|
|
Log in / Subscribe / Register

Oracle alert ELSA-2026-50250 (dtrace)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2026-50250 Moderate: Oracle Linux 9 dtrace security update


Date:
              Fri, 01 May 2026 07:11:53 -0700


Message-ID:
              <mailman.86.1777644726.33.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2026-50250

http://linux.oracle.com/errata/ELSA-2026-50250.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:


aarch64:
dtrace-2.0.7-4.el9.aarch64.rpm
dtrace-devel-2.0.7-4.el9.aarch64.rpm
dtrace-testsuite-2.0.7-4.el9.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.7-4.el...

Related CVEs:

CVE-2026-21996
CVE-2026-35233




Description of changes:

[2.0.7-4]
- Prevent out-of-buonds memory access during object symbol table construction
  (CVE-2026-35233).  [Orabug: 39121881]
- Prevent divide-by-zero (FPE trap) if section header data is corrupted.
  (CVE-2026-21996).  [Orabug: 39121874]
- Ensure safety checks are performed on program header data from ELF objects.
- Ensure that the data of string table sections is proper terminated.
- Ensure that the symbol table references a valid string table.

[2.0.6-1]
- Fix dtprobed unsafe probe description handling (CVE-2026-21991).
  [Orabug: 39054018]

[2.0.5-1]
- Implement PID-specific uprobes.  (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id.  (Kris Van Hees)
- Fix argument handling for multi-location user probes.
  (Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
  [Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
  [Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
  [Orabug: 30430270]
- Discontinue -xversion=V as an option.  (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation:  trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf.  (Nick Alcock)
  [Orabug: 38064413]

[2.0.4-1]
- TCP, UDP, and stapsdt providers implemented.  (Alan Maguire)
- New learning materials:  the User's Guide in Markdown format,
  example scripts, and a context file for LLMs.
  (Eugene Loh, Bruce McCulloch, Ruud van der Pas, Elena Zannoni).
- Allow [u]stack() to be used as a variable value.  (Kris Van Hees)
  [Orabug: 37950533]
- Comments using // are now supported.  (Kris Van Hees)
- Scalability improvements.  (Kris Van Hees)
- Error injection via return() action.  (Kris Van Hees)
- Improved string handling.  (Kris Van Hees)
- Various bug fixes.  (Eugene Loh, Kris Van Hees)
- Fix dyn vars overwriting one another.  [Orabug: 37994729]
- Fix regression:  list fbt probes by default.  [Orabug: 38249511]
- Various testsuite fixes and improvements.
  (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Add test for preprocessor definitions.  [Orabug: 28763074]
- Fix some stack tests.  [Orabug: 37459289]

[2.0.3-1]
- This is only released on OL10.
- Redesigned USDT support to work for LTO compilations.  [Orabug: 38011704]
- New builtin variable: execargs.
- Offset probes in pid provider.  (Eugene Loh)
- Various bug fixes.  (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
  (Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)

[2.0.2-1]
- Translators to support kernels 6.10 and later.
- FBT return probe argument support.
- The print() action is augmented with type information.  (Alan Maguire)
- Support to discover and trace USDT probes after a tracing session has
  started.  (Eugene Loh, Nick Alcock)
- USDT probe argument support (translated types, mapping).  (Nick Alcock)
- Installation locations are now configurable.  (Nick Alcock)
- Valgrind is no longer a required build dependency.  (Nick Alcock)
- Self-grabs have been improved.  (Nick Alcock)
- New provider: rawfbt.  (Kris Van Hees)
- Various bug fixes.  (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Various testsuite fixes and improvements.
  (Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)
- Various code improvements.  (Nick Alcock, Eugene Loh, Kris Van Hees)
  [Orabug: 37274251]

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds