Rocky Linux 9.8 Lands With Post-Quantum Crypto and OpenSSH 9.9

The Rocky Linux project has shipped Rocky Linux 9.8, the latest point release of its community-built rebuild that tracks Red Hat Enterprise Linux 9 bug-for-bug. The update carries forward the post-quantum cryptography push that has defined recent enterprise Linux releases, alongside a refreshed OpenSSH stack and new tooling for encrypted storage.

On the cryptography side, GnuTLS 3.8.10 brings ML-KEM hybrid key exchange and ML-DSA post-quantum signature algorithms to the distribution, while p11-kit has been rebased to upstream version 0.26.1 to add post-quantum definitions in its PKCS #11 headers. The jump to OpenSSH 9.9 is a significant one, given that Rocky 9 has been carrying the 8.7 series, and it pulls in years of upstream improvements covering session handling, key exchange, and configuration parsing.

Storage and security tooling sees changes too. The new clevis-pin-trustee package enables automatic unlock of LUKS-encrypted volumes using remote attestation via the Trustee Key Broker Service, useful for fleets that need disk encryption without baking secrets into each machine. The fapolicyd application allowlisting daemon has been rebased to 1.4.3 with expanded filtering rules. Upstream change details are documented in Red Hat's 9.8 release notes.

Rocky 9.8 is available now from the project's download page as DVD (14.5 GB), minimal (2.6 GB), and boot (1.4 GB) ISOs for x86_64, with the release announcement covering the full changelog. Existing 9.x installations can pull the update through dnf without reinstalling.

Related Articles

AlmaLinux 10.2 and 9.8 Land With Python 3.14, Btrfs Boot, and 32-Bit Userspace

OpenELA Releases Initial Source Code for Building RHEL Derivatives

OpenBSD 7.9 Lands With LibreSSL 4.3.0, OpenSSH Fixes, and Scheduler Improvements

Debian 12.14 Rolls Out With Sweeping Security Fixes for Bookworm