Oracle has released several security updates for its Linux distribution. These updates include bug fixes and enhancements for various packages such as librepo, sendmail, and xorg-x11-server. Additionally, there are security updates available for the tigervnc, expat, kernel, and Unbreakable Enterprise kernel packages across different versions of Oracle Linux 7, 8, and 9.

ELBA-2025-19402 Oracle Linux 10 librepo bug fix and enhancement update
ELSA-2025-19433 Moderate: Oracle Linux 9 xorg-x11-server update
ELSA-2025-19489 Important: Oracle Linux 9 tigervnc security update
ELBA-2025-25730 Oracle Linux 8 sendmail bug fix update
ELSA-2025-25731 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-19432 Moderate: Oracle Linux 8 xorg-x11-server-Xwayland security update
ELSA-2025-19435 Moderate: Oracle Linux 10 xorg-x11-server-Xwayland security update
ELSA-2025-19403 Important: Oracle Linux 10 expat security update
ELSA-2025-19409 Moderate: Oracle Linux 9 kernel security update
ELBA-2025-25729 Oracle Linux 9 sendmail bug fix update
ELSA-2025-19434 Moderate: Oracle Linux 8 xorg-x11-server security update
ELBA-2025-25732 Oracle Linux 9 leapp-repository bug fix update
ELSA-2025-25731 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-25731 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELBA-2025-19402 Oracle Linux 10 librepo bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-19402

http://linux.oracle.com/errata/ELBA-2025-19402.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
librepo-1.18.0-6.el10_0.x86_64.rpm
librepo-devel-1.18.0-6.el10_0.x86_64.rpm
python3-librepo-1.18.0-6.el10_0.x86_64.rpm

aarch64:
librepo-1.18.0-6.el10_0.aarch64.rpm
librepo-devel-1.18.0-6.el10_0.aarch64.rpm
python3-librepo-1.18.0-6.el10_0.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/librepo-1.18.0-6.el10_0.src.rpm

Description of changes:

[1.18.0-6]
- Propagate return value from prepare_repo_download_targets (RHEL-101181)

ELSA-2025-19433 Moderate: Oracle Linux 9 xorg-x11-server update

Oracle Linux Security Advisory ELSA-2025-19433

http://linux.oracle.com/errata/ELSA-2025-19433.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xdmx-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-Xephyr-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-Xnest-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-Xorg-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-Xvfb-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-common-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-devel-1.20.11-32.el9_6.i686.rpm
xorg-x11-server-devel-1.20.11-32.el9_6.x86_64.rpm
xorg-x11-server-source-1.20.11-32.el9_6.noarch.rpm

aarch64:
xorg-x11-server-Xdmx-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-Xephyr-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-Xnest-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-Xorg-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-Xvfb-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-common-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-devel-1.20.11-32.el9_6.aarch64.rpm
xorg-x11-server-source-1.20.11-32.el9_6.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/xorg-x11-server-1.20.11-32.el9_6.src.rpm

Related CVEs:

CVE-2025-62229
CVE-2025-62230
CVE-2025-62231

Description of changes:

[1.20.11-32]
- CVE fix for: CVE-2025-62229 (RHEL-119961), CVE-2025-62230 (RHEL-120032),
CVE-2025-62231 (RHEL-125001)

ELSA-2025-19489 Important: Oracle Linux 9 tigervnc security update

Oracle Linux Security Advisory ELSA-2025-19489

http://linux.oracle.com/errata/ELSA-2025-19489.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
tigervnc-1.14.1-9.el9_6.x86_64.rpm
tigervnc-icons-1.14.1-9.el9_6.noarch.rpm
tigervnc-license-1.14.1-9.el9_6.noarch.rpm
tigervnc-selinux-1.14.1-9.el9_6.noarch.rpm
tigervnc-server-1.14.1-9.el9_6.x86_64.rpm
tigervnc-server-minimal-1.14.1-9.el9_6.x86_64.rpm
tigervnc-server-module-1.14.1-9.el9_6.x86_64.rpm

aarch64:
tigervnc-1.14.1-9.el9_6.aarch64.rpm
tigervnc-icons-1.14.1-9.el9_6.noarch.rpm
tigervnc-license-1.14.1-9.el9_6.noarch.rpm
tigervnc-selinux-1.14.1-9.el9_6.noarch.rpm
tigervnc-server-1.14.1-9.el9_6.aarch64.rpm
tigervnc-server-minimal-1.14.1-9.el9_6.aarch64.rpm
tigervnc-server-module-1.14.1-9.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/tigervnc-1.14.1-9.el9_6.src.rpm

Related CVEs:

CVE-2025-62229
CVE-2025-62230
CVE-2025-62231

Description of changes:

[1.14.1-9]
- Fix CVE-2025-62229: xorg-x11-server: Use-after-free in XPresentNotify structures creation
Resolves: RHEL-119987

- Fix CVE-2025-62230: xorg-x11-server: Use-after-free in Xkb client resource removal
Resolves: RHEL-120006

- Fix CVE-2025-62231: xorg-x11-server: Value overflow in Xkb extension XkbSetCompatMap()
Resolves: RHEL-120769

ELBA-2025-25730 Oracle Linux 8 sendmail bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-25730

http://linux.oracle.com/errata/ELBA-2025-25730.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
sendmail-8.15.2-34.0.2.el8.x86_64.rpm
sendmail-cf-8.15.2-34.0.2.el8.noarch.rpm
sendmail-doc-8.15.2-34.0.2.el8.noarch.rpm
sendmail-milter-8.15.2-34.0.2.el8.i686.rpm
sendmail-milter-8.15.2-34.0.2.el8.x86_64.rpm
sendmail-milter-devel-8.15.2-34.0.2.el8.i686.rpm
sendmail-milter-devel-8.15.2-34.0.2.el8.x86_64.rpm

aarch64:
sendmail-8.15.2-34.0.2.el8.aarch64.rpm
sendmail-cf-8.15.2-34.0.2.el8.noarch.rpm
sendmail-doc-8.15.2-34.0.2.el8.noarch.rpm
sendmail-milter-8.15.2-34.0.2.el8.aarch64.rpm
sendmail-milter-devel-8.15.2-34.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/sendmail-8.15.2-34.0.2.el8.src.rpm

Description of changes:

[8.15.2-34.0.2]
- Fixes sendmail failure after reboot due to timeout [Orabug: 38128885]

ELSA-2025-25731 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-25731

http://linux.oracle.com/errata/ELSA-2025-25731.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.348.3.1.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.348.3.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.348.3.1.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.348.3.1.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.348.3.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.348.3.1.el8uek.src.rpm

Related CVEs:

CVE-2025-39973

Description of changes:

[5.4.17-2136.348.3.1]
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38604168] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder) [Orabug: 38604168] {CVE-2025-39973}

ELSA-2025-19432 Moderate: Oracle Linux 8 xorg-x11-server-Xwayland security update

Oracle Linux Security Advisory ELSA-2025-19432

http://linux.oracle.com/errata/ELSA-2025-19432.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xwayland-21.1.3-19.el8_10.x86_64.rpm

aarch64:
xorg-x11-server-Xwayland-21.1.3-19.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/xorg-x11-server-Xwayland-21.1.3-19.el8_10.src.rpm

Related CVEs:

CVE-2025-62229
CVE-2025-62230
CVE-2025-62231

Description of changes:

[21.1.3-19]
- CVE fix for: CVE-2025-62229 (RHEL-119967), CVE-2025-62230 (RHEL-120015),
CVE-2025-62231 (RHEL-125007)

ELSA-2025-19435 Moderate: Oracle Linux 10 xorg-x11-server-Xwayland security update

Oracle Linux Security Advisory ELSA-2025-19435

http://linux.oracle.com/errata/ELSA-2025-19435.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xwayland-24.1.5-5.el10_0.x86_64.rpm
xorg-x11-server-Xwayland-devel-24.1.5-5.el10_0.x86_64.rpm

aarch64:
xorg-x11-server-Xwayland-24.1.5-5.el10_0.aarch64.rpm
xorg-x11-server-Xwayland-devel-24.1.5-5.el10_0.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/xorg-x11-server-Xwayland-24.1.5-5.el10_0.src.rpm

Related CVEs:

CVE-2025-62229
CVE-2025-62230
CVE-2025-62231

Description of changes:

[24.1.5-5]
- CVE fix for: CVE-2025-62229 (RHEL-119964), CVE-2025-62230 (RHEL-120013),
CVE-2025-62231 (RHEL-125006)

ELSA-2025-19403 Important: Oracle Linux 10 expat security update

Oracle Linux Security Advisory ELSA-2025-19403

http://linux.oracle.com/errata/ELSA-2025-19403.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
expat-2.7.1-1.el10_0.3.x86_64.rpm
expat-devel-2.7.1-1.el10_0.3.x86_64.rpm

aarch64:
expat-2.7.1-1.el10_0.3.aarch64.rpm
expat-devel-2.7.1-1.el10_0.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/expat-2.7.1-1.el10_0.3.src.rpm

Related CVEs:

CVE-2025-59375

Description of changes:

[2.7.1-3]
- Backport security fixes to expat

[2.7.1-2]
- https://issues.redhat.com/browse/RHELMISC-13073

ELSA-2025-19409 Moderate: Oracle Linux 9 kernel security update

Oracle Linux Security Advisory ELSA-2025-19409

http://linux.oracle.com/errata/ELSA-2025-19409.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.60.1.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.60.1.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.60.1.0.1.el9_6.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
kernel-headers-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
libperf-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.60.1.0.1.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.60.1.0.1.el9_6.src.rpm

Related CVEs:

CVE-2022-50367
CVE-2023-53494
CVE-2025-39702

Description of changes:

[5.14.0-570.60.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64