IPa, Shim, Kernel updates for Oracle Linux

Oracle Linux 6415 Published by

Oracle Linux has been updated with security enhancements, which include an IPa security update, a shim bug fix update, and a kernel security update:

ELSA-2025-9184 Important: Oracle Linux 9 ipa security update
ELBA-2025-20377 Oracle Linux 9 shim bug fix update
ELSA-2025-7898 Important: Oracle Linux 7 kernel security update




ELSA-2025-9184 Important: Oracle Linux 9 ipa security update


Oracle Linux Security Advisory ELSA-2025-9184

http://linux.oracle.com/errata/ELSA-2025-9184.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipa-client-4.12.2-14.0.1.el9_6.1.x86_64.rpm
ipa-client-common-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-client-encrypted-dns-4.12.2-14.0.1.el9_6.1.x86_64.rpm
ipa-client-epn-4.12.2-14.0.1.el9_6.1.x86_64.rpm
ipa-client-samba-4.12.2-14.0.1.el9_6.1.x86_64.rpm
ipa-common-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-selinux-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-selinux-luna-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-selinux-nfast-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-server-4.12.2-14.0.1.el9_6.1.x86_64.rpm
ipa-server-common-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-server-dns-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-server-encrypted-dns-4.12.2-14.0.1.el9_6.1.x86_64.rpm
ipa-server-trust-ad-4.12.2-14.0.1.el9_6.1.x86_64.rpm
python3-ipaclient-4.12.2-14.0.1.el9_6.1.noarch.rpm
python3-ipalib-4.12.2-14.0.1.el9_6.1.noarch.rpm
python3-ipaserver-4.12.2-14.0.1.el9_6.1.noarch.rpm
python3-ipatests-4.12.2-14.0.1.el9_6.1.noarch.rpm

aarch64:
ipa-client-4.12.2-14.0.1.el9_6.1.aarch64.rpm
ipa-client-common-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-client-encrypted-dns-4.12.2-14.0.1.el9_6.1.aarch64.rpm
ipa-client-epn-4.12.2-14.0.1.el9_6.1.aarch64.rpm
ipa-client-samba-4.12.2-14.0.1.el9_6.1.aarch64.rpm
ipa-common-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-selinux-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-selinux-luna-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-selinux-nfast-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-server-4.12.2-14.0.1.el9_6.1.aarch64.rpm
ipa-server-common-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-server-dns-4.12.2-14.0.1.el9_6.1.noarch.rpm
ipa-server-encrypted-dns-4.12.2-14.0.1.el9_6.1.aarch64.rpm
ipa-server-trust-ad-4.12.2-14.0.1.el9_6.1.aarch64.rpm
python3-ipaclient-4.12.2-14.0.1.el9_6.1.noarch.rpm
python3-ipalib-4.12.2-14.0.1.el9_6.1.noarch.rpm
python3-ipaserver-4.12.2-14.0.1.el9_6.1.noarch.rpm
python3-ipatests-4.12.2-14.0.1.el9_6.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ipa-4.12.2-14.0.1.el9_6.1.src.rpm

Related CVEs:

CVE-2025-4404

Description of changes:

[4.12.2-14.0.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
- Add bind to ipa-server-common Requires [Orabug: 36518596]

[4.12.2-14.1]
- Resolves: RHEL-89908
EMBARGOED CVE-2025-4404 ipa: Privilege escalation from host to domain admin in FreeIPA
- Resolves: RHEL-89144
kdb: ipadb_get_connection() succeeds but returns null LDAP context



ELBA-2025-20377 Oracle Linux 9 shim bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20377

http://linux.oracle.com/errata/ELBA-2025-20377.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
shim-x64-15.8-1.0.5.el9_4.x86_64.rpm

aarch64:
shim-aa64-15.8-1.0.5.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//shim-15.8-1.0.5.el9_4.src.rpm

Description of changes:

[15.8-1.0.5]
- Add support for Oracle signed shim [Orabug: 38029686]
- Add vendor shim binaries signed with Oracle Secure Boot Signing (key 2) [Orabug: 38029686]

[15.8-1.0.4]
- Update shim-unsigned v15.8 providing Oracle SecureBoot CA [Orabug: 37631079]

[15.8-1.0.3]
- Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072879]
- Update shim fb and mm binaries to match unsigned releases [Orabug: 36072879]

[15.8-1.0.2]
- Use binaries with correct shim.ol generation [Orabug: 36072879]
- Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072879]

[15.8-1.0.1]
- Update to 15.8 [Orabug: 36072879]
- fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072879]



ELSA-2025-7898 Important: Oracle Linux 7 kernel security update


Oracle Linux Security Advisory ELSA-2025-7898

http://linux.oracle.com/errata/ELSA-2025-7898.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.9.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.9.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.9.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.9.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-3.10.0-1160.119.1.0.9.el7.src.rpm

Related CVEs:

CVE-2024-53141

Description of changes:

[3.10.0-1160.119.1.0.9.el7.OL7]
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) {CVE-2024-53141} [Orabug: 37964173]
- Update OL SB certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985797]


Gvisor-Tap-Vsock security updates for AlmaLinux

Xorg-Server and Libblockdev updates for Slackware

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...