ELSA-2026-19213

ELSA-2026-19213 - systemd security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-06-12

Description

[252-67.0.1.el9_8.2]
- serialize: don't allocate 1M on the stack just like that [LINUX-16166]
- Route logs from container mapped uids to the system journal [Orabug: 38135007]
- Drop delay when nspawn fails to reset loginuid [Orabug: 37793135]
- Improve logging for api bus connection and subscribers [Orabug: 38040980]
- Defer processing of timeout events in sd-bus api [Orabug: 38064217]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Add bus description to sd-bus outgoing sockets [Orabug: 37347576]
- Add log messages about daemon-reload requester and duration [Orabug: 37347576]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- 1A) Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 36269319]
- 1B) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319]
- 1C) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 1D) Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]
- Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to
- previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- Backport upstream pstore dmesg fix [Orabug: 34868110]
- Remove upstream references [Orabug: 33995357]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469]
- shutdown: get only active md arrays. [Orabug: 34467234]
- Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407]
- Removed unneeded patches from the systemd.spec
- 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490]
- 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490]
- 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110]
- Removed the following, associated with [Orabug: 36269319]:
- 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch
- 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319]
- 2C) Remove 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319]
- 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]

[252-67.2]
- core: validate input cgroup path more prudently (RHEL-152082)

[252-67.1]
- manager: fix scope for environment generators (RHEL-154262)

[252-67]
- core: only activate transaction that contain useful jobs (RHEL-143727)

[252-66]
- core/service: fix error cause in the log (RHEL-138414)
- fstab-generator: drop assertions for mount opts (RHEL-92752)
- fstab-generator: fix options in systemd.mount-extra= arg (RHEL-92752)
- core: reorder systemd arguments on reexec (RHEL-111135)
- basic: add RuntimeScope enum (RHEL-137252)
- runtime-scope: add helper that turns RuntimeScope enum into --system/--user string (RHEL-137252)
- sd-path: add support for XDG_STATE_HOME (RHEL-137252)
- sd-path: bring spacing in sd-path.h and systemd-path tool in sync (RHEL-137252)
- path tool: add some basic ansi highlighing (RHEL-137252)
- execude: include RuntimeScope field in ExecParameters (RHEL-137252)
- execute: remove redundant assignment (RHEL-137252)
- execute: when recursively chowning StateDirectory= when spawning services, follow initial symlink (RHEL-137252)
- execute: add support for XDG_STATE_HOME for placing service state data in --user mode (RHEL-137252)
- execute: associate logs from setup_exec_directory() with the unit name (RHEL-137252)
- execute: shorten some code by using RET_NERRNO() (RHEL-137252)
- execute: shorten code by making use of laccess() return code properly (RHEL-137252)
- execute: don't bother with chowning StateDirectory= and friends in user mode (RHEL-137252)
- test: add test for new XDG_STATE_HOME handling (RHEL-137252)
- man: mention the newly-added XDG_STATE_HOME (RHEL-137252)
- man: rebreak lines in file-hierarchy(7) a bit (RHEL-137252)
- man: properly close XML tags (RHEL-137252)
- tmpfiles: teach tmpfiles the new XDG_STATE_HOME variable too (RHEL-137252)
- test: use XDG_STATE_HOME for %S and %L (RHEL-137252)
- man: fully adopt ~/.local/state/ (RHEL-137252)

[252-65]
- update specfile and sources after renaming rhel-net-naming-sysattrs to net-naming-sysattrs (RHEL-150622)

[252-64]
- core: fix array size in unit_log_resources() (RHEL-131338)
- pid1: add env var to override default mount rate limit burst (RHEL-129153)
- pid1: add env var to override default mount rate limit interval (RHEL-129153)

[252-63]
- cryptsetup-generator: refactor add_crypttab_devices() (RHEL-127859)
- cryptsetup-generator: continue parsing after error (RHEL-127859)
- cryptsetup-generator: parse all cmdline devices too (RHEL-127859)
- cryptsetup-generator: always process cmdline devices (RHEL-127859)
- logind: add 'background-light' session class (RHEL-109833)
- pam_systemd: honor session class provided via PAM environment (RHEL-109833)

[252-62]
- ukify: rstrip and escape binary null characters from 'inspect' output (#38607) (RHEL-109558)
- timer: rebase last_trigger timestamp if needed (RHEL-118215)

[252-61]
- timer: rebase the next elapse timestamp only if timer didn't already run (RHEL-118215)
- strv: introduce string_strv_hashmap_remove() (RHEL-14112)
- unit-file: introduce unit_file_remove_from_name_map() (RHEL-14112)
- core/unit: remove path to transient unit file from unit name maps on stop (RHEL-14112)
- TEST-07-PID1: add reprudcer for issue #35190 (RHEL-14112)
- coredump: handle ENOBUFS and EMSGSIZE the same way (RHEL-103801)

Related CVEs

CVE-2026-29111

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	systemd-252-67.0.1.el9_8.2.src.rpm	837736aaaf8c0163f3285fe7e75c7bf08fce1a676b1ab4928b73ef44f31d0588	-	ol9_aarch64_appstream
	systemd-252-67.0.1.el9_8.2.src.rpm	837736aaaf8c0163f3285fe7e75c7bf08fce1a676b1ab4928b73ef44f31d0588	-	ol9_aarch64_baseos_latest
	systemd-252-67.0.1.el9_8.2.src.rpm	837736aaaf8c0163f3285fe7e75c7bf08fce1a676b1ab4928b73ef44f31d0588	-	ol9_aarch64_u8_baseos_base
	rhel-net-naming-sysattrs-252-67.0.1.el9_8.2.noarch.rpm	b6ee6f6c39dbf48251af5867018ee21fb7365d191294d4e994a7d7baf64a1dea	-	ol9_aarch64_baseos_latest
	rhel-net-naming-sysattrs-252-67.0.1.el9_8.2.noarch.rpm	b6ee6f6c39dbf48251af5867018ee21fb7365d191294d4e994a7d7baf64a1dea	-	ol9_aarch64_u8_baseos_base
	systemd-252-67.0.1.el9_8.2.aarch64.rpm	9fbd63c4d51ea4423cc1b45382731a0e08e06b73a7865a2f5aae9bc75a9a2946	-	ol9_aarch64_baseos_latest
	systemd-252-67.0.1.el9_8.2.aarch64.rpm	9fbd63c4d51ea4423cc1b45382731a0e08e06b73a7865a2f5aae9bc75a9a2946	-	ol9_aarch64_u8_baseos_base
	systemd-boot-unsigned-252-67.0.1.el9_8.2.aarch64.rpm	1a2cbf51f42471c96a85c1a089a1a4b2e88142c58c657412eebf4e148bfd669b	-	ol9_aarch64_appstream
	systemd-container-252-67.0.1.el9_8.2.aarch64.rpm	890f965302fdd82dc821cf276ce1dc09397990f80b761c1539a83ca54efbd49f	-	ol9_aarch64_baseos_latest
	systemd-container-252-67.0.1.el9_8.2.aarch64.rpm	890f965302fdd82dc821cf276ce1dc09397990f80b761c1539a83ca54efbd49f	-	ol9_aarch64_u8_baseos_base
	systemd-devel-252-67.0.1.el9_8.2.aarch64.rpm	09e13abf9b110a69d41195980aef11e47d6bfa9b64c62e0f2161d781ffe0f1e3	-	ol9_aarch64_appstream
	systemd-journal-remote-252-67.0.1.el9_8.2.aarch64.rpm	04f27aaf8e5d6616917a16833df3337e53be00dc635eed26755c9d032a1dd731	-	ol9_aarch64_appstream
	systemd-libs-252-67.0.1.el9_8.2.aarch64.rpm	0b3fb31bfb125c9e891c4f8f4125b20b718b6901d03740c14140b36ec8634773	-	ol9_aarch64_baseos_latest
	systemd-libs-252-67.0.1.el9_8.2.aarch64.rpm	0b3fb31bfb125c9e891c4f8f4125b20b718b6901d03740c14140b36ec8634773	-	ol9_aarch64_u8_baseos_base
	systemd-oomd-252-67.0.1.el9_8.2.aarch64.rpm	2438a346c1566d4b4490f0af928912b0487226006aa92ab163c2ac544fad2717	-	ol9_aarch64_baseos_latest
	systemd-oomd-252-67.0.1.el9_8.2.aarch64.rpm	2438a346c1566d4b4490f0af928912b0487226006aa92ab163c2ac544fad2717	-	ol9_aarch64_u8_baseos_base
	systemd-pam-252-67.0.1.el9_8.2.aarch64.rpm	3d09aa0ed1d7015b9d33f73ae0472e3f583ce0bc1b9937bdb0de119dda49470e	-	ol9_aarch64_baseos_latest
	systemd-pam-252-67.0.1.el9_8.2.aarch64.rpm	3d09aa0ed1d7015b9d33f73ae0472e3f583ce0bc1b9937bdb0de119dda49470e	-	ol9_aarch64_u8_baseos_base
	systemd-resolved-252-67.0.1.el9_8.2.aarch64.rpm	ce43d8c0b5d3fe4792849cc9dd99422a0edd317c3bf6c5507e8c89cc87243dd3	-	ol9_aarch64_baseos_latest
	systemd-resolved-252-67.0.1.el9_8.2.aarch64.rpm	ce43d8c0b5d3fe4792849cc9dd99422a0edd317c3bf6c5507e8c89cc87243dd3	-	ol9_aarch64_u8_baseos_base
	systemd-rpm-macros-252-67.0.1.el9_8.2.noarch.rpm	a99d751fcc1f9accac052d470067645ac925a83f4f523a14818eafb406a40a6b	-	ol9_aarch64_baseos_latest
	systemd-rpm-macros-252-67.0.1.el9_8.2.noarch.rpm	a99d751fcc1f9accac052d470067645ac925a83f4f523a14818eafb406a40a6b	-	ol9_aarch64_u8_baseos_base
	systemd-udev-252-67.0.1.el9_8.2.aarch64.rpm	5f1a16e26608c8003a437a790472698afcb24a54274934734229cb3687c9a3b4	-	ol9_aarch64_baseos_latest
	systemd-udev-252-67.0.1.el9_8.2.aarch64.rpm	5f1a16e26608c8003a437a790472698afcb24a54274934734229cb3687c9a3b4	-	ol9_aarch64_u8_baseos_base
	systemd-ukify-252-67.0.1.el9_8.2.noarch.rpm	2ca44c0bc5a6e091701b3b575871ab87182a8a3ec2cd87b0fe29c11622127840	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	systemd-252-67.0.1.el9_8.2.src.rpm	837736aaaf8c0163f3285fe7e75c7bf08fce1a676b1ab4928b73ef44f31d0588	-	ol9_x86_64_appstream
	systemd-252-67.0.1.el9_8.2.src.rpm	837736aaaf8c0163f3285fe7e75c7bf08fce1a676b1ab4928b73ef44f31d0588	-	ol9_x86_64_baseos_latest
	systemd-252-67.0.1.el9_8.2.src.rpm	837736aaaf8c0163f3285fe7e75c7bf08fce1a676b1ab4928b73ef44f31d0588	-	ol9_x86_64_u8_baseos_base
	rhel-net-naming-sysattrs-252-67.0.1.el9_8.2.noarch.rpm	b6ee6f6c39dbf48251af5867018ee21fb7365d191294d4e994a7d7baf64a1dea	-	ol9_x86_64_baseos_latest
	rhel-net-naming-sysattrs-252-67.0.1.el9_8.2.noarch.rpm	b6ee6f6c39dbf48251af5867018ee21fb7365d191294d4e994a7d7baf64a1dea	-	ol9_x86_64_u8_baseos_base
	systemd-252-67.0.1.el9_8.2.i686.rpm	dcb341794ccfd8b043bd007f909b6b42bbf1bfd91762677c6557118b17c989f7	-	ol9_x86_64_baseos_latest
	systemd-252-67.0.1.el9_8.2.i686.rpm	dcb341794ccfd8b043bd007f909b6b42bbf1bfd91762677c6557118b17c989f7	-	ol9_x86_64_u8_baseos_base
	systemd-252-67.0.1.el9_8.2.x86_64.rpm	bea86bf1d2b66750f749439df06088f7a318241c55e2ddabb12a14b5a430c426	-	ol9_x86_64_baseos_latest
	systemd-252-67.0.1.el9_8.2.x86_64.rpm	bea86bf1d2b66750f749439df06088f7a318241c55e2ddabb12a14b5a430c426	-	ol9_x86_64_u8_baseos_base
	systemd-boot-unsigned-252-67.0.1.el9_8.2.x86_64.rpm	160142230577137e9b6c1312a3bbe9ad520dce13396b7d3e106687e8e06ef203	-	ol9_x86_64_appstream
	systemd-container-252-67.0.1.el9_8.2.i686.rpm	1dd280cd03d919d7ee636a78b499f5accf3e655db9a010916a83e7754ab26ad9	-	ol9_x86_64_baseos_latest
	systemd-container-252-67.0.1.el9_8.2.i686.rpm	1dd280cd03d919d7ee636a78b499f5accf3e655db9a010916a83e7754ab26ad9	-	ol9_x86_64_u8_baseos_base
	systemd-container-252-67.0.1.el9_8.2.x86_64.rpm	9424c974654a3ebfb05d933466e19b73c93d40040202055e5273fdc451158a76	-	ol9_x86_64_baseos_latest
	systemd-container-252-67.0.1.el9_8.2.x86_64.rpm	9424c974654a3ebfb05d933466e19b73c93d40040202055e5273fdc451158a76	-	ol9_x86_64_u8_baseos_base
	systemd-devel-252-67.0.1.el9_8.2.i686.rpm	37f1946ac4fbf70c060343e11db4b5877d6614b1b888659b0435f758ad53696e	-	ol9_x86_64_appstream
	systemd-devel-252-67.0.1.el9_8.2.x86_64.rpm	ef588db459108f56367ba839234c81fe423fd38eed1468dc144bf125d8c5cf24	-	ol9_x86_64_appstream
	systemd-journal-remote-252-67.0.1.el9_8.2.x86_64.rpm	32b7f9c32da9626ef219aba59ef6c1ce09492f8de56631f06c2c7a33f53f145d	-	ol9_x86_64_appstream
	systemd-libs-252-67.0.1.el9_8.2.i686.rpm	d935585ca1e437f737885a24589fb260c4796737c469cce9f319ba03dc99c432	-	ol9_x86_64_baseos_latest
	systemd-libs-252-67.0.1.el9_8.2.i686.rpm	d935585ca1e437f737885a24589fb260c4796737c469cce9f319ba03dc99c432	-	ol9_x86_64_u8_baseos_base
	systemd-libs-252-67.0.1.el9_8.2.x86_64.rpm	fd72095b9889a01c513aaed709eff9818a5d11b786cdf1f8ebca9b8c76f3f3fe	-	ol9_x86_64_baseos_latest
	systemd-libs-252-67.0.1.el9_8.2.x86_64.rpm	fd72095b9889a01c513aaed709eff9818a5d11b786cdf1f8ebca9b8c76f3f3fe	-	ol9_x86_64_u8_baseos_base
	systemd-oomd-252-67.0.1.el9_8.2.x86_64.rpm	84e7c6b5ea2d0dd6d52dec50cfe9bafbf2ca1c16a287c5c56353288d764a9274	-	ol9_x86_64_baseos_latest
	systemd-oomd-252-67.0.1.el9_8.2.x86_64.rpm	84e7c6b5ea2d0dd6d52dec50cfe9bafbf2ca1c16a287c5c56353288d764a9274	-	ol9_x86_64_u8_baseos_base
	systemd-pam-252-67.0.1.el9_8.2.x86_64.rpm	b9988189c12ada8624f9b90de5600d436f52abe7d1101422ae586277eda4fd99	-	ol9_x86_64_baseos_latest
	systemd-pam-252-67.0.1.el9_8.2.x86_64.rpm	b9988189c12ada8624f9b90de5600d436f52abe7d1101422ae586277eda4fd99	-	ol9_x86_64_u8_baseos_base
	systemd-resolved-252-67.0.1.el9_8.2.x86_64.rpm	5511367d3ff83809842443e9b26538b1558f5f4d57103b4da79ce1a9e26197f1	-	ol9_x86_64_baseos_latest
	systemd-resolved-252-67.0.1.el9_8.2.x86_64.rpm	5511367d3ff83809842443e9b26538b1558f5f4d57103b4da79ce1a9e26197f1	-	ol9_x86_64_u8_baseos_base
	systemd-rpm-macros-252-67.0.1.el9_8.2.noarch.rpm	a99d751fcc1f9accac052d470067645ac925a83f4f523a14818eafb406a40a6b	-	ol9_x86_64_baseos_latest
	systemd-rpm-macros-252-67.0.1.el9_8.2.noarch.rpm	a99d751fcc1f9accac052d470067645ac925a83f4f523a14818eafb406a40a6b	-	ol9_x86_64_u8_baseos_base
	systemd-udev-252-67.0.1.el9_8.2.x86_64.rpm	9c221170bfda3d5cfbe29acc8726aed35bebac9483b41ee837fd0f2d7ecff943	-	ol9_x86_64_baseos_latest
	systemd-udev-252-67.0.1.el9_8.2.x86_64.rpm	9c221170bfda3d5cfbe29acc8726aed35bebac9483b41ee837fd0f2d7ecff943	-	ol9_x86_64_u8_baseos_base
	systemd-ukify-252-67.0.1.el9_8.2.noarch.rpm	2ca44c0bc5a6e091701b3b575871ab87182a8a3ec2cd87b0fe29c11622127840	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team