orabug: 37295980]
- arm64: kexec: add support for kexec with spin-table (Henry Willard) [Orabug: 32549965] [Orabug: 37295980]
- drivers/soc/pensando/cap_mem.c: Support DM region mapping. (David Clear) [Orabug: 37295980]
- drivers/edac: elba: Support multiple DDR bypass ranges. (David Clear) [Orabug: 37295980]
- mmc: sdhci-cadence: Enable host driver defined bounce buffer (Brad Larson) [Orabug: 37295980]
- Fix NULL pointer dereference in cn_filter() (Anjali Kulkarni) [Orabug: 37280567]
- selftests: connector: Fix input argument error paths to skip (Shuah Khan) [Orabug: 37280567]
- connector/cn_proc: Selftest for proc connector (Anjali Kulkarni) [Orabug: 37280567]
- connector/cn_proc: Allow non-root users access (Anjali Kulkarni) [Orabug: 37280567]
- connector/cn_proc: Performance improvements (Anjali Kulkarni) [Orabug: 37280567]
- connector/cn_proc: Add filtering to fix some bugs (Anjali Kulkarni) [Orabug: 37280567]
- netlink: Add new netlink_release function (Anjali Kulkarni) [Orabug: 37280567]
- ice: Add netif_device_attach/detach into PF reset flow (Dawid Osuchowski) [Orabug: 37214589] {CVE-2024-46770}