Expat, Podman, Firefox, and more updates for Oracle Linux

Oracle Linux 6416 Published by

Oracle has released several updates for Oracle Linux, including security updates and bug fixes. The security updates address vulnerabilities in packages such as expat, buildah, podman, haproxy, and Firefox, among others. In addition to security updates, there are also bug fixes and enhancement updates available for various packages, including .NET 8.0, gdm, NetworkManager, and rpm-ostree. The updates apply to both Oracle Linux 9 and Oracle Linux 8, with some updates specifically targeting each version.

ELSA-2025-21815 Moderate: Oracle Linux 9 delve and golang security update
ELSA-2025-22175 Important: Oracle Linux 9 expat security update
ELSA-2025-22011 Important: Oracle Linux 9 buildah security update
ELSA-2025-21702 Important: Oracle Linux 9 podman security update
ELSA-2025-20963 Moderate: Oracle Linux 9 qt5-qt3d security update
ELSA-2025-21693 Important: Oracle Linux 9 haproxy security update
ELSA-2025-22005 Moderate: Oracle Linux 9 go-rpm-macros security update
ELSA-2025-21968 Important: Oracle Linux 9 gimp security update
ELSA-2025-21926 Moderate: Oracle Linux 9 kernel security update
ELSA-2025-21916 Important: Oracle Linux 9 valkey security update
ELSA-2025-21842 Important: Oracle Linux 9 thunderbird security update
ELSA-2025-21280 Important: Oracle Linux 9 firefox security update
ELSA-2025-21462 Critical: Oracle Linux 9 lasso security update
ELSA-2025-21255 Moderate: Oracle Linux 9 openssl security update
ELSA-2025-21139 Important: Oracle Linux 9 python-kdcproxy security update
ELSA-2025-21110 Important: Oracle Linux 9 bind security update
ELSA-2025-20958 Important: Oracle Linux 9 tigervnc security update
ELSA-2025-20961 Moderate: Oracle Linux 9 xorg-x11-server security update
ELSA-2025-20960 Moderate: Oracle Linux 9 xorg-x11-server-Xwayland security update
ELSA-2025-20909 Important: Oracle Linux 9 podman security update
ELSA-2025-20959 Important: Oracle Linux 9 libsoup security update
ELSA-2025-20957 Important: Oracle Linux 9 runc security update
ELSA-2025-20956 Important: Oracle Linux 9 libtiff security update
ELSA-2025-20935 Important: Oracle Linux 9 squid security update
ELSA-2025-20922 Important: Oracle Linux 9 webkit2gtk3 security update
ELBA-2025-21855 Oracle Linux 9 gnome-shell-extensions bug fix and enhancement update
ELBA-2025-21305 Oracle Linux 9 .NET 8.0 bug fix and enhancement update
ELBA-2025-20951 Oracle Linux 9 gdm, gnome-shell, and gsettings-desktop-schemas bug fix and enhancement update
ELBA-2025-20950 Oracle Linux 9 nftables bug fix and enhancement update
ELBA-2025-20948 Oracle Linux 9 NetworkManager bug fix and enhancement update
ELBA-2025-20947 Oracle Linux 9 glibc bug fix and enhancement update
ELBA-2025-20918 Oracle Linux 9 container-selinux bug fix and enhancement update
ELBA-2025-20913 Oracle Linux 9 ostree bug fix and enhancement update
ELBA-2025-20912 Oracle Linux 9 rpm-ostree bug fix and enhancement update
ELBA-2025-20908 Oracle Linux 9 keylime bug fix and enhancement update
ELBA-2025-28013 Oracle Linux 9 pcp bug fix update
ELBA-2025-28010 Oracle Linux 8 oVirt 4.5 ovirt-engine bug fix update
ELBA-2025-21917-1 Oracle Linux 8 kernel bug fix update
ELSA-2025-22063 Moderate: Oracle Linux 8 cups security update
ELSA-2025-21974 Important: Oracle Linux 8 mingw-expat security update




ELSA-2025-21815 Moderate: Oracle Linux 9 delve and golang security update


Oracle Linux Security Advisory ELSA-2025-21815

http://linux.oracle.com/errata/ELSA-2025-21815.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
delve-1.25.2-1.0.1.el9_7.x86_64.rpm
go-toolset-1.25.3-1.el9_7.x86_64.rpm
golang-1.25.3-1.el9_7.x86_64.rpm
golang-bin-1.25.3-1.el9_7.x86_64.rpm
golang-docs-1.25.3-1.el9_7.noarch.rpm
golang-misc-1.25.3-1.el9_7.noarch.rpm
golang-race-1.25.3-1.el9_7.x86_64.rpm
golang-src-1.25.3-1.el9_7.noarch.rpm
golang-tests-1.25.3-1.el9_7.noarch.rpm

aarch64:
delve-1.25.2-1.0.1.el9_7.aarch64.rpm
go-toolset-1.25.3-1.el9_7.aarch64.rpm
golang-1.25.3-1.el9_7.aarch64.rpm
golang-bin-1.25.3-1.el9_7.aarch64.rpm
golang-docs-1.25.3-1.el9_7.noarch.rpm
golang-misc-1.25.3-1.el9_7.noarch.rpm
golang-race-1.25.3-1.el9_7.aarch64.rpm
golang-src-1.25.3-1.el9_7.noarch.rpm
golang-tests-1.25.3-1.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/delve-1.25.2-1.0.1.el9_7.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/golang-1.25.3-1.el9_7.src.rpm

Related CVEs:

CVE-2025-58183

Description of changes:

golang
[1.25.3-1]
- Update to Go 1.25.3
- Resolves: RHEL-121220

[1.25.1-1]
- Update to Go 1.25.1
- Resolves: RHEL-116850

[1.25.0-2]
- Revert DWARF5 defaults
- Add elf5 to rpminspect.yaml
- Related: RHEL-109557

[1.25.0-1]
- Update to Go 1.25.0
- Set GOAMD64 to v2 to align with new architecture baselines
- Modify the modify_go.env.patch to reflect GOAMD64 baseline version change to v2
- Resolves: RHEL-109557



ELSA-2025-22175 Important: Oracle Linux 9 expat security update


Oracle Linux Security Advisory ELSA-2025-22175

http://linux.oracle.com/errata/ELSA-2025-22175.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
expat-2.5.0-5.el9_7.1.i686.rpm
expat-2.5.0-5.el9_7.1.x86_64.rpm
expat-devel-2.5.0-5.el9_7.1.i686.rpm
expat-devel-2.5.0-5.el9_7.1.x86_64.rpm

aarch64:
expat-2.5.0-5.el9_7.1.aarch64.rpm
expat-devel-2.5.0-5.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/expat-2.5.0-5.el9_7.1.src.rpm

Related CVEs:

CVE-2025-59375

Description of changes:

[2.5.0-5.1]
- Fix CVE-2025-59375
- Resolves: RHEL-114644



ELSA-2025-22011 Important: Oracle Linux 9 buildah security update


Oracle Linux Security Advisory ELSA-2025-22011

http://linux.oracle.com/errata/ELSA-2025-22011.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
buildah-1.41.6-1.0.1.el9_7.x86_64.rpm
buildah-tests-1.41.6-1.0.1.el9_7.x86_64.rpm

aarch64:
buildah-1.41.6-1.0.1.el9_7.aarch64.rpm
buildah-tests-1.41.6-1.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/buildah-1.41.6-1.0.1.el9_7.src.rpm

Related CVEs:

CVE-2025-52881
CVE-2025-58183

Description of changes:

[1.41.6-1.0.1]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178]

[2:1.41.6-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
( https://github.com/containers/buildah/commit/2ece502)
- fixes "[Minor Incident] CVE-2025-52881 buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-9.7.z]"
- Resolves: RHEL-126925

[2:1.41.4-4]
- rebuild for CVE-2025-58183
- Resolves: RHEL-125680

[2:1.41.4-3]
- fix the TMT tests
- Related: RHEL-115166

[2:1.41.4-2]
- rebuild as last build was built in the wrong tag
- Related: RHEL-115166

[2:1.41.4-1]
- update to the latest content of https://github.com/containers/buildah/tree/release-1.41
( https://github.com/containers/buildah/commit/ee5b574)
- fixes "buildah: create parent directories of mount targets with mode 0755 - [RHEL-9.7] 0day"
- Resolves: RHEL-115166



ELSA-2025-21702 Important: Oracle Linux 9 podman security update


Oracle Linux Security Advisory ELSA-2025-21702

http://linux.oracle.com/errata/ELSA-2025-21702.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
podman-5.6.0-7.0.1.el9_7.x86_64.rpm
podman-docker-5.6.0-7.0.1.el9_7.noarch.rpm
podman-plugins-5.6.0-7.0.1.el9_7.x86_64.rpm
podman-remote-5.6.0-7.0.1.el9_7.x86_64.rpm
podman-tests-5.6.0-7.0.1.el9_7.x86_64.rpm

aarch64:
podman-5.6.0-7.0.1.el9_7.aarch64.rpm
podman-docker-5.6.0-7.0.1.el9_7.noarch.rpm
podman-plugins-5.6.0-7.0.1.el9_7.aarch64.rpm
podman-remote-5.6.0-7.0.1.el9_7.aarch64.rpm
podman-tests-5.6.0-7.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/podman-5.6.0-7.0.1.el9_7.src.rpm

Related CVEs:

CVE-2025-52881

Description of changes:

[5.6.0-7.0.1]
- Add devices on container startup, not on creation
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]

[6:5.6.0-7]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel
( https://github.com/containers/podman/commit/2791007)
- fixes "[Minor Incident] CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [rhel-9.7.z]"
- Resolves: RHEL-126913

[6:5.6.0-6]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel
( https://github.com/containers/podman/commit/61231e1)
- fixes "Timeouts while pushing Sigstore logs to Rekor - [RHEL 9.7] 0day"
- Resolves: RHEL-111076

[6:5.6.0-5]
- rebuild as last build was built in the wrong tag
- Related: RHEL-110317

[6:5.6.0-4]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel
( https://github.com/containers/podman/commit/c5a3735)
- fixes "Can not find network create and rm message from podman event when set --events-backend to journald - [RHEL 9.7] 0day"
- Resolves: RHEL-110317

[6:5.6.0-3]
- update to the latest content of https://github.com/containers/podman/tree/v5.6-rhel
( https://github.com/containers/podman/commit/7078b79)
- fixes "CVE-2025-9566 podman: Podman kube play command may overwrite host files [rhel-9.7]"
- Resolves: RHEL-113151



ELSA-2025-20963 Moderate: Oracle Linux 9 qt5-qt3d security update


Oracle Linux Security Advisory ELSA-2025-20963

http://linux.oracle.com/errata/ELSA-2025-20963.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
qt5-qt3d-5.15.9-2.el9_7.1.i686.rpm
qt5-qt3d-5.15.9-2.el9_7.1.x86_64.rpm
qt5-qt3d-devel-5.15.9-2.el9_7.1.i686.rpm
qt5-qt3d-devel-5.15.9-2.el9_7.1.x86_64.rpm
qt5-qt3d-examples-5.15.9-2.el9_7.1.x86_64.rpm

aarch64:
qt5-qt3d-5.15.9-2.el9_7.1.aarch64.rpm
qt5-qt3d-devel-5.15.9-2.el9_7.1.aarch64.rpm
qt5-qt3d-examples-5.15.9-2.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/qt5-qt3d-5.15.9-2.el9_7.1.src.rpm

Related CVEs:

CVE-2025-11277

Description of changes:

[5.15.9-2.1]
- Assimp: Fix heap-based overflow in Q3DLoader::InternReadFile
Resolves: RHEL-120986



ELSA-2025-21693 Important: Oracle Linux 9 haproxy security update


Oracle Linux Security Advisory ELSA-2025-21693

http://linux.oracle.com/errata/ELSA-2025-21693.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
haproxy-2.8.14-1.el9_7.1.x86_64.rpm

aarch64:
haproxy-2.8.14-1.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/haproxy-2.8.14-1.el9_7.1.src.rpm

Related CVEs:

CVE-2025-11230

Description of changes:

[2.8.14-1.1]
- Fix denial of service vulnerability in mjson library (CVE-2025-11230)
Resolves: RHEL-126664



ELSA-2025-22005 Moderate: Oracle Linux 9 go-rpm-macros security update


Oracle Linux Security Advisory ELSA-2025-22005

http://linux.oracle.com/errata/ELSA-2025-22005.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
go-filesystem-3.6.0-12.el9_7.x86_64.rpm
go-rpm-macros-3.6.0-12.el9_7.x86_64.rpm
go-rpm-templates-3.6.0-12.el9_7.noarch.rpm
go-srpm-macros-3.6.0-12.el9_7.noarch.rpm

aarch64:
go-filesystem-3.6.0-12.el9_7.aarch64.rpm
go-rpm-macros-3.6.0-12.el9_7.aarch64.rpm
go-rpm-templates-3.6.0-12.el9_7.noarch.rpm
go-srpm-macros-3.6.0-12.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/go-rpm-macros-3.6.0-12.el9_7.src.rpm

Related CVEs:

CVE-2025-47906

Description of changes:

[3.6.0-12]
- Rebuilt to include Go1.25.3 to address CVE-2025-47906
- Resolves: RHEL-125569



ELSA-2025-21968 Important: Oracle Linux 9 gimp security update


Oracle Linux Security Advisory ELSA-2025-21968

http://linux.oracle.com/errata/ELSA-2025-21968.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
gimp-3.0.4-1.el9_7.1.x86_64.rpm
gimp-libs-3.0.4-1.el9_7.1.i686.rpm
gimp-libs-3.0.4-1.el9_7.1.x86_64.rpm

aarch64:
gimp-3.0.4-1.el9_7.1.aarch64.rpm
gimp-libs-3.0.4-1.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gimp-3.0.4-1.el9_7.1.src.rpm

Related CVEs:

CVE-2025-10920
CVE-2025-10921
CVE-2025-10922
CVE-2025-10923
CVE-2025-10924
CVE-2025-10925
CVE-2025-10934

Description of changes:

[2:3.0.4-1.1]
- fix CVE-2025-10920
- fix CVE-2025-10921
- fix CVE-2025-10922
- fix CVE-2025-10923
- fix CVE-2025-10924
- fix CVE-2025-10925
- fix CVE-2025-10934



ELSA-2025-21926 Moderate: Oracle Linux 9 kernel security update


Oracle Linux Security Advisory ELSA-2025-21926

http://linux.oracle.com/errata/ELSA-2025-21926.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-abi-stablelists-5.14.0-611.9.1.el9_7.noarch.rpm
kernel-core-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-cross-headers-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-core-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-devel-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-devel-matched-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-modules-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-modules-core-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-modules-extra-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-debug-uki-virt-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-devel-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-devel-matched-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-doc-5.14.0-611.9.1.el9_7.noarch.rpm
kernel-headers-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-modules-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-modules-core-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-modules-extra-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-tools-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-tools-libs-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-tools-libs-devel-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-uki-virt-5.14.0-611.9.1.el9_7.x86_64.rpm
kernel-uki-virt-addons-5.14.0-611.9.1.el9_7.x86_64.rpm
libperf-5.14.0-611.9.1.el9_7.x86_64.rpm
perf-5.14.0-611.9.1.el9_7.x86_64.rpm
python3-perf-5.14.0-611.9.1.el9_7.x86_64.rpm
rtla-5.14.0-611.9.1.el9_7.x86_64.rpm
rv-5.14.0-611.9.1.el9_7.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-611.9.1.el9_7.aarch64.rpm
kernel-headers-5.14.0-611.9.1.el9_7.aarch64.rpm
kernel-tools-5.14.0-611.9.1.el9_7.aarch64.rpm
kernel-tools-libs-5.14.0-611.9.1.el9_7.aarch64.rpm
kernel-tools-libs-devel-5.14.0-611.9.1.el9_7.aarch64.rpm
libperf-5.14.0-611.9.1.el9_7.aarch64.rpm
perf-5.14.0-611.9.1.el9_7.aarch64.rpm
python3-perf-5.14.0-611.9.1.el9_7.aarch64.rpm
rtla-5.14.0-611.9.1.el9_7.aarch64.rpm
rv-5.14.0-611.9.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.9.1.el9_7.src.rpm

Related CVEs:

CVE-2025-39843

Description of changes:

[5.14.0-611.9.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64

Expat, LibXML2, Golang, and more updates for RHEL

Kernel, Sssd, DPDK, and more updates for SUSE

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...