|
|
Log in / Subscribe / Register

Oracle alert ELSA-2026-7383 (\cockpit)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2026-7383 Critical: Oracle Linux 10 cockpit: Unauthenticated remote code execution due to SSH command-line argument injection


Date:
              Wed, 15 Apr 2026 00:56:24 -0700


Message-ID:
              <mailman.72.1776340936.31.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2026-7383

http://linux.oracle.com/errata/ELSA-2026-7383.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux
Network:

x86_64:
cockpit-344-3.0.1.el10_1.x86_64.rpm
cockpit-bridge-344-3.0.1.el10_1.noarch.rpm
cockpit-doc-344-3.0.1.el10_1.noarch.rpm
cockpit-packagekit-344-3.0.1.el10_1.noarch.rpm
cockpit-storaged-344-3.0.1.el10_1.noarch.rpm
cockpit-system-344-3.0.1.el10_1.noarch.rpm
cockpit-ws-344-3.0.1.el10_1.x86_64.rpm
cockpit-ws-selinux-344-3.0.1.el10_1.x86_64.rpm

aarch64:
cockpit-344-3.0.1.el10_1.aarch64.rpm
cockpit-bridge-344-3.0.1.el10_1.noarch.rpm
cockpit-doc-344-3.0.1.el10_1.noarch.rpm
cockpit-packagekit-344-3.0.1.el10_1.noarch.rpm
cockpit-storaged-344-3.0.1.el10_1.noarch.rpm
cockpit-system-344-3.0.1.el10_1.noarch.rpm
cockpit-ws-344-3.0.1.el10_1.aarch64.rpm
cockpit-ws-selinux-344-3.0.1.el10_1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/cockpit-344-3.0....

Related CVEs:

CVE-2026-4631




Description of changes:

[344-3.0.1]
- Storage: Enable btrfs support [Orabug: 37464632]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095],
  [Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876], [Orabug: 37253273]
- Update spec file for new release

[344-3]
- correctly apply CVE patches (CVE-2026-4631)

* Wed Mar 25 2026 Jelle van der Waa <jvanderw@redhat.com - 344-3
- ws: be more explicit when handling hostnames on cli (CVE-2026-4631)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds