There are multiple security updates available for Oracle Linux, including ones for various versions of the operating system. The updates tackle vulnerabilities in packages like httpd, udisks2, postgresql, pam, and kernel, classifying some as moderate and others as important. The affected versions include Oracle Linux 7, 8, 9, and 10, indicating that multiple versions are vulnerable to the security issues addressed by these updates.

ELSA-2025-15095 Moderate: Oracle Linux 10 httpd security update
ELSA-2025-15020 Important: Oracle Linux 10 udisks2 security update
ELSA-2025-15021 Important: Oracle Linux 8 postgresql:13 security update
ELSA-2025-15099 Important: Oracle Linux 9 pam security update
ELSA-2025-15011 Important: Oracle Linux 9 kernel security update
ELSA-2025-15115 Important: Oracle Linux 8 postgresql:12 security update
ELSA-2025-15022 Important: Oracle Linux 8 postgresql:15 security update
ELSA-2025-15008 Moderate: Oracle Linux 8 kernel security update
ELSA-2025-10357 Important: Oracle Linux 7 pam security update
ELSA-2025-15005 Moderate: Oracle Linux 10 kernel security update
ELBA-2025-15008-1 Oracle Linux 8 kernel bug fix update
ELSA-2025-15123 Moderate: Oracle Linux 8 httpd:2.4 security update

ELSA-2025-15095 Moderate: Oracle Linux 10 httpd security update

Oracle Linux Security Advisory ELSA-2025-15095

http://linux.oracle.com/errata/ELSA-2025-15095.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.63-1.0.1.el10_0.2.x86_64.rpm
httpd-core-2.4.63-1.0.1.el10_0.2.x86_64.rpm
httpd-devel-2.4.63-1.0.1.el10_0.2.x86_64.rpm
httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch.rpm
httpd-manual-2.4.63-1.0.1.el10_0.2.noarch.rpm
httpd-tools-2.4.63-1.0.1.el10_0.2.x86_64.rpm
mod_ldap-2.4.63-1.0.1.el10_0.2.x86_64.rpm
mod_lua-2.4.63-1.0.1.el10_0.2.x86_64.rpm
mod_proxy_html-2.4.63-1.0.1.el10_0.2.x86_64.rpm
mod_session-2.4.63-1.0.1.el10_0.2.x86_64.rpm
mod_ssl-2.4.63-1.0.1.el10_0.2.x86_64.rpm

aarch64:
httpd-2.4.63-1.0.1.el10_0.2.aarch64.rpm
httpd-core-2.4.63-1.0.1.el10_0.2.aarch64.rpm
httpd-devel-2.4.63-1.0.1.el10_0.2.aarch64.rpm
httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch.rpm
httpd-manual-2.4.63-1.0.1.el10_0.2.noarch.rpm
httpd-tools-2.4.63-1.0.1.el10_0.2.aarch64.rpm
mod_ldap-2.4.63-1.0.1.el10_0.2.aarch64.rpm
mod_lua-2.4.63-1.0.1.el10_0.2.aarch64.rpm
mod_proxy_html-2.4.63-1.0.1.el10_0.2.aarch64.rpm
mod_session-2.4.63-1.0.1.el10_0.2.aarch64.rpm
mod_ssl-2.4.63-1.0.1.el10_0.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/httpd-2.4.63-1.0.1.el10_0.2.src.rpm

Related CVEs:

CVE-2024-47252
CVE-2025-23048
CVE-2025-49812

Description of changes:

[2.4.63-1.0.1.2]
- Replace index.html with Oracle's index page oracle_index.html.

ELSA-2025-15020 Important: Oracle Linux 10 udisks2 security update

Oracle Linux Security Advisory ELSA-2025-15020

http://linux.oracle.com/errata/ELSA-2025-15020.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
libudisks2-2.10.90-5.0.1.el10_0.1.x86_64.rpm
libudisks2-devel-2.10.90-5.0.1.el10_0.1.x86_64.rpm
udisks2-2.10.90-5.0.1.el10_0.1.x86_64.rpm
udisks2-iscsi-2.10.90-5.0.1.el10_0.1.x86_64.rpm
udisks2-lsm-2.10.90-5.0.1.el10_0.1.x86_64.rpm
udisks2-lvm2-2.10.90-5.0.1.el10_0.1.x86_64.rpm

aarch64:
libudisks2-2.10.90-5.0.1.el10_0.1.aarch64.rpm
libudisks2-devel-2.10.90-5.0.1.el10_0.1.aarch64.rpm
udisks2-2.10.90-5.0.1.el10_0.1.aarch64.rpm
udisks2-iscsi-2.10.90-5.0.1.el10_0.1.aarch64.rpm
udisks2-lsm-2.10.90-5.0.1.el10_0.1.aarch64.rpm
udisks2-lvm2-2.10.90-5.0.1.el10_0.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/udisks2-2.10.90-5.0.1.el10_0.1.src.rpm

Related CVEs:

CVE-2025-8067

Description of changes:

[2.10.90-5.0.1.1]
- Enable btrfs support for OL supported arches [Orabug: 37464632]

[2.10.90-5.1]
- udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)

[2.10.90-5]
- mdraid: Avoid acquiring system inhibit lock for external array operations (RHEL-74012)

[2.10.90-4]
- Rebase to upstream 2.10.90 (pre-)release
- lvm2: Try opening for unused device detection harder (RHEL-39935)

[2.10.90-3.gitdb54112e]
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018

[2.10.90-2.gitdb54112e]
- Fix Requires: for modules
- Fix gating tests

[2.10.90-1.gitdb54112e]
- Rebase to git snapshot as of 2024-07-25

[2.10.1-5]
- Bump release for June 2024 mass rebuild

[2.10.1-4]
- Use SPDX license tags for subpackages

[2.10.1-3]
- Use a SPDX license tag
- udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder
- udiskslinuxmanager: Fix use after free
- tests: Fix targetcli_config.json

[2.10.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

[2.10.1-1]
- Version 2.10.1
- Default to ntfs-3g for stability reasons (#2182206)
- Use Recommends: for filesystem tools (#2169848)

[2.10.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

[2.10.0-1]
- Version 2.10.0

[2.9.4-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

[2.9.4-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

[2.9.4-4]
- Fix gtk-doc annotations

[2.9.4-3]
- Require ntfs-3g (#2058506)

[2.9.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[2.9.4-1]
- Version 2.9.4
- Fixes CVE-2021-3802 (#2003650)

[2.9.3-1]
- Version 2.9.3

[2.9.2-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

[2.9.2-5]
- Switch the default encryption to LUKS2

[2.9.2-4]
- Fix a couple of issues found by Coverity
- Ignore systemd "Extended Boot Loader" GPT partition

[2.9.2-3]
- Fix FAT mkfs with dosfstools >= 4.2
- udiskslinuxdriveata: Use GTask to apply configuration in a thread
- Limit allowed module names
- 80-udisks2.rules: Ignore Apple boot partition from livecd-tools

[2.9.2-2]
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.

[2.9.2-1]
- Version 2.9.2

[2.9.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[2.9.1-2]
- Fix conditional around polkit Recommends for building on EL7

[2.9.1-1]
- Version 2.9.1
- Renamed zram-setup@.service to udisks2-zram-setup@.service

[2.9.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[2.9.0-1]
- Version 2.9.0

[2.8.4-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

[2.8.4-3]
- Don't trigger udev if socket is not accessible

[2.8.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

[2.8.4-1]
- Version 2.8.4

[2.8.3-1]
- Version 2.8.3

[2.8.2-2]
- Update for tmpfiles.d snippet

[2.8.2-1]
- Version 2.8.2

[2.8.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

[2.8.1-1]
- Version 2.8.1

[2.8.0-2]
- Backport PR #576 to fix udev multipath device check (see RHBZ#1628192)

[2.8.0-1]
- Version 2.8.0

[2.7.7-3]
- Rebuild for new libconfig

[2.7.7-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[2.7.7-1]
- Version 2.7.7

[2.7.6-1]
- Version 2.7.6

[2.7.5-2]
- Switch to %ldconfig_scriptlets

[2.7.5-1]
- Version 2.7.5

[2.7.4-1]
- Version 2.7.4

[2.7.3-1]
- Version 2.7.3

[2.7.2-1]
- Version 2.7.2

[2.7.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[2.7.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[2.7.1-1]
- Version 2.7.1

[2.7.0-3]
- Do not try to remove changed_blacklist hash table in finalize

[2.7.0-2]
- Fix how UDisksClient filters property changes

[2.7.0-1]
- Version 2.7.0

[2.6.5-1]
- Version 2.6.5

[2.6.4-1]
- Version 2.6.4

[2.6.3-1]
- Version 2.6.3

[2.6.2-1]
- Version 2.6.2; aimed to replace udisks2

[2.6.0-3]
- Add support for libblockdev-part plugin which replaces
parted calls

[2.6.0-2]
- Fix permissions set for storaged_lsm.conf so it is readable only by root

[2.6.0-1]
- Upgrade to 2.6.0

[2.5.0-3]
- Package template zram-setup@.service file

[2.5.0-2]
- Add udisksd configuration file and its man page

[2.5.0-1]
- UDisks2 drop-in replacement

[2.4.0-3]
- Redesign subpackage dependencies
- Make GTK documentation generation configurable

[2.4.0-2]
- Reload udev rules and trigger events when installed

[2.4.0-1]
- Upgrade to 2.4.0

[2.3.0-2]
- Add Fedora/RHEL package configuration options

[2.3.0-1]
- Change BuildRequires from pkgconfig macro to -devel packages
- Upgrade to 2.3.0

[2.2.0-1]
- Upgrade to 2.2.0

[2.1.1-1]
- Upgrade to 2.1.1

[2.1.0-4]
- Add Requires for storaged modules

[2.1.0-3]
- Changes for EPEL-7
- Lower systemd required version to 208
- Rewrite BuildRequires for systemd-devel

[2.1.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[2.1.0-1]
- Update to upstream 2.1.0

[2.0.0-1]
- Rebase to the new Storaged implementation
- Upstream: https://storaged.org

[0.3.1-1]
- Update to upstream 0.3.1

[0.3.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[0.3.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[0.3.0-1]
- Update to upstream 0.3.0

[0.2.0-1]
- Update to upstream 0.2.0

[0.1.0-2]
- Removed double systemd BuildRequire
- Rewritten summary and description

[0.1.0-1]
- Rename from udisks2-lvm

ELSA-2025-15021 Important: Oracle Linux 8 postgresql:13 security update

Oracle Linux Security Advisory ELSA-2025-15021

http://linux.oracle.com/errata/ELSA-2025-15021.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
pgaudit-1.5.0-1.module+el8.9.0+90098+1560b6c2.x86_64.rpm
pg_repack-1.4.6-3.module+el8.9.0+90098+1560b6c2.x86_64.rpm
postgres-decoderbufs-0.10.0-2.module+el8.9.0+90098+1560b6c2.x86_64.rpm
postgresql-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-contrib-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-docs-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-plperl-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-plpython3-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-pltcl-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-server-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-server-devel-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-static-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-test-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-test-rpm-macros-13.22-1.module+el8.10.0+90650+9f37c94f.noarch.rpm
postgresql-upgrade-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm
postgresql-upgrade-devel-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm

aarch64:
pgaudit-1.5.0-1.module+el8.9.0+90098+1560b6c2.aarch64.rpm
pg_repack-1.4.6-3.module+el8.9.0+90098+1560b6c2.aarch64.rpm
postgres-decoderbufs-0.10.0-2.module+el8.9.0+90098+1560b6c2.aarch64.rpm
postgresql-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-contrib-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-docs-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-plperl-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-plpython3-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-pltcl-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-server-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-server-devel-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-static-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-test-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-test-rpm-macros-13.22-1.module+el8.10.0+90650+9f37c94f.noarch.rpm
postgresql-upgrade-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm
postgresql-upgrade-devel-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/pgaudit-1.5.0-1.module+el8.9.0+90098+1560b6c2.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/pg_repack-1.4.6-3.module+el8.9.0+90098+1560b6c2.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/postgres-decoderbufs-0.10.0-2.module+el8.9.0+90098+1560b6c2.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/postgresql-13.22-1.module+el8.10.0+90650+9f37c94f.src.rpm

Related CVEs:

CVE-2025-8714
CVE-2025-8715

Description of changes:

pgaudit
[1.5.0-1]
- Update to version 1.5.0
Related: #1855776

pg_repack
[1.4.6-3]
- Release bump - enable gating

[1.4.6-2]
- Rebuild
- Resolves:#1954442

[1.4.6-1]
- Rebase to upstream release 1.4.6

[1.4.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[1.4.5-1]
- Initial packaging

postgres-decoderbufs
[0.10.0-2]
- Release bump for rebuild against libpq-12.1-3

* Wed Oct 09 2019 Patrik Novotný