ELSA-2026-7384

ULN >
Oracle Linux Errata repository >
ELSA-2026-7384

ELSA-2026-7384 - cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Type:	SECURITY
Impact:	CRITICAL
Release Date:	2026-04-10

Description

[344-2.0.1]
- Storage: Enable btrfs support [Orabug: 37464632]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095],
[Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876], [Orabug: 37253273]
- Update spec file for new release

[344]
- Remove recommends on subscription-manager-cockpit if applicable

* Fri Mar 27 2026 Jelle van der Waa - ws: be more explicit when handling hostnames on cli (CVE-2026-4631)

Related CVEs

CVE-2026-4631

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	cockpit-344-2.0.1.el9_7.src.rpm	e4af5564919f2c9f3d3929dcd05f36b3d88795983862ff3bee3dfffcfa2ac09c	-	ol9_aarch64_appstream
	cockpit-344-2.0.1.el9_7.src.rpm	e4af5564919f2c9f3d3929dcd05f36b3d88795983862ff3bee3dfffcfa2ac09c	-	ol9_aarch64_baseos_latest
	cockpit-344-2.0.1.el9_7.src.rpm	e4af5564919f2c9f3d3929dcd05f36b3d88795983862ff3bee3dfffcfa2ac09c	-	ol9_aarch64_u7_baseos_patch
	cockpit-344-2.0.1.el9_7.aarch64.rpm	78abbaea1c1b21e58f47951ecae1d14a6f8dbbf4e197efd3c254b1bafef86a8d	-	ol9_aarch64_baseos_latest
	cockpit-344-2.0.1.el9_7.aarch64.rpm	78abbaea1c1b21e58f47951ecae1d14a6f8dbbf4e197efd3c254b1bafef86a8d	-	ol9_aarch64_u7_baseos_patch
	cockpit-bridge-344-2.0.1.el9_7.noarch.rpm	a020ec6b880c5ac28f090edb96dd3f46903d1315ebd327ba20628e3aae258163	-	ol9_aarch64_baseos_latest
	cockpit-bridge-344-2.0.1.el9_7.noarch.rpm	a020ec6b880c5ac28f090edb96dd3f46903d1315ebd327ba20628e3aae258163	-	ol9_aarch64_u7_baseos_patch
	cockpit-doc-344-2.0.1.el9_7.noarch.rpm	95a752d2775ac858fe6e6df854be58dd88f677f1ef50be5312cb268005ee3693	-	ol9_aarch64_baseos_latest
	cockpit-doc-344-2.0.1.el9_7.noarch.rpm	95a752d2775ac858fe6e6df854be58dd88f677f1ef50be5312cb268005ee3693	-	ol9_aarch64_u7_baseos_patch
	cockpit-packagekit-344-2.0.1.el9_7.noarch.rpm	b02f9a9e79b9dd07678e387924832e27d6fab368afca4a33e8f2f44a473907a1	-	ol9_aarch64_appstream
	cockpit-storaged-344-2.0.1.el9_7.noarch.rpm	10021bb171e4f9ecfbc4491a992f979709310084fe0387fc3de304093f8d7b32	-	ol9_aarch64_appstream
	cockpit-system-344-2.0.1.el9_7.noarch.rpm	9ce8e3a502d0f249d920a8037b2eed9e3f6f4e4e454164f5bdb70a24e9c85bcb	-	ol9_aarch64_baseos_latest
	cockpit-system-344-2.0.1.el9_7.noarch.rpm	9ce8e3a502d0f249d920a8037b2eed9e3f6f4e4e454164f5bdb70a24e9c85bcb	-	ol9_aarch64_u7_baseos_patch
	cockpit-ws-344-2.0.1.el9_7.aarch64.rpm	d14ffb97510d687628e43088c16dab81f4e2bc93c27f1a298e11dda0f84f90f5	-	ol9_aarch64_baseos_latest
	cockpit-ws-344-2.0.1.el9_7.aarch64.rpm	d14ffb97510d687628e43088c16dab81f4e2bc93c27f1a298e11dda0f84f90f5	-	ol9_aarch64_u7_baseos_patch
	cockpit-ws-selinux-344-2.0.1.el9_7.aarch64.rpm	10bb59ae70c03c4241af4ab36d0fce4165f9dff77574544b1ad60c17998e83ac	-	ol9_aarch64_baseos_latest
	cockpit-ws-selinux-344-2.0.1.el9_7.aarch64.rpm	10bb59ae70c03c4241af4ab36d0fce4165f9dff77574544b1ad60c17998e83ac	-	ol9_aarch64_u7_baseos_patch

Oracle Linux 9 (x86_64)	cockpit-344-2.0.1.el9_7.src.rpm	e4af5564919f2c9f3d3929dcd05f36b3d88795983862ff3bee3dfffcfa2ac09c	-	ol9_x86_64_appstream
	cockpit-344-2.0.1.el9_7.src.rpm	e4af5564919f2c9f3d3929dcd05f36b3d88795983862ff3bee3dfffcfa2ac09c	-	ol9_x86_64_baseos_latest
	cockpit-344-2.0.1.el9_7.src.rpm	e4af5564919f2c9f3d3929dcd05f36b3d88795983862ff3bee3dfffcfa2ac09c	-	ol9_x86_64_u7_baseos_patch
	cockpit-344-2.0.1.el9_7.x86_64.rpm	83cf3d75201aad5efa174a9773841b8e5ce1308eed438b0c145ab7bb27474e12	-	ol9_x86_64_baseos_latest
	cockpit-344-2.0.1.el9_7.x86_64.rpm	83cf3d75201aad5efa174a9773841b8e5ce1308eed438b0c145ab7bb27474e12	-	ol9_x86_64_u7_baseos_patch
	cockpit-bridge-344-2.0.1.el9_7.noarch.rpm	a020ec6b880c5ac28f090edb96dd3f46903d1315ebd327ba20628e3aae258163	-	ol9_x86_64_baseos_latest
	cockpit-bridge-344-2.0.1.el9_7.noarch.rpm	a020ec6b880c5ac28f090edb96dd3f46903d1315ebd327ba20628e3aae258163	-	ol9_x86_64_u7_baseos_patch
	cockpit-doc-344-2.0.1.el9_7.noarch.rpm	95a752d2775ac858fe6e6df854be58dd88f677f1ef50be5312cb268005ee3693	-	ol9_x86_64_baseos_latest
	cockpit-doc-344-2.0.1.el9_7.noarch.rpm	95a752d2775ac858fe6e6df854be58dd88f677f1ef50be5312cb268005ee3693	-	ol9_x86_64_u7_baseos_patch
	cockpit-packagekit-344-2.0.1.el9_7.noarch.rpm	b02f9a9e79b9dd07678e387924832e27d6fab368afca4a33e8f2f44a473907a1	-	ol9_x86_64_appstream
	cockpit-storaged-344-2.0.1.el9_7.noarch.rpm	10021bb171e4f9ecfbc4491a992f979709310084fe0387fc3de304093f8d7b32	-	ol9_x86_64_appstream
	cockpit-system-344-2.0.1.el9_7.noarch.rpm	9ce8e3a502d0f249d920a8037b2eed9e3f6f4e4e454164f5bdb70a24e9c85bcb	-	ol9_x86_64_baseos_latest
	cockpit-system-344-2.0.1.el9_7.noarch.rpm	9ce8e3a502d0f249d920a8037b2eed9e3f6f4e4e454164f5bdb70a24e9c85bcb	-	ol9_x86_64_u7_baseos_patch
	cockpit-ws-344-2.0.1.el9_7.x86_64.rpm	393e27edd24bb686428c8d6af3bf674612a8431f59097165e6d25e2cea4f1ae4	-	ol9_x86_64_baseos_latest
	cockpit-ws-344-2.0.1.el9_7.x86_64.rpm	393e27edd24bb686428c8d6af3bf674612a8431f59097165e6d25e2cea4f1ae4	-	ol9_x86_64_u7_baseos_patch
	cockpit-ws-selinux-344-2.0.1.el9_7.x86_64.rpm	4b77ea0a615392bcbda4a12658b6d3a928c4160bf02d90a48c014cff55954817	-	ol9_x86_64_baseos_latest
	cockpit-ws-selinux-344-2.0.1.el9_7.x86_64.rpm	4b77ea0a615392bcbda4a12658b6d3a928c4160bf02d90a48c014cff55954817	-	ol9_x86_64_u7_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691