IT-Connect » Tech News » Rocky Linux Adds Optional Security Repository for Zero-Day Hotfixes

Rocky Linux logo centered on a white rounded rectangle with a green emblem, set against a dark red to purple abstract background.
Tech News

Rocky Linux Adds Optional Security Repository for Zero-Day Hotfixes

Florian Burnel 0 Comments

The Rocky Linux team has decided to introduce a brand-new optional package repository dedicated to security. The goal: allow those who want them to retrieve emergency security fixes in the form of hotfixes.

An optional repository with security patches

Until now, Rocky Linux has always made it a point to follow this principle: maintain absolute upstream compatibility by keeping pace with Red Hat Enterprise Linux releases, never moving ahead of them. But the current situation, with the emergence of several zero-day security flaws, has prompted the Rocky Linux team to rethink things.

For this reason, this new security-focused repository is optional. It was designed to address situations where a critical vulnerability is actively being exploited and a public proof of concept (PoC) is already circulating. The flaws discovered in recent weeks, such as Dirty Frag and Fragnesia, are among the triggers.

The Rocky Linux team explains: "This is a deliberate and carefully limited exception to our long-standing policy of never shipping upstream packages. It is not a signal that Rocky Linux is changing course on compatibility. It is a mechanism designed to give administrators a faster path to protection when the threat is real, the risk is immediate, and waiting is not a viable option."

This repository is disabled by default so administrators can choose whether or not to enable it on their systems. The article published by Rocky Linux explains that a single command is enough to enable it:

sudo dnf --enablerepo=security update

Through this repository, temporary patches in the form of hotfixes will be available. The packages published in this repository also use their own versioning system: as soon as the official update becomes available, it will automatically take precedence.

Dirty Frag: a first patch to launch this repository

When the Rocky Linux team unveiled this new repository on May 12, 2026, it launched it by making a fix available to users for the Dirty Frag security flaw. As a reminder, this is a local privilege escalation vulnerability (root) affecting many Linux distributions, including Rocky Linux.

To benefit from this fix, the command is the same as the one specified above. It enables the repository and launches an update.

sudo dnf --enablerepo=security update

What do you think?

author avatar
Florian Burnel Co-founder of IT-Connect
Systems and network engineer, co-founder of IT-Connect and Microsoft MVP "Cloud and Datacenter Management". I'd like to share my experience and discoveries through my articles. I'm a generalist with a particular interest in Microsoft solutions and scripting. Enjoy your reading.
See Full Bio
social network icon social network icon social network icon
Share on X Share on Facebook Share on Linkedin Send by e-mail

You May Also Like

Security alert banner: Windows logo with a clawed shield on a laptop screen, warning of a vulnerability (CVE-2026-32202).

Credential Theft on Windows: Microsoft Confirms CVE-2026-32202 Is Being Exploited

Florian Burnel 0
Windows 11 update banner: KB5089549 and KB5087420, 'Mises à jour' & 'Mai 2026', IT-Connect logo bottom right.

Windows 11 KB5089549: What’s New in the May 2026 Update

Florian Burnel 0
Infographic: patch status for CVE-2026-31431—green checkmark on left labeled 'Patch disponible / Sécurisé', red X on right labeled 'Non patché / Vulnérable', center logo 'COPYFAIL' with circuitry background.

CopyFail on Linux: Are Security Patches Available?

Florian Burnel 0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.