diff --git a/kernel.spec b/kernel.spec
index f663808cf..4c5accab3 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.58.1.el8_10
+%define pkgrelease 553.59.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.58.1%{?dist}
+%define specrelease 553.59.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,21 @@ fi
 #
 #
 %changelog
+* Thu Jun 19 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.59.1.el8_10]
+- SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected (Olga Kornievskaia) [RHEL-83291]
+- SUNRPC: Set TCP_CORK until the transmit queue is empty (Olga Kornievskaia) [RHEL-83291]
+- tcp: add tcp_sock_set_cork (Olga Kornievskaia) [RHEL-83291]
+- xfs: xfs_ail_push_all_sync() stalls when racing with updates (Brian Foster) [RHEL-88132]
+- Bluetooth: Fix use after free in hci_send_acl (CKI Backport Bot) [RHEL-90428] {CVE-2022-49111}
+- Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: Cancel sync command before suspend and power off (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set (CKI Backport Bot) [RHEL-90468] {CVE-2022-49136}
+- fix backport of "filelock: Remove locks reliably when fcntl/close race is detected" (Scott Mayhew) [RHEL-89709]
+- NFSv4: Allow FREE_STATEID to clean up delegations (Benjamin Coddington) [RHEL-86932]
+- NFSv4.1: constify the stateid argument in nfs41_test_stateid() (Trond Myklebust) [RHEL-86932]
+
 * Thu Jun 12 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.58.1.el8_10]
 - ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
 - ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89535] {CVE-2025-21765}
diff --git a/sources b/sources
index 5a635da5f..a838e9ed5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.58.1.el8_10.tar.xz) = 30e584afeb8733a5510a6d942e58a4dfd4f39aa2c7b708e14b1058f44c895b74aae6e08e41188df2b3deb6309f63edfe3cbb029ff21f4e1940fbe0cc95d03694
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 867fba7528b0900b0da30bdace363f9eb2a5854feb0c4b1fe3e8932668768822608290fd4d9e59ba7004dda35139853e5bd65033c00e5ae1919dcd7f9d7eb2ba
+SHA512 (linux-4.18.0-553.59.1.el8_10.tar.xz) = 097496a4e4d320dcd09e38e48aae0fb7a897d3ab4d483acfc14935a2f77c35279511f0425a618f3424b4fffc37c7081c4941b9d7df5e0e9fdf83f18bf77f732f
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = cf4b715f209f36eea789a6c5495e313253273665941bb34c73ba3d7ba00f3d88f7507c43dc408e7eef6526d0823cec8a3623bbe0b273c66d3b5624d2c2db7833
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 79a9788af0c183f670166700354b6a188c176427a6230b8bfaa2cfdc6a4daa1418bbee98d80b7f6b3195043eeef1ffa6782d03b5a1733b65a90c22f66684941f