Oracle Linux Security Advisory ELSA-2026-4760 http://linux.oracle.com/errata/ELSA-2026-4760.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: grub2-common-2.06-114.0.1.el9_7.1.noarch.rpm grub2-efi-aa64-modules-2.06-114.0.1.el9_7.1.noarch.rpm grub2-efi-x64-2.06-114.0.1.el9_7.1.x86_64.rpm grub2-efi-x64-cdboot-2.06-114.0.1.el9_7.1.x86_64.rpm grub2-efi-x64-modules-2.06-114.0.1.el9_7.1.noarch.rpm grub2-pc-2.06-114.0.1.el9_7.1.x86_64.rpm grub2-pc-modules-2.06-114.0.1.el9_7.1.noarch.rpm grub2-tools-2.06-114.0.1.el9_7.1.x86_64.rpm grub2-tools-efi-2.06-114.0.1.el9_7.1.x86_64.rpm grub2-tools-extra-2.06-114.0.1.el9_7.1.x86_64.rpm grub2-tools-minimal-2.06-114.0.1.el9_7.1.x86_64.rpm aarch64: grub2-common-2.06-114.0.1.el9_7.1.noarch.rpm grub2-efi-aa64-2.06-114.0.1.el9_7.1.aarch64.rpm grub2-efi-aa64-cdboot-2.06-114.0.1.el9_7.1.aarch64.rpm grub2-efi-aa64-modules-2.06-114.0.1.el9_7.1.noarch.rpm grub2-efi-x64-modules-2.06-114.0.1.el9_7.1.noarch.rpm grub2-tools-2.06-114.0.1.el9_7.1.aarch64.rpm grub2-tools-extra-2.06-114.0.1.el9_7.1.aarch64.rpm grub2-tools-minimal-2.06-114.0.1.el9_7.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/grub2-2.06-114.0.1.el9_7.1.src.rpm Related CVEs: CVE-2025-61662 Description of changes: [2.06-114.0.1.el9_7.1] - Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761] - Fix typo in SBAT metadata [Orabug: 37693946] - Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946] - net/dns: Fix removal of DNS server [Orabug: 37539625] - net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625] - net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625] - net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625] - efinet: close and reopen network card on failure [Orabug: 35126950], [Orabug: 37747175] - efinet: Correct closing of SNP protocol [Orabug: 35126950], [Orabug: 37747175] - Support setting custom kernels as default kernels [Orabug: 36043978] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put "with" in menuentry instead of "using" [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-114.1] - Fixes CVE-2025-61662 Missing unregister call for gettext command may lead to use-after-free - Resolves: #RHEL-141593 _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
