Ruby, GnuTLS, LibTASN1, and more updates for Oracle Linux

Oracle Linux 6315 Published 3 days ago by Philipp Esselbach

News

ELSA-2025-4063 Moderate: Oracle Linux 8 ruby:3.1 security update

Oracle Linux Security Advisory ELSA-2025-4063

http://linux.oracle.com/errata/ELSA-2025-4063.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.x86_64.rpm
rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.x86_64.rpm
rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm
rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm
ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm

aarch64:
ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.aarch64.rpm
rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.aarch64.rpm
rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpm
rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm
rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm
ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.src.rpm

Related CVEs:

CVE-2024-39908
CVE-2024-41123
CVE-2024-41946
CVE-2024-43398
CVE-2025-27219
CVE-2025-27220
CVE-2025-27221

Description of changes:

ruby
[3.1.7-145]
- Upgrade to Ruby 3.1.7.
Resolves: RHEL-55408
- Fix DoS vulnerability in REXML. (CVE-2024-39908)
Resolves: RHEL-57051
- Fix DoS vulnerability in REXML. (CVE-2024-43398)
Resolves: RHEL-56002

[3.1.5-144]
- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
Resolves: RHEL-68520

[3.1.5-143]
- Upgrade to Ruby 3.1.5.
Resolves: RHEL-35748
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-35749
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-35750
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-35751

[3.1.4-142]
- Upgrade to Ruby 3.1.4.
Resolves: RHEL-5584
- Fix HTTP response splitting in CGI.
Resolves: CVE-2021-33621
- Fix ReDos vulnerability in URI.
Resolves: CVE-2023-28755
Resolves: CVE-2023-36617
- Fix ReDos vulnerability in Time.
Resolves: CVE-2023-28756
- Make RDoc soft dependency in IRB.
Resolves: RHEL-5615

[3.1.2-141]
- Upgrade to Ruby 3.1.2.
Resolves: rhbz#2063772

[3.0.2-140]
- Fix rubygem-irb upgrade not working due to directory -> symlink conversion.
Resolves: rhbz#2010949

[3.0.2-139]
- Upgrade to Ruby 3.0.2.
Related: rhbz#1938942
- Fix command injection vulnerability in RDoc. (CVE-2021-31799)
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
(CVE-2021-31810)
- Fix StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
- Fix dependencies of gems with explicit source installed from a
different source. (CVE-2020-36327)
- Pass ldflags to gem install via CONFIGURE_ARGS.
The same comment on the changelog 3.0.1-138 was wrong.

[3.0.1-138]
- Upgrade to Ruby 3.0.1 by merging Fedora rawhide branch (commit: 6b2ff68).
* Add missing rubygem- prefix for bundled provide of 'connection_pool'.
* Pass ldflags to gem install via CONFIGURE_ARGS
* Remove IRB dependency from rubygem-rdoc.
* Fix flaky excon test suite.
* Properly support DWARF5 debug information.
Related: rhbz#1920533
* Bundle OpenSSL into StdLib.
* Fix SEGFAULT in rubygem-shoulda-matchers test suite.
* Provide gem.build_complete file for binary gems.
* Re-enable test suite.
* ruby-default-gems have to depend on rubygem(io-console) due to reline.
* Fix SEGFAULT preventing rubygem-unicode to build on armv7hl.
* Add support for reworked RubyGems plugins.
* Use proper path for plugin wrappers.
* Extract RSS and REXML into separate subpackages, because they were moved from
default gems to bundled gems.
* Drop Net::Telnet and XMLRPC packages, because they were dropped from Ruby.
Resolves: rhbz#1938942
- Fix FTBFS due to an incompatible load directive.

[2.7.3-136]
- Upgrade to Ruby 2.7.3.
Resolves: rhbz#1947938
- Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
contains leading zero
Resolves: rhbz#1944227

[2.7.2-135]
- Upgrade to Ruby 2.7.2.
- Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.

[2.7.1-133]
- Fix require behavior allowing to load libraries multiple times.
Resolves: rhbz#1842989
- Add ruby-default-gems dependency on irb.

[2.7.1-133]
- Ship racc binary.
Resolves: rhbz#1851388

[2.7.1-132]
- Update to Ruby 2.7.1 by merging Fedora master branch (commit: 2981648)
* Skip unstable tests on s390x.
* Skip JIT tests in RHEL 8.
Resolves: rhbz#1817135

[2.6.3-106]
- Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64.
Resolves: rhbz#1727832
- Properly support %prerelease in %gemspec_ macros.
Related: rhbz#1672575

[2.6.3-105]
- Update to Ruby 2.6.3 by merging Fedora master branch (commit: 1cc2a49)
* Properly generate "ruby(rubygems)" versioned dependencies.
* Extract composition of dependecy strings into helper.
* Loosen RDoc dependency.
* Upstream fix adding -C flag instead of changing directory for gem build.
* Remove obsolete Group tag
* Fix ".include =" support in openssl.cnf.
* Link IRB back to StdLib.
* Link IRB files instead of directories.
* Exclude irb.rb from ruby-libs.
Resolves: rhbz#1672575

[2.5.5-104]
- Update to Ruby 2.5.5.
* Remove Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch; subsumed
* Remove Patch11: ruby-2.6.0-Try-to-update-cert.patch; subsumed
* Remove Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with
-TLS-1.3.patch; subsumed
Resolves: rhbz#1688758
- Don't ship .stp files when SystemTap support is disabled.
Related: rhbz#1657915
- Fix CovScan issues.
Resolves: rhbz#1628592

[2.5.3-103]
- Refresh expired certificates to fix FTBFS.

[2.5.3-102]
- Fix Tokyo TZ tests.

[2.5.3-101]
- Update to Ruby 2.5.3.
Resolves: rhbz#1643092

[2.5.1-100]
- Properly harden package using -fstack-protector-strong.
* ruby-2.6.0-configure-fstack-protector-strong.patch
Resolves: rhbz#1624168

[2.5.1-99]
- Additional OpenSSL 1.1.1 fixes.
* ruby-2.6.0-fix-test-failure-with-TLS-1.3-maint.patch
* ruby-2.6.0-config-support-include-directive.patch
* ruby-2.6.0-use-larger-keys-for-SSL-tests.patch
Related: rhbz#1616213

[2.5.1-99]
- Fix generated rdoc template issues.
* ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch
Resolves: rhbz#1612026

[2.5.1-97]
- Fix TLS 1.3 issues.
* ruby-2.6.0-fix-test-failure-with-TLS-1.3.patch
* ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch
Related: rhbz#1616213

[2.5.1-96]
- turn off tests
- Related: bug#1614611

[2.5.1-96]
- Rebuild with fixed binutils

[2.5.1-95]
- Rebuild for new binutils

[2.5.1-94]
- Disable some test failing with OpenSSL 1.1.1.

[2.5.1-94]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[2.5.1-93]
- Add macros to edit files lists in .gemspec
(gemspec_add_file and gemspec_remove_file).

[2.5.1-93]
- Make %gemspec_{add,remove}_dep modify .gemspec provided by %setup macro.

[2.5.1-92]
- Conflict requirement needs to generate dependency.
- Stop using --with-setjmp-type=setjmp on aarch64 (rhbz#1545239).

[2.5.1-92]
- Update to Ruby 2.5.1.

[2.5.0-91]
- Don't force libraries used to build Ruby to its dependencies.
- Re-enable GMP dependency.

[2.5.0-90]
- Drop GMP dependency.

[2.5.0-89]
- Rebuild with new LDFLAGS from redhat-rpm-config
- Use --with-setjmp-type=setjmp on aarch64 to work around gcc issue (#1545239)

[2.5.0-89]
- Fix: Multiple vulnerabilities in RubyGems
https://bugzilla.redhat.com/show_bug.cgi?id=1547431
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/

[2.5.0-89]
- Drop obsolete ldconfig scriptlets.
- Add GMP dependency.
- Use 'with' operator in RPM dependency generator.
- Add conflicts RPM generator.
- Fix thread_safe test suite segfaults.
- Fix invalid licenses.

[2.5.0-89]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[2.5.0-88]
- Rebuilt for switch to libxcrypt

[2.5.0-87]
- Fix segfaults during generating of documentation.

[2.5.0-86]
- Upgrade to Ruby 2.5.0.

[2.4.2-86]
- Add macro to remove rubypick dependency.
- Improve "with" conditional statement as inline.

[2.4.2-85]
- Add macros to remove systemtap, git and cmake dependencies.

[2.4.2-84]
- Update to Ruby 2.4.2.

[2.4.1-84]
- Drop ruby-devel dependency on rubypick, which is pulled in transtitively.

[2.4.1-83]
- Fix "IOError: stream closed" errors affecting Puma.
- Temporary disable checksec on PPC64LE (rhbz#1479302).

[2.4.1-82]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[2.4.1-81]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[2.4.1-80]
- OpenSSL 1.1.0f-3 disables some weak ciphers. Adjust the package to pass
the tests suite.

[2.4.1-79]
- Update to Ruby 2.4.1.

[2.4.0-78]
- Fix OpenSSL symlinks.

[2.4.0-77]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[2.4.0-76]
- Fix GCC 7.x compatibility (rhbz#1417590).
- Use standardized multilib solution (rhbz#1412274).

[2.4.0-75]
- Apply patch fixing rubygem-mongo build failures.

[2.4.0-74]
- Rebuild again for f26-ruby24 sidetag

[2.4.0-73]
- Rebuild for readline 7.x

[2.4.0-72]
- Link files into directory to avoid dir => symlink isues.

[2.4.0-71]
- Add rubygem-io-console dependency for rubygem-rdoc.

[2.4.0-70]
- Upgrade to Ruby 2.4.0.
- Move gemified xmlrpc into subpackage.
- Move gemified openssl into subpackage.
- Tk is removed from stdlib.
- Extend 'gem_' macros for pre-release version support.

[2.3.3-61]
- Update to Ruby 2.3.3.
- Exclude json.rb from ruby-libs (rhbz#1397370).

[2.3.2-60]
- Update to Ruby 2.3.2.

[2.3.1-59]
- Continue to use OpenSSL 1.0 for the moment.
- Add gemspec_add_dep and gemspec_remove_dep macros.
- Harden package.

[2.3.1-58]
- Workaround "an invalid stdio handle" error on PPC (rhbz#1361037).

[2.3.1-57]
- Make symlinks for json gem.

[2.3.1-56]
- Requires rubygem(json) for rubygem-rdoc (rhbz#1325022).

[2.3.1-55]
- Update to Ruby 2.3.1.

[2.3.0-54]
- Add rubypick and rubygems requires to ruby-devel to deal with BuildRequires

[2.3.0-53]
- Backport trunk@53455 to make ruby-qt build

[2.3.0-52]
- Explicitly require RDoc, since weak dependencies are ignored by default.

[2.3.0-51]
- Load RubyGems prior ABRT hook to properly rescue RubyGems exceptions.

[2.3.0-50]
- Upgrade to Ruby 2.3.0.
- Move gemified net-telnet into subpackage.
- Add did_you_mean subpackage.
- Add virtual provides for CCAN copylibs.
- Use weak dependencies.

[2.3.0-0.7.preview2]
- Add systemtap tests.

[2.2.4-47]
- Update to Ruby 2.2.4.

[2.2.3-46]
- Fix ABRT hook autoloading.

[2.2.3-45]
- Add support for MIPS architecture to config.h

[2.2.3-44]
- Update to Ruby 2.2.3.

[2.2.2-43]
- Fix for "dh key too small" error of OpenSSL 1.0.2+.

[2.2.2-42]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[2.2.2-41]
- Fix the git BR following the git package split.

[2.2.2-40]
- Fix upgrade path (rubygem-io-console's version was recently bumped in F21
and makes the higher release to win).

[2.2.2-11]
- Bump release because of gems

[2.2.2-1]
- Update to Ruby 2.2.2

[2.2.1-10]
- Fix libruby.so versions in SystemTap scripts (rhbz#1202232).

[2.2.1-9]
- Update to Ruby 2.2.1.

[2.2.0-8]
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

[2.2.0-7]
- Fix directory ownership.

[2.2.0-6]
- Initialize all load paths in operating_system.rb.

[2.2.0-5]
- Make operating_system.rb more robust.
- Add RubyGems stub headers for bundled gems.

[2.2.0-4]
- Add missing rubygem-test-unit dependency on rubygem-power_assert.

[2.2.0-3]
- Bump release to avoid EVR issue on rubygem-test-unit

[2.2.0-1]
- Upgrade to Ruby 2.2.0.
- Explicitly list RubyGems directories to avoid accidentaly packaged content.
- Split test-unit and power_assert gems into separate sub-packages.
- Drop libdb dependency in favor of gdbm.

[2.1.5-26]
- Disbable sse2 on i668 (bug #1101811)

[2.1.5-25]
- Update to Ruby 2.1.5.

[2.1.4-24]
- Update to Ruby 2.1.4.
- Include only vendor directories, not their content (rhbz#1114071).
- Fix "invalid regex" warning for non-rubygem packages (rhbz#1154067).
- Use load macro introduced in RPM 4.12.

* Mon Aug 18 2014 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[2.1.2-23]
- Fix FTBFS
- Specify tcl/tk 8.6
- Add upstream patch to build with libffi 3.1

* Sun Jun 08 2014 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Wed May 21 2014 Jaroslav Škarvada [jskarvad@redhat.com]
- Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86

[2.1.2-21]
- Update to Ruby 2.1.2

[2.1.1-20]
- Remove useless exclude (rhbz#1065897).
- Extract load macro into external file and include it.
- Kill bundled certificates.

[2.1.1-19]
- Correctly expand $(prefix) in some Makefiles, e.g. eruby.

[2.1.1-18]
- Update to Ruby 2.1.1.
- Revert regression of Hash#reject.

[2.1.0-19]
- Add RPM dependency generators for RubyGems.

[2.1.0-19]
- Don't link cert.pem explicitely

[2.1.0-18]
- Don't generate documentation on unexpected places.
- Detect if rubygems are running under rpmbuild and install gem binary
extensions into appropriate place.
- Add support for ppc64le arch (rhbz#1053263).
- Re-enable some test cases, which are passing now with Kernel 3.12.8+.
- Backport fix for floating point issues on i686.

[2.1.0-17]
- Upgrade to Ruby 2.1.0.
- Move RPM macros into /usr/lib/rpm/macros.d directory.
- Allow MD5 in OpenSSL for tests.

[2.0.0.247-15]
- Move Psych symlinks to vendor dir, to prevent F18 -> F19 upgrade issues
(rhbz#988490).

[2.0.0.247-14]
- Add forgotten psych.rb link into rubygem-psych to fix "private method load'
called for Psych:Moduler" error (rhbz#979133).

[2.0.0.247-13]
- Fixes multilib conlicts of .gemspec files.
- Make symlinks for psych gem to ruby stdlib dirs (rhbz#979133).
- Use system-wide cert.pem.

[2.0.0.247-12]
- Fix RubyGems search paths when building gems with native extension
(rhbz#979133).

[2.0.0.247-11]
- Fix RubyGems version.

[2.0.0.247-10]
- Better support for build without configuration (rhbz#977941).

[2.0.0.247-9]
- Update to Ruby 2.0.0-p247 (rhbz#979605).
- Fix CVE-2013-4073.
- Fix for wrong makefiles created by mkmf (rhbz#921650).
- Add support for ABRT autoloading.

[2.0.0.195-8]
- Update to Ruby 2.0.0-p195 (rhbz#917374).
- Fix object taint bypassing in DL and Fiddle (CVE-2013-2065).
- Fix build against OpenSSL with enabled ECC curves.
- Add aarch64 support (rhbz#926463).

[2.0.0.0-7]
- Macro definition moved into macros.ruby and macros.rubygems files.
- Added filtering macros.
- Filter automatically generated provides of private libraries (rhbz#947408).

[2.0.0.0-6]
- Fix RbConfig::CONFIG['exec_prefix'] returns empty string (rhbz#924851).

[2.0.0.0-5]
- Make Ruby buildable without rubypick.
- Prevent random test failures.

[2.0.0.0-4]
- Don't mark rpm config file as %config (fpc#259)

[2.0.0.0-3]
- Avoid "method redefined;" warnings due to modified operating_system.rb.
- Fix strange paths created during build of binary gems.

[2.0.0.0-2]
- Prevent squash of %gem_install with following line.

[2.0.0.0-1]
- Update to Ruby 2.0.0-p0.
- Change %{ruby_extdir} to %{ruby_extdir_mri} in preparation for better
JRuby support.

[2.0.0.0-0.3.r39387]
- Move test-unit.gemspec to -libs subpackage for now because rubygems
2.0.0 does not create this

[2.0.0.0-0.2.r39387]
- Fix issues with wrong value of Rubygem's shebang introduced in r39267.

[2.0.0.0-0.1.r39387]
- Upgrade to Ruby 2.0.0 (r39387).
- Introduce %gem_install macro.
- Build against libdb instead of libdb4 (rhbz#894022).
- Move native extensions from exts to ruby directory.
- Enable most of the PPC test suite.
- Change ruby(abi) -> ruby(release).
- Rename ruby executable to ruby-mri, to be prepared for RubyPick.
- Add ruby(runtime_executable) virtual provide, which is later used
by RubyPick.
- RDoc now depends on JSON.
- Try to make -doc subpackage noarch again, since the new RDoc should resolve
the arch dependent issues ( https://github.com/rdoc/rdoc/issues/71).
- Enable SystemTap support.
- Add TapSet for Ruby.
- Split Psych into rubygem-psych subpackage.

[1.9.3.385-28]
- Update to 1.9.3 p385

[1.9.3.374-27]
- Update to 1.9.3 p374
- Fix provided variables in pkgconfig (bug 789532:
Vít Ondruch [vondruch@redhat.com])

[1.9.3.362-26]
- Provide non-versioned pkgconfig file (bug 789532)
- Use db5 on F-19 (bug 894022)

[1.9.3.362-25]
- Backport fix for the upstream PR7629, save the proc made from the given block
(bug 895173)

[1.9.3.362-24]
- Update to 1.9.3.362

[1.9.3.327-23]
- Skipping test_parse.rb (fails on ARM at line 787)
- http://bugs.ruby-lang.org/issues/6899

[1.9.3.327-23]
- Skip test_str_crypt (on rawhide) for now (upstream bug 7312)

[1.9.3.327-22]
- Ignore some network related tests

[1.9.3.327-21]
- Update to 1.9.3.327
- Fix Hash-flooding DoS vulnerability on MurmurHash function
(CVE-2012-5371)

[1.9.3.286-19]
- Update to 1.9.3 p286
- Don't create files when NUL-containing path name is passed
(bug 865940, CVE-2012-4522)

[1.9.3.194-18]
- Patch from trunk for CVE-2012-4464, CVE-2012-4466

[1.9.3.194-17]
- Split documentation into -doc subpackage (rhbz#854418).

[1.9.3.194-16]
- Revert the dependency of ruby-libs on rubygems (rhbz#845011, rhbz#847482).

[1.9.3.194-15]
- ruby-libs must require rubygems (rhbz#845011).

[1.9.3.194-14]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1.9.3.194-13]
- Make the bigdecimal gem a runtime dependency of Ruby.

[1.9.3.194-12]
- Make symlinks for bigdecimal and io-console gems to ruby stdlib dirs (RHBZ 829209).

[1.9.3.194-11]
- Fix license to contain Public Domain.
- macros.ruby now contains unexpanded macros.

[1.9.3.194-10.1]
- Bump release

[1.9.3.194-1]
- Update to Ruby 1.9.3-p194.

[1.9.3.125-3]
- disable check on ppc(64), RH bugzilla 803698

[1.9.3.125-2]
- Temporarily disable make check on ARM until it's fixed upstream. Tracked in RHBZ 789410

[1.9.3.125-1]
- Upgrade to Ruby 1.9.3-p125.

[1.9.3.0-7]
- Make mkmf.rb verbose by default

[1.9.3.0-6]
- Relax dependencies to allow external updates of bundled gems.

[1.9.3.0-5]
- Initial release of Ruby 1.9.3.
- Add rubygems dependency on io-console for user interactions.
- Gems license clarification.

[1.9.3.0-4]
- Bundled gems moved into dedicated directories and subpackages.
- Create and own RubyGems directories for binary extensions.
- Fix build with GCC 4.7.

[1.9.3.0-3]
- Fix RHEL build.
- Fixed directory ownership.
- Verose build output.

[1.9.3.0-2]
- Install RubyGems outside of Ruby directory structure.
- RubyGems has not its own -devel subpackage.
- Enhanced macros.ruby and macros.rubygems.
- All tests are green now (bkabrda).

[1.9.3.0-1]
- Initial package

[1.8.7.357-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[1.8.7.357-1]
- Update to 1.8.7p357
- Randomize hash on process startup (CVE-2011-4815, bug 750564)

[1.8.7.352-2]
- dont normalise arm cpus to arm
- there is something weird about how ruby choses where to put bits

[1.8.7.352-3]
- F-17: kill gdbm support for now due to licensing compatibility issue

[1.8.7.352-2]
- F-17: rebuild against new gdbm

[1.8.7.352-1]
- Update to 1.8.7 p352
- CVE-2011-2686 is fixed in this version (bug 722415)
- Update ext/tk to the latest git
- Remove duplicate path entry (bug 718695)

[1.8.7.334-4]
- Once fix FTBFS (bug 716021)

[1.8.7.334-3]
- normalise arm cpus to arm

[1.8.7.334-2]
- Own %{_normalized_cpu}-%{_target_os} directory (bug 708816)

[1.8.7.334-1]
- Update to 1.8.7 p334

[1.8.7.330-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[1.8.7.330-2]
- nomalise the 32 bit sparc archs to sparc

[1.8.7.330-1]
- Update to 1.8.7 p330
- ext/tk updated to the newest header

[1.8.7.302-2]
- Avoid multilib conflict on -libs subpackage (bug 649174)

[1.8.7.302-1]
- Update to 1.8.7.302
- CVE-2010-0541 (bug 587731) is fixed in this version
- Update ext/tk to the latest head

[1.8.7.299-5]
- More cleanup of spec file, expecially for rpmlint issue
- build ri files in %build

[1.8.7.299-4]
- Cleanup spec file
- Make -irb, -rdoc subpackage noarch
- Make dependencies between arch-dependent subpackages isa specific
- Improve sample documentation gathering

[1.8.7.299-3]
- updated packaged based on feedback (from mtasaka)
- added comments to all patches / sources
- obsoleted ruby-mode, as it's now provided by the emacs package itself
- readded missing documentation
- various small compatability/regression fixes

[1.8.7.299-2]
- readded bits to pull tk package from upstream source branch
- removed unecessary .tk.old dir
- renamed macros which may cause confusion, removed unused ones

[1.8.7.299-1]
- integrate more of jmeyering's and mtaska's feedback
- removed emacs bits that are now shipped with the emacs package
- various patch and spec cleanup
- rebased to ruby 1.8.7 patch 299, removed patches no longer needed:
ruby-1.8.7-openssl-1.0.patch, ruby-1.8.7-rb_gc_guard_ptr-optimization.patch

[1.8.7.249-5]
- Various fixes

[1.8.7.249-4]
- Fixed incorrect paths in 1.8.7 rpm

[1.8.7.249-3]
- Integrated Jim Meyering's feedback and changes in to:
- remove trailing blanks
- placate rpmlint
- ruby_* definitions: do not use trailing slashes in directory names
- _normalized_cpu: simplify definition

[1.8.7.249-2]
- Integrate mtasaka's feedback and changes
- patch101 ruby_1_8_7-rb_gc_guard_ptr-optimization.patch

[1.8.7.249-1]
- Initial Ruby 1.8.7 specfile

[1.8.6.399-5]
- Retry for bug 559158, Simplify the OpenSSL::Digest class
pull more change commits from ruby_1_8 branch

[1.8.6.399-4]
- Patch36 (ruby-1.8.x-RHASH_SIZE-rb_hash_lookup-def.patch)
also backport rb_hash_lookup definition (bug 592936)

[1.8.6.399-3]
- ruby-1.8.x-null-class-must-be-Qnil.patch (bug 530407)
- Recreate some patches using upstream svn when available, and
add some comments for patches

[1.8.6.399-2]
- tcltk: Give up using potentially unmaintained ruby_1_8_6 branch
and instead completely replace with ruby_1_8 branch head
(at this time, using rev 27738)
(seems to fix 560053, 590503)
- Fix Japanese encoding strings under ruby-tcltk/ext/tk/sample/

[1.8.6.399-1]
- Update to 1.8.6 p 399 (bug 579675)
- Patch to fix gc bug causing open4 crash (bug 580993)

[1.8.6.388-9]
- F-14: rebuild against new gdbm

* Thu Jan 28 2010 Mamoru Tasaka
- Once revert the previous change (patch34)

[1.8.6.388-8]
- Backport openssl/digest functions providing digest and hexdigest functions
directly in OpenSSL::Digest.methods
- Make sure that Red Hat people version their changelog entries
- This is actually release #1, but now needs to be release #7

[1.8.6.388-1]
- Add conditional for RHEL.

[1.8.6.383-6]
- CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485)

[1.8.6.383-5]
- Change mkmf.rb to use LIBRUBYARG_SHARED so that have_library() works
without libruby-static.a (bug 428384)
- And move libruby-static.a to -static subpackage

[1.8.6.383-4]
- Use bison to regenerate parse.c to keep the original format of error
messages (bug 530275 comment 4)

[1.8.6.383-3]
- Patch so that irb saves its history (bug 518584, ruby issue 1556)

[1.8.6.383-2]
- Update to 1.8.6 patchlevel 383 (bug 520063)

[1.8.6.369-5]
- Much better idea for Patch31 provided by Akira TAGOH [tagoh@redhat.com]

[1.8.6.369-4]
- Fix the search path of ri command for ri manuals installed with gem
(bug 528787)

[1.8.6.369-3]
- Rebuild against new openssl

[1.8.6.369-2]
- Make sure that readline.so is linked against readline 5 because
Ruby is under GPLv2

[1.8.6.369-1]
- New patchlevel fixing CVE-2009-1904
- Fix directory on ARM (#506233, Kedar Sovani)

[1.8.6.368-1]
- New upstream release (p368)

[1.8.6.287-8]
- Merge Review fix (#226381)

[1.8.6.287-7]
- Fix regression in CVE-2008-3790 (#485383)

[1.8.6.287-6]
- Again use -O2 optimization level
- i586 should search i386-linux directory (on = 6.12

nodejs-nodemon
nodejs-packaging

ELBA-2025-4054 Oracle Linux 8 nodejs:18 bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-4054

http://linux.oracle.com/errata/ELBA-2025-4054.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-18.20.6-2.module+el8.10.0+90556+f35f1323.x86_64.rpm
nodejs-devel-18.20.6-2.module+el8.10.0+90556+f35f1323.x86_64.rpm
nodejs-docs-18.20.6-2.module+el8.10.0+90556+f35f1323.noarch.rpm
nodejs-full-i18n-18.20.6-2.module+el8.10.0+90556+f35f1323.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90556+f35f1323.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.10.0+90556+f35f1323.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90556+f35f1323.noarch.rpm
npm-10.8.2-1.18.20.6.2.module+el8.10.0+90556+f35f1323.x86_64.rpm

aarch64:
nodejs-18.20.6-2.module+el8.10.0+90556+f35f1323.aarch64.rpm
nodejs-devel-18.20.6-2.module+el8.10.0+90556+f35f1323.aarch64.rpm
nodejs-docs-18.20.6-2.module+el8.10.0+90556+f35f1323.noarch.rpm
nodejs-full-i18n-18.20.6-2.module+el8.10.0+90556+f35f1323.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90556+f35f1323.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.10.0+90556+f35f1323.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90556+f35f1323.noarch.rpm
npm-10.8.2-1.18.20.6.2.module+el8.10.0+90556+f35f1323.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-18.20.6-2.module+el8.10.0+90556+f35f1323.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.10.0+90556+f35f1323.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.10.0+90556+f35f1323.src.rpm

Description of changes:

nodejs
[1:18.20.6-2]
- Disable npm's update-notifier
Resolves: RHEL-81075
- Remove obsolete scriplets
Resolves: RHEL-81120

nodejs-nodemon
nodejs-packaging

ELBA-2025-4052 Oracle Linux 8 mod_security_crs bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4052

http://linux.oracle.com/errata/ELBA-2025-4052.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mod_security_crs-3.3.4-3.el8_10.2.noarch.rpm

aarch64:
mod_security_crs-3.3.4-3.el8_10.2.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//mod_security_crs-3.3.4-3.el8_10.2.src.rpm

Description of changes:

[3.3.4-3.2]
- Resolves: RHEL-78711 - A form data, "鹿沼市御成橋"(a name of street/city
in Japanese) is forbade by mod_security_crs-3.3.4-3.el8.noarch

ELBA-2025-4050 Oracle Linux 8 autofs bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4050

http://linux.oracle.com/errata/ELBA-2025-4050.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
autofs-5.1.4-114.0.1.el8_10.3.x86_64.rpm

aarch64:
autofs-5.1.4-114.0.1.el8_10.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//autofs-5.1.4-114.0.1.el8_10.3.src.rpm

Description of changes:

[5.1.4-114.0.1.el8_10.3]
- Add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280]

[5.1.4-114.el8_10.3]
- RHEL-84118 - autofs hang - autofs-5.1.4-114.el8_10.2
- fix lock ordering deadlock in expire_cleanup().
- change spec file %patchN to %patch -P N as required by rpm(8).
- Resolves: RHEL-84118

ELBA-2025-4047 Oracle Linux 8 samba bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4047

http://linux.oracle.com/errata/ELBA-2025-4047.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ctdb-4.19.4-7.0.1.el8_10.x86_64.rpm
libnetapi-4.19.4-7.0.1.el8_10.i686.rpm
libnetapi-4.19.4-7.0.1.el8_10.x86_64.rpm
libsmbclient-4.19.4-7.0.1.el8_10.i686.rpm
libsmbclient-4.19.4-7.0.1.el8_10.x86_64.rpm
libwbclient-4.19.4-7.0.1.el8_10.i686.rpm
libwbclient-4.19.4-7.0.1.el8_10.x86_64.rpm
python3-samba-4.19.4-7.0.1.el8_10.i686.rpm
python3-samba-4.19.4-7.0.1.el8_10.x86_64.rpm
python3-samba-dc-4.19.4-7.0.1.el8_10.x86_64.rpm
python3-samba-test-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-client-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-client-libs-4.19.4-7.0.1.el8_10.i686.rpm
samba-client-libs-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-common-4.19.4-7.0.1.el8_10.noarch.rpm
samba-common-libs-4.19.4-7.0.1.el8_10.i686.rpm
samba-common-libs-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-common-tools-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-dc-libs-4.19.4-7.0.1.el8_10.i686.rpm
samba-dc-libs-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-dcerpc-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-krb5-printing-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-ldb-ldap-modules-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-libs-4.19.4-7.0.1.el8_10.i686.rpm
samba-libs-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-pidl-4.19.4-7.0.1.el8_10.noarch.rpm
samba-test-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-test-libs-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-tools-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-usershares-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-vfs-iouring-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-winbind-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-winbind-clients-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-winbind-krb5-locator-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-winbind-modules-4.19.4-7.0.1.el8_10.i686.rpm
samba-winbind-modules-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-winexe-4.19.4-7.0.1.el8_10.x86_64.rpm
libnetapi-devel-4.19.4-7.0.1.el8_10.i686.rpm
libnetapi-devel-4.19.4-7.0.1.el8_10.x86_64.rpm
libsmbclient-devel-4.19.4-7.0.1.el8_10.i686.rpm
libsmbclient-devel-4.19.4-7.0.1.el8_10.x86_64.rpm
libwbclient-devel-4.19.4-7.0.1.el8_10.i686.rpm
libwbclient-devel-4.19.4-7.0.1.el8_10.x86_64.rpm
python3-samba-devel-4.19.4-7.0.1.el8_10.i686.rpm
python3-samba-devel-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-devel-4.19.4-7.0.1.el8_10.i686.rpm
samba-devel-4.19.4-7.0.1.el8_10.x86_64.rpm
samba-vfs-glusterfs-4.19.4-7.0.1.el8_10.x86_64.rpm

aarch64:
samba-vfs-glusterfs-4.19.4-7.0.1.el8_10.aarch64.rpm
ctdb-4.19.4-7.0.1.el8_10.aarch64.rpm
libnetapi-4.19.4-7.0.1.el8_10.aarch64.rpm
libsmbclient-4.19.4-7.0.1.el8_10.aarch64.rpm
libwbclient-4.19.4-7.0.1.el8_10.aarch64.rpm
python3-samba-4.19.4-7.0.1.el8_10.aarch64.rpm
python3-samba-dc-4.19.4-7.0.1.el8_10.aarch64.rpm
python3-samba-test-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-client-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-client-libs-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-common-4.19.4-7.0.1.el8_10.noarch.rpm
samba-common-libs-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-common-tools-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-dc-libs-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-dcerpc-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-krb5-printing-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-ldb-ldap-modules-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-libs-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-pidl-4.19.4-7.0.1.el8_10.noarch.rpm
samba-test-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-test-libs-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-tools-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-usershares-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-vfs-iouring-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-winbind-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-winbind-clients-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-winbind-krb5-locator-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-winbind-modules-4.19.4-7.0.1.el8_10.aarch64.rpm
libnetapi-devel-4.19.4-7.0.1.el8_10.aarch64.rpm
libsmbclient-devel-4.19.4-7.0.1.el8_10.aarch64.rpm
libwbclient-devel-4.19.4-7.0.1.el8_10.aarch64.rpm
python3-samba-devel-4.19.4-7.0.1.el8_10.aarch64.rpm
samba-devel-4.19.4-7.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//samba-4.19.4-7.0.1.el8_10.src.rpm

Description of changes:

[4.19.4-7.0.1]
- s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs [Orabug: 36518285]
- s3:passdb: Do not leak memory in pdb_tdb [Orabug: 36371377]
- Gluster volumes not accessible via Samba due to missing samba-vfs-glusterfs in OL8 [Orabug: 30205755]

[4.19.4-7]
- resolves: RHEL-84117 - fd_handle_destructor() can panic within an smbd_smb2_close()

ELBA-2025-4045 Oracle Linux 8 systemd bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4045

http://linux.oracle.com/errata/ELBA-2025-4045.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
systemd-239-82.0.3.el8_10.5.i686.rpm
systemd-239-82.0.3.el8_10.5.x86_64.rpm
systemd-container-239-82.0.3.el8_10.5.i686.rpm
systemd-container-239-82.0.3.el8_10.5.x86_64.rpm
systemd-devel-239-82.0.3.el8_10.5.i686.rpm
systemd-devel-239-82.0.3.el8_10.5.x86_64.rpm
systemd-journal-remote-239-82.0.3.el8_10.5.x86_64.rpm
systemd-libs-239-82.0.3.el8_10.5.i686.rpm
systemd-libs-239-82.0.3.el8_10.5.x86_64.rpm
systemd-pam-239-82.0.3.el8_10.5.x86_64.rpm
systemd-tests-239-82.0.3.el8_10.5.x86_64.rpm
systemd-udev-239-82.0.3.el8_10.5.x86_64.rpm

aarch64:
systemd-239-82.0.3.el8_10.5.aarch64.rpm
systemd-container-239-82.0.3.el8_10.5.aarch64.rpm
systemd-devel-239-82.0.3.el8_10.5.aarch64.rpm
systemd-journal-remote-239-82.0.3.el8_10.5.aarch64.rpm
systemd-libs-239-82.0.3.el8_10.5.aarch64.rpm
systemd-pam-239-82.0.3.el8_10.5.aarch64.rpm
systemd-tests-239-82.0.3.el8_10.5.aarch64.rpm
systemd-udev-239-82.0.3.el8_10.5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//systemd-239-82.0.3.el8_10.5.src.rpm

Description of changes:

[239-82.0.3.5]
- Fixes podman quadlet doesn't work in rootless mode [Orabug: 36076771]
- Drastically simplify caching of cgroups members mask
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432]
- Udevd: add an extra configurable timeout before udevd kills workers [Orabug: 36424686]
- Fixed deletion issue for symlink when device is opened [Orabug: 36228608]
- Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376]
- 1A) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 35871376]
- 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376]
- 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]
- Backport upstream pstore dmesg fix [Orabug: 34850699]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273]
- Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629
- Detect podman as separate container type [Orabug: 31922204]
- improve container detection logic [Orabug: 31922204]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]
- Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
- Removed unneeded patches (Already provided upstream or not required)
- 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486]
- 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167)
- 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167)
- 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769)
- systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769)
- Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
- systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)

[239-82.5]
- man: be even clearer that tmpfiles user/group/mode are applied on existing inodes (RHEL-77145)
- Revert "man: fix description of --force in halt(8) (#7392)" (RHEL-81056)
- man: explicitly document that "reboot -f" is different from "systemctl reboot -f" (RHEL-81056)

ELBA-2025-20281 Oracle Linux 8 libcgroup-original bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20281

http://linux.oracle.com/errata/ELBA-2025-20281.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libcgroup-original-3.2.0-1.0.1.el8.x86_64.rpm
libcgroup-original-devel-3.2.0-1.0.1.el8.x86_64.rpm
libcgroup-original-pam-3.2.0-1.0.1.el8.x86_64.rpm
libcgroup-original-tools-3.2.0-1.0.1.el8.x86_64.rpm

aarch64:
libcgroup-original-3.2.0-1.0.1.el8.aarch64.rpm
libcgroup-original-devel-3.2.0-1.0.1.el8.aarch64.rpm
libcgroup-original-pam-3.2.0-1.0.1.el8.aarch64.rpm
libcgroup-original-tools-3.2.0-1.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libcgroup-original-3.2.0-1.0.1.el8.src.rpm

Description of changes:

[3.2.0-1.0.1]
- Update to upstream version v3.2.0 of libcgroup
- Obsolete libcgroup v3.1.0 and previous

ELBA-2025-4044 Oracle Linux 8 device-mapper-multipath bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4044

http://linux.oracle.com/errata/ELBA-2025-4044.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
device-mapper-multipath-0.8.4-42.el8_10.x86_64.rpm
device-mapper-multipath-libs-0.8.4-42.el8_10.i686.rpm
device-mapper-multipath-libs-0.8.4-42.el8_10.x86_64.rpm
kpartx-0.8.4-42.el8_10.x86_64.rpm
libdmmp-0.8.4-42.el8_10.i686.rpm
libdmmp-0.8.4-42.el8_10.x86_64.rpm
device-mapper-multipath-devel-0.8.4-42.el8_10.i686.rpm
device-mapper-multipath-devel-0.8.4-42.el8_10.x86_64.rpm

aarch64:
device-mapper-multipath-0.8.4-42.el8_10.aarch64.rpm
device-mapper-multipath-libs-0.8.4-42.el8_10.aarch64.rpm
kpartx-0.8.4-42.el8_10.aarch64.rpm
libdmmp-0.8.4-42.el8_10.aarch64.rpm
device-mapper-multipath-devel-0.8.4-42.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//device-mapper-multipath-0.8.4-42.el8_10.src.rpm

Description of changes:

[0.8.4-42]
- Add 0138-libmultipath-foreign-fix-memory-leak-in-nvme-foreign.patch
- Resolves: RHEL-72573

ELBA-2025-20280 Oracle Linux 8 crash bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20280

http://linux.oracle.com/errata/ELBA-2025-20280.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
crash-8.0.6-1.0.2.el8.x86_64.rpm
crash-devel-8.0.6-1.0.2.el8.i686.rpm
crash-devel-8.0.6-1.0.2.el8.x86_64.rpm

aarch64:
crash-8.0.6-1.0.2.el8.aarch64.rpm
crash-devel-8.0.6-1.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//crash-8.0.6-1.0.2.el8.src.rpm

Description of changes:

[8.0.6-1.0.2]
- Update gdb and fix module section load address when sh_addr != 0 [Orabug: 37772898]

ELSA-2025-3628 Important: Oracle Linux 7 firefox security update

Oracle Linux Security Advisory ELSA-2025-3628

http://linux.oracle.com/errata/ELSA-2025-3628.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-128.9.0-2.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.9.0-2.0.1.el7_9.src.rpm

Related CVEs:

CVE-2025-3028
CVE-2025-3029
CVE-2025-3030

Description of changes:

[128.9.0-2.0.1]
- Update to 128.9.0 build2 [Orabug: 37796786][CVE-2025-3028][CVE-2025-3029]
[CVE-2025-3030]

ELSA-2025-4170 Important: Oracle Linux 8 thunderbird security update

Oracle Linux Security Advisory ELSA-2025-4170

http://linux.oracle.com/errata/ELSA-2025-4170.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-128.9.0-2.0.1.el8_10.x86_64.rpm

aarch64:
thunderbird-128.9.0-2.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-128.9.0-2.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-3028
CVE-2025-3029
CVE-2025-3030

Description of changes:

[128.9.0-2.0.1]
- Fix prefs for new nss [Orabug: 37079820]
- Add Oracle prefs file

[128.9.0]
- Add OpenELA debranding

[128.9.0-2]
- Update to 128.9.0 build3

[128.9.0-1]
- Update to 128.9.0 build1

ELSA-2025-4043 Moderate: Oracle Linux 8 bluez security update

Oracle Linux Security Advisory ELSA-2025-4043

http://linux.oracle.com/errata/ELSA-2025-4043.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bluez-5.63-5.el8_10.x86_64.rpm
bluez-cups-5.63-5.el8_10.x86_64.rpm
bluez-hid2hci-5.63-5.el8_10.x86_64.rpm
bluez-libs-5.63-5.el8_10.i686.rpm
bluez-libs-5.63-5.el8_10.x86_64.rpm
bluez-obexd-5.63-5.el8_10.x86_64.rpm
bluez-libs-devel-5.63-5.el8_10.i686.rpm
bluez-libs-devel-5.63-5.el8_10.x86_64.rpm

aarch64:
bluez-5.63-5.el8_10.aarch64.rpm
bluez-cups-5.63-5.el8_10.aarch64.rpm
bluez-hid2hci-5.63-5.el8_10.aarch64.rpm
bluez-libs-5.63-5.el8_10.aarch64.rpm
bluez-obexd-5.63-5.el8_10.aarch64.rpm
bluez-libs-devel-5.63-5.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//bluez-5.63-5.el8_10.src.rpm

Related CVEs:

CVE-2023-27349
CVE-2023-51589

Description of changes:

[5.63-5]
+ bluez-5.63-5
- Resolves: RHEL-35371
- Fixing CVE-2023-27349
- Resolves: RHEL-35492
- Fixing CVE-2023-51589

[5.63-4]
+ bluez-5.63-4
- Resolves: RHEL-35501
- Fixing CVE-2023-50230
- Resolves: RHEL-35504
- Fixing CVE-2023-50229

ELBA-2025-4071 Oracle Linux 9 osbuild-composer bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-4071

http://linux.oracle.com/errata/ELBA-2025-4071.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
osbuild-composer-118.1-2.0.1.el9_5.x86_64.rpm
osbuild-composer-core-118.1-2.0.1.el9_5.x86_64.rpm
osbuild-composer-worker-118.1-2.0.1.el9_5.x86_64.rpm

aarch64:
osbuild-composer-118.1-2.0.1.el9_5.aarch64.rpm
osbuild-composer-core-118.1-2.0.1.el9_5.aarch64.rpm
osbuild-composer-worker-118.1-2.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//osbuild-composer-118.1-2.0.1.el9_5.src.rpm

Description of changes:

[118.1-2.0.1]
- osbuild-composer is not able to build RHEL-8 images since RHEL-9.5 RHEL-83780

[118-2.0.2]
- Add support to create OpenScap images [JIRA: OLDIS-35301]

[118-2.0.1]
- Simplify repository names [JIRA: OLDIS-35893]

[118-2]
- Ensure build on latest golang: CVE-2024-34156

[118-1.0.2]
- Refactor patches to fix some naming and set a correct kernel for Oracle Linux [Orabug: 37253643]

[118-1.0.1]
- Support using OCI variables inside built images [JIRA: OLDIS-35302]
- Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
- Update repositories to contain OCI variables
- Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
- Increase default /boot size to 1GB [Orabug: 36827079]
- Add support for OCI hybrid images [JIRA: OLDIS-33593]
- enable aarch64 OCI image builds [JIRA: OLDIS-33593]
- support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]

[118-1]
- New upstream release

[117-1]
- New upstream release

[116-1]
- New upstream release

[115-1]
- New upstream release

[114-1]
- New upstream release

[113-1]
- New upstream release

[110-1]
- New upstream release

[109-1]
- New upstream release

[108-1]
- New upstream release

[104-1]
- New upstream release

[102-1]
- New upstream release

[101-1]
- New upstream release

[100-1]
- New upstream release

[99-1]
- New upstream release

[98-1]
- New upstream release

[96-1]
- New upstream release

[95-1]
- New upstream release

[94-1]
- New upstream release

[93-1]
- New upstream release

[92-1]
- New upstream release

[91-1]
- New upstream release

[89-1]
- New upstream release

[88-1]
- New upstream release

[87-1]
- New upstream release

[86-1]
- New upstream release

[85-1]
- New upstream release

[84-1]
- New upstream release

[82-1]
- New upstream release

ELBA-2025-20279 Oracle Linux 9 iscsi-initiator-utils bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20279

http://linux.oracle.com/errata/ELBA-2025-20279.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.4.el9.i686.rpm
iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.4.el9.x86_64.rpm
iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.0.4.el9.x86_64.rpm
python3-iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.4.el9.x86_64.rpm

aarch64:
iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.4.el9.aarch64.rpm
iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.0.4.el9.aarch64.rpm
python3-iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.4.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//iscsi-initiator-utils-6.2.1.9-1.gita65a472.0.4.el9.src.rpm

Description of changes:

[6.2.1.9-18.gita65a472.0.4]
- Change the order of restart iscsi services in spec file [Orabug: 37749406]

[6.2.1.9-18.gita65a472.0.3]
- Rate limit session reopen and initial connect log messages [Orabug: 37681887]
- Change the log_level of log_debug message in actor_delete()

[6.2.1.9-18.gita65a472.0.2]
- Remove incorrect keyword from install section in iscsi-init [Orabug: 37544462]

[6.2.1.9-18.gita65a472.0.1]
- Add python3-rpm-macros to BuildRequires
- Allow systemd-remount-fs complete before iscsi-init.service [Orabug: 34325406]
- Allow iscsi-init.service to start after local-fs.target [Orabug: 33930979]
- Rename 0008-use-red-hat-name.patch to 0008-use-oracle-for-name.patch
and use com.oracle in prefix
- Complete the following tasks to address [Orabug: 29311709]
The following patches address [Orabug: 29128380] (Jianchao Wang)
Add 0032-Add-Requires-iscsid.service-in-iscsi.service.patch
The following patch addresses [Orabug: 29306329]
Add 0033-Update-systemd-to-always-restart-iscsid-service.patch
- Print vital iscsid messages on console using rsyslog facility. This
is particularly useful when using iscsi boot and there is a connection
or session issue. [Orabug: 29503805]
- Modify iscsi-mark-root-nodes script to only update node.startup to onboot
for iscsi sessions that are active during boot. [Orabug: 29653342]
- Modify iscsi-mark-root nodes script to not mark nodes when iscsi.service
is restarted. [Orabug: 29851447]
- Modify patches 0007 and 0032-0035 to apply cleanly
- Tune TimeoutSec of iscsid service to 10 minutes [Orabug: 29869817]

[6.2.1.9-18.gita65a472]
- rebase to upstream 2.1.9+ with iscsiuio 0.7.8.8
- new meson build system, sync with fedora packaging

ELSA-2025-4025 Important: Oracle Linux 9 libxslt security update

Oracle Linux Security Advisory ELSA-2025-4025

http://linux.oracle.com/errata/ELSA-2025-4025.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libxslt-1.1.34-9.0.1.el9_5.2.i686.rpm
libxslt-1.1.34-9.0.1.el9_5.2.x86_64.rpm
libxslt-devel-1.1.34-9.0.1.el9_5.2.i686.rpm
libxslt-devel-1.1.34-9.0.1.el9_5.2.x86_64.rpm

aarch64:
libxslt-1.1.34-9.0.1.el9_5.2.aarch64.rpm
libxslt-devel-1.1.34-9.0.1.el9_5.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//libxslt-1.1.34-9.0.1.el9_5.2.src.rpm

Related CVEs:

CVE-2024-55549

Description of changes:

[1.1.34-9.0.1.el9_5.2]
- Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball

[1.1.34-9.2]
- Fix CVE-2024-55549 (RHEL-83515)

[1.1.34-9.1]
- Fix CVE-2025-24855 (RHEL-83501)

ELBA-2025-20277 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20277

http://linux.oracle.com/errata/ELBA-2025-20277.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-303.171.5.2.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-303.171.5.2.2.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-303.171.5.2.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-303.171.5.2.2.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-303.171.5.2.2.el8uek.src.rpm

Description of changes:

[5.15.0-303.171.5.2.2.el8uek]
- Uek-rpm/ol9: Enable CONFIG_FIPS_SIGNATURE_SELFTEST for mips64 (Vijay Kumar) [Orabug: 37509583]
- uek-rpm: Enable CONFIG_FIPS_SIGNATURE_SELFTEST for all archs (Saeed Mirzamohammadi) [Orabug: 37509575]
- Revert "crypto: jitter - permanent and intermittent health errors" (Saeed Mirzamohammadi) [Orabug: 37492621]
- Revert "crypto: jitter - correct health test during initialization" (Saeed Mirzamohammadi) [Orabug: 37492621]

[5.15.0-303.171.5.2.1.el8uek]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma) [Orabug: 37410450]
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37423790]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37423790]

[5.15.0-303.171.5.2.el8uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37393454]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37384237]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37384237]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37383283]

[5.15.0-303.171.5.1.el8uek]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37346134]

[5.15.0-303.171.5.el8uek]
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (Artem Bityutskiy) [Orabug: 37249457]
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (Peter Zijlstra) [Orabug: 37249457]
- perf/tests: Add AMX instructions to x86 instruction decoder test (Adrian Hunter) [Orabug: 37249457]
- x86/insn: Add AMX instructions to the x86 instruction decoder (Adrian Hunter) [Orabug: 37249457]
- intel_idle: add Granite Rapids Xeon support (Artem Bityutskiy) [Orabug: 37249457]
- cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again* (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [Orabug: 37249457]
- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Add a new flag to initialize the AMX state (Chang S. Bae) [Orabug: 37249457]
- x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (Chang S. Bae) [Orabug: 37249457]
- intel_idle: enable interrupts before C1 on Xeons (Artem Bityutskiy) [Orabug: 37249457]

[5.15.0-303.171.4.el8uek]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265126]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265124]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265122]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265120]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265116]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265114]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285222]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285222]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279176]
- blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37228086]
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214078]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273739]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270260]
- LTS version: v5.15.171 (Vijayendra Suman)
- mac80211: always have ieee80211_sta_restart() (Johannes Berg)
- vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park)
- drm/i915: Fix potential context UAFs (Rob Clark)
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin)
- mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268580] {CVE-2024-50228}
- wifi: iwlwifi: mvm: fix 6 GHz scan construction (Johannes Berg) [Orabug: 37304734] {CVE-2024-53055}
- nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268588] {CVE-2024-50230}
- x86/bugs: Use code segment selector for VERW operand (Pawan Gupta) [Orabug: 37227383] {CVE-2024-50072}
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268563] {CVE-2024-50218}
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves (Matt Fleming) [Orabug: 37268568] {CVE-2024-50219}
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves (Mel Gorman)
- mm/page_alloc: explicitly define what alloc flags deplete min reserves (Mel Gorman)
- mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags (Mel Gorman)
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH (Mel Gorman)
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE (Mel Gorman)
- mm/page_alloc: split out buddy removal code from rmqueue into separate helper (Mel Gorman)
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() (Wonhyuk Yang)
- mm/page_alloc: call check_new_pages() while zone spinlock is not held (Eric Dumazet)
- riscv: Remove duplicated GET_RM (Chunyan Zhang)
- riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang)
- riscv: Use '%u' to format the output of 'cpu' (WangYuli)
- riscv: efi: Set NX compat flag in PE/COFF header (Heinrich Schuchardt)
- riscv: vdso: Prevent the compiler from inserting calls to memset() (Alexandre Ghiti)
- nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268584] {CVE-2024-50229}
- iio: light: veml6030: fix microlux value calculation (Javier Carrasco)
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (Zicheng Qu) [Orabug: 37268595] {CVE-2024-50232}
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268597] {CVE-2024-50233}
- wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjälä) [Orabug: 37268602] {CVE-2024-50234}
- wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268610] {CVE-2024-50236}
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268613] {CVE-2024-50237}
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (Basavaraj Natikar)
- xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan)
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (Javier Carrasco)
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu)
- usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou)
- misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich)
- net: amd: mvme147: Fix probe banner message (Daniel Palmer)
- scsi: scsi_transport_fc: Allow setting rport state to current state (Benjamin Marzinski)
- fs/ntfs3: Additional check in ni_clear() (Konstantin Komarov) [Orabug: 37268638] {CVE-2024-50244}
- fs/ntfs3: Fix possible deadlock in mi_read (Konstantin Komarov) [Orabug: 37268644] {CVE-2024-50245}
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state (Konstantin Komarov)
- fs/ntfs3: Check if more than chunk-size bytes are written (Andrew Ballance) [Orabug: 37268655] {CVE-2024-50247}
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268670] {CVE-2024-50251}
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoît Monin)
- netfilter: Fix use-after-free in get_info() (Dong Chenchen) [Orabug: 37268689] {CVE-2024-50257}
- bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268702] {CVE-2024-50262}
- netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (Zichen Xie) [Orabug: 37268697] {CVE-2024-50259}
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304740] {CVE-2024-53057}
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (Furong Xu) [Orabug: 37304745] {CVE-2024-53058}
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET)
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304749] {CVE-2024-53059}
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach)
- mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala)
- mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg)
- RDMA/bnxt_re: synchronize the qp-handle table array (Selvin Xavier)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (Patrisious Haddad)
- RDMA/cxgb4: Dump vendor specific QP details (Leon Romanovsky)
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (Geert Uytterhoeven)
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau)
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (Geert Uytterhoeven)
- cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng)
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (Koba Ko) [Orabug: 37264072] {CVE-2024-50141}
- ACPI: PRM: Change handler_addr type to void pointer (Sudeep Holla)
- ACPI: PRM: Remove unnecessary blank lines (Aubrey Li)
- ksmbd: fix user-after-free from session log off (Namjae Jeon) [Orabug: 37227413] {CVE-2024-50086}
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (Donet Tom)
- LTS version: v5.15.170 (Vijayendra Suman)
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264074] {CVE-2024-50142}
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (Zichen Xie) [Orabug: 37252324] {CVE-2024-50103}
- net: phy: dp83822: Fix reset pin definitions (Michel Alex)
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (Jiri Slaby (SUSE))
- selinux: improve error checking in sel_write_load() (Paul Moore)
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang)
- xfrm: fix one more kernel-infoleak in algo dumping (Petr Vaganov) [Orabug: 37252349] {CVE-2024-50110}
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (José Relvas)
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Sean Christopherson) [Orabug: 37252372] {CVE-2024-50115}
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) (Aleksa Sarai)
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252377] {CVE-2024-50116}
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar)
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel)
- drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252383] {CVE-2024-50117}
- btrfs: zoned: fix zone unusable accounting for freed reserved extent (Naohiro Aota)
- ALSA: hda/realtek: Update default depop procedure (Kailang Yang)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264274] {CVE-2024-50205}
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (Jiri Olsa)
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37320233] {CVE-2024-50210}
- r8169: avoid unsolicited interrupts (Heiner Kallweit)
- net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252407] {CVE-2024-50127}
- net: wwan: fix global oob in wwan_rtnl_policy (Lin Ma) [Orabug: 37252410] {CVE-2024-50128}
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x (Peter Rashleigh)
- net: plip: fix break; causing plip to never transmit (Jakub Boehm)
- be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264143] {CVE-2024-50167}
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264149] {CVE-2024-50168}
- xfrm: respect ip protocols rules criteria when performing dst lookups (Eyal Birger)
- xfrm: extract dst lookup parameters into a struct (Eyal Birger)
- tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252415] {CVE-2024-50131}
- platform/x86: dell-sysman: add support for alienware products (Crag Wang)
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (Alexey Klimov)
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang)
- platform/x86: dell-wmi: Ignore suspend notifications (Armin Wolf)
- udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264080] {CVE-2024-50143}
- arm64: Force position-independent veneers (Mark Rutland)
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (Shengjiu Wang)
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (Alexey Klimov)
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252420] {CVE-2024-50134}
- exec: don't WARN for racy path_noexec check (Mateusz Guzik) [Orabug: 37206344] {CVE-2024-50010}
- XHCI: Separate PORT and CAPs macros into dedicated file (Frank Li)
- usb: gadget: Add function wakeup support (Elson Roy Serrao)
- KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr)
- KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch)
- arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264236] {CVE-2024-50194}
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264096] {CVE-2024-50148}
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (Heiko Carstens)
- usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264102] {CVE-2024-50150}
- smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264107] {CVE-2024-50151}
- scsi: target: core: Fix null-ptr-deref in target_alloc_device() (Wang Hai) [Orabug: 37264112] {CVE-2024-50153}
- genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet)
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264114] {CVE-2024-50154}
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264156] {CVE-2024-50171}
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() (Wang Hai)
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid (Li RongQing)
- net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai)
- macsec: don't increment counters for an unrelated SA (Sabrina Dubroca)
- net: usb: usbnet: fix race in probe failure (Oliver Neukum)
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (Douglas Anderson)
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (Douglas Anderson) [Orabug: 37264122] {CVE-2024-50156}
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Bhargava Chenna Marreddy) [Orabug: 37264280] {CVE-2024-50208}
- RDMA/bnxt_re: Return more meaningful error (Kalesh AP)
- ipv4: give an IPv4 dev to blackhole_netdev (Xin Long)
- RDMA/irdma: Fix misspelling of "accept*" (Alexander Zubkov)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy)
- ALSA: hda/cs8409: Fix possible NULL dereference (Murad Masimov) [Orabug: 37264129] {CVE-2024-50160}
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink)
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (Martin Kletzander)
- RDMA/bnxt_re: Add a check for memory allocation (Kalesh AP) [Orabug: 37264285] {CVE-2024-50209}
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel)
- bpf: devmap: provide rxq after redirect (Florian Kauer) [Orabug: 37264132] {CVE-2024-50162}
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (Toke Høiland-Jørgensen) [Orabug: 37264134] {CVE-2024-50163}
- LTS version: v5.15.169 (Vijayendra Suman)
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (Vasiliy Kovalev)
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() (Aneesh Kumar K.V)
- nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264266] {CVE-2024-50202}
- mptcp: prevent MPC handshake on port-based signal endpoints (Paolo Abeni)
- mptcp: fallback when MPTCP opts are dropped after 1st data (Matthieu Baerts (NGI0))
- tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [Orabug: 37227408] {CVE-2024-50083}
- mptcp: handle consistently DSS corruption (Paolo Abeni) [Orabug: 37264210] {CVE-2024-50185}
- mptcp: track and update contiguous data status (Geliang Tang)
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Marc Zyngier) [Orabug: 37264231] {CVE-2024-50192}
- pinctrl: ocelot: fix system hang on level based interrupts (Sergey Matsievskiy) [Orabug: 37264246] {CVE-2024-50196}
- x86/entry_32: Clear CPU buffers after register restore in NMI return (Pawan Gupta) [Orabug: 37264234] {CVE-2024-50193}
- x86/entry_32: Do not clobber user EFLAGS.ZF (Pawan Gupta)
- x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui)
- x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor)
- USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas)
- USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost)
- xhci: Mitigate failed set dequeue pointer commands (Mathias Nyman)
- xhci: Fix incorrect stream context type macro (Mathias Nyman)
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz)
- Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson)
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: light: opt3001: add missing full-scale range value (Emil Gedenryd)
- iio: light: veml6030: fix IIO device retrieval from embedded device (Javier Carrasco) [Orabug: 37264254] {CVE-2024-50198}
- iio: light: veml6030: fix ALS sensor resolution (Javier Carrasco)
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET)
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco)
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov)
- drm/radeon: Fix encoder->possible_clones (Ville Syrjälä) [Orabug: 37264263] {CVE-2024-50201}
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe)
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227403] {CVE-2024-50082}
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Johannes Wikner)
- x86/bugs: Skip RSB fill at VMEXIT (Johannes Wikner)
- x86/entry: Have entry_ibpb() invalidate return predictions (Johannes Wikner)
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Johannes Wikner)
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson)
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller)
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weißschuh)
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (Lu Baolu) [Orabug: 37252321] {CVE-2024-50101}
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer)
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe)
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer)
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (Wachowski, Karol)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835836] {CVE-2024-40953}
- dm-crypt, dm-verity: disable tasklets (Mikulas Patocka)
- wifi: mac80211: fix potential key use-after-free (Johannes Berg)
- secretmem: disable memfd_secret() if arch cannot set direct map (Patrick Roy) [Orabug: 37264195] {CVE-2024-50182}
- mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264256] {CVE-2024-50199}
- fat: fix uninitialized variable (OGAWA Hirofumi)
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (Nianyao Tang)
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY (Oleksij Rempel)
- arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland)
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252316] {CVE-2024-50099}
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264241] {CVE-2024-50195}
- net: enetc: add missing static descriptor and inline keyword (Wei Fang)
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop() (Wei Fang)
- udf: Fix bogus checksum computation in udf_rename() (Jan Kara) [Orabug: 37320204] {CVE-2024-43845}
- udf: Don't return bh from udf_expand_dir_adinicb() (Jan Kara)
- udf: Handle error when expanding directory (Jan Kara)
- udf: Remove old directory iteration code (Jan Kara)
- udf: Convert udf_link() to new directory iteration code (Jan Kara)
- udf: Convert udf_mkdir() to new directory iteration code (Jan Kara)
- udf: Convert udf_add_nondir() to new directory iteration (Jan Kara)
- udf: Implement adding of dir entries using new iteration code (Jan Kara)
- udf: Convert udf_unlink() to new directory iteration code (Jan Kara)
- udf: Convert udf_rmdir() to new directory iteration code (Jan Kara)
- udf: Convert empty_dir() to new directory iteration code (Jan Kara)
- udf: Convert udf_get_parent() to new directory iteration code (Jan Kara)
- udf: Convert udf_lookup() to use new directory iteration code (Jan Kara)
- udf: Convert udf_readdir() to new directory iteration (Jan Kara)
- udf: Convert udf_rename() to new directory iteration code (Jan Kara)
- udf: Provide function to mark entry as deleted using new directory iteration code (Jan Kara)
- udf: Implement searching for directory entry using new iteration code (Jan Kara)
- udf: Move udf_expand_dir_adinicb() to its callsite (Jan Kara)
- udf: Convert udf_expand_dir_adinicb() to new directory iteration (Jan Kara)
- udf: New directory iteration code (Jan Kara)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (Vasiliy Kovalev)

ELBA-2025-20277 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20277

http://linux.oracle.com/errata/ELBA-2025-20277.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-303.171.5.2.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-303.171.5.2.2.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-303.171.5.2.2.el9uek.src.rpm

Description of changes:

[5.15.0-303.171.5.2.2.el9uek]
- Uek-rpm/ol9: Enable CONFIG_FIPS_SIGNATURE_SELFTEST for mips64 (Vijay Kumar) [Orabug: 37509583]
- uek-rpm: Enable CONFIG_FIPS_SIGNATURE_SELFTEST for all archs (Saeed Mirzamohammadi) [Orabug: 37509575]
- Revert "crypto: jitter - permanent and intermittent health errors" (Saeed Mirzamohammadi) [Orabug: 37492621]
- Revert "crypto: jitter - correct health test during initialization" (Saeed Mirzamohammadi) [Orabug: 37492621]

[5.15.0-303.171.5.2.1.el9uek]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma) [Orabug: 37410450]
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37423790]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37423790]

[5.15.0-303.171.5.2.el9uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37393454]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37384237]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37384237]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37383283]

[5.15.0-303.171.5.1.el9uek]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37346134]

[5.15.0-303.171.5.el9uek]
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (Artem Bityutskiy) [Orabug: 37249457]
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (Peter Zijlstra) [Orabug: 37249457]
- perf/tests: Add AMX instructions to x86 instruction decoder test (Adrian Hunter) [Orabug: 37249457]
- x86/insn: Add AMX instructions to the x86 instruction decoder (Adrian Hunter) [Orabug: 37249457]
- intel_idle: add Granite Rapids Xeon support (Artem Bityutskiy) [Orabug: 37249457]
- cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again* (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [Orabug: 37249457]
- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Add a new flag to initialize the AMX state (Chang S. Bae) [Orabug: 37249457]
- x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (Chang S. Bae) [Orabug: 37249457]
- intel_idle: enable interrupts before C1 on Xeons (Artem Bityutskiy) [Orabug: 37249457]

[5.15.0-303.171.4.el9uek]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265126]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265124]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265122]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265120]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265116]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265114]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285222]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285222]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279176]
- blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37228086]
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214078]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273739]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270260]
- LTS version: v5.15.171 (Vijayendra Suman)
- mac80211: always have ieee80211_sta_restart() (Johannes Berg)
- vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park)
- drm/i915: Fix potential context UAFs (Rob Clark)
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin)
- mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268580] {CVE-2024-50228}
- wifi: iwlwifi: mvm: fix 6 GHz scan construction (Johannes Berg) [Orabug: 37304734] {CVE-2024-53055}
- nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268588] {CVE-2024-50230}
- x86/bugs: Use code segment selector for VERW operand (Pawan Gupta) [Orabug: 37227383] {CVE-2024-50072}
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268563] {CVE-2024-50218}
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves (Matt Fleming) [Orabug: 37268568] {CVE-2024-50219}
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves (Mel Gorman)
- mm/page_alloc: explicitly define what alloc flags deplete min reserves (Mel Gorman)
- mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags (Mel Gorman)
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH (Mel Gorman)
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE (Mel Gorman)
- mm/page_alloc: split out buddy removal code from rmqueue into separate helper (Mel Gorman)
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() (Wonhyuk Yang)
- mm/page_alloc: call check_new_pages() while zone spinlock is not held (Eric Dumazet)
- riscv: Remove duplicated GET_RM (Chunyan Zhang)
- riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang)
- riscv: Use '%u' to format the output of 'cpu' (WangYuli)
- riscv: efi: Set NX compat flag in PE/COFF header (Heinrich Schuchardt)
- riscv: vdso: Prevent the compiler from inserting calls to memset() (Alexandre Ghiti)
- nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268584] {CVE-2024-50229}
- iio: light: veml6030: fix microlux value calculation (Javier Carrasco)
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (Zicheng Qu) [Orabug: 37268595] {CVE-2024-50232}
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268597] {CVE-2024-50233}
- wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjälä) [Orabug: 37268602] {CVE-2024-50234}
- wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268610] {CVE-2024-50236}
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268613] {CVE-2024-50237}
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (Basavaraj Natikar)
- xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan)
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (Javier Carrasco)
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu)
- usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou)
- misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich)
- net: amd: mvme147: Fix probe banner message (Daniel Palmer)
- scsi: scsi_transport_fc: Allow setting rport state to current state (Benjamin Marzinski)
- fs/ntfs3: Additional check in ni_clear() (Konstantin Komarov) [Orabug: 37268638] {CVE-2024-50244}
- fs/ntfs3: Fix possible deadlock in mi_read (Konstantin Komarov) [Orabug: 37268644] {CVE-2024-50245}
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state (Konstantin Komarov)
- fs/ntfs3: Check if more than chunk-size bytes are written (Andrew Ballance) [Orabug: 37268655] {CVE-2024-50247}
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268670] {CVE-2024-50251}
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoît Monin)
- netfilter: Fix use-after-free in get_info() (Dong Chenchen) [Orabug: 37268689] {CVE-2024-50257}
- bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268702] {CVE-2024-50262}
- netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (Zichen Xie) [Orabug: 37268697] {CVE-2024-50259}
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304740] {CVE-2024-53057}
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (Furong Xu) [Orabug: 37304745] {CVE-2024-53058}
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET)
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304749] {CVE-2024-53059}
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach)
- mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala)
- mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg)
- RDMA/bnxt_re: synchronize the qp-handle table array (Selvin Xavier)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (Patrisious Haddad)
- RDMA/cxgb4: Dump vendor specific QP details (Leon Romanovsky)
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (Geert Uytterhoeven)
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau)
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (Geert Uytterhoeven)
- cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng)
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (Koba Ko) [Orabug: 37264072] {CVE-2024-50141}
- ACPI: PRM: Change handler_addr type to void pointer (Sudeep Holla)
- ACPI: PRM: Remove unnecessary blank lines (Aubrey Li)
- ksmbd: fix user-after-free from session log off (Namjae Jeon) [Orabug: 37227413] {CVE-2024-50086}
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (Donet Tom)
- LTS version: v5.15.170 (Vijayendra Suman)
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264074] {CVE-2024-50142}
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (Zichen Xie) [Orabug: 37252324] {CVE-2024-50103}
- net: phy: dp83822: Fix reset pin definitions (Michel Alex)
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (Jiri Slaby (SUSE))
- selinux: improve error checking in sel_write_load() (Paul Moore)
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang)
- xfrm: fix one more kernel-infoleak in algo dumping (Petr Vaganov) [Orabug: 37252349] {CVE-2024-50110}
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (José Relvas)
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Sean Christopherson) [Orabug: 37252372] {CVE-2024-50115}
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) (Aleksa Sarai)
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252377] {CVE-2024-50116}
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar)
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel)
- drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252383] {CVE-2024-50117}
- btrfs: zoned: fix zone unusable accounting for freed reserved extent (Naohiro Aota)
- ALSA: hda/realtek: Update default depop procedure (Kailang Yang)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264274] {CVE-2024-50205}
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (Jiri Olsa)
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37320233] {CVE-2024-50210}
- r8169: avoid unsolicited interrupts (Heiner Kallweit)
- net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252407] {CVE-2024-50127}
- net: wwan: fix global oob in wwan_rtnl_policy (Lin Ma) [Orabug: 37252410] {CVE-2024-50128}
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x (Peter Rashleigh)
- net: plip: fix break; causing plip to never transmit (Jakub Boehm)
- be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264143] {CVE-2024-50167}
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264149] {CVE-2024-50168}
- xfrm: respect ip protocols rules criteria when performing dst lookups (Eyal Birger)
- xfrm: extract dst lookup parameters into a struct (Eyal Birger)
- tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252415] {CVE-2024-50131}
- platform/x86: dell-sysman: add support for alienware products (Crag Wang)
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (Alexey Klimov)
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang)
- platform/x86: dell-wmi: Ignore suspend notifications (Armin Wolf)
- udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264080] {CVE-2024-50143}
- arm64: Force position-independent veneers (Mark Rutland)
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (Shengjiu Wang)
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (Alexey Klimov)
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252420] {CVE-2024-50134}
- exec: don't WARN for racy path_noexec check (Mateusz Guzik) [Orabug: 37206344] {CVE-2024-50010}
- XHCI: Separate PORT and CAPs macros into dedicated file (Frank Li)
- usb: gadget: Add function wakeup support (Elson Roy Serrao)
- KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr)
- KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch)
- arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264236] {CVE-2024-50194}
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264096] {CVE-2024-50148}
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (Heiko Carstens)
- usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264102] {CVE-2024-50150}
- smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264107] {CVE-2024-50151}
- scsi: target: core: Fix null-ptr-deref in target_alloc_device() (Wang Hai) [Orabug: 37264112] {CVE-2024-50153}
- genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet)
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264114] {CVE-2024-50154}
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264156] {CVE-2024-50171}
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() (Wang Hai)
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid (Li RongQing)
- net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai)
- macsec: don't increment counters for an unrelated SA (Sabrina Dubroca)
- net: usb: usbnet: fix race in probe failure (Oliver Neukum)
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (Douglas Anderson)
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (Douglas Anderson) [Orabug: 37264122] {CVE-2024-50156}
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Bhargava Chenna Marreddy) [Orabug: 37264280] {CVE-2024-50208}
- RDMA/bnxt_re: Return more meaningful error (Kalesh AP)
- ipv4: give an IPv4 dev to blackhole_netdev (Xin Long)
- RDMA/irdma: Fix misspelling of "accept*" (Alexander Zubkov)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy)
- ALSA: hda/cs8409: Fix possible NULL dereference (Murad Masimov) [Orabug: 37264129] {CVE-2024-50160}
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink)
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (Martin Kletzander)
- RDMA/bnxt_re: Add a check for memory allocation (Kalesh AP) [Orabug: 37264285] {CVE-2024-50209}
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel)
- bpf: devmap: provide rxq after redirect (Florian Kauer) [Orabug: 37264132] {CVE-2024-50162}
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (Toke Høiland-Jørgensen) [Orabug: 37264134] {CVE-2024-50163}
- LTS version: v5.15.169 (Vijayendra Suman)
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (Vasiliy Kovalev)
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() (Aneesh Kumar K.V)
- nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264266] {CVE-2024-50202}
- mptcp: prevent MPC handshake on port-based signal endpoints (Paolo Abeni)
- mptcp: fallback when MPTCP opts are dropped after 1st data (Matthieu Baerts (NGI0))
- tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [Orabug: 37227408] {CVE-2024-50083}
- mptcp: handle consistently DSS corruption (Paolo Abeni) [Orabug: 37264210] {CVE-2024-50185}
- mptcp: track and update contiguous data status (Geliang Tang)
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Marc Zyngier) [Orabug: 37264231] {CVE-2024-50192}
- pinctrl: ocelot: fix system hang on level based interrupts (Sergey Matsievskiy) [Orabug: 37264246] {CVE-2024-50196}
- x86/entry_32: Clear CPU buffers after register restore in NMI return (Pawan Gupta) [Orabug: 37264234] {CVE-2024-50193}
- x86/entry_32: Do not clobber user EFLAGS.ZF (Pawan Gupta)
- x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui)
- x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor)
- USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas)
- USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost)
- xhci: Mitigate failed set dequeue pointer commands (Mathias Nyman)
- xhci: Fix incorrect stream context type macro (Mathias Nyman)
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz)
- Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson)
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: light: opt3001: add missing full-scale range value (Emil Gedenryd)
- iio: light: veml6030: fix IIO device retrieval from embedded device (Javier Carrasco) [Orabug: 37264254] {CVE-2024-50198}
- iio: light: veml6030: fix ALS sensor resolution (Javier Carrasco)
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET)
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco)
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov)
- drm/radeon: Fix encoder->possible_clones (Ville Syrjälä) [Orabug: 37264263] {CVE-2024-50201}
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe)
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227403] {CVE-2024-50082}
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Johannes Wikner)
- x86/bugs: Skip RSB fill at VMEXIT (Johannes Wikner)
- x86/entry: Have entry_ibpb() invalidate return predictions (Johannes Wikner)
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Johannes Wikner)
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson)
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller)
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weißschuh)
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (Lu Baolu) [Orabug: 37252321] {CVE-2024-50101}
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer)
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe)
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer)
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (Wachowski, Karol)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835836] {CVE-2024-40953}
- dm-crypt, dm-verity: disable tasklets (Mikulas Patocka)
- wifi: mac80211: fix potential key use-after-free (Johannes Berg)
- secretmem: disable memfd_secret() if arch cannot set direct map (Patrick Roy) [Orabug: 37264195] {CVE-2024-50182}
- mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264256] {CVE-2024-50199}
- fat: fix uninitialized variable (OGAWA Hirofumi)
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (Nianyao Tang)
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY (Oleksij Rempel)
- arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland)
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252316] {CVE-2024-50099}
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264241] {CVE-2024-50195}
- net: enetc: add missing static descriptor and inline keyword (Wei Fang)
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop() (Wei Fang)
- udf: Fix bogus checksum computation in udf_rename() (Jan Kara) [Orabug: 37320204] {CVE-2024-43845}
- udf: Don't return bh from udf_expand_dir_adinicb() (Jan Kara)
- udf: Handle error when expanding directory (Jan Kara)
- udf: Remove old directory iteration code (Jan Kara)
- udf: Convert udf_link() to new directory iteration code (Jan Kara)
- udf: Convert udf_mkdir() to new directory iteration code (Jan Kara)
- udf: Convert udf_add_nondir() to new directory iteration (Jan Kara)
- udf: Implement adding of dir entries using new iteration code (Jan Kara)
- udf: Convert udf_unlink() to new directory iteration code (Jan Kara)
- udf: Convert udf_rmdir() to new directory iteration code (Jan Kara)
- udf: Convert empty_dir() to new directory iteration code (Jan Kara)
- udf: Convert udf_get_parent() to new directory iteration code (Jan Kara)
- udf: Convert udf_lookup() to use new directory iteration code (Jan Kara)
- udf: Convert udf_readdir() to new directory iteration (Jan Kara)
- udf: Convert udf_rename() to new directory iteration code (Jan Kara)
- udf: Provide function to mark entry as deleted using new directory iteration code (Jan Kara)
- udf: Implement searching for directory entry using new iteration code (Jan Kara)
- udf: Move udf_expand_dir_adinicb() to its callsite (Jan Kara)
- udf: Convert udf_expand_dir_adinicb() to new directory iteration (Jan Kara)
- udf: New directory iteration code (Jan Kara)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (Vasiliy Kovalev)

ELBA-2025-20277 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20277

http://linux.oracle.com/errata/ELBA-2025-20277.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-303.171.5.2.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-303.171.5.2.2.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-303.171.5.2.2.el9uek.src.rpm

Description of changes:

[5.15.0-303.171.5.2.2.el9uek]
- Uek-rpm/ol9: Enable CONFIG_FIPS_SIGNATURE_SELFTEST for mips64 (Vijay Kumar) [Orabug: 37509583]
- uek-rpm: Enable CONFIG_FIPS_SIGNATURE_SELFTEST for all archs (Saeed Mirzamohammadi) [Orabug: 37509575]
- Revert "crypto: jitter - permanent and intermittent health errors" (Saeed Mirzamohammadi) [Orabug: 37492621]
- Revert "crypto: jitter - correct health test during initialization" (Saeed Mirzamohammadi) [Orabug: 37492621]

[5.15.0-303.171.5.2.1.el9uek]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma) [Orabug: 37410450]
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37423790]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37423790]

[5.15.0-303.171.5.2.el9uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37393454]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37384237]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37384237]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37383283]

[5.15.0-303.171.5.1.el9uek]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37346134]

[5.15.0-303.171.5.el9uek]
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (Artem Bityutskiy) [Orabug: 37249457]
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (Peter Zijlstra) [Orabug: 37249457]
- perf/tests: Add AMX instructions to x86 instruction decoder test (Adrian Hunter) [Orabug: 37249457]
- x86/insn: Add AMX instructions to the x86 instruction decoder (Adrian Hunter) [Orabug: 37249457]
- intel_idle: add Granite Rapids Xeon support (Artem Bityutskiy) [Orabug: 37249457]
- cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again* (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [Orabug: 37249457]
- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Add a new flag to initialize the AMX state (Chang S. Bae) [Orabug: 37249457]
- x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (Chang S. Bae) [Orabug: 37249457]
- intel_idle: enable interrupts before C1 on Xeons (Artem Bityutskiy) [Orabug: 37249457]

[5.15.0-303.171.4.el9uek]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265126]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265124]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265122]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265120]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265116]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265114]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285222]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285222]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279176]
- blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37228086]
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214078]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273739]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270260]
- LTS version: v5.15.171 (Vijayendra Suman)
- mac80211: always have ieee80211_sta_restart() (Johannes Berg)
- vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park)
- drm/i915: Fix potential context UAFs (Rob Clark)
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin)
- mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268580] {CVE-2024-50228}
- wifi: iwlwifi: mvm: fix 6 GHz scan construction (Johannes Berg) [Orabug: 37304734] {CVE-2024-53055}
- nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268588] {CVE-2024-50230}
- x86/bugs: Use code segment selector for VERW operand (Pawan Gupta) [Orabug: 37227383] {CVE-2024-50072}
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268563] {CVE-2024-50218}
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves (Matt Fleming) [Orabug: 37268568] {CVE-2024-50219}
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves (Mel Gorman)
- mm/page_alloc: explicitly define what alloc flags deplete min reserves (Mel Gorman)
- mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags (Mel Gorman)
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH (Mel Gorman)
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE (Mel Gorman)
- mm/page_alloc: split out buddy removal code from rmqueue into separate helper (Mel Gorman)
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() (Wonhyuk Yang)
- mm/page_alloc: call check_new_pages() while zone spinlock is not held (Eric Dumazet)
- riscv: Remove duplicated GET_RM (Chunyan Zhang)
- riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang)
- riscv: Use '%u' to format the output of 'cpu' (WangYuli)
- riscv: efi: Set NX compat flag in PE/COFF header (Heinrich Schuchardt)
- riscv: vdso: Prevent the compiler from inserting calls to memset() (Alexandre Ghiti)
- nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268584] {CVE-2024-50229}
- iio: light: veml6030: fix microlux value calculation (Javier Carrasco)
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (Zicheng Qu) [Orabug: 37268595] {CVE-2024-50232}
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268597] {CVE-2024-50233}
- wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjälä) [Orabug: 37268602] {CVE-2024-50234}
- wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268610] {CVE-2024-50236}
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268613] {CVE-2024-50237}
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (Basavaraj Natikar)
- xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan)
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (Javier Carrasco)
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu)
- usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou)
- misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich)
- net: amd: mvme147: Fix probe banner message (Daniel Palmer)
- scsi: scsi_transport_fc: Allow setting rport state to current state (Benjamin Marzinski)
- fs/ntfs3: Additional check in ni_clear() (Konstantin Komarov) [Orabug: 37268638] {CVE-2024-50244}
- fs/ntfs3: Fix possible deadlock in mi_read (Konstantin Komarov) [Orabug: 37268644] {CVE-2024-50245}
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state (Konstantin Komarov)
- fs/ntfs3: Check if more than chunk-size bytes are written (Andrew Ballance) [Orabug: 37268655] {CVE-2024-50247}
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268670] {CVE-2024-50251}
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoît Monin)
- netfilter: Fix use-after-free in get_info() (Dong Chenchen) [Orabug: 37268689] {CVE-2024-50257}
- bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268702] {CVE-2024-50262}
- netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (Zichen Xie) [Orabug: 37268697] {CVE-2024-50259}
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304740] {CVE-2024-53057}
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (Furong Xu) [Orabug: 37304745] {CVE-2024-53058}
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET)
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304749] {CVE-2024-53059}
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach)
- mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala)
- mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg)
- RDMA/bnxt_re: synchronize the qp-handle table array (Selvin Xavier)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (Patrisious Haddad)
- RDMA/cxgb4: Dump vendor specific QP details (Leon Romanovsky)
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (Geert Uytterhoeven)
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau)
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (Geert Uytterhoeven)
- cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng)
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (Koba Ko) [Orabug: 37264072] {CVE-2024-50141}
- ACPI: PRM: Change handler_addr type to void pointer (Sudeep Holla)
- ACPI: PRM: Remove unnecessary blank lines (Aubrey Li)
- ksmbd: fix user-after-free from session log off (Namjae Jeon) [Orabug: 37227413] {CVE-2024-50086}
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (Donet Tom)
- LTS version: v5.15.170 (Vijayendra Suman)
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264074] {CVE-2024-50142}
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (Zichen Xie) [Orabug: 37252324] {CVE-2024-50103}
- net: phy: dp83822: Fix reset pin definitions (Michel Alex)
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (Jiri Slaby (SUSE))
- selinux: improve error checking in sel_write_load() (Paul Moore)
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang)
- xfrm: fix one more kernel-infoleak in algo dumping (Petr Vaganov) [Orabug: 37252349] {CVE-2024-50110}
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (José Relvas)
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Sean Christopherson) [Orabug: 37252372] {CVE-2024-50115}
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) (Aleksa Sarai)
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252377] {CVE-2024-50116}
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar)
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel)
- drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252383] {CVE-2024-50117}
- btrfs: zoned: fix zone unusable accounting for freed reserved extent (Naohiro Aota)
- ALSA: hda/realtek: Update default depop procedure (Kailang Yang)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264274] {CVE-2024-50205}
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (Jiri Olsa)
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37320233] {CVE-2024-50210}
- r8169: avoid unsolicited interrupts (Heiner Kallweit)
- net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252407] {CVE-2024-50127}
- net: wwan: fix global oob in wwan_rtnl_policy (Lin Ma) [Orabug: 37252410] {CVE-2024-50128}
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x (Peter Rashleigh)
- net: plip: fix break; causing plip to never transmit (Jakub Boehm)
- be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264143] {CVE-2024-50167}
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264149] {CVE-2024-50168}
- xfrm: respect ip protocols rules criteria when performing dst lookups (Eyal Birger)
- xfrm: extract dst lookup parameters into a struct (Eyal Birger)
- tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252415] {CVE-2024-50131}
- platform/x86: dell-sysman: add support for alienware products (Crag Wang)
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (Alexey Klimov)
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang)
- platform/x86: dell-wmi: Ignore suspend notifications (Armin Wolf)
- udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264080] {CVE-2024-50143}
- arm64: Force position-independent veneers (Mark Rutland)
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (Shengjiu Wang)
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (Alexey Klimov)
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252420] {CVE-2024-50134}
- exec: don't WARN for racy path_noexec check (Mateusz Guzik) [Orabug: 37206344] {CVE-2024-50010}
- XHCI: Separate PORT and CAPs macros into dedicated file (Frank Li)
- usb: gadget: Add function wakeup support (Elson Roy Serrao)
- KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr)
- KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch)
- arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264236] {CVE-2024-50194}
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264096] {CVE-2024-50148}
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (Heiko Carstens)
- usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264102] {CVE-2024-50150}
- smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264107] {CVE-2024-50151}
- scsi: target: core: Fix null-ptr-deref in target_alloc_device() (Wang Hai) [Orabug: 37264112] {CVE-2024-50153}
- genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet)
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264114] {CVE-2024-50154}
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264156] {CVE-2024-50171}
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() (Wang Hai)
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid (Li RongQing)
- net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai)
- macsec: don't increment counters for an unrelated SA (Sabrina Dubroca)
- net: usb: usbnet: fix race in probe failure (Oliver Neukum)
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (Douglas Anderson)
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (Douglas Anderson) [Orabug: 37264122] {CVE-2024-50156}
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Bhargava Chenna Marreddy) [Orabug: 37264280] {CVE-2024-50208}
- RDMA/bnxt_re: Return more meaningful error (Kalesh AP)
- ipv4: give an IPv4 dev to blackhole_netdev (Xin Long)
- RDMA/irdma: Fix misspelling of "accept*" (Alexander Zubkov)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy)
- ALSA: hda/cs8409: Fix possible NULL dereference (Murad Masimov) [Orabug: 37264129] {CVE-2024-50160}
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink)
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (Martin Kletzander)
- RDMA/bnxt_re: Add a check for memory allocation (Kalesh AP) [Orabug: 37264285] {CVE-2024-50209}
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel)
- bpf: devmap: provide rxq after redirect (Florian Kauer) [Orabug: 37264132] {CVE-2024-50162}
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (Toke Høiland-Jørgensen) [Orabug: 37264134] {CVE-2024-50163}
- LTS version: v5.15.169 (Vijayendra Suman)
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (Vasiliy Kovalev)
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() (Aneesh Kumar K.V)
- nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264266] {CVE-2024-50202}
- mptcp: prevent MPC handshake on port-based signal endpoints (Paolo Abeni)
- mptcp: fallback when MPTCP opts are dropped after 1st data (Matthieu Baerts (NGI0))
- tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [Orabug: 37227408] {CVE-2024-50083}
- mptcp: handle consistently DSS corruption (Paolo Abeni) [Orabug: 37264210] {CVE-2024-50185}
- mptcp: track and update contiguous data status (Geliang Tang)
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Marc Zyngier) [Orabug: 37264231] {CVE-2024-50192}
- pinctrl: ocelot: fix system hang on level based interrupts (Sergey Matsievskiy) [Orabug: 37264246] {CVE-2024-50196}
- x86/entry_32: Clear CPU buffers after register restore in NMI return (Pawan Gupta) [Orabug: 37264234] {CVE-2024-50193}
- x86/entry_32: Do not clobber user EFLAGS.ZF (Pawan Gupta)
- x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui)
- x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor)
- USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas)
- USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost)
- xhci: Mitigate failed set dequeue pointer commands (Mathias Nyman)
- xhci: Fix incorrect stream context type macro (Mathias Nyman)
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz)
- Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson)
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: light: opt3001: add missing full-scale range value (Emil Gedenryd)
- iio: light: veml6030: fix IIO device retrieval from embedded device (Javier Carrasco) [Orabug: 37264254] {CVE-2024-50198}
- iio: light: veml6030: fix ALS sensor resolution (Javier Carrasco)
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET)
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco)
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov)
- drm/radeon: Fix encoder->possible_clones (Ville Syrjälä) [Orabug: 37264263] {CVE-2024-50201}
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe)
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227403] {CVE-2024-50082}
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Johannes Wikner)
- x86/bugs: Skip RSB fill at VMEXIT (Johannes Wikner)
- x86/entry: Have entry_ibpb() invalidate return predictions (Johannes Wikner)
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Johannes Wikner)
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson)
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller)
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weißschuh)
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (Lu Baolu) [Orabug: 37252321] {CVE-2024-50101}
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer)
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe)
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer)
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (Wachowski, Karol)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835836] {CVE-2024-40953}
- dm-crypt, dm-verity: disable tasklets (Mikulas Patocka)
- wifi: mac80211: fix potential key use-after-free (Johannes Berg)
- secretmem: disable memfd_secret() if arch cannot set direct map (Patrick Roy) [Orabug: 37264195] {CVE-2024-50182}
- mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264256] {CVE-2024-50199}
- fat: fix uninitialized variable (OGAWA Hirofumi)
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (Nianyao Tang)
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY (Oleksij Rempel)
- arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland)
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252316] {CVE-2024-50099}
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264241] {CVE-2024-50195}
- net: enetc: add missing static descriptor and inline keyword (Wei Fang)
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop() (Wei Fang)
- udf: Fix bogus checksum computation in udf_rename() (Jan Kara) [Orabug: 37320204] {CVE-2024-43845}
- udf: Don't return bh from udf_expand_dir_adinicb() (Jan Kara)
- udf: Handle error when expanding directory (Jan Kara)
- udf: Remove old directory iteration code (Jan Kara)
- udf: Convert udf_link() to new directory iteration code (Jan Kara)
- udf: Convert udf_mkdir() to new directory iteration code (Jan Kara)
- udf: Convert udf_add_nondir() to new directory iteration (Jan Kara)
- udf: Implement adding of dir entries using new iteration code (Jan Kara)
- udf: Convert udf_unlink() to new directory iteration code (Jan Kara)
- udf: Convert udf_rmdir() to new directory iteration code (Jan Kara)
- udf: Convert empty_dir() to new directory iteration code (Jan Kara)
- udf: Convert udf_get_parent() to new directory iteration code (Jan Kara)
- udf: Convert udf_lookup() to use new directory iteration code (Jan Kara)
- udf: Convert udf_readdir() to new directory iteration (Jan Kara)
- udf: Convert udf_rename() to new directory iteration code (Jan Kara)
- udf: Provide function to mark entry as deleted using new directory iteration code (Jan Kara)
- udf: Implement searching for directory entry using new iteration code (Jan Kara)
- udf: Move udf_expand_dir_adinicb() to its callsite (Jan Kara)
- udf: Convert udf_expand_dir_adinicb() to new directory iteration (Jan Kara)
- udf: New directory iteration code (Jan Kara)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (Vasiliy Kovalev)

ELSA-2025-4169 Important: Oracle Linux 9 thunderbird security update

Oracle Linux Security Advisory ELSA-2025-4169

http://linux.oracle.com/errata/ELSA-2025-4169.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-128.9.0-2.0.1.el9_5.x86_64.rpm

aarch64:
thunderbird-128.9.0-2.0.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-128.9.0-2.0.1.el9_5.src.rpm

Related CVEs:

CVE-2025-3028
CVE-2025-3029
CVE-2025-3030

Description of changes:

[128.9.0-2.0.1]
- Fix prefs for new nss [Orabug: 37079813]
- Add Oracle prefs

[128.9.0]
- Add OpenELA debranding

[128.9.0-2]
- Update to 128.9.0 build3

[128.9.0-1]
- Update to 128.9.0 build1

ELBA-2025-20280 Oracle Linux 9 crash bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20280

http://linux.oracle.com/errata/ELBA-2025-20280.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
crash-8.0.6-1.0.2.el9.x86_64.rpm
crash-devel-8.0.6-1.0.2.el9.i686.rpm
crash-devel-8.0.6-1.0.2.el9.x86_64.rpm

aarch64:
crash-8.0.6-1.0.2.el9.aarch64.rpm
crash-devel-8.0.6-1.0.2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//crash-8.0.6-1.0.2.el9.src.rpm

Description of changes:

[8.0.6-1.0.2]
- Update gdb and fix module section load address when sh_addr != 0 [Orabug: 37772898]

ELBA-2025-4033 Oracle Linux 9 nbdkit bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4033

http://linux.oracle.com/errata/ELBA-2025-4033.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nbdkit-1.38.3-2.el9_5.x86_64.rpm
nbdkit-bash-completion-1.38.3-2.el9_5.noarch.rpm
nbdkit-basic-filters-1.38.3-2.el9_5.x86_64.rpm
nbdkit-basic-plugins-1.38.3-2.el9_5.x86_64.rpm
nbdkit-curl-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-gzip-filter-1.38.3-2.el9_5.x86_64.rpm
nbdkit-linuxdisk-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-nbd-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-python-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-selinux-1.38.3-2.el9_5.noarch.rpm
nbdkit-server-1.38.3-2.el9_5.x86_64.rpm
nbdkit-ssh-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-tar-filter-1.38.3-2.el9_5.x86_64.rpm
nbdkit-tmpdisk-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-vddk-plugin-1.38.3-2.el9_5.x86_64.rpm
nbdkit-xz-filter-1.38.3-2.el9_5.x86_64.rpm
nbdkit-devel-1.38.3-2.el9_5.x86_64.rpm
nbdkit-example-plugins-1.38.3-2.el9_5.x86_64.rpm
nbdkit-srpm-macros-1.38.3-2.el9_5.noarch.rpm

aarch64:
nbdkit-1.38.3-2.el9_5.aarch64.rpm
nbdkit-bash-completion-1.38.3-2.el9_5.noarch.rpm
nbdkit-basic-filters-1.38.3-2.el9_5.aarch64.rpm
nbdkit-basic-plugins-1.38.3-2.el9_5.aarch64.rpm
nbdkit-curl-plugin-1.38.3-2.el9_5.aarch64.rpm
nbdkit-gzip-filter-1.38.3-2.el9_5.aarch64.rpm
nbdkit-linuxdisk-plugin-1.38.3-2.el9_5.aarch64.rpm
nbdkit-nbd-plugin-1.38.3-2.el9_5.aarch64.rpm
nbdkit-python-plugin-1.38.3-2.el9_5.aarch64.rpm
nbdkit-selinux-1.38.3-2.el9_5.noarch.rpm
nbdkit-server-1.38.3-2.el9_5.aarch64.rpm
nbdkit-ssh-plugin-1.38.3-2.el9_5.aarch64.rpm
nbdkit-tar-filter-1.38.3-2.el9_5.aarch64.rpm
nbdkit-tmpdisk-plugin-1.38.3-2.el9_5.aarch64.rpm
nbdkit-xz-filter-1.38.3-2.el9_5.aarch64.rpm
nbdkit-devel-1.38.3-2.el9_5.aarch64.rpm
nbdkit-example-plugins-1.38.3-2.el9_5.aarch64.rpm
nbdkit-srpm-macros-1.38.3-2.el9_5.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//nbdkit-1.38.3-2.el9_5.src.rpm

Description of changes:

[1.38.3-2]
- vddk: Avoid reading partial chunk beyond the end of the disk
resolves: RHEL-82831
- Fix tests/test-ext2-exportname.sh.

ELBA-2025-20282 Oracle Linux 9 oracle-database-preinstall-23ai bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20282

http://linux.oracle.com/errata/ELBA-2025-20282.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
oracle-database-preinstall-23ai-1.0-3.el9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//oracle-database-preinstall-23ai-1.0-3.el9.src.rpm

Description of changes:

[[1.0-3.el9]]
- Add minimum versions for the dependencies [Orabug: 37001837]
- Remove libnsl2 from dependencies [Orabug: 35448960]
- Remove ethtool from dependencies [Orabug: 37227174]
- Add compat-openssl11 to dependencies [Orabug: 37236140]

Thunderbird updates for AlmaLinux

Govulncheck-Vulndb, OpenJDK, Augeas updates for SUSE

Ruby, GnuTLS, LibTASN1, and more updates for Oracle Linux

ELSA-2025-4063 Moderate: Oracle Linux 8 ruby:3.1 security update

ELBA-2025-4054 Oracle Linux 8 nodejs:18 bug fix and enhancement update

ELBA-2025-4052 Oracle Linux 8 mod_security_crs bug fix update

ELBA-2025-4050 Oracle Linux 8 autofs bug fix update

ELBA-2025-4047 Oracle Linux 8 samba bug fix update

ELBA-2025-4045 Oracle Linux 8 systemd bug fix update

ELBA-2025-20281 Oracle Linux 8 libcgroup-original bug fix update

ELBA-2025-4044 Oracle Linux 8 device-mapper-multipath bug fix update

ELBA-2025-20280 Oracle Linux 8 crash bug fix update

ELSA-2025-3628 Important: Oracle Linux 7 firefox security update

ELSA-2025-4170 Important: Oracle Linux 8 thunderbird security update

ELSA-2025-4043 Moderate: Oracle Linux 8 bluez security update

ELBA-2025-4071 Oracle Linux 9 osbuild-composer bug fix and enhancement update

ELBA-2025-20279 Oracle Linux 9 iscsi-initiator-utils bug fix update

ELSA-2025-4025 Important: Oracle Linux 9 libxslt security update

ELBA-2025-20277 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update

ELBA-2025-20277 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update

ELBA-2025-20277 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update

ELSA-2025-4169 Important: Oracle Linux 9 thunderbird security update

ELBA-2025-20280 Oracle Linux 9 crash bug fix update

ELBA-2025-4033 Oracle Linux 9 nbdkit bug fix update

ELBA-2025-20282 Oracle Linux 9 oracle-database-preinstall-23ai bug fix update

Windows

Linux

macOS

Community