Kernel, NodeJS, RPM, and more updates for Oracle Linux

Oracle Linux 6418 Published by

Security updates have been released for various versions of Oracle Linux, including kernel security updates. The updates include bug fixes and enhancements for nodejs24 on Oracle Linux 10, as well as RPM bug fixes. Additionally, webkit2gtk3 and abrt security updates were made available for Oracle Linux 8, while important security updates were also released for sssd in Oracle Linux 7. Furthermore, other security updates have been issued for different versions of Oracle Linux.

ELSA-2025-22395 Moderate: Oracle Linux 10 kernel security update
ELSA-2025-21931 Moderate: Oracle Linux 10 kernel security update
ELEA-2025-20999 Oracle Linux 10 nodejs24 bug fix and enhancement update
ELBA-2025-28039 Oracle Linux 10 rpm bug fix update
ELSA-2025-22790 Important: Oracle Linux 9 webkit2gtk3 security update
ELSA-2025-22801 Moderate: Oracle Linux 8 kernel security update
ELSA-2025-22789 Important: Oracle Linux 8 webkit2gtk3 security update
ELSA-2025-22760 Important: Oracle Linux 8 abrt security update
ELSA-2025-22668 Moderate: Oracle Linux 8 go-toolset:rhel8 security update
ELSA-2025-19847 Important: Oracle Linux 7 sssd security update




ELSA-2025-22395 Moderate: Oracle Linux 10 kernel security update


Oracle Linux Security Advisory ELSA-2025-22395

http://linux.oracle.com/errata/ELSA-2025-22395.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.16.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.16.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.16.1.el10_1.x86_64.rpm
libperf-6.12.0-124.16.1.el10_1.x86_64.rpm
perf-6.12.0-124.16.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.16.1.el10_1.x86_64.rpm
rtla-6.12.0-124.16.1.el10_1.x86_64.rpm
rv-6.12.0-124.16.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.16.1.el10_1.aarch64.rpm
libperf-6.12.0-124.16.1.el10_1.aarch64.rpm
perf-6.12.0-124.16.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.16.1.el10_1.aarch64.rpm
rtla-6.12.0-124.16.1.el10_1.aarch64.rpm
rv-6.12.0-124.16.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.16.1.el10_1.src.rpm

Related CVEs:

CVE-2025-22068
CVE-2025-38724
CVE-2025-39883
CVE-2025-39898
CVE-2025-39918
CVE-2025-39971

Description of changes:

[6.12.0-124.16.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 canceling is set when queue is frozen (Ming Lei) [RHEL-99436] {CVE-2025-22068}
- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123127] {CVE-2025-39898}
- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123811]
- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123811] {CVE-2025-39968}
- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123811] {CVE-2025-39969}
- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123811] {CVE-2025-39970}
- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123811] {CVE-2025-39971}
- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123811] {CVE-2025-39972}
- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123811] {CVE-2025-39973}
- nvme-multipath: Skip nr_active increments in RETRY disposition (Ewan D. Milne) [RHEL-123689]



ELSA-2025-21931 Moderate: Oracle Linux 10 kernel security update


Oracle Linux Security Advisory ELSA-2025-21931

http://linux.oracle.com/errata/ELSA-2025-21931.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.13.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.13.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.13.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.13.1.el10_1.x86_64.rpm
libperf-6.12.0-124.13.1.el10_1.x86_64.rpm
perf-6.12.0-124.13.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.13.1.el10_1.x86_64.rpm
rtla-6.12.0-124.13.1.el10_1.x86_64.rpm
rv-6.12.0-124.13.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.13.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.13.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.13.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.13.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.13.1.el10_1.aarch64.rpm
libperf-6.12.0-124.13.1.el10_1.aarch64.rpm
perf-6.12.0-124.13.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.13.1.el10_1.aarch64.rpm
rtla-6.12.0-124.13.1.el10_1.aarch64.rpm
rv-6.12.0-124.13.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.13.1.el10_1.src.rpm

Related CVEs:

CVE-2025-39730
CVE-2025-39955

Description of changes:

[6.12.0-124.13.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 fastopen_rsk in tcp_disconnect(). (Antoine Tenart) [RHEL-120672] {CVE-2025-39955}
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CKI Backport Bot) [RHEL-113613] {CVE-2025-39730}

[6.12.0-124.11.1]
- of_numa: fix uninitialized memory nodes causing kernel panic (Charles Mirabile) [RHEL-123154] {CVE-2025-39903}
- redhat: use the same cert as UKI's to sign addons (Li Tian) [RHEL-124734]
- ibmveth: Add multi buffers rx replenishment hcall support (Mamatha Inamdar) [RHEL-116193]
- net: ibmveth: Reset the adapter when unexpected states are detected (Mamatha Inamdar) [RHEL-116193]
- ibmvnic: Increase max subcrq indirect entries with fallback (Mamatha Inamdar) [RHEL-116189]
- redhat: enable TDX host config (Paolo Bonzini) [RHEL-27145]
- KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (Paolo Bonzini) [RHEL-27145]
- x86/virt/tdx: Update the kexec section in the TDX documentation (Paolo Bonzini) [RHEL-27145]
- x86/virt/tdx: Remove the !KEXEC_CORE dependency (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Disable kexec/kdump on platforms with TDX partial write erratum (Paolo Bonzini) [RHEL-27145]
- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (Paolo Bonzini) [RHEL-27145]
- x86/sme: Use percpu boolean to control WBINVD during kexec (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Consolidate relocate_kernel() function parameters (Paolo Bonzini) [RHEL-27145]
- x86/paravirt: Remove the WBINVD callback (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Use typedef for relocate_kernel_fn function prototype (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Cope with relocate_kernel() not being at the start of the page (Paolo Bonzini) [RHEL-27145]
- kexec_core: Add and update comments regarding the KEXEC_JUMP flow (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Mark machine_kexec() with __nocfi (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Fix location of relocate_kernel with -ffunction-sections (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Fix stack and handling of re-entry point for ::preserve_context (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Use correct swap page in swap_pages function (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Ensure preserve_context flag is set on return to kernel (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Disable global pages before writing to control page (Paolo Bonzini) [RHEL-27145]
- x86: Fix build regression with CONFIG_KEXEC_JUMP enabled (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Mark relocate_kernel page as ROX instead of RWX (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Clean up register usage in relocate_kernel() (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Drop page_list argument from relocate_kernel() (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Add data section to relocate_kernel (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Move relocate_kernel to kernel .data section (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Invoke copy of relocate_kernel() instead of the original (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Copy control page into place in machine_kexec_prepare() (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Allocate PGD for x86_64 transition page tables separately (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Only swap pages for ::preserve_context mode (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Clean up and document register use in relocate_kernel_64.S (Paolo Bonzini) [RHEL-27145]
- x86/kexec: Restore GDT on return from ::preserve_context kexec (Paolo Bonzini) [RHEL-27145]

[6.12.0-124.10.1]
- wifi: cfg80211: fix use-after-free in cmp_bss() (CKI Backport Bot) [RHEL-122880] {CVE-2025-39864}
- selftests: tls: test skb copy under mem pressure and OOB (CKI Backport Bot) [RHEL-120380] {CVE-2025-39946}
- tls: make sure to abort the stream if headers are bogus (CKI Backport Bot) [RHEL-120380] {CVE-2025-39946}
- ixgbe: fix ixgbe_orom_civd_info struct layout (Michal Schmidt) [RHEL-119079]
- ice: fix Rx page leak on multi-buffer frames (Petr Oros) [RHEL-116543]
- eventpoll: Fix semi-unbounded recursion (CKI Backport Bot) [RHEL-111055] {CVE-2025-38614}

[6.12.0-124.9.1]
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (CKI Backport Bot) [RHEL-123290]
- smb: client: fix file open check in __cifs_unlink() (Paulo Alcantara) [RHEL-122417]
- smb: client: fix data loss due to broken rename(2) (Paulo Alcantara) [RHEL-122417]
- smb: client: fix compound alignment with encryption (Paulo Alcantara) [RHEL-122417]
- smb: client: fix race with concurrent opens in rename(2) (Paulo Alcantara) [RHEL-122417]
- smb: client: fix race with concurrent opens in unlink(2) (Paulo Alcantara) [RHEL-122417]
- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-121702] {CVE-2025-38498}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-121702] {CVE-2025-38498}
- cgroup/psi: Set of->priv to NULL upon file release (CKI Backport Bot) [RHEL-119143] {CVE-2025-39881}
- kernfs: Fix UAF in polling when open file is released (CKI Backport Bot) [RHEL-119143] {CVE-2025-39881}
- redhat: rpminspect: update emptyrpm list for kernel variants (Alexandra Hájková)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (CKI Backport Bot) [RHEL-119132] {CVE-2025-39841}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CKI Backport Bot) [RHEL-118462] {CVE-2025-39817}
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CKI Backport Bot) [RHEL-117585] {CVE-2025-39849}
- xfs: do not propagate ENODATA disk errors into xattr code (Carlos Maiolino) [RHEL-115733]
- ipv6: sr: Fix MAC comparison to be constant-time (CKI Backport Bot) [RHEL-116387] {CVE-2025-39702}
- s390/ism: fix concurrency management in ism_cmd() (CKI Backport Bot) [RHEL-114500]
- s390/hypfs: Enable limited access during lockdown (CKI Backport Bot) [RHEL-114431]
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (CKI Backport Bot) [RHEL-114431]
- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86 (Waiman Long) [RHEL-114276]
- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114276] {CVE-2025-40300}
- RDMA/mana_ib: Fix DSCP value in modify QP (Maxim Levitsky) [RHEL-114931]
- net: mana: Handle Reset Request from MANA NIC (Maxim Levitsky) [RHEL-114931]
- net: mana: Set tx_packets to post gso processing packet count (Maxim Levitsky) [RHEL-114931]
- net: mana: Handle unsupported HWC commands (Maxim Levitsky) [RHEL-114931]
- net: mana: Add handler for hardware servicing events (Maxim Levitsky) [RHEL-114931]
- net: mana: Expose additional hardware counters for drop and TC via ethtool. (Maxim Levitsky) [RHEL-114931]
- mm: swap: fix potential buffer overflow in setup_clusters() (CKI Backport Bot) [RHEL-114862] {CVE-2025-39727}
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CKI Backport Bot) [RHEL-114852] {CVE-2025-39751}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Jaroslav Kysela) [RHEL-114693] {CVE-2025-38729}
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Jaroslav Kysela) [RHEL-114693]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CKI Backport Bot) [RHEL-114693] {CVE-2025-39757}
- ibmvnic: Use ndo_get_stats64 to fix inaccurate SAR reporting (Mamatha Inamdar) [RHEL-114439]
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mamatha Inamdar) [RHEL-114439]
- ibmvnic: Add stat for tx direct vs tx batched (Mamatha Inamdar) [RHEL-114439]
- vsock/virtio: Validate length in packet header before skb_put() (CKI Backport Bot) [RHEL-114301] {CVE-2025-39718}
- NFS: Fix a race when updating an existing write (CKI Backport Bot) [RHEL-113861] {CVE-2025-39697}



ELEA-2025-20999 Oracle Linux 10 nodejs24 bug fix and enhancement update


Oracle Linux Enhancement Advisory ELEA-2025-20999

http://linux.oracle.com/errata/ELEA-2025-20999.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs24-24.6.0-5.0.1.el10_1.x86_64.rpm
nodejs24-devel-24.6.0-5.0.1.el10_1.x86_64.rpm
nodejs24-docs-24.6.0-5.0.1.el10_1.noarch.rpm
nodejs24-full-i18n-24.6.0-5.0.1.el10_1.x86_64.rpm
nodejs24-libs-24.6.0-5.0.1.el10_1.x86_64.rpm
nodejs24-npm-11.5.1-1.24.6.0.5.0.1.el10_1.noarch.rpm

aarch64:
nodejs24-24.6.0-5.0.1.el10_1.aarch64.rpm
nodejs24-devel-24.6.0-5.0.1.el10_1.aarch64.rpm
nodejs24-docs-24.6.0-5.0.1.el10_1.noarch.rpm
nodejs24-full-i18n-24.6.0-5.0.1.el10_1.aarch64.rpm
nodejs24-libs-24.6.0-5.0.1.el10_1.aarch64.rpm
nodejs24-npm-11.5.1-1.24.6.0.5.0.1.el10_1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/nodejs24-24.6.0-5.0.1.el10_1.src.rpm

Description of changes:

[1:24.6.0-5.0.1]
- Update upstream references

[1:24.6.0-5]
- Correct dependency version macros

[1:24.6.0-3]
- spec: fix node binary calls to use versioned node-24 binary

[1:24.6.0-2]
- test-plan: adjust variables and filter

[1:24.6.0-1]
- Update to version 24.6.0



ELBA-2025-28039 Oracle Linux 10 rpm bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-28039

http://linux.oracle.com/errata/ELBA-2025-28039.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
python3-rpm-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-apidocs-4.19.1.1-20.0.1.el10.noarch.rpm
rpm-build-libs-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-build-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-cron-4.19.1.1-20.0.1.el10.noarch.rpm
rpm-devel-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-libs-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-plugin-audit-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-plugin-fapolicyd-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-plugin-ima-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-plugin-selinux-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-plugin-syslog-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-plugin-systemd-inhibit-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-sign-libs-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-sign-4.19.1.1-20.0.1.el10.x86_64.rpm
rpm-4.19.1.1-20.0.1.el10.x86_64.rpm

aarch64:
python3-rpm-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-apidocs-4.19.1.1-20.0.1.el10.noarch.rpm
rpm-build-libs-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-build-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-cron-4.19.1.1-20.0.1.el10.noarch.rpm
rpm-devel-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-libs-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-plugin-audit-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-plugin-fapolicyd-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-plugin-ima-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-plugin-selinux-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-plugin-syslog-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-plugin-systemd-inhibit-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-sign-libs-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-sign-4.19.1.1-20.0.1.el10.aarch64.rpm
rpm-4.19.1.1-20.0.1.el10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/rpm-4.19.1.1-20.0.1.el10.src.rpm

Description of changes:

[4.19.1.1-20.0.1]
- Require rpm-sequoia with correct openssl-libs dependencies [Orabug: 38716915]



ELSA-2025-22790 Important: Oracle Linux 9 webkit2gtk3 security update


Oracle Linux Security Advisory ELSA-2025-22790

http://linux.oracle.com/errata/ELSA-2025-22790.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
webkit2gtk3-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-2.50.3-1.el9_7.x86_64.rpm
webkit2gtk3-devel-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-devel-2.50.3-1.el9_7.x86_64.rpm
webkit2gtk3-jsc-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-jsc-2.50.3-1.el9_7.x86_64.rpm
webkit2gtk3-jsc-devel-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-jsc-devel-2.50.3-1.el9_7.x86_64.rpm

aarch64:
webkit2gtk3-2.50.3-1.el9_7.aarch64.rpm
webkit2gtk3-devel-2.50.3-1.el9_7.aarch64.rpm
webkit2gtk3-jsc-2.50.3-1.el9_7.aarch64.rpm
webkit2gtk3-jsc-devel-2.50.3-1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/webkit2gtk3-2.50.3-1.el9_7.src.rpm

Related CVEs:

CVE-2023-43000
CVE-2025-13502
CVE-2025-13947
CVE-2025-43392
CVE-2025-43419
CVE-2025-43421
CVE-2025-43425
CVE-2025-43427
CVE-2025-43429
CVE-2025-43430
CVE-2025-43431
CVE-2025-43432
CVE-2025-43434
CVE-2025-43440
CVE-2025-43443
CVE-2025-43458
CVE-2025-43480
CVE-2025-66287

Description of changes:

[2.50.3-1]
- Update to 2.50.3



ELSA-2025-22801 Moderate: Oracle Linux 8 kernel security update


Oracle Linux Security Advisory ELSA-2025-22801

http://linux.oracle.com/errata/ELSA-2025-22801.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.89.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.89.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.89.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.89.1.el8_10.x86_64.rpm
perf-4.18.0-553.89.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.89.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.89.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.89.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.89.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.89.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.89.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.89.1.el8_10.aarch64.rpm
perf-4.18.0-553.89.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.89.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.89.1.el8_10.src.rpm

Related CVEs:

CVE-2022-50543
CVE-2023-53401
CVE-2023-53539

Description of changes:

[4.18.0-553.89.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 cached (Radostin Stoyanov) [RHEL-122774]
- mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (Radostin Stoyanov) [RHEL-122774] {CVE-2023-53401}
- mm/memcg: revert ("mm/memcg: optimize user context object stock access") (Radostin Stoyanov) [RHEL-122774] {CVE-2023-53401}
- gfs2: Add proper lockspace locking (Andreas Gruenbacher) [RHEL-88660]
- gfs2: do_xmote cleanup (Andreas Gruenbacher) [RHEL-88660]

[4.18.0-553.88.1]
- scsi: s390: zfcp: Ensure synchronous unit_add (Mete Durlu) [RHEL-129199]
- RDMA/rxe: Fix incomplete state save in rxe_requester (Kamal Heib) [RHEL-124700] {CVE-2023-53539}
- RDMA/rxe: Fix mr->map double free (CKI Backport Bot) [RHEL-123715] {CVE-2022-50543}



ELSA-2025-22789 Important: Oracle Linux 8 webkit2gtk3 security update


Oracle Linux Security Advisory ELSA-2025-22789

http://linux.oracle.com/errata/ELSA-2025-22789.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
webkit2gtk3-2.50.3-1.el8_10.i686.rpm
webkit2gtk3-2.50.3-1.el8_10.x86_64.rpm
webkit2gtk3-devel-2.50.3-1.el8_10.i686.rpm
webkit2gtk3-devel-2.50.3-1.el8_10.x86_64.rpm
webkit2gtk3-jsc-2.50.3-1.el8_10.i686.rpm
webkit2gtk3-jsc-2.50.3-1.el8_10.x86_64.rpm
webkit2gtk3-jsc-devel-2.50.3-1.el8_10.i686.rpm
webkit2gtk3-jsc-devel-2.50.3-1.el8_10.x86_64.rpm

aarch64:
webkit2gtk3-2.50.3-1.el8_10.aarch64.rpm
webkit2gtk3-devel-2.50.3-1.el8_10.aarch64.rpm
webkit2gtk3-jsc-2.50.3-1.el8_10.aarch64.rpm
webkit2gtk3-jsc-devel-2.50.3-1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/webkit2gtk3-2.50.3-1.el8_10.src.rpm

Related CVEs:

CVE-2023-43000
CVE-2025-13502
CVE-2025-13947
CVE-2025-43392
CVE-2025-43419
CVE-2025-43421
CVE-2025-43425
CVE-2025-43427
CVE-2025-43429
CVE-2025-43430
CVE-2025-43431
CVE-2025-43432
CVE-2025-43434
CVE-2025-43440
CVE-2025-43443
CVE-2025-43458
CVE-2025-43480
CVE-2025-66287

Description of changes:

[2.50.3-1]
- Update to 2.50.3



ELSA-2025-22760 Important: Oracle Linux 8 abrt security update


Oracle Linux Security Advisory ELSA-2025-22760

http://linux.oracle.com/errata/ELSA-2025-22760.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
abrt-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-addon-ccpp-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-addon-coredump-helper-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-addon-kerneloops-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-addon-pstoreoops-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-addon-vmcore-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-addon-xorg-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-cli-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-cli-ng-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-console-notification-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-dbus-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-desktop-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-gui-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-gui-libs-2.10.9-25.0.1.el8_10.i686.rpm
abrt-gui-libs-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-libs-2.10.9-25.0.1.el8_10.i686.rpm
abrt-libs-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-plugin-machine-id-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-plugin-sosreport-2.10.9-25.0.1.el8_10.x86_64.rpm
abrt-tui-2.10.9-25.0.1.el8_10.x86_64.rpm
python3-abrt-2.10.9-25.0.1.el8_10.x86_64.rpm
python3-abrt-addon-2.10.9-25.0.1.el8_10.x86_64.rpm
python3-abrt-container-addon-2.10.9-25.0.1.el8_10.x86_64.rpm
python3-abrt-doc-2.10.9-25.0.1.el8_10.noarch.rpm

aarch64:
abrt-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-addon-ccpp-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-addon-coredump-helper-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-addon-kerneloops-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-addon-pstoreoops-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-addon-vmcore-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-addon-xorg-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-cli-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-cli-ng-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-console-notification-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-dbus-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-desktop-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-gui-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-gui-libs-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-libs-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-plugin-machine-id-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-plugin-sosreport-2.10.9-25.0.1.el8_10.aarch64.rpm
abrt-tui-2.10.9-25.0.1.el8_10.aarch64.rpm
python3-abrt-2.10.9-25.0.1.el8_10.aarch64.rpm
python3-abrt-addon-2.10.9-25.0.1.el8_10.aarch64.rpm
python3-abrt-container-addon-2.10.9-25.0.1.el8_10.aarch64.rpm
python3-abrt-doc-2.10.9-25.0.1.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/abrt-2.10.9-25.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-12744

Description of changes:

[2.10.9-25.0.1]
- Replaces sosreport to sos report in sosreport-event.conf [Orabug: 38590929]
- abrt-dump-oops-Fix-vmcore-call-trace-parsing-arm [Orabug: 34184473]
- Disable autoreporting on Oracle Linux [Orabug: 32890748]
- Add orabug32082455-Upstream_reference_in_python3-abrt-addon.patch [Orabug: 32082455]
- Add bug29870394-fix-redhat-reference.patch [Orabug: 29870394]
- Drop libreport-rhel and libreport-plugin-rhtsupport requires

[2.10.9-25.openela.0.1]
- Remove RHT patches

[2.10.9-25]
- a-a-save-container-data: validate input
- Resolves: CVE-2025-12744



ELSA-2025-22668 Moderate: Oracle Linux 8 go-toolset:rhel8 security update


Oracle Linux Security Advisory ELSA-2025-22668

http://linux.oracle.com/errata/ELSA-2025-22668.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
delve-1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd.x86_64.rpm
golang-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.x86_64.rpm
golang-bin-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.x86_64.rpm
golang-docs-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
golang-misc-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
golang-race-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.x86_64.rpm
golang-src-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
golang-tests-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
go-toolset-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.x86_64.rpm

aarch64:
delve-1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd.aarch64.rpm
golang-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.aarch64.rpm
golang-bin-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.aarch64.rpm
golang-docs-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
golang-misc-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
golang-race-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.aarch64.rpm
golang-src-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
golang-tests-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.noarch.rpm
go-toolset-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/delve-1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/golang-1.25.3-2.module+el8.10.0+90715+2d4d8dfd.src.rpm

Related CVEs:

CVE-2025-47906
CVE-2025-58183

Description of changes:

golang
[1.25.3-1]
- Update to Go 1.25.3 (sync from CentOS Stream 9)
- Build go-toolset as a subpackage
- Preserve GOAMD64=v1 for RHEL 8
- Resolves: RHEL-121223



ELSA-2025-19847 Important: Oracle Linux 7 sssd security update


Oracle Linux Security Advisory ELSA-2025-19847

http://linux.oracle.com/errata/ELSA-2025-19847.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
libipa_hbac-1.16.5-10.0.5.el7_9.16.i686.rpm
libipa_hbac-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libipa_hbac-devel-1.16.5-10.0.5.el7_9.16.i686.rpm
libipa_hbac-devel-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_autofs-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_certmap-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_certmap-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_certmap-devel-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_certmap-devel-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_idmap-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_idmap-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_idmap-devel-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_idmap-devel-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_nss_idmap-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_nss_idmap-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_nss_idmap-devel-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_nss_idmap-devel-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_simpleifp-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_simpleifp-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_simpleifp-devel-1.16.5-10.0.5.el7_9.16.i686.rpm
libsss_simpleifp-devel-1.16.5-10.0.5.el7_9.16.x86_64.rpm
libsss_sudo-1.16.5-10.0.5.el7_9.16.x86_64.rpm
python-libipa_hbac-1.16.5-10.0.5.el7_9.16.x86_64.rpm
python-libsss_nss_idmap-1.16.5-10.0.5.el7_9.16.x86_64.rpm
python-sss-1.16.5-10.0.5.el7_9.16.x86_64.rpm
python-sss-murmur-1.16.5-10.0.5.el7_9.16.x86_64.rpm
python-sssdconfig-1.16.5-10.0.5.el7_9.16.noarch.rpm
sssd-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-ad-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-client-1.16.5-10.0.5.el7_9.16.i686.rpm
sssd-client-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-common-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-common-pac-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-dbus-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-ipa-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-kcm-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-krb5-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-krb5-common-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-ldap-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-libwbclient-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-libwbclient-devel-1.16.5-10.0.5.el7_9.16.i686.rpm
sssd-libwbclient-devel-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-polkit-rules-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-proxy-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-tools-1.16.5-10.0.5.el7_9.16.x86_64.rpm
sssd-winbind-idmap-1.16.5-10.0.5.el7_9.16.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.5-10.0.5.el7_9.16.src.rpm

Related CVEs:

CVE-2025-11561

Description of changes:

[1.16.5-10.0.5.16]
- krb5: disable Kerberos localauth an2ln plugin for AD/IPA [Orabug: 38621159]


Abrt and MinGW-LibPNG updates for Fedora

WebKitGTK and GnuPG updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...