Firefox, LibTIFF, Kernel, and more updates for Oracle Linux

Oracle Linux 6420 Published by

Oracle has released several updates for its Oracle Linux platform, including security patches and bug fixes. The updates affect various versions of Oracle Linux 7, 8, and 9, with some being marked as important and others as moderate. Updates include security patches for Firefox, libtiff, PostgreSQL, kernel, Unbreakable Enterprise kernel, and other packages. Additionally, some updates are specifically labeled as bug fixes for the leapp-repository package in Oracle Linux 9.

ELSA-2025-22363 Important: Oracle Linux 8 firefox security update
ELSA-2025-21407 Important: Oracle Linux 7 libtiff security update
ELSA-2025-28026 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2025-22388 Moderate: Oracle Linux 8 kernel security update
ELSA-2025-28026 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-28019 Important: Oracle Linux 8 postgresql security update
ELBA-2025-22388-1 Oracle Linux 8 kernel bug fix update
ELSA-2025-28024 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2025-28026 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-22405 Moderate: Oracle Linux 9 kernel security update
ELSA-2025-28024 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-22376 Moderate: Oracle Linux 9 libxml2 security update
ELBA-2025-28015 Oracle Linux 9 leapp-repository bug fix update
ELSA-2025-28024 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2025-28025 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2025-28025 Important: Unbreakable Enterprise kernel security update




ELSA-2025-22363 Important: Oracle Linux 8 firefox security update


Oracle Linux Security Advisory ELSA-2025-22363

http://linux.oracle.com/errata/ELSA-2025-22363.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.5.0-1.0.1.el8_10.x86_64.rpm

aarch64:
firefox-140.5.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/firefox-140.5.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-13012
CVE-2025-13013
CVE-2025-13014
CVE-2025-13015
CVE-2025-13016
CVE-2025-13017
CVE-2025-13018
CVE-2025-13019
CVE-2025-13020

Description of changes:

[140.5.0-1.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789]

[140.5.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)

[140.5.0-1]
- Update to 140.5.0 ESR



ELSA-2025-21407 Important: Oracle Linux 7 libtiff security update


Oracle Linux Security Advisory ELSA-2025-21407

http://linux.oracle.com/errata/ELSA-2025-21407.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
libtiff-4.0.3-35.0.1.el7.i686.rpm
libtiff-4.0.3-35.0.1.el7.x86_64.rpm
libtiff-devel-4.0.3-35.0.1.el7.i686.rpm
libtiff-devel-4.0.3-35.0.1.el7.x86_64.rpm
libtiff-static-4.0.3-35.0.1.el7.i686.rpm
libtiff-static-4.0.3-35.0.1.el7.x86_64.rpm
libtiff-tools-4.0.3-35.0.1.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libtiff-4.0.3-35.0.1.el7.src.rpm

Related CVEs:

CVE-2025-8176
CVE-2025-8177
CVE-2025-9900

Description of changes:

[4.0.3-35.0.1]
- fix CVE-2025-8176: prevent skipping first line in tiffdither and
tiffmedian tools [Orabug: 38658716]
- fix CVE-2025-8177: buffer overflow thumbnail setrow [Orabug: 38658716]
- fix CVE-2025-9900: buffer underflow crash in TIFFReadRGBAImageOriented()
[Orabug: 38658716]



ELSA-2025-28026 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-28026

http://linux.oracle.com/errata/ELSA-2025-28026.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.349.3.2.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.349.3.2.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.349.3.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.349.3.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.349.3.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.349.3.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.349.3.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.349.3.2.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.349.3.2.el7uek.src.rpm

Related CVEs:

CVE-2025-40019

Description of changes:

[5.4.17-2136.349.3.2]
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38705546] {CVE-2025-40019}



ELSA-2025-22388 Moderate: Oracle Linux 8 kernel security update


Oracle Linux Security Advisory ELSA-2025-22388

http://linux.oracle.com/errata/ELSA-2025-22388.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.87.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.87.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.87.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.87.1.el8_10.x86_64.rpm
perf-4.18.0-553.87.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.87.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.87.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.87.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.87.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.87.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.87.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.87.1.el8_10.aarch64.rpm
perf-4.18.0-553.87.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.87.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.87.1.el8_10.src.rpm

Related CVEs:

CVE-2023-53513
CVE-2025-38724
CVE-2025-39825
CVE-2025-39883
CVE-2025-39898
CVE-2025-39955

Description of changes:

[4.18.0-553.87.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 fastopen_rsk in tcp_disconnect(). (Antoine Tenart) [RHEL-120664] {CVE-2025-39955}
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Audra Mitchell) [RHEL-117059] {CVE-2025-39883}

[4.18.0-553.86.1]
- smb: client: fix race with concurrent opens in rename(2) (Paulo Alcantara) [RHEL-118237] {CVE-2025-39825}
- smb: client: fix race with concurrent opens in unlink(2) (Paulo Alcantara) [RHEL-118237]
- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123105] {CVE-2025-39898}
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125595] {CVE-2025-38724}
- nbd: fix incomplete validation of ioctl arg (CKI Backport Bot) [RHEL-122965] {CVE-2023-53513}
- arch/powerpc: commandline option to enable P11 support (Mamatha Inamdar) [RHEL-107921]
- perf/pmu-events/powerpc: Update json mapfile with Power11 PVR (Mamatha Inamdar) [RHEL-107921]
- perf vendor events powerpc: Add PVN for HX-C2000 CPU with Power8 Architecture (Mamatha Inamdar) [RHEL-107921]
- tools/perf/arch/powerpc: Fix the CPU ID const char* value by adding 0x prefix (Mamatha Inamdar) [RHEL-107921]
- powerpc/perf: Power11 Performance Monitoring support (Mamatha Inamdar) [RHEL-107921]
- powerpc/perf: Add __init attribute to eligible functions (Mamatha Inamdar) [RHEL-107921]
- powerpc: Add Power11 architected and raw mode (Mamatha Inamdar) [RHEL-107921]



ELSA-2025-28024 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-28024

http://linux.oracle.com/errata/ELSA-2025-28024.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-314.193.5.5.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-314.193.5.5.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-314.193.5.5.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-314.193.5.5.el9uek.src.rpm

Related CVEs:

CVE-2025-40019

Description of changes:

[5.15.0-314.193.5.5]
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38705933] {CVE-2025-40019}



ELSA-2025-28026 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-28026

http://linux.oracle.com/errata/ELSA-2025-28026.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.349.3.2.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.349.3.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.349.3.2.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.349.3.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.349.3.2.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.349.3.2.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.349.3.2.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.349.3.2.el8uek.src.rpm

Related CVEs:

CVE-2025-40019

Description of changes:

[5.4.17-2136.349.3.2]
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38705546] {CVE-2025-40019}



ELSA-2025-22405 Moderate: Oracle Linux 9 kernel security update


Oracle Linux Security Advisory ELSA-2025-22405

http://linux.oracle.com/errata/ELSA-2025-22405.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-abi-stablelists-5.14.0-611.11.1.el9_7.noarch.rpm
kernel-core-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-cross-headers-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-core-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-devel-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-devel-matched-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-modules-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-modules-core-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-modules-extra-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-debug-uki-virt-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-devel-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-devel-matched-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-doc-5.14.0-611.11.1.el9_7.noarch.rpm
kernel-headers-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-modules-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-modules-core-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-modules-extra-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-tools-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-tools-libs-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-tools-libs-devel-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-uki-virt-5.14.0-611.11.1.el9_7.x86_64.rpm
kernel-uki-virt-addons-5.14.0-611.11.1.el9_7.x86_64.rpm
libperf-5.14.0-611.11.1.el9_7.x86_64.rpm
perf-5.14.0-611.11.1.el9_7.x86_64.rpm
python3-perf-5.14.0-611.11.1.el9_7.x86_64.rpm
rtla-5.14.0-611.11.1.el9_7.x86_64.rpm
rv-5.14.0-611.11.1.el9_7.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-611.11.1.el9_7.aarch64.rpm
kernel-headers-5.14.0-611.11.1.el9_7.aarch64.rpm
kernel-tools-5.14.0-611.11.1.el9_7.aarch64.rpm
kernel-tools-libs-5.14.0-611.11.1.el9_7.aarch64.rpm
kernel-tools-libs-devel-5.14.0-611.11.1.el9_7.aarch64.rpm
perf-5.14.0-611.11.1.el9_7.aarch64.rpm
python3-perf-5.14.0-611.11.1.el9_7.aarch64.rpm
rtla-5.14.0-611.11.1.el9_7.aarch64.rpm
rv-5.14.0-611.11.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.11.1.el9_7.src.rpm

Related CVEs:

CVE-2025-38724
CVE-2025-39864
CVE-2025-39898
CVE-2025-39918
CVE-2025-39955
CVE-2025-39981
CVE-2025-40058
CVE-2025-40185

Description of changes:

[5.14.0-611.11.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64

Python, NodeJS, Virt, OpenSSL updates for RHEL

LibXML2 and Expat updates for AlmaLinux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...