Oracle has released several updates for its Linux distributions, including Oracle Linux 7, 8, 9, and 10. The updates include security patches for the kernel, aide, and Unbreakable Enterprise kernel, as well as bug fixes and enhancements for various packages such as Thunderbird, leapp-repository, libinput, man-pages, irqbalance, dnf, gnome-shell, NetworkManager, linux-firmware, libwacom, redhat-rpm-config, and libvirt.

ELSA-2025-15648 Important: Oracle Linux 7 kernel security update
ELSA-2025-15728 Important: Oracle Linux 7 aide security update
ELSA-2025-20632 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2025-16589 Important: Oracle Linux 8 thunderbird security update
ELSA-2025-20632 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2025-20629 Oracle Linux 8 leapp-repository bug fix update
ELSA-2025-20632 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2025-16489 Oracle Linux 10 libinput bug fix and enhancement update
ELBA-2025-16450 Oracle Linux 10 man-pages bug fix and enhancement update
ELSA-2025-16354 Moderate: Oracle Linux 10 kernel security update
ELBA-2025-16680 Oracle Linux 9 irqbalance bug fix and enhancement update
ELBA-2025-16449 Oracle Linux 10 dnf bug fix and enhancement update
ELBA-2025-16445 Oracle Linux 10 gnome-shell and gsettings-desktop-schemas bug fix and enhancement update
ELBA-2025-16448 Oracle Linux 10 NetworkManager bug fix and enhancement update
ELBA-2025-16447 Oracle Linux 10 linux-firmware bug fix and enhancement update
ELBA-2025-16433 Oracle Linux 10 libwacom bug fix and enhancement update
ELBA-2025-16431 Oracle Linux 10 redhat-rpm-config bug fix and enhancement update
ELBA-2025-16434 Oracle Linux 10 libvirt bug fix and enhancement update

ELSA-2025-15648 Important: Oracle Linux 7 kernel security update

Oracle Linux Security Advisory ELSA-2025-15648

http://linux.oracle.com/errata/ELSA-2025-15648.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.12.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.12.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.12.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.12.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1160.119.1.0.12.el7.src.rpm

Related CVEs:

CVE-2025-38332
CVE-2025-38352

Description of changes:

[3.10.0-1160.119.1.0.12]
- scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332) [Orabug: 38414589]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) [Orabug: 38414589]

ELSA-2025-15728 Important: Oracle Linux 7 aide security update

Oracle Linux Security Advisory ELSA-2025-15728

http://linux.oracle.com/errata/ELSA-2025-15728.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
aide-0.15.1-13.0.3.el7_9.1.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/aide-0.15.1-13.0.3.el7_9.1.src.rpm

Related CVEs:

CVE-2025-54389

Description of changes:

[0.15.1-13.0.3]
- aide security update CVE-2025-54389 [Orabug: 38427919]

ELSA-2025-20632 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20632

http://linux.oracle.com/errata/ELSA-2025-20632.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.347.6.2.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.347.6.2.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.347.6.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.347.6.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.347.6.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.347.6.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.347.6.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.347.6.2.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.2.el7uek.src.rpm

Related CVEs:

CVE-2025-38494
CVE-2025-38495
CVE-2025-38499
CVE-2025-38618

Description of changes:

[5.4.17-2136.347.6.2.el7uek]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38453918] {CVE-2025-38499}
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38453914]
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38453908]
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38453904]

ELSA-2025-16589 Important: Oracle Linux 8 thunderbird security update

Oracle Linux Security Advisory ELSA-2025-16589

http://linux.oracle.com/errata/ELSA-2025-16589.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.3.0-1.0.1.el8_10.x86_64.rpm

aarch64:
thunderbird-140.3.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-140.3.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-10527
CVE-2025-10528
CVE-2025-10529
CVE-2025-10532
CVE-2025-10533
CVE-2025-10536
CVE-2025-10537

Description of changes:

[140.3.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079820]
- Add Oracle prefs file

[140.3.0]
- Add OpenELA debranding

[140.3.0-1]
- Update to 140.3.0 ESR

ELSA-2025-20632 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20632

http://linux.oracle.com/errata/ELSA-2025-20632.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.347.6.2.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.347.6.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.347.6.2.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.347.6.2.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.347.6.2.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.2.el8uek.src.rpm

Related CVEs:

CVE-2025-38494
CVE-2025-38495
CVE-2025-38499
CVE-2025-38618

Description of changes:

[5.4.17-2136.347.6.2.el8uek]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38453918] {CVE-2025-38499}
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38453914]
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38453908]
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38453904]

ELBA-2025-20629 Oracle Linux 8 leapp-repository bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20629

http://linux.oracle.com/errata/ELBA-2025-20629.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
leapp-upgrade-el8toel9-0.20.0-2.0.24.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.24.el8.noarch.rpm

aarch64:
leapp-upgrade-el8toel9-0.20.0-2.0.24.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.24.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/leapp-repository-0.20.0-2.0.24.el8.src.rpm

Description of changes:

[0.20.0-2.0.24]
- Import special selinux module for double upgrade case [Orabug: 38285113]

ELSA-2025-20632 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20632

http://linux.oracle.com/errata/ELSA-2025-20632.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.347.6.2.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.347.6.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.347.6.2.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.347.6.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.347.6.2.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.347.6.2.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.347.6.2.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.2.el8uek.src.rpm

Related CVEs:

CVE-2025-38494
CVE-2025-38495
CVE-2025-38499
CVE-2025-38618

Description of changes:

[5.4.17-2136.347.6.2.el8uek]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38453918] {CVE-2025-38499}
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38453914]
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38453908]
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38453904]

ELBA-2025-16489 Oracle Linux 10 libinput bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-16489

http://linux.oracle.com/errata/ELBA-2025-16489.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
libinput-1.26.1-5.el10_0.x86_64.rpm
libinput-devel-1.26.1-5.el10_0.x86_64.rpm
libinput-utils-1.26.1-5.el10_0.x86_64.rpm

aarch64:
libinput-1.26.1-5.el10_0.aarch64.rpm
libinput-devel-1.26.1-5.el10_0.aarch64.rpm
libinput-utils-1.26.1-5.el10_0.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/libinput-1.26.1-5.el10_0.src.rpm

Description of changes:

[1.26.1-5]
- Add quirks for four Dell pressure pads (RHEL-106932)

ELBA-2025-16450 Oracle Linux 10 man-pages bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-16450

http://linux.oracle.com/errata/ELBA-2025-16450.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
man-pages-6.06-8.el10_0.noarch.rpm

aarch64:
man-pages-6.06-8.el10_0.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/man-pages-6.06-8.el10_0.src.rpm

Description of changes:

[6.06-8]
- Remove man-pages-additional-20140218.tar.xz from sources. (RHEL-101696)

[6.06-7]
- Break up man-pages-additional-20140218.tar.xz (RHEL-101696)
- Add rtas.2, swapcontext.2 and cons.saver.8 man pages as a patch.

[6.06-6]
- sched(7): Mention autogroup disabled behavior.

ELSA-2025-16354 Moderate: Oracle Linux 10 kernel security update

Oracle Linux Security Advisory ELSA-2025-16354

http://linux.oracle.com/errata/ELSA-2025-16354.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-abi-stablelists-6.12.0-55.34.1.0.1.el10_0.noarch.rpm
kernel-core-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-cross-headers-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-core-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-matched-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-core-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-extra-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-debug-uki-virt-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-devel-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-devel-matched-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-doc-6.12.0-55.34.1.0.1.el10_0.noarch.rpm
kernel-headers-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-modules-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-modules-core-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-modules-extra-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-tools-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-devel-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-addons-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
libperf-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
perf-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
python3-perf-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
rtla-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm
rv-6.12.0-55.34.1.0.1.el10_0.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
kernel-headers-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
kernel-tools-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-devel-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
libperf-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
perf-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
python3-perf-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
rtla-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm
rv-6.12.0-55.34.1.0.1.el10_0.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.34.1.0.1.el10_0.src.rpm

Related CVEs:

CVE-2025-37810
CVE-2025-38566

Description of changes:

[6.12.0-55.34.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64